The culprits behind the recent Medibank data breach have released more private health information on the Dark Web.

After several days of silence online the hackers released their largest batch of data to date, with up to 1469 records being exposed.

9News has chosen to keep the name of the files and the health conditions they relate to as confidential but say that the conditions were deeply personal areas of healthcare.

Currently, over 2700 records have been released with over 2500 Australian’s affected by the data breach.

Medibank has continued to reach out to the customers affected, while the AFP also continue to investigate the incident.

Medibank are sticking by their decision to not pay the hackers’ ransom, however the Cyber Security community believe the next step may be a direct consumer attack.

Individual threats for ransom or extortion have not yet been circulated but customers are still being warned to remain on high alert of potential scams.

Would you know what to do if your personal information was leaked in a data breach? Would you know how to identify a phishing scam via phone, post or email? Do you know where are your data lives and what protects access to it?

Acurus helps companies start to build Cyber Security resilience by aligning to the ACSC Essential 8 as a starting point. We then help companies build out sophisticated and mature IT security capabilities and standards. 

Contact us below to speak with our cyber security experts and start the journey to protect your company today.

Contact

Over the past several years, hackers have targeted public-facing network devices such as routers, VPN concentrators, and load balancers to gain a foothold into corporate networks.

While finding remote code execution vulnerabilities in such devices is not uncommon, incidents where attackers were able to deploy malware on them that can survive restarts or firmware upgrades have been rare and generally attributed with sophisticated APT groups.

Because of this, researchers from firmware security firm Eclypsium recently investigated the persistence opportunities attackers would have on such devices.

“Can the malware be resilient enough to persist across reboots and even upgrades? Is it possible to infect the device so deeply that a clean wipe and reinstall isn’t sufficient?”.

To investigate researchers looked into the configuration backup functionality available through the administration interface that can be used to generate an archive containing all the configs and settings that can later be deployed on a fresh install.

After scouring the documentation and config files, the team now had three different ways to store and start scripts after reboot that would even survive reinstalled because they would be included in the config backups across F5 and Citrix devices.

“Gone are the days of proprietary, purpose-built firmware used by routers & switches, instead replaced with firmware which is a fully functional operating system. This evolution introduces the commodity-server level risk on devices that have historically been out of reach for all but the most skilled attackers.”

With introduction of these sorts of new advanced and persistent vulnerabilities, detection and response capabilities are more important than ever.

Security isn’t about being either secure or insecure, it’s about how fast you can move.

If you don’t have a detection and repsonse strategy in place today ask us how we can help.

Contact

The Australian Federal Police have claimed the hackers behind Medibank’s data breach are located in Russia.

The culprits are responsible for millions of customers’ data being exposed on the dark web.

The commissioner of the Australian Federal Police Reece Kershaw announced at a media conference that authorities had flagged a group of “loosely affiliated” cyber criminals as being responsible for the breach.

He said the agency believes it knows the identities of those behind the breach but would not name them, with some affiliates suspected to be in other countries.

The AFP said they will be speaking with Russian law enforcement about the individuals and the incident.

Kershaw directed a warning to the criminals, “We know who you are, and moreover, the AFP has some significant runs on the scoreboard when it comes to bringing overseas offenders back to Australia to face the justice system,” he said.

The federal government is looking to introduce new legislation to increase fines for companies that suffer serious or repeated privacy breaches.

The updated law would see the maximum fine for data breaches rise from $2.2 million to $50 million.

Would you know what to do if your personal information was leaked in a data breach? Do you know the security score of your key service providers? How safe is the data your organisation collects from its customers?

Acurus helps companies start to build Cyber Security resilience by aligning to the ACSC Essential 8 as a starting point. We then help companies build out sophisticated and mature IT security capabilities and standards. 

Contact us below to speak with our cyber security experts and start the journey to protect your company today.

Contact

Medibank confirms names, addresses, birthdays posted to dark web by hackers after ransom deadline passes

Medibank has confirmed that cyber criminals have released customers’ personal data on a dark web forum following a data breach earlier this month.

The information posted included names, addresses, dates of birth, phone numbers, email addresses, Medicare numbers for customers of Medibank budget brand ahm (but not expiry dates), in some cases passport numbers for international student customers (but not expiry dates), and some health claims data.

The client data was released after a deadline passed for Medibank to pay a ransom.

AFP Cyber Command Assistant Commissioner Justine Gough said customers that are contacted by phone or by SMS with threats to release their data should not be embarrassed to contact police through ReportCyber.

“Blackmail is an offence and those who misuse stolen personal information for financial gain face a penalty of up to 10 years’ imprisonment.” She said in a statement.

Customers have also been advised not to assume that anyone who contacts them actually has access to their data, or that paying a ransom will protect their data privacy in any way.

9.7 million current and former Medibank customers have been affected by the breach.

Would you know how to identify a phishing scam via phone, post or email? Do you know where are your data lives and what protects access to it? Do you know the security score of your key service providers?

Acurus helps companies start to build Cyber Security resilience by aligning to the ACSC Essential 8 as a starting point. We then help companies build out sophisticated and mature IT security capabilities and standards. 

Contact us below to speak with our cyber security experts and start the journey to protect your company today.

Contact

Hackers target Defence social media platform

ForceNet, a defence e-Communications platform has been the latest target in a new cyber attack.

The platform, run by external ICT provider Dialog Information Technology, said there is no cause for major concern as no data of current or former staff had been put at risk.

The Chief of the Defence Force, General Angus Campbell and DoD Secretary Greg Moriarty have also said there is no evidence to suggest that any data had been compromised.

The Department of Defence (DoD) said they are taking the matter very seriously and are working with provider to determine the extent of the attack.

ForceNet have said they held between 30,000 and 40,000 records but there is no evidence that the data of current and former APS staff and ADF personnel has been compromised.

IDCARE, the national identity and cyber support service for Australia and New Zealand, has been engaged by the DoD to help those affected by the attack.

Would you know what to do if one of your social media platforms had been compromised? Do you know the security score of the platforms you are using? Do you know where are your data lives and what protects access to it?

Acurus helps companies start to build Cyber Security resilience by aligning to the ACSC Essential 8 as a starting point. We then help companies build out sophisticated and mature IT security capabilities and standards. 

Contact us below to speak with our cyber security experts and start the journey to protect your company today.

Contact