Category: Cyber Security

Attacks against governments jumped 95% in last half of 2022

Attacks against governments jumped 95% in last half of 2022

The number of attacks targeting the government sector increased by 95 per cent in the second half of 2022, a new report has found.

The report by AI-based cyber security vendor CloudSek found India, the US, Indonesia, and China accounted for 40 per cent of the total reported cyber security incidents in the government sector.

Rapid digitisation and the shift to remote work during the pandemic broadened the attack surface of government entities leading to an increase in attacks worldwide.

Government agencies are at a higher risk because of the huge amounts of individual data they collect and store. During an attack this information can be accessed and later sold on the dark web.

The most common types of attacks included hacktivist activity – hacking for political purposes – accounting for about nine per cent of the reported incidents in the government sector. Along with ransomware groups, which accounted for six per cent of the total incidents reported.

CloudSek noted to prevent future attacks a zero-trust model needs to be adopted by government agencies, assuming that the user identities or the network itself may already be compromised, proactively verifying the authenticity of user activity.

The report also found the most common threat actors of 2022 were KelvinSecurity and AgainstTheWest, the two groups were also most prominent in 2021.

KelvinSecurity uses targeted fuzzing and exploits common vulnerabilities to target victims. The group publicly shares information such as new exploits, targets, and databases on cybercrime forums.

AgainstTheWest started operations in October 2021 and identifies itself as APT49 or BlueHornet. It is focused on exfiltrating region-specific data and selling it on the dark web.

Do you know your Cyber Security capabilities, and your level of risk? Do you have a clear plan on how to improve your capabilities? Would you know what do to do if you had a cyber security incident? 

If you are concerned about cyber threats and don’t understand what your level of risk is, request a free assessment to start your journey on protecting your company, employees and customers below. 

Contact



    Hackers abuse legitimate remote monitoring and management tools in attacks

    Hackers abuse legitimate remote monitoring and management tools in attacks

    Researchers and government agencies warn that threat actors are increasing their use of legitimate remote monitoring and management (RMM) tools to enable financial scams.

    Researchers from Cisco Talos reported this week that one particular commercial RMM tool called Syncro was observed in a third of the incident response cases the company was engaged in during the fourth quarter of 2022.

    RMM tools are commonly used by managed service providers (MSPs) and IT help desks so their presence on an organisation’s network and systems might not raise suspicion.

    In a number of the attacks discovered, threat actors sent help-desk-themed phishing emails to employees on both their government-issued and personal email addresses.

    The email link led to a website that prompted an executable download. If run, this file connected to a second domain controlled by the attackers and downloaded RMM tools such as ScreenConnect (now ConnectWise Control) and AnyDesk in self-contained portable executable format.

    Malicious operators then instructed victims through the RMM software to open their bank account in the browser and used their access to modify the bank statement to show a larger-than-normal refund was issued to the victim’s account.

    Cisco Talos reported nearly 40 per cent of engagements this quarter featured phishing emails used as a means to establish initial access, followed by user execution of a malicious document or link.

    The lack of multi-factor authentication (MFA) remains one of the biggest weaknesses for enterprise networks. In almost 30 per cent of incidents investigated by Talos, MFA was either completely missing or was enabled only for a few critical services and accounts.

    How secure is the RMM tool your company uses? Are you using MFA and passphrases to protect your accounts and devices? Would you be able to recognise a financial phishing attempt from a threat actor?

    If you are concerned about the security of your RMM or need help understanding your level of risk, request a free assessment to start your journey on protecting your company, employees and customers below. 

    Contact



      15000 iiNet and Westnet business customers exposed in TPG hack

      15000 iiNet and Westnet business customers exposed in TPG hack

      TPG Telecom’s external cyber security adviser Mandiant has uncovered evidence of unauthorised access to a Hosted Exchange service that holds about 15,000 iiNet and Westnet email accounts for business customers.

      According to a statement to shareholders on the Australian Securities Exchange, TPG said primary analysis to date appears the aim of the threat actor was to search for customers’ cryptocurrency and financial information.

      “We apologise unreservedly to the affected iiNet and Westnet Hosted Exchange business customers,” TPG said.

      “We have implemented measures to stop the unauthorised access, further security measures have been put in place and we are in the process of contacting all affected customers on the Hosted Exchange service. We have notified the relevant government authorities,” TPG said.

      “The matter remains under investigation and we will be communicating with directly affected customers as more information becomes available.”

      Do you know the security score of your key service providers? How safe is the data your organisation collects from its customers?

      Acurus helps companies start to build Cyber Security resilience by aligning to the ACSC Essential 8 as a starting point. We then help companies build out sophisticated and mature IT security capabilities and standards. 

      Contact us below to speak with our cyber security experts and start the journey to protect your company today.

      Contact



        Commonwealth Appoints New Cyber Security Advisory Board

        Commonwealth appoints new cyber security advisory board

        Minister for Home Affairs and Cyber Security Clare O’Neil has appointed a new Expert Advisory Board to oversee the development of the 2023-30 Australian Cyber Security Strategy to improve Australia’s cyber resilience.

        According to the federal government, the objective of the new Expert Advisory Board is to help make Australia the world’s most secure cyber nation by 2030, overseeing the creation of the new Australian Cyber Security Strategy.

        “Australians have recently suffered two of the worst data breaches in our nation’s history. We must work together to counter these threats, build partnerships and set ourselves up for success,” Minister O’Neil said.

        “Everyone has skin in the game when it comes to Australia’s cyber security. If you use the internet, have a smart device in your home, or have a perspective on what Australia’s cyber security should look like, I encourage you to get involved as the Expert Advisory Board seeks views throughout the strategy’s development.”

        “Australia should aim to be the world’s most cyber secure nation by 2030. The development of the 2023-30 Australian Cyber Security Strategy will outline the government’s long-term vision for the future of Australian cyber security, and the concrete steps required to get there.”

        Acurus helps companies start to build Cyber Security resilience by aligning to the ACSC Essential 8 as a starting point. We then help companies build out sophisticated and mature IT security capabilities and standards. 

        Request a free Essential 8 assessment to start your journey on protecting your company, employees and customers below. 

        Contact



          Hackers Attempt to Breach Private Hospital Network

          Hackers attempt to breach private hospital network

          Mater Health, a company that run a network of private hospitals across Queensland, has announced its IT systems have been targeted by hackers.

          The company holds confidential health records of thousands of Queenslanders though say it managed to successfully stop the attack before the information was accessed.

          “There is no evidence that any personal information, medical information, or any other sensitive information has been compromised,” a Mater spokesperson said.

          “We are remaining vigilant and have implemented additional security measures, including requesting staff to change their passwords.”

          The spokesperson also emphasised Mater’s continuous dedication to cyber security, stating its sensitive data remains protected from the ongoing threat of cyber crime.

          “Mater has comprehensive systems and processes in place to ensure sensitive information is protected.”

          Cyber criminals are continuing to target Australian businesses after a string of recent data breaches.

          Do you know the security score of your key service providers? How safe is the data your organisation collects from its customers? Are you aware of the new laws around data breaches?

          Acurus helps companies start to build Cyber Security resilience by aligning to the ACSC Essential 8 as a starting point. We then help companies build out sophisticated and mature IT security capabilities and standards. 

          Contact us below to speak with our cyber security experts and start the journey to protect your company today.

          Contact



            Investigation Into Medibank Launched, Could Face Millions in Fines

            Investigation into Medibank launched, could face millions in fines

            An investigation has been opened into the Medibank data breach which could result in heavy fines.

            The health insurer’s personal information handling practices will be investigated by The Office of the Australian Information Commissioner (OAIC).

            In a statement the OAIC said the investigation will focus on “whether Medibank took reasonable steps to protect the personal information they held from misuse, interference, loss, unauthorised access, modification or disclosure,”

            “The investigation will also consider whether Medibank took reasonable steps to implement practices, procedures and systems to ensure compliance with the Australian Privacy Principles (APPs).”

            If the findings of the investigation reveal that this is a serious or repeated breach, Medibank could face penalties of $2.2 million for each violation.

            In response to several data breaches, The Australian Government recently passed a bill to increase penalties for such offenses from $2.2 million to $50 million.

            Although Medibank will not be affected by the new laws, organisations should evaluate the current methods they use to protect the data they collect.

            Do you know your Cyber Security capabilities, and your level of risk? Do you have a clear plan on how to improve your capabilities? Would you know what do to do if you had a cyber security incident? 

            If you are concerned about these new penalties, and don’t understand what your level of risk is request a free assessment to start your journey on protecting your company, employees and customers below. 

            Contact