attacks – Cyber Law Watch

Interlopers in Things? IoT devices may be used as backdoors to your network

Aug 27 2019

By Cameron Abbott and Karla Hodgson

This month Microsoft reported that its Threat Intelligence Center discovered that IoT (internet of things) devices – a VOIP phone, a printer and a video decoder – were used to gain access to corporate networks in April.

Microsoft have identified Strontium – also known as Fancy Bear or APT28 – as the culprit, a hacker group associated with the Russian government who appear to be targeting government, IT, military and defence, engineering, medical and education sectors. Strontium has been linked to the hacking of Hillary Clinton’s presidential election campaign and of the email accounts of researchers investigating the missile strike on MH17 and the Skripal poisonings. In the last 12 months alone Microsoft has delivered almost 1,400 notifications to those targeted or compromised by Strontium.

Australian organisations hit by thousands of significant cyber incidents

Oct 17 2016

By Cameron Abbott and Rebecca Murray

The Australian Cyber Security Centre’s (ACSC) 2016 Threat Report has revealed that Australian businesses and government have been subject to more than 15,000 significant incidents that they know of. Read the report here. They were the first to admit that given reporting is optional they cannot really determine the full impact.

Due to the current reporting regime, the ACSC has had to rely on data from callouts to CERT Australia (the national first responder to cyber incidents) to assess the extent of the problem in the private sector. CERT Australia responded to 14,804 incidents from the private sector from June 2015 to June 2016. Of those callouts, 418 involved systems of national interest and critical infrastructure. The banking, finance, energy and communications sectors were the most heavily targeted.

While the Government has introduced a bill to mandate serious data breach notification that is set to be passed in the near future (find out more about the bill here), until then, we will continue to go mostly unaware of damaging malicious cyber activity launched against Australian organisations because the private sector largely refuses report these incidents.

Scary statistics reveal 39,000 reported cybercrime incidents in 2015

Feb 01 2016

By Cameron Abbott and Meg Aitken

Following its launch in November 2014, the Australian Cyber Online Reporting Network (ACORN) has revealed it fielded 39,000 reports of cybercrime from individuals and organisations in 2015. Fraud was the most commonly reported cybercrime, with 19,232 reports being made to ACORN last year.

Prominent data analytics group and credit bureau, Veda revealed similarly worrying statistics in the Veda 2015 Cybercrime and Fraud Report, noting that in 2015, 1 in 4 Australians reported being a victim of identity theft at some stage, up 7% from 2014. The report also suggests that Australians are becoming increasingly concerned about the risk of cybercrime and identity theft.

Veda has projected that 2016 will see even greater numbers of cybercrime attacks on individuals, firms and government agencies as the ‘Internet of Things’ further develops, reliance on social media grows and a profound amount of personal information and data continues to be collected.

Read the ACORN quarterly statistics reports here.

Tag:attacks