Category: Managing Threats & Attacks

1
Cyber Criminals “King of the (Data Breach) Jungle”: 61% of all Data Breaches caused by Malicious or Criminal Attacks, according to OAIC Report
2
Can It Get Any Worse? Travel Giant CWT pays $4.5 Million USD ransom to Hackers who Stole Corporate Files and Knocked 30,000 Computers Offline
3
Update: Australia’s 2020 Cyber Security Strategy
4
Twitter accounts of prominent figures hacked
5
500,000 car owner records found on dark web
6
Under attack: Lion suffers second cyberattack and the Federal Government warns of an active cyberattack on Australian organisations
7
D’oh! Beer company suffers cyber attack
8
#WashYourCyberHands
9
Privacy Professionals download COVIDSafe App
10
It’s Trace Time! The COVIDSafe App is open for business – Part I

Cyber Criminals “King of the (Data Breach) Jungle”: 61% of all Data Breaches caused by Malicious or Criminal Attacks, according to OAIC Report

By Cameron Abbott, Keely O’Dowd and Max Evans

The Office of the Australian Information Commissioner (OAIC) has released its report on notifications received under the Notifiable Data Breaches scheme for period January to June 2020.

The OAIC reported 518 breaches were notified to it in the relevant period. The OAIC noted a 3% decrease from the 532 breaches notified in the period July 2019 to December 2019. However, there was a 16% increase on the 447 notifications received during January to June 2019.

Read More

Can It Get Any Worse? Travel Giant CWT pays $4.5 Million USD ransom to Hackers who Stole Corporate Files and Knocked 30,000 Computers Offline

By Cameron Abbott and Max Evans

In these unprecedented times, where travel around the globe is primarily halted as nations get to grips with controlling the outbreak of COVID-19, many would think it couldn’t get any worse for travel companies. However, they would be wrong, as according to an article from ITNews, American travel management giant CWT has reportedly paid a whopping 414 bitcoin, equivalent to a value of 4.5 Million USD (approximately 6.3 Million AUD), to hackers who successfully exfiltrated over 2 terabytes of sensitive corporate files.

According to the Article, the successful hackers used a strain of ransomware referred to as “Ragnar Locker” which places computer files into a virtual prison through encryption and renders them unusable until the victim pays for the keys. Then in CWT had to negotiate in a public chat forum to pay for the release.  It gives us a rare insight into the dialogue that followed. CWT negotiated the hackers down from their initial demand of 10 Million USD. According to the Report, whilst the hackers claimed to have stolen over 2 terabytes of files including financial reports, security documents and employees’ personal data, it was not clear whether any customer data was compromised.

Read More

Update: Australia’s 2020 Cyber Security Strategy

By Cameron Abbott and Keely O’Dowd

The Australian Government is currently developing its next Cyber Security Strategy, which is scheduled for release in the coming months.

The Australian Government 2020 Cyber Security Strategy Industry Advisory Panel has released a report consisting of 60 recommendations to inform the 2020 Cyber Security Strategy. The Panel’s 60 recommendations are structured around five key pillars:

Read More

Twitter accounts of prominent figures hacked

By Cameron Abbott, Warwick Andersen, Rob Pulham and Keely O’Dowd

Reports have surfaced that the Twitter accounts of prominent companies, politicians and celebrities were compromised on Wednesday, 15 July 2020. Hackers were able to gain large scale access to the Twitter accounts of several prominent and influential US personalities and companies to promote a cryptocurrency scam.

It is concerning that the accounts of prominent figures were targeted and compromised. Given the level of influence and prominence several of those individuals have on social media, the hackers had the potential to cause greater havoc. On this occasion, it appears the hackers were financially motivated to perform the cyber attack by seeking “donations” via Bitcoin. The hackers sent out tweets asking people to donate Bitcoin to an address and the Twitter account holder would double the donation.

Read More

500,000 car owner records found on dark web

By Cameron Abbott and Keely O’Dowd

Intelligence experts KELA recently announced that almost 500,000 customer records of different car suppliers were being offered for sale on the dark web by hacking group “KelvinSecurity Team”.

According to reports, almost 400,000 UK based BMW customers’ data is being sold on the online black market. This data includes the initials and surnames of car owners, home addresses, email addresses, the names of dealerships and car-registration information. The data of Mercedes, SEAT, Honda and Hyundai car owners also form part of the compromised customer records.

Read More

Under attack: Lion suffers second cyberattack and the Federal Government warns of an active cyberattack on Australian organisations

By Cameron Abbott, Keely O’Dowd and Rebecca Gill

News reports have revealed that Lion Beer Australia has suffered a second cyberattack within a week of falling victim to a ransomware attack. While Lion continues to recover from the first cyberattack, it must now investigate, respond and recover from this second attack.

Today, Lion announced it had received reports of Lion document lists posted online in recent days. It is continuing to investigate if any data has been removed from its system. Lion has also advised relevant authorities and regulators of the first incident.

Read More

D’oh! Beer company suffers cyber attack

By Cameron Abbott and Keely O’Dowd

On Tuesday last week, Lion Beer Australia announced it had experienced a cyber incident. During the week, Lion advised there was no evidence to date of any data breaches, but was still investigating the cyber attack. Investigations revealed Lion was subject to a ransomware attack. 

Read More

#WashYourCyberHands

By Cameron Abbott and Keely O’Dowd

There has never been a better time to #WashYourCyberHands.

The COVID-19 pandemic has provided the perfect breeding ground for cyber criminals to capitalise on, and exploit the outbreak of the virus to steal data, commit fraud and circulate online scams. Law enforcement agencies and the cybersecurity industry have seen an increase in the number of targeted cyberattacks by criminals since the outbreak began.

INTERPOL has announced it is launching a global campaign to raise awareness about the top coronavirus related cyber threats throughout the globe. The campaign will provide basic cyber hygiene advice to businesses and individuals on how to ‘wash your cyber hands’ and protect systems and data from cyber threats.

Read More

Privacy Professionals download COVIDSafe App

By Cameron Abbott, Warwick Andersen, Rob Pulham, Michelle Aggromito and Allison Wallace

A number of legal professionals, with significant experience in the field of privacy law, have signed an open letter to encourage individuals to download the Commonwealth Government’s COVIDSafe App.

Among the privacy lawyers are members of K&L Gates own Australian privacy team (and the authors of this blog post) Cameron Abbott, Rob Pulham, Warwick Andersen, Michelle Aggromito and Allison Wallace.

The open letter is signed by members in their personal capacity, and signals that people who care about privacy a lot can still think that supporting the health and economic objectives of the App is more important at this time.

As at the date of this post, more than 5 million people have downloaded the App, with more needed to reach the Commonwealth Government’s target of 40% of the Australian population.

It’s Trace Time! The COVIDSafe App is open for business – Part I

By Cameron Abbott, Warwick Andersen, Rob Pulham and Michelle Aggromito

The Commonwealth Government released its COVIDSafe App for download at 6.00pm AEST on Sunday 26 April, and it surpassed 1.13 million downloads within the first 12 hours. This was far greater than expectations, with Health Minister Greg Hunt commenting that, at best, the hope was that “we might get to 1 million in five days.”

Read More

Copyright © 2019, K&L Gates LLP. All Rights Reserved.