Managing Threats & Attacks – Page 4

Not So Zoomy: Use of Videoconferencing Technology “Zoom” on the Rise, but Privacy and Data Security Inadequacies suggest Users should Tread Carefully

Mar 26 2020

By Cameron Abbott, Warwick Andersen, Rob Pulham and Max Evans

As the world grinds to a halt following the perpetuation of COVID-19, more and more businesses have turned to remote work arrangements. This has led to a sharp rise in the use of videoconferencing technology Zoom. However, as the Australian Financial Review notes, flawed data security and privacy practices mean that the use of Zoom could be disastrous for corporate and personal privacy.

Concerns surrounding the use of Zoom arose earlier this year, with critical security vulnerabilities enabling hackers to predict Meeting ID’s and therefore join active meetings, and also allowing any website to forcibly join a user to a Zoom call with their video camera activated and without the user’s permission. Whilst a number of these errors were patched up, as the article notes, Zoom refused to disable the ability for hackers to forcibly join to a call anyone visiting a malicious site, raising security red flags and undermining public confidence in Zoom’s attitude towards data security. A strange response given that part of its attraction had been a perceived stronger approach to security.

Mar 25 2020

By Cameron Abbott, Michelle Aggromito and Rebecca Gill

It’s upsetting to report, but should come as no surprise, that scammers are seeking to take advantage of organisations during the COVID-19 pandemic.

The Australian Competition and Consumer Commission’s Scamwatch website reports that phishing attacks are on the rise, with scammers impersonating the World Health Organisation and other agencies. Scams include anything from offering victims a vaccine for COVID-19 to investment opportunities created by the pandemic.

Mar 06 2020

By Cameron Abbott and Max Evans

Following Australia’s latest round of expanded 5G restrictions, the South Australian Government has made a decision to remove all close circuit surveillance cameras made by a Chinese surveillance giant from health department buildings, according to an article by the Sydney Morning Herald.

The article notes that the relevant cameras are made by the partially state-owned Chinese surveillance technology company Hikvision, which was blacklisted in October 2019 by the United States for their alleged role in human rights violations and in purporting to create a surveillance network amongst federal agencies. Issues with Hikvision in South Australia were first identified in the course of a Commonwealth-funded trial in which Hikvision cameras were to be used in the rooms of aged care residents as a means to improve overall safety.

Mar 05 2020

By Cameron Abbott, Warwick Andersen, Rob Pulham and Max Evans

Privacy lawyers have been waiting for this day for years (some of us decades). Privacy is on the front page of the Sydney Morning Herald and the Age, despite there being no actual data breach. According to the article, Alinta Energy, one of the Australia’s biggest energy companies, is putting the privacy of its over 1.1 million retail gas and electricity customers at risk through poor privacy protections and a lack of proper oversight.

While this is an interesting piece of investigative journalism, what is really interesting is that privacy is now newsworthy even in the absence of a data breach. It has been a long time coming but it seems society now rates privacy as front page news. As our lawyers have already been pointing out in giving presentations this year – privacy has finally hit the big time!

You’ve got mail…and lots of it according to the latest OAIC report!

By Cameron Abbott and Michelle Aggromito

With email being one of the most common forms of communication, it’s not surprising that inboxes these days accumulate thousands of emails that, perhaps, aren’t always electronically filed or deleted (not ours of course).

As the Office of the Australian Information Commissioner (OAIC) has indicated in its most recent report on notifications received under the Notifiable Data Breach (NBD) scheme, email accounts are frequently being used for storage, and this raises inherent risk. Yes it’s convenient, but using email to send personal information, such as copies of passports, bank account details and credit card information, can very quickly lose its appeal. If the email account is accessed by a malicious actor through a phishing attack or a rogue employee, the end result can be exploitation of that information for criminal gain.

A New Low: Red Cross subject to Fraudulent Claims for Bushfire Grants by Cyber Thieves

Mar 02 2020

By Cameron Abbott and Max Evans

If you thought cyber attackers couldn’t go any lower, think again. Cyber thieves are tying up valuable resources at the Australian Red Cross through computer generated applications for bushfire relief assistance, according to an article from the AAP.

According to the article, cyber thieves are using applications to automate hundreds of fraudulent attempts to access financial assistance from the Red Cross, which is distributing grants of up to $20,000 per application with a total grant of around $1,000,000 per day. In one community, there were applications made in respect of 15 homes that purportedly had been destroyed by bushfires, but when physically checked remained unaffected. Go figure!

Toll’d You So: Cyber Security Incident Cripples Toll’s Supply Lines, Causes Customer Backlash

Feb 24 2020

By Cameron Abbott, Warwick Andersen and Max Evans

Further information surrounding the specific details and extent of the security breach suffered by transport and logistics network Toll, which we previously blogged in respect of, have been revealed by the Australian Financial Review.

The crippling ransomware attack, known now as “Mailto” or “Kazakavkovkiz” caused Toll to suspend many of its delivery and tracking systems with a Toll spokesperson indicating that the company needed to suspend up to 500 applications that supported its operations across 25 countries worldwide. In Australia, entities such as Nike, Optus, and Telstra were forced to address a multitude of customer complaints arising out of packages affected by the relevant cyber attack.

You’ve Got (Junk) Mail: Optus Slammed with $504k Fine For Spam Law Breach

Feb 17 2020

By Cameron Abbott, Max Evans and Florence Fermanis

Optus has been fined $504,000 by the Australian Communications and Media Authority (ACMA) for breaching spam laws, according to articles by the ABC and the SMH. The fine is the second largest in ACMA’s history to be awarded, being just $6,000 shy of the $510,000 fine which was slapped on Telstra in 2014 for missing service standards for urban landline connections.

Despite customers notifying Optus of their wish to opt-out or unsubscribe from such messages, an ACMA investigation found that customers still received the relevant messages, resulting in more than 2 million breaches to the Spam Act 2003 (Cth). Rather than a ‘one-off’ issue, it was found that Optus had systemic deficiencies with their compliance procedures and governance.

Don’t let coronavirus get your system infected

Feb 07 2020

By Cameron Abbott and Allison Wallace

You’ve all likely seen various news reports and online posts about the coronavirus epidemic – you may have even received email alerts on how you can protect yourself from being infected.

It turns out cyber criminals are using our curiosity to bait us with fake documents purporting to inform us about coronavirus while actually infecting our systems with malware.

Taking its Toll: Toll Shuts Down IT Systems Citing Cyber-Security Incident

Feb 05 2020

By Cameron Abbott, Max Evans and Florence Fermanis

We have our first large scale data breach of the decade. Toll, a transport and logistics network which delivers up to 95 million items globally every year, has temporarily shut down a number of its IT systems as a precautionary measure after suffering a cyber-security breach on Friday, according to an article by the SMH.

A spokesperson has indicated that Toll has cybersecurity experts working closely with their IT team on the breach, and is taking careful internal measures so that systems can be brought back up online in a “controlled and secured manner”. Additionally, Toll has initiated business continuity plans to minimise the disturbance brought on by the breach. While any official numbers of affected customers and the exact nature and extent of the breach have not yet been released by Toll, The Register has reported that the breach has reportedly affected customers in Australia, India and the Philippines.

Catagory:Managing Threats & Attacks