CyberWatch: Australia

Insight on how cyber risk is being mitigated and managed in Australia and across the globe.

 

1
Credential stuffing during COVID-19: Cybersecurity firm purchased over 500,000 Zoom account credentials on the dark web and hacker forums
2
Under attack: Lion suffers second cyberattack and the Federal Government warns of an active cyberattack on Australian organisations
3
D’oh! Beer company suffers cyber attack
4
easyJet hack: Nine million customer records stolen in “highly sophisticated” cyberattack
5
Click your “e-John Hancock” onto that: COVID-19 helps the Australian Government clear the way for electronic execution under section 127(1) of the Corporations Act
6
#WashYourCyberHands
7
Privacy Professionals download COVIDSafe App
8
It’s Trace Time! The COVIDSafe App is open for business – Part II
9
It’s Trace Time! The COVIDSafe App is open for business – Part I
10
“This is a public health app, it’s not a surveillance app”: Review finds “nothing particularly disturbing” about the Federal Government’s coronavirus tracing app

Credential stuffing during COVID-19: Cybersecurity firm purchased over 500,000 Zoom account credentials on the dark web and hacker forums

By Cameron Abbott, Michelle Aggromito and Rebecca Gill

In what could only be adding fuel to the fire that is the growing concern over Zoom’s privacy and data security risks, it has been reported that over 500,000 Zoom accounts were sold on the dark web and hacker forums earlier in April. The accounts were purchased by cybersecurity firm Cyble after it noticed free Zoom accounts were being posted on hacker forums.

Cyble was able to purchase approximately 530,000 Zoom credentials, which included a user’s email address, password, personal meeting URL, and their HostKey (a six-digit number used to host meetings on Zoom). Victims included well-known companies such as Chase, Citibank and educational institutions including the University of Colorado and the University of Florida. According to Cyble, credentials belonging to its clients in the bulk purchase were also confirmed to be correct.

Read More

Under attack: Lion suffers second cyberattack and the Federal Government warns of an active cyberattack on Australian organisations

By Cameron Abbott, Keely O’Dowd and Rebecca Gill

News reports have revealed that Lion Beer Australia has suffered a second cyberattack within a week of falling victim to a ransomware attack. While Lion continues to recover from the first cyberattack, it must now investigate, respond and recover from this second attack.

Today, Lion announced it had received reports of Lion document lists posted online in recent days. It is continuing to investigate if any data has been removed from its system. Lion has also advised relevant authorities and regulators of the first incident.

Read More

D’oh! Beer company suffers cyber attack

By Cameron Abbott and Keely O’Dowd

On Tuesday last week, Lion Beer Australia announced it had experienced a cyber incident. During the week, Lion advised there was no evidence to date of any data breaches, but was still investigating the cyber attack. Investigations revealed Lion was subject to a ransomware attack. 

Read More

easyJet hack: Nine million customer records stolen in “highly sophisticated” cyberattack

By Cameron Abbott, Warwick Andersen, Rob Pulham, Michelle Aggromito and Rebecca Gill

It has been reported that hackers have accessed and stolen details of about 9 million customers of British airline easyJet. Approximately 2,208 easyJet customers have also had their credit card details accessed and stolen.

easyJet reported that it became aware of this “highly sophisticated” cyberattack in late January this year. After an investigation, the airline recently disclosed that the details accessed and stolen by the hackers included email addresses, travel information, and credit card data including CVV numbers.

Read More

Click your “e-John Hancock” onto that: COVID-19 helps the Australian Government clear the way for electronic execution under section 127(1) of the Corporations Act

By Cameron Abbott, Rob Pulham and Warwick Andersen

Temporary amendments to the Australian Corporations Act 2001 (Cth) (Corporations Act) took effect on 6 May 2020, making it easier to facilitate company meetings using remote technology, and providing some certainty as to companies’ execution of documents electronically under section 127(1) of the Corporations Act.

The Corporations (Coronavirus Economic Response) Determination (No. 1) 2020 (Determination) allows company meetings such as AGMs to be held using technology rather than face-to-face meetings, and enables a quorum, votes, notices and the asking of questions to be facilitated electronically. For a more in-depth look at these changes, see “Operating a Business During COVID-19: The Implications for Public Companies” by our colleagues Harry Kingsley, Kaveh Zegrati, and Alex Garfinkel.

Read More

#WashYourCyberHands

By Cameron Abbott and Keely O’Dowd

There has never been a better time to #WashYourCyberHands.

The COVID-19 pandemic has provided the perfect breeding ground for cyber criminals to capitalise on, and exploit the outbreak of the virus to steal data, commit fraud and circulate online scams. Law enforcement agencies and the cybersecurity industry have seen an increase in the number of targeted cyberattacks by criminals since the outbreak began.

INTERPOL has announced it is launching a global campaign to raise awareness about the top coronavirus related cyber threats throughout the globe. The campaign will provide basic cyber hygiene advice to businesses and individuals on how to ‘wash your cyber hands’ and protect systems and data from cyber threats.

Read More

Privacy Professionals download COVIDSafe App

By Cameron Abbott, Warwick Andersen, Rob Pulham, Michelle Aggromito and Allison Wallace

A number of legal professionals, with significant experience in the field of privacy law, have signed an open letter to encourage individuals to download the Commonwealth Government’s COVIDSafe App.

Among the privacy lawyers are members of K&L Gates own Australian privacy team (and the authors of this blog post) Cameron Abbott, Rob Pulham, Warwick Andersen, Michelle Aggromito and Allison Wallace.

The open letter is signed by members in their personal capacity, and signals that people who care about privacy a lot can still think that supporting the health and economic objectives of the App is more important at this time.

As at the date of this post, more than 5 million people have downloaded the App, with more needed to reach the Commonwealth Government’s target of 40% of the Australian population.

It’s Trace Time! The COVIDSafe App is open for business – Part II

By Cameron Abbott, Warwick Andersen, Rob Pulham and Michelle Aggromito

In Part I of this blog, we briefly touched on some of the safeguards that the Commonwealth Government has indicated that they will implement to address privacy concerns. Those proposed new safeguards are intended to satisfy many of the privacy concerns. However, there are additional safeguards that have been implemented in connection with the functionality of the App, which we focus on in Part II here.

Read More

It’s Trace Time! The COVIDSafe App is open for business – Part I

By Cameron Abbott, Warwick Andersen, Rob Pulham and Michelle Aggromito

The Commonwealth Government released its COVIDSafe App for download at 6.00pm AEST on Sunday 26 April, and it surpassed 1.13 million downloads within the first 12 hours. This was far greater than expectations, with Health Minister Greg Hunt commenting that, at best, the hope was that “we might get to 1 million in five days.”

Read More

“This is a public health app, it’s not a surveillance app”: Review finds “nothing particularly disturbing” about the Federal Government’s coronavirus tracing app

By Cameron Abbott, Rob Pulham, Michelle Aggromito and Rebecca Gill

The Federal Government’s coronavirus tracing app has raised some privacy concerns amongst the Australian public. Even some of our government Ministers have ruled out downloading the app due to such concerns! However, the independent cyber security body tasked with reviewing the app has said that it has found no major concerns with it.

Read More

Copyright © 2019, K&L Gates LLP. All Rights Reserved.