CyberWatch: Australia

Insight on how cyber risk is being mitigated and managed in Australia and across the globe.

 

1
Twitter accounts of prominent figures hacked
2
EU Court of Justice Invalidates Privacy Shield
3
500,000 car owner records found on dark web
4
Woolworths hit with largest SPAM infringement to date
5
“The best of its kind anywhere in the world today”: COVIDSafe among the safest tracing apps globally, study finds
6
Credential stuffing during COVID-19: Cybersecurity firm purchased over 500,000 Zoom account credentials on the dark web and hacker forums
7
Under attack: Lion suffers second cyberattack and the Federal Government warns of an active cyberattack on Australian organisations
8
D’oh! Beer company suffers cyber attack
9
easyJet hack: Nine million customer records stolen in “highly sophisticated” cyberattack
10
Click your “e-John Hancock” onto that: COVID-19 helps the Australian Government clear the way for electronic execution under section 127(1) of the Corporations Act

Twitter accounts of prominent figures hacked

By Cameron Abbott, Warwick Andersen, Rob Pulham and Keely O’Dowd

Reports have surfaced that the Twitter accounts of prominent companies, politicians and celebrities were compromised on Wednesday, 15 July 2020. Hackers were able to gain large scale access to the Twitter accounts of several prominent and influential US personalities and companies to promote a cryptocurrency scam.

It is concerning that the accounts of prominent figures were targeted and compromised. Given the level of influence and prominence several of those individuals have on social media, the hackers had the potential to cause greater havoc. On this occasion, it appears the hackers were financially motivated to perform the cyber attack by seeking “donations” via Bitcoin. The hackers sent out tweets asking people to donate Bitcoin to an address and the Twitter account holder would double the donation.

Read More

EU Court of Justice Invalidates Privacy Shield

By Cameron Abbott, Claude Etienne-Armingaud, Rob Pulham, Michelle Aggromito and Keely O’Dowd

On the morning of 16 July 2020, in a significant decision of the Court of Justice of the European Union (CJEU), the Privacy Shield was held to be invalid.

Read More

500,000 car owner records found on dark web

By Cameron Abbott and Keely O’Dowd

Intelligence experts KELA recently announced that almost 500,000 customer records of different car suppliers were being offered for sale on the dark web by hacking group “KelvinSecurity Team”.

According to reports, almost 400,000 UK based BMW customers’ data is being sold on the online black market. This data includes the initials and surnames of car owners, home addresses, email addresses, the names of dealerships and car-registration information. The data of Mercedes, SEAT, Honda and Hyundai car owners also form part of the compromised customer records.

Read More

Woolworths hit with largest SPAM infringement to date

By Cameron Abbott and Keely O’Dowd

Woolworths recently paid a $1 million infringement notice and agreed to a court-enforceable undertaking with the Australian Communications and Media Authority (ACMA) in response to breaches of Australian Spam laws.

ACMA announced Woolworths had breached the Spam Act 2003 (Cth) (SPAM Act) more than five million times when it sent marketing emails to consumers after they had previously unsubscribed to Woolworths’ messages. ACMA’s investigation into Woolworths’ compliance with the SPAM Act revealed Woolworths’ systems, processes and practices were inadequate to comply with the Spam laws.

Read More

“The best of its kind anywhere in the world today”: COVIDSafe among the safest tracing apps globally, study finds

By Cameron Abbott, Warwick Andersen, Rob Pulham and Rebecca Gill

In some positive news about the Federal Government’s COVIDSafe app, the University of Adelaide’s cybersecurity experts have assessed the Australian contact tracing app to be one of the best and safest among 34 apps used globally to track and trace COVID-19 cases.

A team from the University’s School of Computer Science made the judgment in a study which assessed Android versions of 34 of the world’s COVID-19 contact tracing apps for security and privacy vulnerabilities.

Read More

Credential stuffing during COVID-19: Cybersecurity firm purchased over 500,000 Zoom account credentials on the dark web and hacker forums

By Cameron Abbott, Michelle Aggromito and Rebecca Gill

In what could only be adding fuel to the fire that is the growing concern over Zoom’s privacy and data security risks, it has been reported that over 500,000 Zoom accounts were sold on the dark web and hacker forums earlier in April. The accounts were purchased by cybersecurity firm Cyble after it noticed free Zoom accounts were being posted on hacker forums.

Cyble was able to purchase approximately 530,000 Zoom credentials, which included a user’s email address, password, personal meeting URL, and their HostKey (a six-digit number used to host meetings on Zoom). Victims included well-known companies such as Chase, Citibank and educational institutions including the University of Colorado and the University of Florida. According to Cyble, credentials belonging to its clients in the bulk purchase were also confirmed to be correct.

Read More

Under attack: Lion suffers second cyberattack and the Federal Government warns of an active cyberattack on Australian organisations

By Cameron Abbott, Keely O’Dowd and Rebecca Gill

News reports have revealed that Lion Beer Australia has suffered a second cyberattack within a week of falling victim to a ransomware attack. While Lion continues to recover from the first cyberattack, it must now investigate, respond and recover from this second attack.

Today, Lion announced it had received reports of Lion document lists posted online in recent days. It is continuing to investigate if any data has been removed from its system. Lion has also advised relevant authorities and regulators of the first incident.

Read More

D’oh! Beer company suffers cyber attack

By Cameron Abbott and Keely O’Dowd

On Tuesday last week, Lion Beer Australia announced it had experienced a cyber incident. During the week, Lion advised there was no evidence to date of any data breaches, but was still investigating the cyber attack. Investigations revealed Lion was subject to a ransomware attack. 

Read More

easyJet hack: Nine million customer records stolen in “highly sophisticated” cyberattack

By Cameron Abbott, Warwick Andersen, Rob Pulham, Michelle Aggromito and Rebecca Gill

It has been reported that hackers have accessed and stolen details of about 9 million customers of British airline easyJet. Approximately 2,208 easyJet customers have also had their credit card details accessed and stolen.

easyJet reported that it became aware of this “highly sophisticated” cyberattack in late January this year. After an investigation, the airline recently disclosed that the details accessed and stolen by the hackers included email addresses, travel information, and credit card data including CVV numbers.

Read More

Click your “e-John Hancock” onto that: COVID-19 helps the Australian Government clear the way for electronic execution under section 127(1) of the Corporations Act

By Cameron Abbott, Rob Pulham and Warwick Andersen

Temporary amendments to the Australian Corporations Act 2001 (Cth) (Corporations Act) took effect on 6 May 2020, making it easier to facilitate company meetings using remote technology, and providing some certainty as to companies’ execution of documents electronically under section 127(1) of the Corporations Act.

The Corporations (Coronavirus Economic Response) Determination (No. 1) 2020 (Determination) allows company meetings such as AGMs to be held using technology rather than face-to-face meetings, and enables a quorum, votes, notices and the asking of questions to be facilitated electronically. For a more in-depth look at these changes, see “Operating a Business During COVID-19: The Implications for Public Companies” by our colleagues Harry Kingsley, Kaveh Zegrati, and Alex Garfinkel.

Read More

Copyright © 2019, K&L Gates LLP. All Rights Reserved.