CyberWatch: Australia

Insight on how cyber risk is being mitigated and managed in Australia and across the globe.

 

1
Ashley Madison Hackers Release User Data
2
Australian Cyber Security Centre (ACSC) 2015 Threat Report
3
ASIC Releases Updated Guidance on Electronic Disclosure
4
Ashley Madison Data Security Breach
5
Breaches Update – July 2015
6
Australian Prudential Regulation Authority (APRA) paper
7
Breaches Update – June 2015
8
Westpac Acquires Cyber Security Firm
9
Reports and Surveys Update
10
Cyber Resilience for Financial Services Entities

Ashley Madison Hackers Release User Data

By Cameron Abbott and Melanie Long

On 19 August 2015 the group known as ‘The Impact Team’, who a month earlier hacked into online affair website Ashley Madison, made good on its threat and released a “data dump” of Ashley Madison users’ personal information. A second and larger release of stolen data occurred 2 days later and appears to have included emails sent by Noel Biderman, Ashley Madison’s founder and CEO of parent company Avid Life Media.

Following the release of the stolen data, acting Australian Information Commissioner, Timothy Pilgrim, announced the launch of an investigation into the breach which is to be conducted in liaison with the Office of the Privacy Commissioner of Canada (where Avid Life Media is based). On 28 August 2015 Noel Biderman stepped down from his role as CEO of Avid Life Media.

Read the ABC news’ article in relation to the first data release here.

ABC news’ article relating to second data release can be found here.

The Office of the Australian Information Commissioner’s press release relating to its investigation can be found here.

 

Australian Cyber Security Centre (ACSC) 2015 Threat Report

By Cameron Abbott and Melanie Long

On 29 July 2015, ACSC released its first unclassified ‘Threat Report’ (Report).  The Report highlights the increasing number, type and sophistication of cyber security threats in Australia, and is a timely reminder to organisations to re-assess the level of their cyber security.

The key takeaway messages from the Report include:

  • even organisations that may not think that they hold valuable information, or that they would be of interest to cyber adversaries, could be a target for malicious cyber activities
  • ensuring a resilient, cyber-secure Australia requires coordination between government and the private sector, with organisations and their users taking greater responsibility for the security of their networks and information.

Read More

ASIC Releases Updated Guidance on Electronic Disclosure

by Jim Bulling and Julia Baldi

ASIC has released updated guidance on electronic disclosure. RG 221:Facilitating online financial services disclosures. It outlines ASIC’s expectations for financial services providers that use (or plan to use) technology, including email and the internet, to deliver financial product and financial services disclosures to clients.

See RG 221 here.

Ashley Madison Data Security Breach

By Cameron Abbott and Melanie Long

On 19 July 2015 the Avid Life Media dating website Ashley Madison, which is aimed at married people who want to have an affair, was hacked by a group known as ‘The Impact Team’. The Impact Team has threatened to release users’ profiles if Ashley Madison and other Avid Life Media websites such as Established Men and Cougar life are not shut down. The Impact Team claims to have stolen the details (including names, addresses, credit card numbers and personal sexual fantasies) of over 37 million users.

The story was broken by Brian Krebs, a former cyber crime writer for the Washington Post, on his blog ‘Krebs on Security’. A link to his article, which includes a statement made by Avid Life Media following the hack, can be found here.

Breaches Update – July 2015

by Jim Bulling and Julia Baldi

U.S. Office of Personal Management (OPM)
The U.S. government has confirmed a second cyber attack on the OPM database. Hackers are confirmed to have stolen the personal information in relation to former, current and prospective federal government employees effecting at least 21.5-mllion people (almost 7% of the entire U.S. population).

See the ABC report here, CNN report here and Guardian report here.

OPM’s website, sets out how person’s may have been affected by the breach and what OPM is doing to assist those affected. OPM has sent notifications to those affected by the incident and is offering free identity theft monitoring and restoration services including identity theft insurance and credit monitoring.

OPM has also outlined a cybersecurity action report, available here.

Read More

Australian Prudential Regulation Authority (APRA) paper

by Jim Bulling and Julia Baldi

APRA has released an information paper on outsourcing involving shared computing services, including cloud. The paper discusses risks for outsourcing shared services and ways in which APRA regulated entities may seek to minimise these risks.

See the information paper here.

Breaches Update – June 2015

by Jim Bulling and Julia Baldi

U.S. Office of Personal Management Breach
The U.S.Government’s Office of Personal Management announced that its database has been subject to a cybersecurity breach. Hackers stole data relating to federal government employees dating back three decades and may effect more than four million people.

See the ABC report here and Forbes report here.

The OPM is offering affected individuals credit monitoring services and identity theft insurance. See the OPM announcement here.

Read More

Reports and Surveys Update

by Jim Bulling and Julia Baldi

Tred Micro Q1 2015 Report
Trend Micro Q1 2015 Report finds Australia is the target of increasing ransomware attacks, with Australian holding 6% of the world’s ransomware detections. Australia also ranked second in the world for countries with the highest number of Point of Sale RAM Scraper infections (malware which sources card details) with 10% of the world’s infections, after the United States  with 23%.

See a summary of the report here, and the full report here.

Blue Coat Systems Inc
Blue Coat Systems, Inc., released result of a global research study of 1,580 respondents across 11 countries. Results from the survey found that universally, workers visit inappropriate websites while at work despite typically being fully aware of the risks to their companies.

See the media release here.

Cyber Resilience for Financial Services Entities

by Jim Bulling and Julia Baldi

ASIC Report 429
In March this year, the Australian Securities and Investments Commission (ASIC), issued Report 429 Cyber resilience: Health check (REP 429). The report aims to highlight the importance of cyber resilience for entities regulated by ASIC, including Australian Financial Services Licence holders, Australian Credit Licence holders and listed entities. The Report indicates that ASIC is keen to ensure that Australia keeps pace with developments in Europe and the United States in combatting cybersecurity risks.

Click here to read the full article.

Copyright © 2018, K&L Gates LLP. All Rights Reserved.