Online genealogy platform MyHeritage suffered a major data breach in which email addresses and hashed passwords of over 92 million users were leaked. The data breach occurred in October 2017, but was not discovered until 4 June 2018.
MyHeritage became aware of the breach after a security researcher found a file named “myheritage” on a private server. The file contained all the email addresses of MyHeritage users who signed up through to 26 October 2017, and their hashed passwords.
By Cameron Abbott and Sarah Goegan
North Korean cyberattack activity appears to have ramped up ahead of the highly anticipated US-North Korea summit, which is expected to take place on 12 June 2018.
North Korean hackers known as Group 123 have been identified as the party responsible for new malware activity targeting users in South Korea.
Australians are suffering more than ever to various cyber scams, with the ACCC’s ninth annual Targeting Scams Report confirming the ACCC received more than 200,000 scam reports costing a total of roughly $340 million during 2017, a $40 million increase from 2016. Whilst this increase is attributed to a variety of different cyber scams, including investment scams which totalled $64 million, an increase of more than 8%, the second largest contributor to the $340 million total losses was from dating and romance scams which amounted to $42 million. The search for love clearly has its costs. With the average loss suffered per victim totalling $6500, these losses are not inconsequential and continue to push cybersecurity into the forefront of both individuals and businesses daily activities.
The Australian Federal Police are investigating two members of the Bureau of Meteorology’s IT team for allegedly running an operation in which they made use of the Bureau’s powerful computers to “mine” cryptocurrencies.
It was revealed late last week that the AFP raided the Bureau’s Melbourne CBD offices on February 28, and questioned the two employees. No charges have been laid, or arrests made.
By Cameron Abbott and Harry Crawford
I’m sure I saw this in Die Hard 4 but “life imitates art”. A new type of malware has been discovered in a very rare field of operation for hackers: attacking industrial control systems. Cybersecurity firm FireEye has been tight-lipped in detailing the attack, but has indicated that it was against “a critical infrastructure organization” which inadvertently caused operations to shut down. The attack is also reminiscent of the infamous “Stuxnet” virus that was used against Iranian nuclear power plants in 2010. Read More
By Cameron Abbott and Rebecca Murray
As the threat of cybercrime and cyber espionage continues to grow globally, the Law Council of Australia has announced that it will launch a national cyber security information campaign for the legal profession this year. Read the Law Council’s media release here.
The Law Council has been working in partnership with the legal profession, cyber security experts, and government to formulate the information initiative since it nominated cyber security as a key priority at the beginning of the year. Launch of the campaign is expected by the end of 2016.
The president of the Law Council, Stuart Clark, says cyber security is a ‘major problem’ for law firms and the government has an important role to play in raising awareness and providing information about the technology involved. We say, we like teasing large global companies about their security failings … as long as it’s not ours!!
Never mind your credit card details, let’s worry about cybercriminals stealing your identity.
The latest Breach Level Index released by Gemalto has revealed that identity theft was the primary target of hackers in 2015, with stolen personal information accounting for 53% of all data breaches.
It’s a worry, you see, because while your credit card has inbuilt security defences and merchant protection mechanisms, your valuable personal information is probably stored in multiple locations, across a number of interfaces, in a variety of forms, exposing it to substantial risk of theft.
Not only is the massive volume of personal information that is available to be stolen a cause for alarm, but what cybercriminals can potentially do with that information is the major concern.
So who is to blame? Well, malicious outsiders were the leading source of data breaches in 2015, accounting for 58%, accidental loss of data was next and then came malicious insiders, who accounted for 14% of all data breaches.
Clearly, companies need to recognise that today’s cyber environment demands robust security strategies that not only protect networks from external attacks and accidental data loss, but also keep an eye on insiders too.
To secure against a data breach, Gemalto recommends that organisations commit to the encryption of all sensitive information, secure storage and management of data and encryption keys, and controlled access and authentication of users.
Access the Gemalto 2015 Breach Level Index Report here.