Tag: hackers

1
Riding in cars with hackers
2
Interlopers in Things? IoT devices may be used as backdoors to your network
3
Sorry Sir, Our Data Breach Response Plan is Out of Stock
4
Emergency warning system hacked
5
So you plug your shiny Tesla in to charge…
6
China’s main security agency linked to cyber intellectual property theft
7
Former MasterChef contestant falls victim to online fraud attack
8
North Korean cyberattacks increase ahead of summit
9
Foreign Hackers Take Down Triple Zero Network
10
US Department of Homeland Security unveils five point strategy to combat cyber risk

Riding in cars with hackers

By Cameron Abbott, Michelle Aggromito and Alyssia Totham

Ransom-based hacking techniques have primarily been limited to the intangible. We live in a world where unauthorised access to email accounts, bank accounts, and computer systems that may otherwise be private is no longer uncommon.

In some situations, hackers demand a lump sum in return for reinstating control of the accounts and systems to its owners and managers, and otherwise refusing to pay this ransom can likely leave our information and data at the mercy of hackers.

Read More

Interlopers in Things? IoT devices may be used as backdoors to your network

By Cameron Abbott and Karla Hodgson

This month Microsoft reported that its Threat Intelligence Center discovered that IoT (internet of things) devices – a VOIP phone, a printer and a video decoder – were used to gain access to corporate networks in April.

Microsoft have identified Strontium – also known as Fancy Bear or APT28 – as the culprit, a hacker group associated with the Russian government who appear to be targeting government, IT, military and defence, engineering, medical and education sectors. Strontium has been linked to the hacking of Hillary Clinton’s presidential election campaign and of the email accounts of researchers investigating the missile strike on MH17 and the Skripal poisonings. In the last 12 months alone Microsoft has delivered almost 1,400 notifications to those targeted or compromised by Strontium.

Read More

Sorry Sir, Our Data Breach Response Plan is Out of Stock

By Cameron Abbott, Michelle Aggromito and Max Evans

We are living in an era of online shopping, where consumers are more willing to hand over personal information for goods and services, and are less suspicious of whom they are divulging their personal information to. As a result, online businesses are in possession of a vast amount of their customers’ personal information. The recent hack of Sneaker Platform Stock-X reminds us yet again of the importance of businesses maintaining comprehensive and up to date security processes, and in particular, the necessity of having an adequate data breach response plan in place.

Stock-X, a platform for the re-sale of sneakers and apparel, was recently hacked, exposing over six million users’ personal data, including their real name, username, password, shoe size and trading currency. According to a Report by TechCrunch, Stock-X’s initial response was to reset customer passwords, stating that it was due to system updates. A spokesperson for Stock-X later disclosed to TechCruch that Stock-X was alerted to “suspicious activity”. TechCrunch reports; however, an unnamed data breach seller had contacted it claiming more than 6.8 million records were stolen from Stock-X in May, and that the records had been put up for sale and sold on the dark web for $300.

Read More

Emergency warning system hacked

By Warwick Andersen, Rob Pulham and Allison Wallace

A new year, and a new hacking incident – this time, it was the Early Warning Network (EWN) – a text and email service used by councils around Australia to warn locals of emergency situations.

On its Facebook page, EWN stated that a hacker was able to access its system, sending out messages via text, email and landline stating that EWN had been hacked and that the receiver’s personal data was not safe. The message also included links to support email addresses and a website.

EWN said that the hack was quickly identified and systems shut down, with no-one’s personal information compromised during the attack. The attack is believed to have originated within Australia, involving compromised login details.

While EWN said that personal information was not compromised by this incident, it serves as a timely reminder for businesses to check and test their information security processes and data breach response plans – and if one isn’t in place, to implement one.  The Office of the Australian Information Commissioner reported that it received 550 notifications of data breaches from the time the notifiable data breach legislation commenced on 22 February 2018 to 30 September 2018.

If you’d like to find out more about the legislation, or what your business can do to protect itself, check out this 60-second video by Cameron Abbott.

So you plug your shiny Tesla in to charge…

By Cameron Abbott and Wendy Mansell

…and suddenly you are at risk of starting fires.

We all know that these days the Internet of Things is a favourite for cyberattacks, with the latest target being home charging stations for electric cars.

Many home charging stations are controlled remotely by mobile apps, which seem to provide the perfect opportunity for hackers to cause harm.

Hackers cleverly can infiltrate an account and turn charging off or even worse, they may change the current to the extent it can start a fire.

Once again the industry needs to take security seriously for IoT and have the same diligence as IT networks now do.

China’s main security agency linked to cyber intellectual property theft

By Cameron Abbott and Wendy Mansell

In April 2017, PWC, in collaboration with BAE Systems’ published a report on “Operation Cloud Hopper”, which exposed a cyber espionage campaign being conducted by a China-based threat actor. The report suggests that Operation Cloud Hopper is almost certainly the same threat actor known as “APT10”, a Chinese group thought to be behind cyber-attacks against many countries including Japan, Canada and America.

Recently it has been reported that there are links between China’s Ministry of State Security (MSS) and Operation Cloud Hopper. These allegations are from U.S based firm CrowdStrike who have recognised ties between Operation Cloud Hopper and the MSS Tianjin Bureau.

There is no confirmation that the MSS is behind the Cloud Hopper attacks, however Dr Adrian Nish, Head of Threat of Intelligence at BAE Systems said that there is “no reason to doubt” the claims.

The term “Cloud Hopper” describes a technique where cyber espionage groups “hop” from cloud storage services and infiltrate Australian IT systems. Operation Cloud Hopper is responsible for the theft of intellectual property from a number of Australian companies, primarily focused on mining, engineering and professional services firms.

In a week full of news about China activities in the region, the suggestion of state sponsored hacking thefts is a salient warning to companies that their core intellectual property assets are at risk if not well secured.

North Korean cyberattacks increase ahead of summit

By Cameron Abbott and Sarah Goegan

North Korean cyberattack activity appears to have ramped up ahead of the highly anticipated US-North Korea summit, which is expected to take place on 12 June 2018.

North Korean hackers known as Group 123 have been identified as the party responsible for new malware activity targeting users in South Korea.

Read More

Foreign Hackers Take Down Triple Zero Network

By Cameron Abbott and Georgia Mills

The triple zero emergency call service, operated by Telstra, was subjected to an onslaught of more than 1000 offshore calls on Saturday morning, leading to a number of genuine emergency calls being unanswered and sparking a government investigation.

Read More

US Department of Homeland Security unveils five point strategy to combat cyber risk

By Cameron Abbott and Sarah Goegan

This week, the US Department of Homeland Security (DHS) released its Cybersecurity Strategy. The five “pillar” strategy will be executed by the DHS over the next five years, and aims to improve national cybersecurity risk management.

Read More

Copyright © 2019, K&L Gates LLP. All Rights Reserved.