Four major Australian businesses got hacked

UnixGuy

Not sure if the US audience are aware, but the last 30 days have seen 4 x major breaches in Australia happen, comically one after the other.

First is Optus, the second largest telco, what happened wasn't even hack, more like data scrapping from an API. Feds got involved, even the American FBI were involved as it compromised 1/3 of All Australian data if not more, including passports/Licenses, Medical records, etc.

Then Telstra got compromised the followed. Telstra is the biggest Telco, except this time it was just 30,000 employee data leaks, no one cared apparently.

Then Medibank, a health insurance company. Ransomware, and the hackers are threatening to release medical data

and then EnergyAustralia, an energy company but no one seemed to care.

And woolworths, (major supermaker), no one seem to care.

And some university, but that's a monthly occurrence.

Here's a link: https://www.abc.net.au/news/2022-10-21/medibank-optus-data-hack/101558932 

As a Cyber security professional in Australia, I'm quite surprised this doesn't happen more often. I think most (if not all) businesses here get hacked, they just don't know it. The industry needs an uplift. Hiring should be based on skill, but I'll leave it at that.

Thoughts?

JDMurray

The first thing that popped into my mind was how the Australian Signals Directorate (ASD) was applauded for the release of its "Strategies to Mitigate Targeted Cyber Intrusions" in 2010 (aka the "Top 35 Reference Card") before any other world government published similar recommendations. Did no AUS organization take this seriously? Or was there initial implementations but no subsequent auditing and adjustments for the ever-changing threat landscape?

So I just had to mention that, but seriously...

What's the threat intel and timeline on these attacks? Are they serial and coordinated from one threat group? I can't believe that multiple, independent attackers just happened to be honing in on AUS orgs at the same time by coincidence. Did AUS piss-off China again, or is there a big government election coming up? Could be revenge or an attempt to influence change in AUS' political leadership.

UnixGuy

The ASD and federal government can't get small state government to comply wit the "Essential 8" : https://www.cyber.gov.au/acsc/view-all-content/publications/essential-eight-maturity-model

They have no control over private businesses.

The attacks are as random as they get, fairly straightforward and no evidence of a state-nation actor. They seem like amateur hour to be honest.

They are a reflection of the state of the cyber security industry in my opinion. From what I've seen, I'm surprised this doesn't happen more often. Unless they start to hire based on skill, it'll get worse.

JDMurray

This makes me think of how we are seeing more mention of threat actors being teenagers who are very persistent and accomplished into getting into system and stealing (i.e., breach and exfiltration) information to sell on the Dark Web or back to the info's owner. I don't know that there are actually more younger amateurs becoming successful at exploits and attacks, or the news media is just clustering on those types of stories right now because of perceived higher interest by readers.

UnixGuy

some of the attacks were apparently by amateurs. Doesn't take a lot of skills unfortunately