Cybercrime , Fraud Management & Cybercrime , Geo-Specific

Australia's Data Breach Wave: Workaday Cybercrime

Nation-State Actors Aren't Going to Be as Obnoxious and Public
Australia's Data Breach Wave: Workaday Cybercrime
A data breach at Australian telecommunications company Optus in September resulted in the exposure of up to 10 million customer records. (Photo: Jeremy Kirk)

Is Australia's data breach wave a coincidence, bad luck or intentional targeting? Maybe all three. But the security weaknesses that have led to the incidents are not exotic. Here's an analysis.

See Also: Live Webinar | Special Delivery! Defending and Investigating Advanced Intrusions on Secure Email Gateways

None of intrusions are the result of indefensible exploits. The culprits are the usual suspects: an insecure API, compromised credentials, a failure to quickly patch, everyday account takeovers and bad development practices. And the people behind these attacks are most likely workaday cybercriminals, not top-level nation-state attackers.

Here's a breakdown of the breaches and incidents:

Optus: Someone discovered an unauthenticated API at the telecommunications company and then tried a ham-fisted, amateur extortion attempt. Experts have long warned of the danger of misconfigured APIs. Data haul: 10 million records, one-third of which contain sensitive ID numbers (see: Optus Attacker Halts AU$1.5 Million Extortion Attempt).

Medibank Private: Unfortunately, this feels like a pro ransomware/extortion group against this large health insurer, which has around 4 million customers. Medibank says compromised credentials led to the intrusion. Problem: Inadequate identity and access controls. Data haul: Health and claims data plus basic bio data. It's a worst-case data theft scenario (see: Hackers Threaten to Sell Stolen Medibank Data, Seek Ransom).

Vinomofo: This online wine retailer says it used production customer data while running tests to upgrade its digital platform, which is a bad development practice. Then, 700,000 customer records turned up for sale on a Russian-language forum. This is workaday cybercrime. This online marketplace run by Woolworths Group says compromised login credentials for its CRM system led to the breach. The data, around 2 million records, appeared for sale on a forum for $600. Again, workaday cybercrime.

Australian Music Examinations Board: AMEB says its online shop, which runs Adobe's e-commerce software, was attacked this month, causing a breach. It appears AMEB may have not acted fast enough after a patch was released for a XSS flaw with a CVSS score of 10 just a day before the board was attacked. Financial crime actors wait and pounce when these dangerous flaws become public. Verdict: Workaday cybercrime.

EnergyAustralia: The energy retailer says 323 residential and small business customers' accounts were taken over between September and October. Account takeovers are a problem for every online service provider. The company did a systemwide password reset. But it doesn't appear EnergyAustralia offers two-step verification on its accounts. Workaday cybercrime, again.

All of the incidents appear to be rooted in cybercriminals exploiting security weaknesses and then trying to turn that stolen data into money. The security issues in play are common areas for discussion and focus.

The worry for Australia should be that nation-state actors aren't going to be as obnoxious and public about their intrusions. And post-Optus, they may very well see Australia as a soft target. If the workaday cybercriminals are having so much success now, Australia may be in for a rough run.

About the Author

Jeremy Kirk

Jeremy Kirk

Executive Editor, Security and Technology, ISMG

Kirk was executive editor for security and technology for Information Security Media Group. Reporting from Sydney, Australia, he created "The Ransomware Files" podcast, which tells the harrowing stories of IT pros who have fought back against ransomware.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.