Companies, big or small, have for years demanded our data before letting us purchase their products or services, all while promising that it was being kept safe and secure. However, in light of recent cyber attacks that have left millions of Australians around the country, we know that this is not always the case.
Moreover, these cyber security attacks resulted in a breach of sensitive customer data leading to significant reputational and financial repercussions for these two companies. But the big question is how these corporations failed to protect millions of customers’ data. What could they have done to avoid a disaster like this in the first place?
Furthermore, these database hacking incidents have left us wondering about the importance of security in technology and why companies need to bolster their cyber security workforce with competent individuals capable of preventing or, if worst comes to worst, stopping such attacks.
Fortunately, there are many ways to safeguard your information, and it’s essential to stay up-to-date on the latest threats so you can protect your business accordingly. But, more on that later.
In this article, we’ll discuss these two cyber security breaches in greater detail and explain what happened and how businesses can best prepare themselves to avoid being on the receiving end of such hacks.
One thing is for sure, the cyber attacks on Optus and Medibank have put the importance of cyber defence into perspective. This is a reminder that no matter how big or small your business may be, you need to ensure your database system is safe and protected with the best security protocols relative to the size of your technological implementation.
Having proper IT security measures and protocols in place is more important than ever in today’s technology-dominant world, and these two incidents are proof of that.
But, before we move any further into the best practices of cyber defence, let’s examine these two incidents in greater detail and uncover the questions everyone wants to be answered; Who were the attackers? How was the data accessed? What was stolen? Starting with…
It has been reported that Optus, one of Australia’s largest telecommunications companies, was the subject of a massive data breach, with 10 million customer accounts compromised. Unfortunately, with this unfortunate event happening on their hands, there are few details about what happened and where those harmed will go from here.
Reliable information about what happened has been difficult to find, and our research is primarily based on the official announcements made by Optus representatives.
Even though the hackers’ true identity remains unknown, Optus claims it was the target of a “sophisticated attack”. The only person to come forward since then, claiming to have the data, has been a user called ‘Optusdata’ on a data breach forum.
The user later posted 10,000 customer records before deleting the posts and apologising the next day. The reasons for the hackers’ change of heart are also unknown. The hacker also claims to have also allegedly deleted the only copy of the Optus data after publicly apologising.
However, there is no way to validate and verify this, as other attackers could have accessed the data the same way, meaning all copies of the stolen data may have yet to be deleted. Furthermore, It is unclear if the alleged attacker was the only party to have obtained the customer data, which is a significant uncertainty stressing out customers caught in this cyber attack.
Optus claims they didn’t pay the ransom. So, why did the hacker back down? The hacker referenced increased public attention as the reason for the extortion withdrawal, but nothing is known about this person’s intentions beyond what was on the forum.
The attacker uploaded a text file of 10,000 records to a data breach website and threatened to leak 10,000 new records each day for the next four days unless Optus paid the ransom fee of $1M in cryptocurrency. The leaked text is believed to contain sensitive customer information such as names, birth dates, email addresses, driver’s licence numbers, passport numbers, Medicare numbers, phone numbers, and address information.
It also included more than a dozen state and federal government email addresses, including four from the defence department and one from the Department of Prime Minister and Cabinet.
In all this, customers have been caught in the middle, with scammers plotting nefarious schemes and capitalising on this opportunity by targeting Optus customers affected in the hack with fraudulent threats to extort ransom.
While Optus still claims the breach occurred due to a “sophisticated attack”, the federal government maintains that it was due to an error by the company that had left the data accessible online. Several reports also suggest Optus had an application programming interface (API) available online that did not require authorisation or authentication to access customer data.
Corey J Ball, the senior manager for cyber security consulting at Moss Adams, said, “In such an instance, where a public API endpoint did not require authentication, anyone on the internet with knowledge of that endpoint [URL] could use it.”
“Without technical controls for authentication and authorisation, any user could have requested any other user’s information. The attacker likely scripted the process to repeat requests from the endpoint until they had collected millions of instances of personally identifiable information.”
The Australian Federal Police are currently involved in an investigation looking into the origins of Optus’s cyber attacks. Optus has also commissioned a Deloitte team for a forensic review to uncover what happened and why following the significant data breach. With Optus liaising closely with governmental authorities, specific details of this breach have yet to be disclosed to the public. It remains to be seen what Deloitte will uncover in their forensic investigation.
It is believed that Deloitte will conduct an external review of the incident, conduct an in-depth analysis of Optus’ cyber security landscape, and put their risk & security controls and processes under the microscope.
Next on the agenda, we have the Medibank data breach. Medibank has revealed that the Cyber attack on customer data is much wider than initially thought.
The healthcare provider has confirmed that data from its main brand customers has been compromised. Medibank initially believed that the only targets in the cyber attack were its budget insurance subsidiary, AHM and its international student healthcare service.
However, it’s been confirmed that data from Medibank’s core brand was also hacked, widening the breach to potentially 4 million customers and countless former Medibank members and customers.
Medibank says it only learned of the widened scope after being contacted a second time by a criminal entity over the weekend. This is a severe concern to customers, as it puts them at risk of identity theft and fraud. Medibank has apologised for the incident and is working with authorities to investigate the cause of the breach.
Medibank chief executive David Koczkar maintains that the criminals must’ve stolen a username and password from someone with high-level credentials to their systems.
Sources of 7NEWS Australia believe that the stolen high-level login credential was offered for sale in several Russian language forums and bought by a cybercriminal who used the details to subsequently access Medibank’s database setting up two entry points to gather and then extract the data.
To aid customers in this troubling situation, Medibank has set up a helpline for concerned customers and a crisis line for those in distress. Medibank has also said it will provide hardship support for some customers, ID protection and monitoring, and reimbursement for ID replacements for those whose identities have been compromised.
Cyber Security experts claim this breach is even worse than the one that hit Optus in late September. Professor of the RMIT Centre For Cyber Security Research, Matt Warren, told 7NEWS Australia that three primary reasons have contributed to this cyber disaster:
Medibank has confirmed that the cybercriminal hacked the personal data, including health claims data information pertaining to diagnosed medical conditions and treatment history, of almost 4 million of its customers.
As a result, customers are furious and distressed following the incidents as their most private information has been breached and compromised, leaving them prone to scams and further exploitation from hackers. Essentially, victims can be re-victimised, and this is what is causing Medibank’s customers to become anxious.
The criminal has reportedly demanded a ransom which Medibank maintains they won’t pay as they believe there’s very little chance the payment would prevent the leaked data from being published online. Furthermore, the company feels that paying could harm more people in the long run by making Australia a primary cyber target.
It is reported that the attacker also accessed the Medicare numbers of AHM customers and passport numbers and visa details for international student customers.
Medibank has confirmed that the attacker did not access primary ID documents such as driver’s licences for Medibank and AHM customers and did not access credit card or banking details or health claims data for extra services such as dental, physio or optical.
Several cyber security experts claim that international computer-hacking syndicates will eye more Australian targets after these recent data breaches.
Cyber security expert Ben Walker believes cyber attackers will feel encouraged following the recent attacks at Optus and Medibank. Walker was surprised by the attack on Medibank as he claims their cyber defences were thought to be quite sophisticated and mature.
He also felt that If it wasn’t Medibank, it certainly could have been one of the other big private health insurers, further pointing out that hospitals or general practice surgeries could be future victims.
Whether or not cyber attacks become more rampant in the coming days and weeks ahead remains to be seen. Regardless, all businesses of all scales and sizes need to be on the lookout and ensure best cyberdefense practices are implemented to safeguard themselves and their customers from cyber-attacks and data breaches.
But what can businesses exactly do to protect themselves from these disruptive situations? Let’s find out!
As a basic rule of thumb, all organisations should have customised IT security policies and protocols to ensure optimal protection from cyber threats.
But what should these policies entail? First, IT Security Policies should define the main risks within the organisation and provide guidelines on how to reduce these risks.
The policies must be customised based on the organisation’s valuable assets and most significant risks. This is not the time or instance to practice a “one size fits all” approach because not all organisations will be susceptible to the same level of IT threat.
The type and potential impact of cyber breaches can vary depending on the size, scale, and scope of IT implementation and the data the organisation is handling and exposed to.
With almost all businesses operating online, you must pay the utmost attention to protecting yourself and your customers from cyber crime. Small and mid-sized businesses need to be even more mindful of this as they are more susceptible to falling victim to these incidents than larger enterprises. This is because these businesses don’t have the financial muscle and competent IT security workforce that more significant enterprises do and therefore are seen as easier targets by criminals.
These are our recommendations to stand the best chance of preventing potentially catastrophic cyber attacks.
Data backup is an integral component of any cyber defence strategy that helps to protect businesses and individuals from data loss. Data loss can occur due to multiple reasons – hardware failure, software corruption, or, as it pertains to our specific case in this article, malicious attacks.
By backing up data regularly, businesses can minimise the risk of data theft and ensure that critical information is always stored in a safe environment. In addition, a backup can help restore lost data and quickly minimise the impact on operations in a data loss incident.
The must-have IT policies that every organisation needs:
The goal should be to reduce or eliminate security risks continually. As such, you must conduct a Security Risk Assessment and use this information to ensure the safety of your company’s assets by implementing adequate policies, including having these requisite resources available when needed most!
Examine and determine the scope of your IT policies, including who the policy will address and what assets will be covered.
It is also crucial to ensure your policy is written to be easily understood by employees and enforced by management. Implement training programs or internal workshops if needed. The key takeaway is that all employees in your organisation must be aware of the consequences of not complying with the policy.
Finally, continuously update your policies at least once a year to keep them fresh and up to date with your company’s procedures and in line with internal and external security concerns.
With end-to-end encryption, data is encrypted at the source and can only be decrypted by the intended recipient, minimising the possibility of interception and data theft.
In addition, end-to-end encryption can also help to prevent data leaks, as the data will be useless and unreadable to anyone who does not have the encryption key.
To drastically mitigate access for hackers and cybercriminals, you must exercise multi-factor authentication on all digital properties. For example, suppose an MFA protocol protects every data system in your company, even in the worst-case scenario where a hacker acquires your login credentials. In that case, they won’t gain access until they can authenticate with a secondary option, be it biometrics, verification code, or another type of physical authentication.
Ensure high-level access to your systems is only available to authorised personnel who can be trusted. This way, you can protect your data and IT systems from potentially falling into the wrong hands.
Your employees must be aware of the importance of implementing cyber defence best practices, such as regularly updating their passwords, using complex passwords, detecting phishing and spammy emails and understanding their potential threats.
At the very least, ensure your employees have strong passwords and two-factor authentication enabled on their accounts. Using a password manager to create and store complex passwords is also a good idea.
These latest data breaches are a stark reminder of how important it is to have robust cyber security systems and policies. If you’re an Optus or Medibank customer who has been unfortunately caught in this incident, keep an eye on your account for any suspicious activity and contact the authorities if you notice anything amiss.
Cyber security should be top of mind for businesses and consumers alike, so if you’re not confident about your security systems and policies, now is the time to take action.
The fact that both Optus and Medibank have been breached in such a short time frame highlights how vital cyber security is. Cybercriminals are becoming increasingly sophisticated, so it’s more important than ever to ensure your company has the best security measures in place.
Remember, your customers count on you and entrust you with their private information. If you don’t have the resources to keep your data secure, consider partnering with a company who take DevSecOps and IT seriously so that they can help keep your systems safe from attacks.
Book a Discovery Call with us today to discuss the best possible way to get your business up to scratch when it comes to keeping your data safe from prying eyes.
November 10, 2022