Over the weekend, a hacker gained unauthorized access to the Queensland EWN, or Early Warning Network, and used it to send a spam alert via SMS, landline, and email to the company’s subscribers.
EWN is a service offered by Australian company Aeeris that allows Australian councils, or local governments, to send emergency alerts regarding extreme weather, fires, evacuation information, or incident responses. The unauthorized alerts stated that “EWN has been hacked. Your personal data is not safe.” They then went on to tell recipients to email firstname.lastname@example.org to unsubscribe from the service.
The first data breach of 2019 was reported less than 24 hours into the New Year. The details of an estimated 30,000 Australian civil servants were stolen when a directory was downloaded by an unauthorised third party – believed to have phished the email address of a government employee in the state of Victoria.
The Victoria Premier’s Department said it had referred the breach to police, the Australian Cyber Security Centre and the Office of the Victorian Information Commissioner, Australia’s ABC network reported.
Read more about the first data breach of 2019 on CBR.
The Australian government has passed new legislation that would allow law enforcement authorities to force tech companies to hand over user information, even if it’s protected by end-to-end encryption.
The Assistance and Access Bill 2018 has been criticized by Apple as well as other technology companies and academics who argue that the legislation will weaken the data security of all Australians, with a reach that could jeopardize the data of companies, citizens, and societies around the world.
Read more about the controversial Australian law on The Verge.
China allegedly directed an increase in cyber attacks on Australian companies this year that breached a bilateral agreement between the two countries pledging not to steal each other’s commercial secrets, the Sydney Morning Herald reported.
An investigation by Australian broadcaster Nine News and Fairfax Media — which owns the Sydney Morning Herald — found that China’s Ministry of State Security was responsible for the so-called “Operation Cloud Hopper.” It was a wave of attacks that were detected by Australia and its partners in the “Five Eyes” intelligence sharing alliance — which is made up of the U.S., U.K., New Zealand and Canada.
Read more about the increase in cyber attacks directed by China on CNBC.
Austral, a top Australian defence firm with major US Navy contracts has admitted its personnel files were breached and that it was the subject of an extortion attempt. The firm said its “data management system” had been infiltrated by an “unknown offender”.
In a statement, the company claimed that there was “no evidence to date” that “information affecting national security nor the commercial operations of the company have been stolen”. However it said staff email addresses and mobile phone numbers were accessed and the offender purported to offer materials for sale on the internet and “engage in extortion”. “The company has not and will not respond to extortion attempts.”
The Russian military intelligence unit GRU is behind a fresh wave of global cyber attacks, British officials say. Britain’s National Cyber Security Centre has concluded that hackers behind numerous attacks have been identified as GRU personnel.
Australia has joined the UK in attributing four attacks to the GRU: the October 2017 BadRabbit ransomware that hit Russia, Ukraine, Germany, and Turkey; the release of data from a World Anti-Doping agency hack, the 2016 hack of the US Democratic National Committee, which resulted in the publishing of the party’s emails on WikiLeaks and an attack on a “small UK-based TV station” between July and August of 2015.
Read more about the accusations by the UK and Australia on ZDNet.
It happens not with a bang, but a whimper. The lights go out, public transport is halted, networks go dark, and a city is shutdown and paralysed, as an attack against a nation goes beyond bombs and targets its critical infrastructure – all with a few keystrokes.
Read about the new EY’s Risk Pulse Survey which reveals that 80 per cent of respondents considered business interruption from cyber attacks as their top concern on Sydney Morning Herald.
Governments need to develop global cyber security standards and increase information sharing on cyber threats, Daniel Pinto, chief executive of JPMorgan’s corporate and investment bank, said on Saturday.
Read why Daniel Pinto of JPMorgan says that regulators need to develop global cyber security standards to fight against cyber threats on Business Insider.
Read David Benson and Sam Fiddian explain the new data breach guidelines issued by Office of the Australian Information Commissioner (OAIC) on Lexology :
On 29 September 2017, the Office of the Australian Information Commissioner (OAIC) released its latest tranche of draft guidance materials. Those materials provide greater clarity as to the OAIC’s expectations of entities which will be subject to the NDB Scheme (APP Entities).
The Australian Cyber Security Centre (ACSC) released its Threat Report 2017 today. The ACSC is the focal point for the cyber security efforts of the Australian Signals Directorate (ASD), Computer Emergency Response Team (CERT) Australia, the Defence Intelligence Organisation (DIO), the Australian Criminal Intelligence Commission (ACIC), the Australian Federal Police (AFP), and the Australian Security Intelligence Organisation (ASIO).
Read about the new Threat Report 2017 today by the Australian Cyber Security Centre (ACSC) which reveals that there has been a 22 percent increase in cyber crimes in Australia on Open Gov Asia.