We have been tracking (yet another) busy month in the world of cyber security. We’ve brought together the top cyber-related news for October, so you don’t have to, including:
- details of the upcoming webinar on the power of the cyber simulation we are hosting with FTI Consulting and Coveware;
- cyber-related regulator and government updates and news;
- various industry reports on the cyber threat landscape;
- industry news and media updates; and
- recent reported cyber incidents.
Contents
-
News from HSF
-
Regulatory and government updates and news
-
Cyber research and reports
-
Industry news and media updates
-
Recent cyber incidents and developments
The power of the cyber simulation – Building cyber resilience through effective simulations
A key feature of any company’s cyber resilience is its ability to recover from a cyber incident. Regulators have made it clear that a company must have a clear and comprehensive response and recovery plan, and this plan must be tested and tested regularly. The crisis simulation is one of the most effective ways to build cyber resilience and test the strategic response of an organisation. We have run a number of crisis simulations with some of Australia’s largest companies and most prominent boards. We are teaming up with FTI Consulting and Coveware to help you understand “what good looks like”. Join us, as we take a close look at the features of an effective management and board crisis cyber simulation.
Time: Wednesday, 14th November at 12.30pm – 2.00pm
Boardrooms improving security postures
Off the back of HSF’s Managing Cyber Risk Survey 2023, the Australian Institute of Company Directors (AICD) has signalled that more work needs to be done by boards to improve their security postures. In its recent board competencies update the AICD notes that “The [HSF] report emphasises that for lawyers to effectively respond to cyber-attacks, they need to be empowered and activated to manage digital risks. They also need to be part of the preparatory work and to be prepared for the myriad of legal issues that will unfold at pace”.
Reportable situations regime: ASIC modifies licensees’ obligations
ASIC – 19 October 2023
ASIC has introduced the ASIC Corporations Credit (Amendment) Instrument 2023/589 which modifies licensees’ obligations under the reportable situations regime. The amendment eliminates the need for licensees to submit notifications about certain reportable situations from 20 October 2023. Licensees will also have up to 90 days (previously 30 days) to lodge a report with ASIC if they have reasonable grounds to believe that a reportable situation has arisen. This applies if the underlying circumstances are the same as, or substantially similar to, a previously reported situation.
ASIC Annual Report 2022-23
ASIC – October 2023
ASIC has published its 2022-23 Annual Report which includes insights into the regulator’s investment and research into cybersecurity. Notably, ASIC conducted its first Cyber Pulse Survey in June which sought to help firms measure and compare their current cyber posture. ASIC’s Cyber Consultative Panel has also focussed on reinforcing ASIC’s supervisory approach for cyber resilience of financial services and markets. Cyber and operational resilience remains one of ASIC’s strategic priorities moving forward, with the regulator working with APRA and other oversight bodies to address existing cybersecurity gaps.
Australian Cyber Security Centre releases critical alert over Cisco IOS XE vulnerability
CyberDaily.au – 17 October 2023
This article explores the ACSC’s critical alert statement about Cisco’s IOS XE, a Linux-based distributed software architecture, which is reported to have a vulnerability that could lead to a remote takeover of a system. It has been recommended by Cisco that customers disable the HTTP Server feature on all internet-facing systems while the company undergoes an update, with the ACSC committing to monitoring the situation and providing assistance, as required.
Qld gov introduces data breach notification legislation
CRN – 17 October 2023
This article reports on the introduction of the [Information Privacy and Other Legislation Amendment Bill 2023], which seeks to establish a mandatory data breach notification scheme in Queensland. If passed, Queensland would join New South Wales as the only other state to introduce such a regime. See also ITNews article (13 October).
Cautious welcome for govt’s planned privacy law upgrade
InnovationAus.com – 28 September 2023
This article focusses on the government’s planned upgrade of Australia’s privacy laws. The Government has agreed, in principle, to introduce new stricter requirements for handling personal information, along with new penalties and an end to exemption from law for small businesses.
SolarWinds and its CISO face SEC charges
ITNews.com.au – 31 October 2023
This article reports that SolarWinds and its CISO, Timothy Brown are set to face charges from the U.S. Security and Exchange Commission (SEC) alleging that critical vulnerabilities lead to the infamous attack on the company. The SEC alleged that for years SolarWinds overstated its cybersecurity and understated (or failed to disclose) known risks. It is also alleged that SolarWinds and Brown “ignored repeated red flags about SolarWinds’ cyber risks, which were well known throughout the company”. The SEC also made a statement signalling that this enforcement action underscores its message to “implement strong controls calibrated to your risk environments and level with investors about known concerns”.
Companies should prepare to comply with new SEC cybersecurity rules
Reuters – 2 October 2023
This article examines how companies must ready themselves for new U.S. Securities and Exchange Commission (SEC) cybersecurity rules. The new rules introduce mandatory cyber incident reporting requirements for all U.S. listed companies, and issuers must disclose incidents that are determined to be material by the company.
Experts to guide lagging digital ID program
InnovationAus.com – 24 October 2023
This article focuses on the new Ministerial Digital ID Expert Panel, chaired by former NSW Digital Government minister Victor Dominello, which has been established to provide independent advice on Australia’s Digital ID system. The system will allow citizens to verify their identity online to access public and private services and is intended to reduce the need to share personal information like licences or passports with individual organisations to access services.
Tech forum established in Parliament
InnovationAus.com – 18 October 2023
This article highlights the introduction of the Parliamentary Friendship Group on Tech and Innovation, a cross-party forum launched to drive engagement and understanding on the role of technology and innovation in building Australia’s economy.
Five Eyes intelligence chief warns on China’s ‘theft’ of intellectual property
ITNews.com.au – 19 October 2023
This article details the joint statement released from the ‘Five Eyes’ countries’ intelligence chiefs – the United States, Britain, Canada, Australia and New Zealand – in which they accuse China of intellectual property theft and using artificial intelligence for hacking and spying activities against the nations. See also Reuters article (19 October) and ABC Listen video (18 October).
PM unveils $5b big tech spend as he arrives in US
The AFR – 24 October 2023
This article reports that Microsoft will invest a record $5bn to bolster Australia’s cybersecurity, with a focus on cloud computing for the uptake of artificial intelligence. The tech giant’s investment more closely aligns Australia to the US, where tech companies have been commissioned by the Biden administration to support the government in fighting cyber attacks. See also the Australian article (24 October), ABC article (24 October), SMH article (24 October) and ITNews article (24 October).
ASD takes cyber offensive to “tens” of targets in the last year
ITNews.com.au – 26 October 2023
This article explores the Australian Signals Directorate’s offensive cyber security actions in the past year, with Director-General Rachel Noble giving a figure of “30 to 50 individual activities”. Noble confirmed targets have been limited to “cybercriminal syndicates,” though many have been able to regroup and renew their malicious activity given the dynamic nature of the space.
Cyber Security Awareness Month: The AFP on the lure of phishing
CyberDaily.au – 26 October 2023
This article includes a video on phishing released from the AFP’s Cybercrime series, with Tim Stainton, Detective Superintendent of the Joint Policing Cybercrime Coordination Centre, breaking down how phishing works and what can be done to protect yourself from falling victim to these covert forms of hacking. To see more from the AFP’s Cybercrime series, including videos on ransomware extortion and remote access scams, see AFP Cybercrime.
New Zealand’s Chris Hipkins and Christopher Luxon toughen up on China, defence
The Australian – 7 October 2023
This article highlights New Zealand’s embrace of a historic new era in national security with a tougher approach to China who have been implementing cyber espionage strategies to gain a stronghold on the APAC region.
Cyber security trends 2023: The latest threats and risk mitigation best practice – before, during and after a hack
Allianz Commercial – October 2023
Allianz Commercial’s latest cyber report examines concerning tends across the cyber landscape in 2023, with a particular focus on the resurgence in ransomware and extortion claims and increase in hackers targeting IT and physical supply chains to launch mass cyber attacks.
Key findings include:
- 143% increase in the number of ransomware victims globally during the first quarter of 2023.
- Ransomware victims paid demands of US$449.1M in the first six months of this year, already close to last year’s total of US$500M.
- Ransomware-as-a-Service (RaaS) groups are responsible for the majority of cyber incidents globally, with more than 1,700 attacks since 2020 in the U.S. alone.
- The current global cyber security workforce gap stands at 3.4 million people, with 70% of organisations claiming they do not have enough cyber security staff to be effective.
Uptick in ransomware highlights need for better detection and response tools
Insurance Business Magazine – 26 October 2023
This article draws upon findings made in the Allianz Commercial’s new report warning of a resurgence in ransomware and extortion claims in 2023. Notably, the report found the number of cases involving data exfiltration doubled from 40% in 2019 to almost 80% in 2022, with 2023 also showing a significant rise. To read the report, see Allianz Commercial report.
CEOs lack confidence in organisations’ ability to protect against cyberattacks, Accenture report finds
Accenture – 5 October 2023
This report identifies that 74% of surveyed American CEOs are concerned about their organisations’ ability to avert or minimise damage from a cyberattack, despite 96% of CEOs claiming that cybersecurity is critical to organisation growth and stability. To read the full report, refer to The Cyber-Resilient CEO.
Aussie orgs report facing cyber risks
Technology Decisions – 25 October 2023
This article discusses findings made in new research from Veritas Technologies which indicates that three in four Australian organisations have been victim to at least one successful ransomware attack in the past two years. The survey also found Australian companies have increased their data protection budgets by as much as 40% over the past 12 months. To download the report, see Veritas Australia.
The risks Australian executives aren’t preparing for
AFR – 16 October 2023
This article reports on the failure of Australian companies to consider geopolitical cybersecurity and regulatory risks in their supply chains. The article cites findings from McGrathNicol’s Uncovering Risks in the Supply Chain which state that 73% of companies have not considered cybersecurity in their latest risks management plans, and only one in six believe a cyber attack on a third-party supplier is a risk in the next year. Additionally, 74% of companies had not considered geopolitical risks in their risk management plans.
Telecommunications Industry Ombudsman reports fewer complains despite Optus breach
The Australian – 11 October 2023
This report highlights findings from the Telecommunications Industry Ombudsman’s (TIO) latest annual report. Notably, the report shows that the TIO referred 66,388 complaints to providers in 2022-23, down 16.5% from the previous year despite last year’s Optus data breach.
Australia has the lowest trust in AI globally
CyberDaily.au – 19 October 2023
This article provides insights from a study conduct by the BSI Group which found that Australians expressed the most distrust in AI out of nine surveyed countries. Further, the report identified that 64% of Australians want international guidelines for the safe use of AI, with BSI Australia managing director Charlene Loo claiming that Australia is falling behind when it comes to harnessing the power of AI.
Australia
Legacy ‘tech debt’ is strangling govt digital budgets
InnovationAus.com – 29 September 2023
This article highlights the lack of investment in relation to updating the government’s legacy IT systems, with calls for more digital infrastructure investment to meet the changing expectations of Australian citizens.
Australia’s new cyber strategy must remove barriers for SMEs
The Australian – 11 October 2023
This article discusses Australia’s new cyber security strategy and its effect on small-to-medium enterprises, with digital technologies, geopolitical tensions, and a lack of skilled cyber security professionals serving as key issues which must be addressed.
Govt too focused on AI regulation: Fletcher
InnovationAus.com – 9 October 2023
This article presents the views of Paul Fletcher, shadow minister for government services and the digital economy, who argues that the federal government is too focussed on regulating artificial intelligence and should instead concentrate efforts on addressing issues like building local AI expertise and ensuring the country has enough AI-leveraged economic activity.
NAB, CBA switch on digital identity checking service
AFR – 17 October 2023
This article outlines how both NAB and CBA have adopted a new identity checking service, ConnectID, which allows companies to request and check information about customers from banks without collecting it themselves in an industry effort to avoid another Optus-style attack. The article notes that demand for “identity-as-a-service” offerings is expected to come from small businesses that don’t want to store data or have IT systems lacking appropriate cyber protections.
Service NSW boosts online account security with automated darknet searches
CyberDaily.au – 26 October 2023
This article addresses Service NSW’s recent announcement that it is adding a new security feature to its online portal which automatically checks for leaked passwords and email combinations on the dark net. If any leaked information is identified, the customer will be informed and prompted to change their password.
Energy official developing plans to fight cyber attack on rooftop solar network
The Australian – 24 October 2023
This article explores Australia’s plans to mitigate against cyber attacks amid fears that the nation’s rooftop solar panel network has security flaws, with ASPI Deputy Director of Cyber, Technology and Security Mike Bareja pointing to “an oversaturation” of internet-connected devices as the reason for the vulnerability. See also the Daily Telegraph article (24 October).
The next wave of cyber-crime scams will be devastating
InnovationAus.com – 3 September 2023 </emh6
This article explores how Australia continues to lag behind international best practices, particularly in the context of artificial intelligence and automated lifelike voice generators.
Businesses, individuals urged to adopt cyber risk mitigation strategies
AFR – 4 October 2023
This article outlines the steps businesses and individuals can take to reduce the risk of a cyber incident and recover quickly if such an event were to occur.
Red tape, crime and rising costs a ‘perfect storm’ building against Australian small business
The Australian – 4 October 2023
This article reports on small businesses in Australia being hit with increasing regulatory burden whilst having to deal with difficulties posed by cybercrime in the wake of rising interest rates and costs.
CDC Data Centres to accelerate expansion plans
InnovationAus.com – 9 October 2023
This article reports that the largest provider of data centre services to the federal government, Canberra Data Centres, has plans to accelerate the development of data centres in order to meet growing demand for artificial intelligence.
Done deal: Telstra buys cybersecurity biz Versent for $268M
AFR – 11 October 2023
This article reports on Telstra’s acquisition of cybersecurity business Versent for $267.5 million. Telstra’s purchase of Versent will help the telco giant scale Telstra Purple, the company’s technology services business.
Checking your emails outside of work hours is bad for your company’s cyber security
The Australian – 18 October 2023
This article investigates how cyber attackers are exploiting security vulnerabilities during after-hour periods when systems are not being monitored as actively. The report suggests that employees completing tasks outside of designated hours potentially reduces the likelihood cyber security teams will identify irregular network activity.
FifthDomain and the platform uncovering hidden cyber talent
InnovationAus.com – 18 October 2023
This article details Australia’s cybersecurity skills shortage, with reports from the Australian Cyber Security Growth Network that 17,000 more cyber workers are required by 2026 and this shortfall is unlikely to be met despite the recent increase in cyber graduates.
‘We’re not phishing’: Youth climate change group defends manipulating sceptics’ browsing
The Australian – 29 September 2023
This article reports on the Australian Youth Climate Coalition (AYCC)’s NewsJacker campaign, an audacious scheme to trick social media algorithms into displaying scientific information to climate-change sceptics by luring them to a website deigned as a cookie recipe.
International
Cyber insurers cut their premiums, but demand you do more
AFR – 9 October 2023
This article investigates how cyber insurance premiums are set to ease and flatten after the wave of ransomware attacks in 2021 that made the cost of cyber insurance more than double. However, insurers will demand that companies work harder to protect themselves against ransomware and other cyber threats to enjoy a lower premium.
A Tool to Help Boards Measure Cyber Resilience
Harvard Business Review – 4 October 2023
This article shares research on the kinds of information directors need in order to quickly recover and respond to cyber attacks. One key insight is the Balanced Scorecard for Cyber Resilience (BSCR) which incorporates performance indicators from different perspectives of the company that provide leaders with complex information that is easily understood.
Temu accused of monitoring users’ offsite activity with secret spyware in new class action
CyberDaily.au – 25 October 2023
This article details how Chinese-operated online marketplace Temu is facing a potential class action lawsuits that claims the company has violated U.S. federal wiretap laws with its “clandestine tracking activities”. Collected data includes names, addresses, and email addresses, and it is alleged that Temu has been able to monitor the offsite activity of its customers by injecting JavaScript code for spyware in websites that users visit.
Google feature Dark Web can reveal which of your personal details have been exposed online. Here’s how to use it.
7News – 22 October 2023
This article explores Google’s new ‘Dark Web’ feature which can pin-point your personal data that has been exposed on the dark web. The feature will only be available to Google One subscribers for a fee but is now also accessible to Gmail account holders and Android phone users.
Artificial intelligence cyber threats in the spotlight
Security Brief Australia – 17 October 2023
This article provides insights from CybeReady, a global leader in security awareness training, who has developed new AI Cyber Threat CISO Toolkits to help organisations educate their employees about AI-powered threats used by hackers. CybeReady have published exhaustive guides to mitigate against threats, including materials on topics such as email authenticity verification and the identification of deceptive links.
Thales Closes Deal on Tesserent, Strengthening its Global Cybersecurity Business
Thales – 4 October 2023
This article discusses Thales’ acquisition of Tesserent, one of Australia’s largest cybersecurity companies, which will significantly strengthen the sovereign cyber capabilities for some of Australia and New Zealand’s most importance defence programs and critical infrastructure.
Global Ransomware Takedown: Ragnar Locker Falls
Teiss – 23 October 2023
This article reports on Europol’s successful seizing of infrastructure linked to Ragnar Locker ransomware, along with the arrest of a suspected key member of the group. The notorious cybercriminal organisation is responsible for attacks on at least 168 organisations since 2020, known largely for their ‘double extortion’ tactic, demanding payments for decryption tools and non-disclosure of sensitive data. See also Infosecurity Magazine article (23 October) and CyberDaily.au article (20 October).
Australia
SA patient records deleted in 'isolated data incident'
CyberDaily.au – 31 October 2023
This article examines the third party data breach affecting South Australian local health networks. According to the report, records of 121 SA Health patients (including personal, medical, and legal documents) were deleted after a mobile platform used by the networks was breached.
Pareto Phone, telemarketer at centre of charity cyber hack which targeted tens of thousands of Australian donors, collapses
ABC News – 21 October 2023
This article details the collapse of Pareto Phone, the telemarketing firm at the heart of a major charity cyber hack. The ABC was informed that Pareto Phone employees were told they no longer had jobs, with one ex-employee revealing that Pareto consistently failed to meet Australian privacy standards which mandates companies delete sensitive data once it is no longer needed.
Super SA disclose third-party data breach
ITNews.com.au – 19 October 2023
This article investigates Super SA’s breach disclosure which confirmed that a “small cohort” of members were impacted by a cyber security incident. It was later confirmed that hacked Super SA details “sat on the dark web” before being recovered, with information linked to more than 14,000 members being accessed by hackers two months ago. See also the Advertiser article (23 October) and ABC News article (22 October).
Atlassian hit by Chinese state-linked hackers
AFR – 11 October 2023
This article details how Microsoft detected a “nation-state threat actor” that exploited a security hole in software provided by Australian technology giant Atlassian, with Microsoft accusing Chinese state-linked hackers of being responsible for the intrusion.
Almost 200 patients at major Melbourne hospital caught up in data leak
9News – 5 October 2023
This article reports on how the personal details of more than 190 patients being treated at Royal Women’s Hospital in Parkville may have been accessed during a data leak. The Hospital confirmed that cyber criminals accessed the private email account of a staff member who had been forwarding work emails to their personal account.
‘No internet’: ANZ, Woolworths eftpos hit by major outage
The Herald Sun – 29 September 2023
This article addresses a bank outage that left customers unable to make payments on the eve of the AFL Grand Final long weekend. For ANZ customers, the outage resulted in an inability to access the bank’s online service, and at the same time, Woolworths experienced a national outage that impacted between 20-30 stores, with shoppers being unable to use eftpos services.
Property software group PEXA investigates potential unauthorised access of user certificate data
The Australian – 6 October 2023
This article outlines how property settlement software group PEXA is investigating the unauthorised access of user certificate data held by a third-party provider.
Hackers may use Gaza havoc as cover for attacks
The AFR – 10 October 2023
This article discusses how cybersecurity firm CyberCX has identified the emergence of at least 30 ‘hacktivist’ groups following violent eruptions between Israel and Palestine, with the Australian government and businesses with Jewish and Israeli ties being warned they could be targeted by hackers too. See also CyberDaily.au article (20 October), the Guardian article (11 October) and Security Week article (10 October).
Medibank challenges privacy commissioner investigation over hacking victims’ complaint
The Sydney Morning Herald – 2 October 2023
This article examines Medibank’s application to the Federal Court to stop a representative complaint to the privacy commissioner which may affect compensation for the millions of victims of the cyber-hacking incident last year.
HWL Ebsworth says ‘business as usual’ after hack’
AFR – 28 September 2023</h5h6
This article details HWL Ebsworth’s announcement that it has emerged “largely unscathed” from the cybercrime attack that stole 2.5 million files earlier this year, and that their profitability remains “well above industry average”. However, CyberDaily.au (24 October) later reported that victims of the attack were kept in the dark for 6 months due to a court injunction secured by HWL Ebsworth in the NSW Supreme Court.
AFP arrests Melbourne man responsible for laundering $100M in cyber crime funds
CyberDaily.au – 26 October 2023
This article confirms that the AFP has arrested Melbourne man who laundered $100M of cybercrime proceeds through the Changjang Currency Exchange. AFP Commander Investigations Kate Ferry said victims of the operation were lured into scams that promised massive investment returns through a platform called MetaTrader.
International
LockBit ransomware gang claims Boeing data breach
CyberDaily.au – 28 October 2023
This article reports on LockBit 3.0’s claims to have successfully exfiltrated large swathes of data from Boeing. On 27 October 2023, the ransomware gang posted the claim on its darknet site but have not shared other details of the hack. According to reports, Boeing is assessing the threat and contemplating next steps.
Casio cyber attack affects customers in 149 countries
CyberDaily.au – 23 October 2023
This article describes how a threat actor gained access the personal information of Casio customers on the watch manufacturers systems, with 91,921 records being infiltrated in Japan alone. In all, customers from 149 countries have been impacted, with data including customer names, email addresses, countries of residence and payment methods accessed in the attack.
Henry Schein, Inc. Announces Cyberattack and Ongoing Investigation
Teiss – 18 October 2023
This article details how Henry Schein, Inc., an American distributor of health care products and services who operates in Australia, confirmed reports of a recent cyber attack after its manufacturing and distribution business was targeted.
Colonial Pipeline denies reports of ransomware attack, citing third-party data breach
Teiss – 16 October 2023
This article details Colonial Pipeline’s denial of recent claims that the Ransomed.vc gang caused a ransomware attack against the U.S. fuel pipeline provider, stating that the data posted online originates from a third-party vendor rather than from the company itself. Ransomed.vc claimed responsibility for the recent compromise of Sony’s systems and the recent hack of U.S. District of Columbia voting records.
Kwik Trip addresses disruptions due to ‘network incident’ at 800+ US stores
Teiss – 16 October 2023
This article spotlights how Kwik Trip, a U.S. convenience store chain operating over 800 stores, suffered a series of outages described as a “network incident”. Kwik Trip did not confirm whether the outages were a result of a ransomware attack despite widespread speculation.
Biotech firm 23andMe confirms user data leak in credential-stuffing attack
Teiss – 9 October 2023
This article explores how the Biotechnology firm 23andMe, known widely for its DNA testing kits, confirmed that user data including photos, full names, locations and other sensitive information has surfaced on hacker forums. See also CyberDaily.au article (27 October) and Teiss Article (13 October).
LockBit warns leak of CDW data
SC Media – 9 October 2023
This article confirms that the LockBit ransomware operation threatened global IT products and services reseller CDW that its stolen data would be exposed after the company refused to pay a ransom demand. LockBit later released the data after their US$80M ransom demand was not met. See also CRN article (12 October).
Lyca Mobile blames cyber attack for network outage and service disruptions
Teiss – 6 October 2023
This article addresses the Lyca Mobile system outage which caused customers to be unable to make mobile calls or send text messages, with the British network operator releasing a statement confirming they were the victim of a cyber attack.
US freight transporter Estes Express Lines says cyber-attack caused significant service disruptions
Teiss – 6 October 2023
This article provides that Estes Express Lines, a Virginia-based freight transportation provider, admitted that it suffered a major cyber attack that forced it to take systems offline and affected their online tracking service for goods and vehicles in transit.
DoS attack on royal family claimed by pro-Russian hackers
Cyberdaily.au – 3 October 2023
This article describes how a British Royal Family online site was compromised and taken down for more than 90 minutes, with the infamous Russian hacker group ‘Killnet’ taking responsibility. Killnet claimed the attack on its Telegram site, posting a link to the site and the check host report as proof of the outage.
MOVEit Transfer breach suffered by Fiserv impacted 837k Flagstar Bank customers
Teiss – 9 October 2023
This article discusses how Fiserv, a third-party vendor used by Michigan-based Flagstar Bank, was confirmed as being compromised during the MOVEit data breach, resulting in at least 837,390 Flagstar Bank customers being affected. See also CPO Magazine article (18 October).
ICC says cyber attack an act of espionage
CyberDaily.au – 23 October 2023
This article reports that the International Criminal Court has confirmed in a statement that threat actors caused the breach it suffered last month. New evidence suggests that the hackers were sophisticated and intended to conduct an espionage operation, though the Court has not elaborated on the nature of the attack.
Software firm Okta’s shares slump on cyber breach
Teiss – 23 October 2023
This article discusses the 12% share price drop in Okta shares after the company disclosed a breach of its customer support system that allowed hackers to view files uploaded by certain clients. See also CyberDaily.au article (24 October) and Cybersecurity Dive article (23 October).
$5.5 trillion: Lloyd’s models cost of global cyber attack
InsuranceNews.com.au – 19 October 2023
This article outlines findings from Llyod’s systemic risk scenario study with the insurance company claiming that a cyber attack on the global financial services payment system could lead to economic losses of $5.5 trillion. Lloyd’s also found that the three countries with the highest five-year economic loss from a hypothetical attack are the U.S. at $1.74 trillion, followed by China at $743 billion and Japan at $316 billion. See also Reuters article (19 October).
MGM says costs from ALPHV ransomware gang attack could exceed US$110M
CyberDaily.au – 9 October 2023
This article provides that MGM Resorts have revealed the cost of the cyber attack it experienced last month in an SEC filing, with the estimated cost being around US$100M. MGM also stated that it incurred costs of “less than $10 million in one-time expenses” in relation to consulting and legal costs, and other third-party advisors. See also ITNews article (21 September).
Note: The articles above are a selection of cyber related media reports during the month of September 2023. The linked articles are provided for convenience. The headlines, summaries and articles themselves do not represent the views or opinions of HSF.
Key contacts
Disclaimer
The articles published on this website, current at the dates of publication set out above, are for reference purposes only. They do not constitute legal advice and should not be relied upon as such. Specific legal advice about your specific circumstances should always be sought separately before taking any action.