This month has seen a mixed bag of regulatory and industry insights in the world of cyber. New research shows that data breaches continue to be on the rise, with a 388% quarter-on-quarter jump in compromised accounts in Australia alone. There has also been a renewed focus on the battle against scam losses with Australians losing $2.74 billion in scams in 2023. We’ve also seen an uptick in corporate partnerships with cybersecurity firms and financial institutions like NAB who has begun working with CrowdStrike to offer free protection to small businesses, reflecting growing awareness of the need for large-scale industry responses to cyber threats.
However, challenges persist. Legal battles, such as Elon Musk's fight against takedown orders related to a video on his social media platform, highlight the complexities of online regulation globally. Additionally, Australia's recent passing of the Digital ID Bill aims to enhance digital identity regulations, but also emphasises the importance of balancing privacy concerns. Most notably, the Honourable Mark Dreyfus KC MP discussed the Government’s amendments to the Privacy Act, emphasising that current legislation remains outdated and unfit to properly protect against evolving cyber threats.
Internationally, the UK introduced laws to safeguard against smart gadget cyber-attacks, while accusations against China for targeting foreign elections add to geopolitical tensions. Ransomware payments have dropped globally, but cybercrime remains highly lucrative, with criminals earning more than some of the world's largest corporations combined. The IMF underscores the growing threat of cyber risk to global financial stability, emphasising the need for enhanced cybersecurity strategies.
From data breaches impacting major companies like American Express and UnitedHealth to phishing attacks targeting individuals and organisations worldwide, the cyber landscape remains fraught with risks. Below are some other noteworthy Australian cyber incidents and regulatory developments which made headlines last month:
- The Office of the Australian Information Commissioner (OAIC) is cracking the whip with a zero-tolerance policy on late data breach reporting. No more dilly-dallying; organisations now have a strict 30-day window to spill the beans on breaches under the Notifiable Data Breach (NDB) scheme.
- Emily Phillips steps into the limelight as Victoria's new Emergency Management Inspector General (IGEM). Tasked with navigating the choppy waters of emergencies, from natural disasters to cyber assaults, she now serves as the state's frontline defender against the unknown.
- Over at MinterEllison, a clever ruse saw a staff member duped into a funds transfer, but swift action saved the day. With no compromises to their digital fortress, MinterEllison emerged unscathed.
- In a cyber onslaught, the LockBit ransomware gang struck gold, or rather data, in a hack targeting OracleCMS. With no ransom demands made, they unleashed a floodgate of sensitive information, exposing the inner workings of thousands of Aussie individuals and local councils.
- Suncorp found itself under siege in a brazen cyberattack where a threat actor accessed some customers’ bank balances and withdrawn funds. But in an uncommon turn of events, Suncorp located the funds and returned them to affected account holders in full.
- Finally, Diabetes WA found itself affected by unauthorised access by a third party inside their systems, with the personal data of patients being exposed. Amidst the chaos, Diabetes WA to bolster their defences and safeguard against future attacks.
Contents
-
News from HSF
-
Regulatory and industry insights
-
Cyber research, reports and blogs
-
Recent cyber incidents and developments
Cyber Risk Survey 2024
We have launched our Cyber Risk Survey for 2024! Following the success of our inaugural Cyber Risk Survey in 2023, we are once again surveying in-house lawyers to better understand their cyber-related experiences and concerns. We would love your insights!
This survey takes a little longer (7-10 minutes), and to thank you for your time, you can choose to receive a summary of your responses benchmarked against the responses received from all survey participants. Complete the Cyber Risk Survey 2024 here.
Cross Examining Cyber: Episode 5 with Andy Penn
Episode 5 of Cross Examining Cyber has now dropped. We cross examine Andrew Penn, former CEO of Telstra, and more recently the Chair of the Government’s Expert Advisory Board. Andy is a guest who really needs no introduction. He brings a level of industry and policy expertise that is unrivalled.
This episode has been split into two, with the first one discussing the formation of the Cyber Security Strategy, what success looks like in the world of cyber, and the types of offensive and defensive cybersecurity measures organisations should have in place. Listen to the podcast here.
Australia
The Hon Mark Dreyfus – Privacy by Design Awards 2024 Speech
Attorney-General’s Portfolio – 2 May 2024
This speech by the Honourable Mark Dreyfus KC MP discusses the Government’s amendments to the Privacy Act due to be introduced in August. Mr Dreyfus emphasised how recent data breaches and cyber incidents impacting Australian entities has necessitated reforms to the existing framework. The Privacy Act remains outdated and unfit for the digital age, and Australians are in need of a stronger legislative model to protect their personal information. Mr Dreyfus also discussed how growing digitalisation and the advent of advanced technologies has made data more readily accessible for cybercriminals, reinforcing the need for an overhaul of current legislation.
Scam losses are dropping, but Australians still lost $2.74bn in 2023
Cyber Daily – 30 April 2024
This article reports that scam losses in Australia dropped by 13.1% in 2023, although losses still amounted to $2.74 billion. Investment scams were the most damaging, costing Australians $1.3 billion. Job scams cost victims $24.3 million, up 151.2% from 2022. Older Australians suffered the most losses, with many reporting investment scams. The ACCC has pointed to a Scams Code Framework as a response with strong, mandatory and enforceable obligations on banks, telcos and digital platforms.
Australia records 388% quarter-on-quarter jump in compromised accounts
Cyber Daily – 26 April 2024
This article provides that 1.8 million Australia user accounts have been leaked in data breaches throughout the first three months of 2024. This represents a 388% increase over the previous quarter, with Australia being ranked as the 15th most breached nation in the world over the last 20 years.
Musk’s lawyers to fight X take-down orders on two fronts
Australian Financial Review – 23 April 2024
This article reports that Elon Musk’s lawyers are challenging the eSafety Commissioner’s global takedown orders of the Sydney church stabbing footage on Musk’s social media site X. X is facing fines of up to $782,500 per day for failing to comply with the order to remove numerous posts containing the video of the stabbing. The eSafety Commission will seek a permanent injunction and civil penalties against X at a final hearing. See also Cyber Daily article (23 April).
Notifiable Data Breach Scheme to be enforced with new force: late reporting no longer tolerated
Lexology – 18 April 2024
This article explores the Office of the Australian Information Commissioner’s (OAIC) increased regulatory focus towards organisations who are reporting data breaches more than 30 days after they occur. The 30-day reporting obligation starts when a reasonable person would conclude that the access or disclosure would be likely to result in serious harm to any individual.
NAB partners with CrowdStrike to offer free cybersecurity protection to SMEs for a year
SmartCompany – 18 April 2024
This article discusses NAB’s partnership with CrowdStrike to offer eligible small business customers free cybersecurity protection for 12 months. Only 15% of SMEs conduct extensive training when it comes to scams and cybersecurity risks. The partnership comes as the Australian government is building six cyber shields to defend Australians and businesses from cyber threats. The offer is exclusive to NAB small business owners with a Business Transaction Account who can take up the offer before March 2026.
Victoria appoints new Emergency Management Inspector General
Government News – 16 April 2024
This article highlights the appointment of Dr Emily Phillips as the new Inspector-General for Emergency Management (IGEM) by the Victorian government. The IGEM is a statutory role that identifies what is working well and what improvements can be made in the way Victoria manages emergencies including natural events, water supply contamination, war and cyber-attacks.
Australian digital ID bill finally passes the Senate
Cyber Daily – 2 April 2024
This article confirms that the Federal Senate has passed the Digital ID Bill, establishing Australia’s first digital identity scheme to be rolled out into the private sector, three years after being first initially drafted. The bill received support from a variety of parties, indicating a cross-party agreement on the importance of digital identity regulations in Australia. The legislation aims to strengthen the current digital ID accreditation scheme, expand the digital ID system, enhance privacy, protect consumers, and improve governance.
International
Britain’s new ‘world first’ laws crack down on smart gadget cyber attacks
Business Standard – 29 April 2024
This article describes the UK government’s introduction of world-first laws which will require all internet-connected smart devices to meet minimum security standards to protect consumers and businesses from hacking and cyber-attacks. An investigation found that a UK home filled with smart devices could be exposed to over 12,000 hacking attacks from across the world in a single week. Manufacturers will be banned from having weak default passwords and users will be prompted to change passwords on start-up. The new laws also require manufacturers to publish contact details and retailers to be open with consumers on the minimum time they can expect to receive security updates.
China Continues to Target Foreign Elections
Asia Pacific Security Magazine – 22 April 2024
This article details accusations made by the US and its allies against China, with claims that China is behind a series of cyber-attacks on lawmakers and democratic institutions. The Five Eyes alliance – which includes the UK, UK, Canada, Australia, and New Zealand – accused China of using false information about threats from Chinese hackers. The US went as far as claiming China has coordinated a global hacking operation over a 14-year window to further its economic espionage and foreign intelligence objectives.
Ransomware payments drop to record low of 28% in Q1 2024
Bleeping Computer – 21 April 2024
This article outlines that ransomware payments globally have dropped to a record low of 28% in Q1 2024. This decrease has been largely attributed to organisations implementing more advanced protective measures and mounting legal and regulatory pressure to refuse making ransom payments. Nonetheless, the amount paid to ransomware actors is higher than ever before, reaching US$1.1 billion in 2023. This comes after the FBI identified that the Akira ransomware operation raked in approximately US$42 million in ransom payments last year alone.
FBI director says Volt Typhoon positioning for US critical infrastructure attack
Cyber Daily – 19 April 2024
This article unpacks how the FBI has warned that Chinese hackers, known as Volt Typhoon, are preparing to strike US critical infrastructure operators, after the group was observed breaching and hiding itself within the systems of US companies. The US had launched a campaign against Volt Typhoon and its allies, with the Five Eyes alliance group issuing a new advisory. Volt Typhoon has a history of targeting Taiwan and was observed doing so recently prior to the Taiwanese elections. See also The Guardian article (19 April) and Cyber Defense Magazine article (16 April).
Injunctions against anonymous cyber-hackers: waste of time or worth the trouble?
Lexology – 17 April 2024
This article offers a legal exploration of the available options to limit the spread of hacked information. Namely, injunctions can be obtained against hackers, even if they cannot be identified by name. The recent ruling in HWL Ebsworth Lawyers v Persons Unknown in the NSW Supreme Court is a case in point. HWL Ebsworth sought and was granted an interim injunction in June 2023 which ordered the BlackCat hacking group to remove Ebsworth’s stolen data from the internet, and prohibited them from sharing the stolen data for any purpose other than obtaining legal advice. In February, HWL Ebsworth was granted default judgment and a permanent injunction which prohibited the “persons unknown” from disseminating the exfiltrated information. These orders also apply to any third party who comes into possession of the hacked information.
The Cybersecurity Administration of China Issues Relaxed Rules for Cross-Border Data Transfers
Lexology – 15 April 2024
This article explores the Cybersecurity Administration of China’s (CAC) new regulations on cross-border data flows for compliance with China’s Personal Information Protection Law (PIPL) and Data Security Law (DSL). Importantly, the regulations provide detailed procedures for data handlers. The new regulations also exempt data handlers from filing a standard contract/personal information protection certification or application for a security assessment if data processing activities apply. However, there are no provisions easing the transfer of sensitive personal information under the New Regulations.
Annual revenue of cyber crime is 13 times bigger than Walmart’s
Cyber Daily – 11 April 2024
The article states that cybercriminals collectively earned US$8.15 trillion from cyber-attacks in 2023, surpassing annual revenues of the world’s largest corporations such as Amazon, Apple, and Walmart. Cybercrime has evolved into a professionalised global enterprise with skilled hackers, nation-state-backed groups, and organized cybercrime rings. The industry has lower costs with less risk compared to traditional crimes, making it an attractive pursuit for many individuals.
CISA Releases NPRM to Codify National Cyber Incident Reporting Requirements
Lexology – 10 April 2024
This article unpacks plans by the US Cybersecurity and Infrastructure Agency (CISA) who has proposed a Notice of Proposed Rulemaking (NPRM) that would establish national cyber incident and ransom payment reporting requirements. The NPRM establishes a 72-hour agency reporting deadline for covered cyber incidents and a 24-hour deadline for ransomware payments while expanding the types of entities subject to such reporting. The proposed regulation has the potential to cast a broad net, covering a large number of entities as CISA considers whether the draft regulations apply to a range of entities. CISA proposes four types of reports (collectively, “CIRCIA Reports”) with differing reporting requirements: Covered Cyber Incident Report, Ransom Payment Report, Additional Reports, Supplemental Reports, and Joint Reports.
Cybersecurity services market to hit $445.3 billion by 2032
ChannelLife Australia – 10 April 2024
This article explains the rise in cybercrimes and malware as a prompt to re-evaluate the traditional security approaches used worldwide. Due to the increasing reliance on digital storage and technological advancements, there is heightened pressure on businesses to detect and respond to cyber threats swiftly, especially with GDPR guidelines mandating rapid reporting of breaches. The cybersecurity market was valued at US$208.3 billion in 2023 and is expected to reach US$445.3 billion in 2032.
US lawmakers strike deal on data privacy legislation
Reuters – 8 April 2024
This article explores draft legislation on data privacy which has been agreed upon by key US lawmakers. This proposed legislation aims to restrict the collection of consumer data by technology companies and empower individuals to control the selling or deletion of their personal information. The bill would grant authority to the Federal Trade Commission and state attorneys to oversee consumer privacy issues and enforce regulations, including the ability to issue fines for violations. The legislation would also allow individuals to sue for privacy violations and requires annual reviews of algorithms to prevent harm and discrimination.
Meta overhauls rules on AI deepfakes for Facebook and Instagram
CyberNews – 5 April 2024
This article examines Meta’s significant policy changes regarding media created and altered digitally. The policy changes, starting in May, are being implemented ahead of the forthcoming US elections, aiming to address deceptive content generated by new AI technologies. All AI-generated content will be labelled “Made with AI”, in an attempt to reduce public deception from such content. These policy changes come amidst growing concerns regarding the impact of generative AI technologies on misinformation and political campaigns.
Cyber risk: a growing concern for macrofinancial stability
International Monetary Fund – 16 April 2024
The International Monetary Fund (IMF) has published its April 2024 Global Financial Stability Report which explores the rise in cyber risk amongst evolving technology and growing geopolitical tensions. These cyber risks are posing concerns to financial stability worldwide, with some key takeaways including:
- a surge in cyberattacks over the last two decades which is linked to the growing reliance on technology across the financial sector;
- significant indirect monetary losses which are being directly reported by firms;
- the financial sector is highly exposed to cyber risks, with one-fifth of all cyber incidents affecting financial firms;
- countries remain severely unprepared for cyber incidents, with many lacking appropriate combat strategies, regulations, and reporting regimes; and
- there remains a need to strengthen cybersecurity strategy frameworks, while promoting an awareness around cybersecurity.
Russia Tops Global Cybercrime Index, New Study Reveals
Data Breach Today – 10 April 2024
The World Cybercrime Index has provided a ranking of international cybercrime hotspots, with Russia taking the top spot, followed by Ukraine, China, the United States, Nigeria and Romania. The Index considers five types of cybercrime: technical products and services, attacks and extortion, data and identity theft, money laundering and scams. The Report removes the veil of anonymity around cybercriminal offenders and enables public and private entities to better target their resources and countermeasures against cybercrime.
Report highlights rising cyber threats in Australia and NZ
Insurance Business Magazine – 10 April 2024
CyberCX released a report on the cybersecurity landscape of Australia and New Zealand which includes a detailed analysis of 100 significant incidents from 2023. Some key findings include:
- a 37% surge in business email compromise incidents, in particular through phishing tactics;
- a rising challenge to multi-factor authentication effectiveness;
- a shift in cyber extortion strategies, seen through a three-fold increase in attackers opting for data theft without deploying ransomware;
- a decrease in ransom payments by 50%; and
- an increase in organisations that saw no public leak when not paying a ransom – from 46% in 2022 to 53% in 2023.
6 tips for cybersecurity in manufacturing to stay ahead of threats
MYOB – 10 April 2024
MYOB, an Australian business services software platform, has produced a report on the six steps a manufacturing company can take to prevent cyber threats. Manufacturing businesses accounted for 23% of all cybersecurity attacks in 2022. With such high risk in the sector, these are the six tips provided:
- Perform a risk and maturity assessment, and make sure staff are all well trained.
- Evaluate and update IT infrastructure.
- Create password policies.
- Choose a cybersecurity framework.
- Write an incident response plan.
- Implement cybersecurity in manufacturing training.
Australia
Western Australian man jailed for identity fraud after purchasing credentials from darknet
Cyber Daily – 19 April 2024
This article explains that an Australian man has been jailed for identity fraud after buying stolen credentials from the dark web marketplace Genesis Market. The perpetrator used the credentials to commit a range of fraud-related offences, including stealing $17,500 from a super fund and opening bank accounts in another person’s name. The man was also found to be in possession of Australian customer data stolen in a ransomware attack. The perpetrator was sentenced to two years in prison with a 17-month non-parole period.
Hackers scam staff members at one of Australia’s biggest law firms
Sydney Morning Herald – 18 April 2024
This article confirms that MinterEllison was the victim of an attempted scam attack where a staff member was tricked into transferring a large sum of money into the account of a fraudster impersonating a trusted business associate. The firm was able to recover the funds after detecting the fraud attempt, and no systems were compromised.
Huge trove of Australian client data leaked following OracleCMS call centre hack
Cyber Daily – 17 April 2024
This article provides that the LockBit ransomware group has leaked the personal details of thousands of individuals and local councils after successfully carrying out an attack on OracleCMS, an Australia call centre operator. LockBit did not demand a ransom amount and instead published over 60 gigabytes of data in a single compressed archive. The data includes billing and financial details and detailed spreadsheets.
Brokers warned: prepare for cyber threats
Australian Broker News – 16 April 2024
This article issues a warning to finance and mortgage brokers regarding the underestimated risks of cyber-attacks. The Finance Brokers Association of Australia (FBAA) issued advice recommending that robust data security measures should be implemented, and specialist cybersecurity insurance should be obtained. The recent Australian Signals Directorate’s report highlights the rise in cybercrime incidents, with financial and insurance sectors being particularly vulnerable targets. See also MPA Magazine article (16 April).
Suncorp’s bank suffers breach, customer funds stolen
Australian Financial Review – 12 April 2024
This article explores how Suncorp has been targeted by a cyberattack which successfully accessed some customers’ bank balances, with hackers withdrawing funds in some instances. Suncorp managed to recover and return the stolen funds in full. Suncorp's acquisition by ANZ is currently pending final approval which will integrate Suncorp Bank's systems with ANZ, making it the third-largest home loan lender in Australia.
Diabetes WA is the latest hacked Australian healthcare organisation
Cyber Daily – 9 April 2024
This article examines the Diabetes WA cyber breach by an unauthorised party who gained access to the personal data of patients. Breached data included names, date of births, addresses, email addresses, phone number, Medicare numbers, type of diabetes, marital status and referring doctor. No detailed medical records were accessed according to Diabetes WA. The company has stated it plans on strengthening it security measures to inhibit future attacks.
International
United Nations agency investigates ransomware attack, data theft
Bleeping Computer – 19 April 2024
This article addresses the United Nations Development Programme’s (UNDP) investigation into a cyberattack where threat actors breached its IT systems to steal human resources data. The attackers hacked into local IT infrastructure, and the UNDP is now investigating the incident and assessing the impact on individuals whose information was stolen. The 8Base ransomware gang added a new UNDP entry to its dark web data leak website on March 27. The gang claims to be "honest and simple" pen testers targeting companies that have neglected the privacy and importance of the data of their employees and customers. See also Cyber Daily article (22 April) and Security Affairs article (19 April).
LabHost phishing service with 40,000 domains disrupted, 37 arrested
Bleeping Computer – 18 April 2024
This article provides that LabHost, a phishing-as-a-service platform, has been disrupted in a global law enforcement operation. The investigation uncovered at least 40,000 phishing domains linked to LabHost, which had some 10,000 users worldwide. The authorities estimated that the cybercrime service’s operators had received over US$1.1 million from user subscriptions. In total, LabHost has stolen approximately 480,000 credit cards, 64,000 PINs, and over one million passwords from various online accounts.
Free Ransomware: LockBit Knockoffs and Imposters Proliferate
Data Breach Today – 17 April 2024
This article explores how LockBit’s crypto-mining malware has been compromised by attackers in recent months, though none of the attackers appear to be a member of the ransomware-as-a-service operation bearing that name. The leaked LockBit version 3.0 provided an opportunity for ransomware hackers to quickly enter the scene, encrypt smaller enterprises, and reap substantial profits. LockBit also placed restrictions on who could join its affiliate program, which promised access to its ransomware builder and name-branded support in exchange for a percentage of the affiliate’s earnings.
UnitedHealth: Change Healthcare cyberattack caused $872 million loss
Bleeping Computer – 16 April 2024
This article reports that UnitedHealth Group suffered a US$872 million loss to its Q1 earnings due to the Change Healthcare ransomware attack in February. UnitedHealth was forced to pay US$593 million in direct cyberattack response costs and US$279 million due to business disruptions. The company is still continuing to work on mitigating the attack’s impact on consumers and care providers, with UnitedHealth confirming it paid the ransom to cyberthreat actors to try to protect patient data. The February breach caused UnitedHealth subsidiary Optum to shut down Change Healthcare systems and services, preventing doctors and healthcare facilities from billing or sending claims to insurance companies. See also Cyber Daily article (23 April) and Teiss article (11 April).
American Express faces recent class actions, data breach
Top Class Actions – 15 April 2024
This article unpacks legal actions following American Express’ recent data breach that exposed card account numbers and customer names. American Express attributed the data breach to a third-party service provider that experienced unauthorised access to its system. Consumers filed several class action lawsuits against the company over claims of data sharing, high swipe fees, and fraudulent transactions. The lawsuits allege that American Express shared credit card applicant data with Facebook without the applicant's consent or knowledge. Small businesses also filed a class action lawsuit against American Express over claims the company charges swipe fees that are higher than others.
Roku cyberattack impacts 576,000 accounts
CyberNews – 12 April 2024
This article confirmed that Roku, a popular streaming service, discovered a second cyber-attack affecting 576,000 users while they were investigating an earlier incident where 15,000 users were impacted. The ‘credential stuffing’ method was used in both attacks to steal user’s login information. Roku’s systems were not compromised, but some accounts were used for fraudulent purchases, and in less than 400 cases, stored payment methods were used to make purchases. Roku has since enabled two-factor authentication for all accounts, reset passwords of all impacted users, and notified impacted customers about refunds and reversals for any incurred damages.
Chinese-owned chipmaker Nexperia hacked
CyberNews – 12 April 2024
This article reports that Chinese-owned Dutch chipmaker Nexperia has experienced a cyber-attack impacting its IT infrastructure and disrupting operations. The March 14 attack targeted IT systems but did not impact its production facilities or supply chain. Nexperia quickly contained the breach through taking its systems offline and have initiated an investigation with the guidance of cybersecurity experts. No specific information was disclosed about the attack’s impact.
Microsoft to invest USD 2.9 billion in AI and cloud infrastructure in Japan while boosting the nation’s skills, research and cybersecurity
Microsoft – 10 April 2024
This article details how Microsoft will invest US$2.9 billion over two years to increase AI infrastructure and cloud computing in Japan, providing over three million Japanese people with AI digital skilling programs. Additionally, Microsoft will partner with Japan’s Cabinet Secretariat to bolster the government’s cybersecurity resilience. The initiative will focus on areas such as information sharing, talent development, and technology solutions in an attempt to tackle Japan’s cybersecurity threats.
Targus discloses cyberattack after hackers detected on file servers
Bleeping Computer – 8 April 2024
This article states that mobile accessories company, Targus, has disclosed a disruptive cyber-attack where a threat actor gained access to the company’s file servers, causing the company to initiate incident response protocols. The incident was quickly contained, and Targus recovered internal systems with the help of external cybersecurity actors. It remains unknown if all files were recovered, and no ransomware gangs have claimed responsibility.
AI-as-a-Service providers vulnerable to PrivEsc and cross-tenant attacks
The Hacker News – 5 April 2024
This article highlights research revealing critical risks faced by AI-as-a-service providers, such as Hugging Face, in potentially allowing threat actors to escalate privileges and access other customers’ models. Threat actors can breach the service by uploading rogue models, leveraging container escape techniques, and exploiting misconfigurations to gain access to sensitive data.
Researchers identify multiple China hacker groups exploiting Ivanti security flaws
The Hacker News – 5 April 2024
This article states that multiple China-linked threat actors have exploited three zero-day security flaws affecting Ivanti appliances leading to breaches. Mandiant has identified several groups of threat actors, including some known to have previously exploited other vulnerabilities in Fortinet and VMware systems. Custom malware tools and backdoors were deployed to help in the breach. There has been a rise in financially motivated actors exploiting the vulnerabilities of cryptocurrency mining operations.
Vietnam-based hackers steal financial data across Asia with malware
The Hacker News – 4 April 2024
This article unpacks the suspected Vietnamese-based threat actor CoralRaider, who has been targeting victims across several Asian countries since May 2023. CoralRaider is financially motivated and focuses on stealing credentials, financial data, and social media accounts using customised malware variants such as RotBot and XClient stealer. In addition to employing commodity malware and running malicious scripts, CoralRaider use malware advertising (‘malvertising’) as a method, leveraging the popularity of generative AI tools to distribute information stealers.
Cyber board says Chinese hack of US officials was ‘preventable’
Reuters – 3 April 2024
This article discusses statements made by the US Cyber Safety Review Board which provided that the hack of government emails by a Chinese hacking group in 2023 was “preventable”, blaming a lack of transparency by Microsoft as a cause. The Board recommended that Microsoft make security-focused improvements across all of its products, while Microsoft also commented agreeing that there is a “need to adopt a new culture of engineering security in our own networks”. See also The Hacker News article (3 April).
New Chrome feature aims to stop hackers from using stolen cookies
Bleeping Computer – 2 April 2024
This article unpacks Google’s newly introduced security feature, ‘Device Bound Session Credentials’ (DBSC), which ties cookies to a device to prevent hijacking. Threat actors exploit stolen cookies to bypass multi-factor authentication, but DBSC cryptographically binds cookies to one’s device to prevent this from occurring. Users can test DBSC by enabling the ‘enable-bound-session-credentials’ flag in Chrome settings, with support for Windows, Linux, and macOS. The new DBSC feature enhances the security for Google accounts, and will extend to Google Workplace and Cloud users, in an attempt to stop the rise in recent threats exploiting stolen cookies.
US offers US$10m reward for information on ALPHV hackers behind UnitedHealth breach
Cyber Daily – 2 April 2024
This article states that the US government is offering a US$10 million reward for information leading to the identification or location of the ALPHV (BlackCat) ransomware group who were responsible for the attack on UnitedHealth’s subsidiary, Change Healthcare. The reward is for any individuals who can provide information about malicious cyber activities against US critical infrastructure, suggesting the involvement of a state-sponsored threat actor in the attack.
India rescues 250 citizens enslaved by Cambodian cybercrime gang
Bleeping Computer – 1 April 2024
This article details the recent rescue of 250 Indian citizens in Cambodia who were coerced into being ‘cyber-slaves’ after being promised legitimate job. Despite rescue efforts, it is approximated that a further 5,000 Indians are being held captive in Cambodia, being forced into scams generating nearly $60 million in the last six months alone.
Note: The articles above are a selection of cyber related media reports during the month of September 2023. The linked articles are provided for convenience. The headlines, summaries and articles themselves do not represent the views or opinions of HSF.
Key contacts
Disclaimer
The articles published on this website, current at the dates of publication set out above, are for reference purposes only. They do not constitute legal advice and should not be relied upon as such. Specific legal advice about your specific circumstances should always be sought separately before taking any action.