Cyber security: A summer in retrospect (Australia) - December 2024/January 2025

Happy new year – a bumper edition

Firstly, a happy new year to you all. We hope you had a restful break.

Unsurprisingly, cyber news – and our adversaries – did not slow down over the Australian summer. We’ve provided a snapshot below, but head along to our Blog to read more.

Australia’s Cyber and Infrastructure Security Centre (CISC) has been hosting town halls and seeking industry feedback on draft rules which will operationalise key elements of recent cyber law reform, including security standards for smart devices, ransomware payment reporting, the Cyber Incident Review Board, and amendments to Australia’s security of critical infrastructure laws regarding the telecommunications sector and data storage systems. HSF’s summary of Australia’s recent cyber security reforms is availablehere.

The CISC announced a formal risk management program audit. Stephanie Crowe was appointed head of the Australian Cyber Security Centre. The Australian Signals Directorate reported on the Commonwealth’s cyber security posture, while the Australian Government introduced a new counter foreign interference initiative and launched a consultation period for embedding a zero trust culture across the Commonwealth.

Internationally, the EU was fined €400 for breaching the GDPR, the UN Convention against Cybercrime was adopted by the UN General Assembly and the UK announced it is consulting industry on potential bans and mandatory reporting for ransomware payments.

A prominent hacker retired, Trump pardoned the founder of Silk Road, and an Italian teenager diverted ships in the Mediterranean. MGM Resorts agreed to settle cyber class actions for $45 million.

The Clop ransomware gang was busy, listing over 60 new victims on its leak site including a number of Australian companies. The group behind the GoAnywhere and MOVEit hacks announced in December that it was actively exploiting a zero-day vulnerability in Cleo’s managed file transfer applications.

Other cyber incidents that made headlines over the summer include Australian Centre for Heart Health, Deloitte UK, Thanks For the Help, XTrade, Honotel, Hands, Hewlett Packard Enterprise, Christian Community Aid, Clutch Industries, Asia-Pacific Venue Management Association, Evidn, Scholastic, Conduent, Green Bay Packers, UN civil aviation authority ICAO, Bondi Markets, Steps To Life, TalkTalk, Clubfit Software, Wirral University Teaching Hospital, Compass Communications, Harley-Davidson, United Nations delegates, Waverley Christian College, Ainsworth Game Technology, Krispy Kreme, Islamic State of Iraq and Syria (ISIS), BT Group, Nestle, Montreal North, United States Marine Corps personnel, Novati. SL Data Services/Propertyrec did not encrypt a database of sensitive information, and data of Volkswagen EV owners was exposed for months thanks due to a car software misconfiguration. The Cisco breach escalated. Claims of an attack on JB Hi-Fi, and a breach of Amazon, were debunked.

Contents

1. News from HSF

   1. Podcast: Cross Examining Cyber with Lt General Michelle McGuiness

   2. Podcast: Cross Examining Cyber with Alastair MacGibbon 

2. Law making and regulatory news

3. Industry news

4. World news

Podcast: Cross Examining Cyber with Lt General Michelle McGuiness

In this episode, Cameron Whittfield is joined by Magda Blanch-de Wilt, HSF’s new cyber risk advisory lead, and Lieutenant General Michelle McGuiness, Australia’s National Cyber Security Coordinator.

With 30 years of service in the Australian Defence Force, Michelle has a deep passion for learning and educating, which is evident throughout the podcast. We hope you enjoy this discussion. 

Podcast: Cross Examining Cyber with Alastair MacGibbon 

In this episode, we cross-examine Alastair MacGibbon, Chief Strategy Officer at CyberCX and one of Australia’s leading cyber security commentators. His career includes 15 years with the Australian Federal Police, where he established Australia’s High Tech Crime Centre. Upon rejoining the public service, he became Australia’s inaugural eSafety Commissioner, National Cyber Security Adviser, head of the Australian Cyber Security Centre, and Special Adviser to the Prime Minister on Cyber Security.

Cyber Security Legislation – Rules Public Deep Dive sessions​ – Cyber and Infrastructure Security Centre – 16 December 2024

The Cyber and Infrastructure Security Centre (CISC) has been conducting town halls and deep dive sessions, on draft rules pertaining to security standards for smart devices, ransomware payment reporting, the Cyber Incident Review Board and the telecommunications security and critical telecommunications assets, and data storage systems. The operative sections of the Security of Critical Infrastructure and Other Legislation Amendment (Enhanced Response and Prevention) Act 2024 took effect in December 2024. The consultation period for the draft rules will end on 14 February 2025.

Australian Cyber Security Centre names its next head – iTnews – 13 January 2025

The Australian Cyber Security Centre (ACSC) has announced Stephanie Crowe as its new head. Crowe, who has 15 years of experience in signals intelligence and cyber security roles at the Australian Signals Directorate (ASD), had been acting head of the ACSC since Abigail Bradshaw's promotion.

CISC Newsflash Edition 18, October–December 2024 – Cyber and Infrastructure Security Centre – 18 December 2024

In its last quarterly newsletter, the CISC noted that it commenced a formal audit program pertaining to compliance with the Critical Infrastructure Risk Management Program (CIRMP) under the Security of Critical Infrastructure Act 2018. The 2023-24 financial year was the first mandatory reporting cycle for entities subject to CIRMP obligations.

The Commonwealth Cyber Security Posture in 2024 – Australian Signals Directorate – 5 December 2024

The Commonwealth Cyber Security Posture in 2024 report informs the Australian Parliament on the cyber security measures implemented across the Australian Government for the 2023–24 financial year. The report highlights ongoing efforts to protect critical infrastructure from cyber threats. It also outlines the key challenges faced by the Government in maintaining a robust cyber security posture. The report identified legacy IT as a significant and enduring risk.

Commonwealth Cyber Security Policy Consultation Package – Department of Home Affairs – 2 December 2024

The Department of Home Affairs is seeking submissions by 28 February 2025 in response to a ‘Guiding Principles to Embed Zero Trust Culture’ consultation paper, which seeks to engage with interested stakeholders to support the development of policy required to embed a zero trust culture across the Commonwealth.

Government grants almost $7M for cyber security awareness for vulnerable Australians – Cyber Daily – 3 December 2024

The inaugural Cyber Security Awareness Support for Vulnerable Groups grants program, managed by the Department of Home Affairs, provided grants of up to $35,000 to over 200 recipients, totalling almost $7 million. The initiative aims to educate and protect these groups from cyber threats through targeted programs and resources.

Australia announces counter foreign interference initiative – Cyber Daily – 15 January 2025

The Australian Government introduced a new counter foreign interference initiative. The Government is also focussing on improving collaboration with international partners and enhancing the capabilities of its cybersecurity agencies to respond to and mitigate cyber threats.

Enhanced visibility and hardening guidance for communications infrastructure – Australian Signals Directorate – 4 December 2024

A joint advisory issued by Australia, Canada, New Zealand and the United States has warned of threat actors backed by the People's Republic of China PRC compromising networks of major global telecommunications providers to conduct a broad and significant cyber espionage campaign. The guidance is tailored to network defenders and engineers of communications infrastructure, however the ASD hopes the guide may also prove useful for organizations with on-premises enterprise equipment.

Australia’s $319 million year in scams and the biggest hitters – SBS News – 19 January 2025

In 2024, Australians lost nearly $319 million to scams, with investment scams being the most financially damaging, claiming over $192.3 million. Romance and dating scams resulted in over $23.5 million in losses, while phishing scams accounted for over $20.5 million. The Australian Competition and Consumer Commission's Scamwatch reported 249,448 scam complaints, with email being the most common method of contact, followed by text messages and phone calls.

Six tends that will define cyber through to 2030 – Computer Weekly  – 6 December 2024

Trends include the increasing use of AI in cyber defence, the rise of cyber warfare, and the growing importance of data privacy. One specific example mentioned is the use of AI-powered threat detection systems that can identify and respond to cyber threats in real-time, significantly enhancing an organisation's ability to defend against attacks. The article provides insights into how these trends will impact businesses and individuals, emphasising the need for continuous adaptation and investment in cybersecurity.

Ransomware gangs pose as IT support in Microsoft Teams phishing attacks – Bleeping Computer – 21 January 2025

Ransomware gangs have been using Microsoft Teams to pose as IT support and launch phishing attacks. Organisations are advised to block external domains from initiating messages and calls on Microsoft Teams and disable Quick Assist on critical environments.

Exclusive: IntelBroker resigns as BreachForums owner – Cyber Daily – 28 January 2025

The owner of BreachForums, IntelBroker, announced his resignation due to offline commitments and lack of time. IntelBroker became the owner after the FBI and global law enforcement took down the previous owner, Baphomet, who had taken over from Pompompurin. IntelBroker is known for posting significant leaks and breaches, including a claimed breach of Europol in May 2024.

Global Cybersecurity Outlook 2025 – Navigating Through Rising Cyber Complexities – World Economic Forum – 13 January 2025

The World Economic Forum’s released its Global Cybersecurity Outlook 2025 report. It highlights increasing complexity in cyber, due to rapid technological advancements, geopolitical uncertainty and evolving threats. Among other things, the report highlighted that 54% of large organisations identify supply chain interdependencies as the greatest barrier to achieving cyber resilience.

Trump pardons mastermind of Silk Road darknet marketplace – Cyber Daily – 22 January 2025

President Donald Trump has pardoned Ross Ulbricht, the founder of the darknet marketplace, Silk Road, which facilitated illegal drug sales exceeding $ 180 million. The pardon has sparked controversy, with critics arguing that it undermines efforts to combat cybercrime and sends a negative message about accountability for illegal activities conducted online.

World-leading proposals to protect businesses from cybercrime – UK Government – 14 January 2025

The UK Government is consulting on a targeted ban on ransomware payments for all public sector bodies and critical national infrastructure, a ransomware payment prevention regime, and a mandatory reporting regime for ransomware incidents. The measures form part of a wider push across government to improve the UK’s defences against cyber threats and protect the UK’s critical infrastructure and essential services. The consultation closes on 8 April 2025.

Europe coughs up €400 to punter after breaking its own GDPR data protection rules – The Register – 13 January 2025

The EU General Court has fined the European Commission for violating its own GDPR data protection regulations by failing to prevent the transfer of a German citizen's data to the United States. It was alleged that the European Commission's Conference on the Future of Europe website apparently allowed users to sign in with their Facebook credentials. 

UN General Assembly adopts milestone cybercrime treaty – UN News – 24 December 2024

The United Nations General Assembly has adopted a landmark convention on cybercrime, concluding a five-year negotiation process. The UN Convention against Cybercrime aims to prevent and combat cybercrime more efficiently and effectively by strengthening international cooperation and providing technical assistance and capacity-building support, particularly for developing countries. The convention addresses crimes such as online child sexual abuse, sophisticated online scams, and money laundering.

Romania Cancels Presidential Election Results After Alleged Russian Meddling on TikTok – The Hacker News – 7 December 2024

Presidential elections will be held in Romania on 4 and 18 May 2025, following the annulment of the results of the 2024 presidential elections. The decision was made by Romania’s constitutional court, and followed the Romanian Government declassifying intelligence documents, which alleged a pro-Russian influence campaign leveraged a network of 25,000 accounts on social media platform TikTok to promote Georgescu in a coordinated effort.

15-year-old hacks Italian state and gives himself better grades – Blue News – 21 January 2025

A 15-year-old Italian hacked the IT system of the Ministry of Education to improve his school grades. He also changed the routes of oil tankers in the Mediterranean. The 15-year-old's computers and devices have been confiscated and Italian police are investigating.

MGM Resorts pays out US$45m following data breaches – Cyber Daily – 30 January 2025

On 21 January, MGM Resorts agreed to a $45 million payout to settle class action lawsuits following two cyber attacks impacting the company, in 2019 and 2023. According to class action lawyers, the two incidents affected over 37 million customers. The settlement will be ruled on by a Las Vegas federal court in June 2025.