Cyber security: A month in retrospect (Australia) - February 2025

Cyber news in February 2025 was dominated by some egregious attacks (particularly impacting the crypto, healthcare and education sectors).  

The ACSC was impersonated by email scammers, but the scammers (or the ACSC, for that matter) did not provide any update on the status of the draft rules that will operationalise the cyber law reform passed by Parliament in late 2024. The Australian Government imposed further sanctions (including against those involved in the 2022 Medibank attack) and conveyed its lack of confidence in DeepSeek’s security when it banned the service on government devices.

On the home front, we hosted a very popular CPD event (“Cyber Extortion Payments – Ethical Considerations for Legal Practitioners” – a recording is available), delivered immersive cyber simulations for more than 200 clients in Jakarta and Singapore, and launched our APAC Cyber Risk Survey Report. Check out the Blog for more details.

There were reports about the rising rates of attacks in Australia together with reductions in ransom payment rates.

Internationally, Singapore boardrooms have been primed for upskilling and enforcement agencies were busy apprehending hackers and their affiliates. Japan proposed new legislation to better bolster cyber defences, in the context of a marked increase in cyber attacks affecting the region. Law reform in Thailand seeks to further prevent and suppress cybercrime.

Cyber incidents that made headlines in February included Genea Fertility, University of Notre Dame Australia, Pound Road Medical Centre, Riverina Medical and Dental Aboriginal Corporation, adult site Australian XXX Reviews, Thornton Engineering, Brown and Hurley, Palau Ministry of Health and Human Services, Obex Medical, Albright Institute of Language and Business, Spectrum Medical Imaging, Natures Organics, Western Sydney-based Heart Centre, accounting firm Hall Chadwick, Bybit Cryptocurrency platform, and Sir Keir Starmer’s personal email. ANU closed its investigation into a suspected attack. CrowdStrike confirmed that claims of leaked employee data were false. Slater & Gordon referred a malicious firm-wide email to police. Hewlett Packard Enterprise was allegedly hacked at the same time it began notifying individuals affected by a separate incident in 2023. And hacking group, Lazarus Group, was accused of luring victims using fake LinkedIn ads.

Contents

1. News from HSF

   1. HSF webinar: Cyber Extortion Payments – Ethical Considerations for Legal Practitioners

   2. Podcast: Cross Examining Cyber with Alastair MacGibbon

   3. Event: Launching our Cyber Risk Survey Report 2024 at APAC Cyber Week

2. Law making and regulatory news

3. Industry news

4. World news

HSF webinar: Cyber Extortion Payments – Ethical Considerations for Legal Practitioners

On 20 February 2025, we hosted a live webinar that considered the role of legal practitioners in advising on cyber extortion demands, including an examination of ethical considerations and conduct rules. The wide-ranging discussion between Christine Wong, Anne Hoffmann, Nataly Adams and Cameron Whittfield explored the unique role lawyers play in navigating this ethically challenging area.

If you missed it or would like to revisit any of the discussion points, you can access the slides here and the recording of the webinar here.

Podcast: Cross Examining Cyber with Alastair MacGibbon 

In this episode, we cross-examine Alastair MacGibbon, Chief Strategy Officer at CyberCX and one of Australia’s leading cyber security commentators. His career includes 15 years with the Australian Federal Police, where he established Australia’s High Tech Crime Centre. Upon rejoining the public service, he became Australia’s inaugural eSafety Commissioner, National Cyber Security Adviser, head of the Australian Cyber Security Centre, and Special Adviser to the Prime Minister on Cyber Security. Listen here.

Catch up on our past episodes (with guests including Lieutenant General Michelle McGuinness CSC, Carly Kind, David Thodey and Abigail Bradshaw) here.

Event: Launching our Cyber Risk Survey Report 2024 at APAC Cyber Week

We hosted cyber readiness crisis simulations for approximately 200 clients in Jakarta and Singapore in February as part of our Asia Pacific Cyber Week. Led by Cameron Whittfield, Simone Hui and Peggy Chow. We also had various one-on-one client meetings and client "roundtables", bringing together different clients to talk about their cyber experiences. Thank you to all the clients who attended the sessions.

We launched our APAC Cyber Risk Survey in parallel. The report captures the experiences and observations of legal leaders across the APAC region regarding cyber risk management. Get your copy here.

Further cyber sanctions in response to Medibank Private cyberattack – Australian Government | Defence – 12 February 2025

Australia has imposed additional sanctions under the autonomous cyber sanctions framework, in response to the 2022 attack against Medibank Private. The sanctions target ‘ZServers’, as well as five Russian individuals who provided the infrastructure and services used to host and release stolen data – specifically, ZServers’ owner, Aleksandr Bolshakov, and employees Aleksandr Mishin, Ilya Sidorov, Dmitriy Bolshakov and Igor Odintsov. The sanctions make it a criminal offence to make assets available to ZServers or the sanctioned individuals. The individuals are also banned from entering Australia.

Australia bans Chinese AI platform DeepSeek on government devices – Sydney Morning Herald – 4 February 2025

The Australian Government has announced a ban on the use of the Chinese AI platform DeepSeek on all government devices. The move is part of a broader effort to safeguard national security and protect sensitive information from potential cyber threats, particularly as concerns around the new Chinese-backed AI system continue to make headlines.

Aus3C, CSIRO, and the federal government call on businesses to help shape Australia’s cyber readiness – Cyber Daily – 4 February 2025

The Australian Cyber Collaboration Centre, the CSIRO’s Data61, and Australia’s Department of Home Affairs have launched a collaborative initiative to enhance Australia's cyber readiness. Using industry feedback, the collaboration aims to develop a standardised data risk assessment framework and improve the overall cybersecurity posture of Australian businesses.

Aussie government targets Terrorgram online network with sanctions – Cyber Daily – 3 February 2025

The Australian Government has imposed counterterrorism financing sanctions on Terrorgram, a decentralised online network that promotes white supremacy and racially motivated violence. This marks the first time Australia has imposed such sanctions on an entirely online-based entity. The sanctions make it a criminal offense to deal with the assets of, or make assets available to, Terrorgram.

Warning: Email Scammers Impersonating the Australian Cyber Security Centre – Cyber Daily – 3 February 2025

The Australian Cyber Security Centre (ACSC) has issued an alert warning Australians to be aware of scam emails and calls pretending to be from the ACSC. These phishing attempts aim to deceive recipients into providing sensitive information or making payments. The ACSC has advised individuals to verify the authenticity of any communication claiming to be from the ACSC by contacting them directly through official channels. 

Expert warns universities and schools are ‘prime targets for cyber criminals’ – Cyber Daily – 24 February 2025

As the University of Notre Dame Australia continues to recover from a ransomware attack, Darren Guccione of Keeper Security has highlighted that universities and schools are prime targets for cyber criminals, as they often hold vast amounts of sensitive information.

Overreach in fight against cyber crime must be avoided, says Law Council of Australia – Cyber Daily – 20 February 2025

The Law Council of Australia has raised concerns about the potential overreach of federal powers to covertly investigate cyber-enabled crime. During a public hearing for the Independent National Security Legislation Monitor review of the Surveillance Legislation Amendment (Identify and Disrupt) Act 2021 (Cth) (SLAID Act), the Law Council emphasised the need for careful scrutiny to ensure that the rights of innocent individuals are not unduly compromised. The SLAID Act introduced three new warrant powers for the Australian Federal Police and the Australian Criminal Intelligence Commission: data disruption, network activity, and account takeover warrants. The Law Council highlighted the risks and consequences associated with these warrants, including the potential for significant loss or damage to non-suspects and the limited scope for individuals to seek effective remedies. The Law Council has recommended that these warrants be subsumed into a harmonised Commonwealth electronic surveillance framework and issued by judicial officers of state, territory, and Federal superior courts.

Cross-border GenAI issues to be at the root of 40% of AI data breaches by 2027 – Cyber Daily – 18 February 2025

Recent research by Gartner indicates that cross-border GenAI issues are expected to be responsible for 40% of AI data breaches by 2027. The increasing adoption of GenAI technologies across various industries has led to significant data privacy and security concerns. These issues arise from the complexities of managing data across different jurisdictions with varying regulations and standards. The report emphasises the need for robust international collaboration and standardised frameworks to address these challenges and mitigate the risks associated with cross-border GenAI deployments.

Ransomware-as-a-service actors drive four-times increase in ransomware attacks – Cyber Daily – 7 February 2025

Ransomware attacks have surged to record levels, driven by new ransomware groups adopting the Ransomware-as-a-Service (RaaS) model. According to a report by the NCC Group, there was a 153% year-on-year increase in ransomware attacks in September 2024. The rise in attacks is attributed to emerging threat actors like LostTrust and Ransomed.vc, who have diversified their activities. These groups are increasingly embracing the RaaS model, which lowers the bar for entry into the cybercrime world and ramps up pressure on victims to comply with ransom demands.

Australia facing higher rate of cyber threats as part of APAC regional surge – iT Wire – 20 February 2025

Australia is experiencing a higher rate of cyber threats, with attacks across the Asia-Pacific region being 60% higher than the global average, according to threat intelligence research by Check Point. The region allegedly faced 2,915 attacks per week over the last six months, which was significantly higher than the global average of 1,843 attacks per week. According to the research, the most targeted sectors across the region were education and research, healthcare, and government, all seeing higher attacks per organisation than global averages.

Australia Hit by 47 Million Data Breaches in 2024 – Insurance Business Australia – 7 February 2025

Australia purportedly experienced 47 million data breaches in 2024, making it the 11^th most affected country in the world. According to Surfshark, this equates to one Australian account being compromised every second.

Global Ransomware Payments Plunge by a Third Amid Crackdown – The Guardian – 6 February 2025

Recent reports indicate that global ransomware payments have decreased by a third. This significant reduction is attributed to coordinated international crackdowns on ransomware groups, improved cybersecurity measures, and increased awareness among businesses and individuals. The decline in payments is seen as a positive step towards mitigating the impact of ransomware attacks and reducing the financial incentives for cybercriminals. See also CryptoNews article (5 February 2025).

Hackers steal $1.5bn from crypto exchange in ‘biggest digital heist ever’ – The Guardian – 25 February 2025

Bybit, a prominent cryptocurrency exchange, has launched a recovery campaign after suffering a massive US$1.4 billion exploit. Hackers breached Bybit's wallet, transferring all Ethereum (ETH) to an unidentified address. The attack, attributed to the North Korea-linked Lazarus Group, marks one of the largest heists in crypto history.

Japan Hit with Record Barrage of Cyberattacks – Nikkei Asia – 25 February 2025

Japan has experienced a record number of cyberattacks targeting critical infrastructure, including Japan Airlines Co. and MUFG Bank Ltd. These attacks, suspected to be distributed denial of service (DDoS) attacks, have caused significant system failures and disruptions. Investigations are ongoing, with authorities working to identify the perpetrators and prevent future attacks.

Spy Agency Says Online Threats to NZ Likely to Intensity – NZ Herald – 14 February 2025

New Zealand’s Government Communications Security Bureau (GCSB) has issued a warning that online threats to the country are expected to intensify. The GCSB highlighted the increasing sophistication and frequency of cyber attacks targeting both government and private sector entities. The GCSB emphasised the need for robust cyber security measures and greater collaboration between public and private sectors to mitigate these threats. This warning comes as part of a broader effort to enhance New Zealand’s cyber resilience and protect critical infrastructure from threats.

Singapore boardrooms get guidance to resist cyber attacks – The Straits Times – 12 February 2025

Approximately 500 board directors in Singapore are set to receive training to combat and recover from cyber threats and ransomware attacks. This initiative, led by the Singapore Institute of Directors (SID), aims to raise boardroom readiness to meet crises and disruptions. Senior Minister of State for Digital Development and Information Tan Kiat How emphasised the importance of cybersecurity for all companies, regardless of size, and the government's commitment to strengthening Singapore’s digital ecosystem

Ransomware gang 8Base members arrested, darknet site seized – Cyber Daily – 11 February 2025

An international operation involving several countries has led to four arrests in Thailand of individuals affiliated with hacking group, 8Base, being one of the most active ransomware groups in 2024. Europol reported that these individuals are suspected of deploying a variant of the Phobos ransomware to extort large payments from victims across Europe and beyond. 8Base’s dark web leak site has also been seized.

Spanish authorities arrest prolific hacker – Cyber Daily – 7 February 2025

Spanish authorities have successfully apprehended the notorious hacker, ‘Natohub’, who is allegedly responsible for attacks on high-profile targets such as the US military, NATO, and the UN’s aviation agency. In connection with the arrest, police found the individual to be in possession of more than 50 cryptocurrency accounts holding a range of cryptocurrencies.

Japan Cabinet approves cybersecurity bill to bolster cyber defenses – The Mainichi – 7 February 2025

The Japanese Government has proposed a bill to allow police and the Self-Defense Forces (SDF) to neutralise enemy servers during cyberattacks on critical infrastructure. This aims to enhance Japan’s cybersecurity to match the United States and various European countries. Police will handle initial responses, with the SDF stepping in for complex attacks by foreign entities. Operators of critical infrastructure (for example, the electricity network and railways) would be required to report attacks, with penalties for non-compliance and information leaks.

Thailand Approves New Anti-Cybercrime Law – Government of Thailand | Department of Public Relations  – 1 February 2025

The Thai Cabinet has passed legislative amendments to the Emergency Decree on Measures for the Prevention and Suppression of Technological Crimes, to further prevent and suppress cybercrime in the region. The amendments are expected to take effect in February 2025. The amendments, which build on existing legislation enacted in 2023, include empowering public officials and phone service providers to withhold suspicious phone numbers and improving rapid case consideration and victim compensation.

Chinese car manufacturers flock to DeepSeek, sparking security concerns – Cyber Daily – 26 February 2025

Chinese car manufacturers are increasingly incorporating the offerings of Chinese AI giant DeepSeek into their new models. The integration of DeepSeek's advanced AI technologies into automotive systems has prompted worries about potential vulnerabilities and the risk of cyberattacks. Experts emphasise the need for stringent cybersecurity measures to protect against potential threats and ensure the safety and security of these AI-enhanced vehicles.