Over the past few weeks, countless Australians have fallen victim to Flubot Scams; scams that use voice-recording links and other false messaging to manipulate recipients into downloading malware onto their device.

The attacker will send a message that prompts the victim to a click a link under false pretences – typically that they have a missed voicemail, undelivered postal package or other such pressing matter to get your attention. 

Once the link is clicked, the victim is taken to a page that misleads the user into thinking their device is infected with a strand of malware virus called a ‘Flubot’. Finally, the page tells the victim to download an anti-virus solution to resolve the issue – which, ironically, contains the actual malware infection used to compromise the victims device. 

The scam is cunningly layered, and leverages the average Australian’s vague understanding and insecurities surrounding cyber-safety against them. Its acute understanding of user psychology combined with its deceptively simple delivery has managed to garner a massive infection rate across the country thus far.

The ACCC initially released a warning about Flubot scams two weeks ago, at which point they’d already received over 16,000 reports of the scam. While Flubot scams are nothing new internationally, they’ve proven to be a major issue domestically towards the end of 2021.

Once the users device is infected, victims can expect eavesdropping and manipulation of their confidential data to the effect of further scams – ranging from bank and identity fraud through to potential wider attacks against their place of employment or personal colleagues.

Thankfully, due to an increasing awareness of cybercrime (link) and an influx of media coverage around the scams, their effectiveness is waning significantly.

However, scammers remain agile in developing and evolving Flubot scams to maintain their profits, and a further scam is being launched off the back of this one. 

As per the above image, Flubot scammers are now delivering an opt-out message actually links to a Flubot malware download. Scammers have ultimately managed to exploit the increasing awareness of Flubot scams by directly incorporating them into their delivery methods. Malicious attackers have cunningly piggybacked off this scam by launching fake unsubscribe messages, which – once clicked – result in xyz

Given the evolving and consistently deceitful methods of Flubot delivery, we’d like to offer some broader advice on managing Smishing (SMS Scam) attacks such as this one.

Rather than tailoring specific advice on how to thwart the latest iteration of the Flubot scam, it’s important to familiarise and remind yourself of these three golden rules whenever dealing with an SMS message:

• Were you expecting the SMS? If you’ve unexpectedly received an SMS from someone you weren’t expecting to hear from, think twice before interacting with it. It’s always unusual for an unknown or unexpected SMS to prompt action from you.
• If you receive an SMS message that contains a link, do not click it! Generally speaking, there’s rarely a valid reason to click an SMS link, especially from an unknown number. Flubot messages in particular will typically use a link which contains a series of 5-9 random alphanumeric characters at the end of the link.
• If you click the link – close the page and call a professional: While we urgently advise you not to click a Flubot link, we understand that mistakes can happen. When you click the link, you’d be led to a page prompting you that the device is infected.

This is a clever trick by the scammer to convince you to download a fake anti-virus prompt, which actually contains the true Flubot malware in of itself.

The best action is to close your phone’s browser, and speak with an I.T. professional and/or Scamwatch to determine the best course of action for your ongoing safety.

For more cybersecurity news and tips on staying cyber-safe visit cyberware.com

Hackers are using mirroring apps to monitor SMS activity, enabling them to view private conversations, scalp private data, and appropriate SMS authentication codes.

Since the beginning of the pandemic and the consequential migration to working from home, cybersecurity experts have heavily advocated the importance of keeping work communications out of your SMSes. However, SMSing persists as a widely utilised work communications tool – transmitting sensitive data such as passwords, finances and confidential business information.

Mirroring applications leverage screen-streaming technology to remotely view anything occurring on your phone in realtime. This means that any texting, browsing or other activities can be viewed by the hacker. The real kicker is that mirroring apps are often installed without the victim’s knowledge.

By using Google features, in combination with a compromised email and password, hackers can remotely install applications on most modern devices. Once a mirroring app is installed remotely, all activity can be viewed without your knowledge.

While the thought of someone viewing your personal phone usage is certainly unpleasant, the real damages often come in the form of exploiting two-factor SMS codes.

If you aren’t already familiar, two-factor authentication is simply an extra layer of security when logging in or accessing a system. You might be most familiar with two-factor when you’re making a transaction on a banking app, and are sent a verification code via SMS to confirm.

One of the most memorable cybersecurity quotes from Microsoft is that Two Factor Authentication can block over 99.9 percent of account compromise attacks. It’s a high claim, but it is not misinformed – if a hacker cracks your password, two factor authentication is typically enough to prevent a full breach.

However, a layer of nuance that is often missing from the Two Factor authentication discourse is how the Two Factor authentication is delivered.

There are a number of ways that two-factor authentication can be performed, all with varying levels of security. See the following table for a few common methods:

While Two Factor delivered via SMS is extremely popular and relatively secure, hackers are using mirroring applications and other security exploits as a workaround – allowing them to hijack two-factor for larger data breaches.

Picture a scenario wherein the password for your work email is compromised. If you’ve secured it with a two-factor SMS code, and a hacker has further targeted your device with a mirroring app, they can then gain full access to your email to commit identity theft, invoice fraud and other forms of significant security breaches.

One-time SMS codes are also subject to threats of SIM-Swapping, which can re-route your texts to another phone, and reverse proxy tools such as Modlishka, which can intercept and monitor SMS communications with ease.

Despite these growing threats, many well-known online services still use two-factor SMS codes, including myGov and the Big Four banks.

So what can you do to improve your phone and two-factor security?

• Use app-based 2FA: Email, SMS and Push-based two-factor are all helpful, but they aren’t the most secure, nor are they the most convenient. Use a designate app such as Authy, Google Authenticator or 1Pass for the best results.
  
• Scan your phone routinely: It can be hard to keep up with all of the apps installed on your phone, but using an antivirus scanner can help weed out any potential threats. Use an antivirus scan regularly to reduce the chance of a malicious app stealing your data.
  
• Routinely change your passwords: The best way to avoid a remote app installation is to change your Google Account passwords at least every six months, and ensure that your passwords are both strong and unique. Furthermore, equip your Google Account with two-factor.
  
• Check for location-based two factor: Some applications, such as Twitter and Gmail, have the option to prompt for two-factor authentication in the event of a login from a new location. Check if your apps and accounts support this to prevent unwanted remote logins on your accounts. 

Not sure about the next steps to take for your cybersecurity? Visit cyberaware.com for key safety tips and takeaways.

Recent research from the International Data Corporation has revealed that Australian organisations are more likely to pay out a ransom than any other nation.

This has unsurfaced during a year that has seen ransomware attacks against Australians increase by a massive 60 percent – a figure that some industry experts indicate is a $1 billion cost to the Australia economy.

While dealing with an active ransomware attack, paying the ransom should only be done as last resort. Not only does it justify the hacker’s efforts to attack the business, but there’s no guarantee that your stolen assets, data or system integrity will be restored.

So in the case of Australians, why are we so inclined to fork out the cash?

We tend to view cybersecurity on a cost-basis, with the focus and priority for most executive members being to funnel money and technical resources into what is fundamentally human issue. Deloitte and other entities have performed research and analysis highlighting the need for Australian organisations to rethink their approach to cybersecurity, and in the new decade, it’s crucial to consider the intended behavioural outcomes in our cybersecurity initiatives – from addressing the risks of human error through to mitigating and de-escalating incidents, such as ransomware, as they occur.

In the current cybersecurity landscape, wherein IT solutions and financial resources are the primarily adopted means of mitigation, it’s no surprise that by the time a ransomware attack occurs, many Australian organisations may find it more enticing and aligned with their culture and processes to simply spend more resources and pay out the ransom.

However, paying out ransoms is extremely problematic for a number of reasons. Not only does it contribute to establishing a precedent for attackers to repeat their efforts against you and other organisations, but as mentioned above, there is no guarantee that the attacker will uphold their end of the bargain.

80% of organisations that do pay out a ransomware attack experience a second, subsequent attack – of which 46% believe are performed by the same cybercriminals.

Now is a crucial time for all organisations to examine their readiness for a ransomware attack. The climate is more dangerous than ever before, with Australian companies recently involved in the largest ransom demand of all time – $70 million USD – during an attack against major IT Management Software provider: Kaseya.

Furthermore, Australian infrastructure is being increasingly targeted, with Queensland Hospitals facing major disruptions in April, and a whopping 47 meat processing facilities forced to shut down in May during the renowned attack against JBS Foods, who eventually paid out $14.1 million to their attacks.

So, you may be wondering what the alternatives are. If you don’t pay a ransom out, how do you recover?

At the end of the day, ransomware is extremely dangerous, and it’s rare that the victim will walk away completely unscathed. However, the highest yield for risk-reduction comes with preparation.

By taking pre-emptive measures and establishing processes for a ransomware attack in advance, you can increase confidence in your stakeholders that your company is equipped and ready for rectifying an attack. Furthermore, you dissuade attackers from targeting you again, rather than providing them with finances and a further incentive to target you and fellow Australians.

In consideration of ransomware, here are some key measures you can take to prepare for and mitigate a potential attack:

• Create regular backups and prepare redundant work systems: Depending on the extent of a ransomware attack, backups can potentially restore your data and systems, enabling you to then focus on securing your systems instead of paying out a hacker. Back up your systems and data regularly so you have some potential wiggle room in the event of an attack.
  
• Incident response procedures: It’s crucial that if and when an attack occurs, you and your employees are prepared on what steps to take. Rather than scrambling for a fix and playing into the hands of the ransomware attackers, establish roles, responsibilities and processes within the organisation in advance.
  
• Cyber-safe work culture: Human error is repeatedly the leading cause of cybercrime. It’s entirely possible for a simple misclick or phishing email to create a point of entry for attackers. Deploy regular awareness training at all levels of your organisation to reduce your human-risk as much as possible.
  
• Treat payment as a last resort: The problem with paying an attacker is that there’s no guarantee they’ll restore your access, or delete the data they’ve stolen. Work with security professionals to determine the best course of action, and only make payment if it’s impossible to recover through other means.

As discussed, ransomware is set to become even more prominent throughout the coming decade. The Federal Government is currently debating a ransomware attack disclosure bill, meaning that ransomware payments could be disclosed moving forward. Now is a crucial moment to review your cyber stature and preparation for ransomware and general cyber risks against your organisation.

Not sure about the next steps to take for your cybersecurity? Visit cyberaware.com for key safety tips and takeaways.

A recent cyberattack against Stonnington Council has exposed private ratepayer information across some of Australia’s most expensive suburbs. In a Channel 7 Report on the incident, Stonnington Council CEO Jacquie Weatherill has stated that an “international agent” has infiltrated their systems.

The attack has resulted in in the council shutting down payments and planning applications on their website.

The Stonnington Council services some of Australia’s most expensive suburbs, including Toorak, Malvern and South Yarra. With approximately 110,000 Stonnington residents, it’s no surprise that international actors could find value in targeting the council for the attack.

This is far from the first time that an Australian council has been targeted in a cyber attack. In July of 2018, both Cairns and Townsville experienced a data breach within the same month.

The public sector is often at an increased risk of cyber-attack, both by individual criminals looking to install ransomware or sell data on the dark web for a profit, as well as by international actors with more political motivations.

Just this year, China was suspected of a cyber attack against Western Australian Parliament during a state election, and similar suspicions were raised in 2019 for an attack against Federal Parliament.

Experts are increasingly warning public sector organisations to take increased cybersecurity measures, especially given that cybersecurity damages in Australia have increased exponentially year after year.

In a statement on the Stonnington Council website, Weatherill quotes:

“Our priority is to ensure our customer’s data is kept secure, our workforce can be as productive as possible, and our customers remain connected.”

While a cause and method of attack is yet to be identified or released in a public statement, it’s often the case that human error is the underlying cause of a breach, with over 90% of data breaches being attributable to human error.

Given the widespread adoption of work-from-home, the risk of human error and consequential security incidents is higher than ever before for all organisations. To ensure your cyber-safety for the remainder of 2021, we recommend the following security practices:

• Keep work separate from social media: Stonnington Council employs over 1000 people, many of whom are currently working remotely. It’s crucial that in organisations of all sizes, all work data and practices are discussed on work-approved platforms. If work information is openly discussed on social media platforms such as Facebook or Messenger, it opens a range of security concerns that simply can’t be monitored reliably.

• Ensure all staff are on a VPN: Simply put, a VPN works as a secure “tunnel” between your home and your workplace. While working from home, you and your colleagues are sending sensitive data and business documents across potentially unguarded connections, meaning it’s more likely that someone could intercept or eavesdrop on your data. Ensuring all employees are on a VPN will massively improve your monitoring capabilities, as well as reducing the risk of eavesdropping.

• Use two-factor authentication: Two-factor login has become the new safety standard for any secure business and is simply an extra layer of security on top of your passwords. For example, when you receive an SMS code to confirm a Facebook login or online bank transaction, that’s two-factor in play and it can be turned on for most logins. You can find two-factor setup tips from the ACSC here.

Not sure about the next steps to take for your cybersecurity? Visit cyberaware.com for more key safety tips and takeaways.

From counterfeit vaccine shipments to forged vaccine certificates, it seems that criminals are using every means available to profit on the COVID-19 pandemic. Now, fake covid-tracing apps are making the rounds across Australia, leveraging ‘anti vaxxers’ and lockdown protestors’ efforts to dodge the check-in.

In the first quarter of 2021, state governments released QR Code check-in apps alongside a number of requirements for citizens to check in to public facilities, public transport, and businesses. As expected, these requirements were met with ample backlash from online protestors, and soon after, dark-web app developers took to creating a work-around for checking in.

How does it work? Simply put, by using a fake check-in app, the user can appear to check-in without actually providing any data. The user scans a QR code as per normal, then arrives at a false page designed to look like a real government QR check-in page. The user shows this to the staff at the check-in location to “prove” that they’ve scanned the QR and checked in, but no covid-tracing or data exchange actually occurs.

This means that users can effectively avoid facing fines or being escorted from the location, without actually contributing contact-tracing information to government databases.

These apps are gaining alarming popularity in online anti-vaccination groups, however, they are not without their risks. Asides from their negative impacts on contact-tracing data collection, use of these apps introduces a major threat to the end-user – namely, malware. The developers of fake contact-tracing apps are often apolitical, and in reality, their intention is simply to infect the end-users device.

In Singapore, the UK and India, users are facing swaths of malware infections when trying to use contact-tracing apps. People looking for a fake contact-tracing app face even higher risk, as these downloads often avoid regulation and security standards by being posted on the dark web.

Furthermore, there is the very real possibility of being caught in the act. Recently, the Australian Federal Police arrested a number of underworld figures from the Australian mafia and biker gangs by putting up for download a fake ‘encrypted messaging app’ which was actually used to monitor the criminal activities of their users.

Considering the importance of accurate contact-tracing, it would not be in the least bit surprising if similar measures are being taken towards fake contact-tracing apps to monitor those attempting to avoid regulations.

I usually end my articles with a few tips on how to stay cyber-safe, but in the case of ‘fake check-in’ apps, it’s as simple as this; don’t use them. If not for the simple point of maintaining contract-tracing validity and helping your state to beat the curve again, then consider the risk of phishing scams, malicious content and malware-embedded downloads you inherit from use of these unsafe applications. It simply is not worth it.

For more cybersecurity news and tips on staying cyber-safe visit cyberware.com

An investigative consultant has revealed that last month’s historical ransomware attack against Colonial Pipelines was committed through a simple password breach.

The attack – which led to a five-day-long service outage and a $4.4 million USD payout – was initiated by the ransomware group, Darkside, through an inactive account that had neither been disabled nor secured with two-factor authentication.

The account was a Virtual Private Network (VPN) account, meaning that once the account was hacked it provided Darkside with a direct tunnel to Colonial Pipeline’s corporate network.

From there, the hackers went unnoticed while they set up and deployed the devastating ransomware attack.

When you take a step back and examine the wider economic impacts of this attack, it can be surprising to hear that a simple password breach is the root cause of it all.

The shutdown of Colonial Pipeline’s system left roughly 10,000 gas stations in the Eastern United States without a fuel supply, and ultimately resulted in price hikes that tipped the national average over $3 for the first time in 6 years.

Furthermore, this controversial attack has raised questions about what due diligence looks like in the current cybersecurity landscape.

Namely, as a vendor that supplies nearly half of the USA’s fuel supply on the east coast, could Colonial Pipelines be considered negligent for their lack of two-factor authentication, or for failure to close the inactive account?

A putative class-action lawsuit has been lodged against Colonial Pipeline arguing the above case. Furthermore, Colonial Pipeline’s decision to pay out the $4.4 million USD ransom has been bought to question as potentially unethical; with many industry experts concerned that it could incite further attacks of this nature in the future.

At the end of the day, a few simple security steps could have significantly reduced the risk of ransomware and potentially prevented this attack. Regardless of the size of your business, here are a few changes that you can make to majorly improve your cybersecurity:

• Enforce a password policy: The password for the compromised VPN account has since been found on the dark web in a batch of leaked passwords. This indicates that the password was potentially lost in a separate breach, and re-used in the VPN account.
  
  A strong password policy exists to patch these kinds of holes. Enforce rolling password changes at least once every six months, and don’t allow the same password to be re-used by your staff.

• Enable two-factor authentication: Two-factor authentication exists so that in the event of a stolen or cracked password, a second method of authentication is required. Microsoft is quoted as saying 99.9% of attacks can be blocked by two-factor, and it’s as easy as a few clicks to set up.

• De-active unused accounts: One thing that we’re often guilty of is leaving un-used accounts open. Whether we merely forget or procrastinate the closure of work accounts, it can lead to a devastating compromise in security. Create a formalised procedure for cataloguing and routinely reviewing work accounts, and include steps to terminate them when no longer needed.

A whopping 47 meat processing facilities across Australia have closed operations due to a cyber-attack against JBS Foods.

JBS Foods is an American-owned company and the world’s largest meat supplier. They own both Hans and Primo, and while the effects of this attack have majorly impacted Australian beef and lamb operations, the USA is facing unprecedented damages.

To date, all JBS beef plants are currently forced into an ongoing and total closure. JBS is a major contributor to the USA meat supply chain, processing approximately one-quarter of the USA’s beef, and a fifth of its pork.

Yesterday, the White House has verified the attack method as ransomware. FBI investigations are ongoing, however, the common consensus at this time is that the attack likely originates from Russia.

This marks the second time in a month that a major USA supply chain has been disrupted by ransomware. In a similar fashion to this attack against JBS, Colonial Pipelines – a major fuel supplier responsible for nearly half of the USA’s east coast fuel supply – was shut down by a ransomware attack from May 7 until May 13.

Naturally, the damages to these organisations are devastating. However, what’s of an equal -if not higher – concern is the surrounding ramifications against critical supply and the larger economy.

During a global pandemic in which supply chains are already under increasing pressure, 2021 has seen regular attacks against critical infrastructure and supply chains, including:

• Florida Water – Water Supply almost poisoned in cyber attack
• Waikato DHB – NZ hospitals still in difficult circumstances following ransomware
• The Reserve Bank of New Zealand– Bank database breached by cybercriminal(s)
• Uniting Care Queensland IT – Ransomware leads to disruptions across QLD hospitals

JBS Foods plans to re-open all domestic meat plants as of tomorrow, however, the road to recovery is still far ahead.

In the current threat landscape, it’s crucial that your business is familiar with ransomware and prepared for the worst-case scenario.

Here are a few key steps you can take to reduce the risk and impact of a ransomware attack:

Set up backups and redundant work systems: If your work systems were suddenly taken offline, how would your organisation continue to operate? The news for JBS is still relatively new, however, many of their disrupted facilities are planned to re-open as of tomorrow.

Prepare systems, procedures, and data backups in advance to ensure that your business is capable of operating during a potential attack or system outage.

Promote a cyber-safe work culture: A recent IBM report cited human error as the major cause behind 95% of data breaches in its research pool. Many ransomware attacks occur simply through phishing or malicious websites, which is why awareness is more important than ever.

Use cybersecurity awareness training, and foster an open and collaborative discussion around cybersafety in the workplace.

Set up two-factor authentication: Two-factor authentication (2FA) has been referred to as the seatbelts of cybersecurity. In the event that someone cracks or guesses your login credentials, 2FA exists to put up another barrier of entry as a safety measure.

Commonly used 2FA services include Authy, 1Pass, and Google Authenticator.

Not sure about the next steps to take for your cybersecurity? Visit cyberaware.com for key safety tips and takeaways.

Victorians are currently on day five of a planned seven-day snap lockdown, and there is increasing worry that we may see significant extensions.

For business owners who have only recently returned to a semblance of normalcy, this daunting news has raised major concerns.

The challenge of managing a business in a pandemic is difficult enough, and while we may be preoccupied with preparing for current circumstances and uncertain weeks ahead, it’s important to remember that during these times we are at our most vulnerable to cybercrime.In 2020, cybercrime was more prolific than ever before.

A survey by CrowdStrike revealed that 67% of Australian respondents had suffered an attack in 2020, placing us only second-place to India.

Furthermore, Scamwatch reports indicate a 22% increase in scams from the previous year, totaling over $175 million dollars in damages.

As a result of the global pandemic and recurrent lockdown restrictions, reportedly 2 in 5 are now regularly working from home, which introduces a wide range of security concerns.

Rather than operating on a work-approved network & device, many employees are now working via shared devices and shared WiFi networks at home.

Login credentials are being passed around, safety habits are slipping, and the security standards of the workplace aren’t as immediately available.

Following nearly six months of Victorian lockdown in 2020, we know that scammers ramp up their efforts in times like these. It’s crucial that we learn from last year’s difficulties, and do all we can to stay safe both offline and online.

Here are some steps that you and your colleagues can take to bolster your cyber safety during and beyond the current lockdown:

Set up a VPN at home: The vast majority of home networks are not suitable for workplace activity. Unencrypted data can be viewed by anyone or anything else on the same network, which in the event of a shared WiFi, is particularly dangerous.

With a VPN, your workers can safely tunnel directly into the business network, meaning that hackers and cybercriminals nested on the home network can’t view their data.

Furthermore, if you and your workers already have a VPN in place, make sure you keep it updated! Many organisations – including the US Government – have experienced recent cyber-attacks due to an out-of-date VPN.

Review system access rights: While working remotely, employees are more frequently logging in and out of things, creating a trail of potential security vulnerabilities along the way.

Take the time to enforce password changes in the business, and review who has access to what. Things like bank accounts, workplace email addresses, professional social media accounts, and general work systems can all be exploited for massive damages.

Remove unnecessary access and update passwords on all accounts. The fewer openings there are across the business, the safer it will ultimately be.

Keep an eye out for scams, especially during lockdown! Research shows that 35% of workers face consistent feelings of fatigue when working remotely.Perhaps it’s for this reason that COVID-19 themed phishing scams are so successful.

Last year, people fell victim to countless tailor-made scams based on the pandemic; from false promises of early superannuation access to fake covid vaccine adverts. While scammers will do their best to make a malicious contact seem legitimate, there are usually some red flags that you can use to spot a scam:

• Bad grammar and typos
• Requests for card details or private information
• Requests for you to click a link
• Mismatched email addresses/phone numbers from the company’s usual details

Finally, it’s important to keep cybersafety front of mind. Whether it’s in your Zoom catchups or work messages, one of the easiest risk reductions you can achieve is by simply talking about cybersecurity.

The leading cause of cybercrime is human error, and the best fix is some simple awareness. For more work-from-home safety advice, view this article we wrote for Business Victoria. 

Not sure about the next steps to take for your cybersecurity? Visit cyberaware.com for key safety tips and takeaways. 

A ransomware attack against Colonial Pipeline – a major fuel pipeline operator responsible for nearly half of the USA’s east coast fuel supply – has resulted in a shutdown of the entire network.

The ramifications included not only gas shortages for many eastern US states, but also corresponding price hikes that raised the national average to over $3 a gallon for the first time in 6 years.

The initial shutdown of Colonial Pipeline networks began on May 7, and it wasn’t until May 13 that Colonial Pipeline stated a return to normal operations.

The incident constitutes one of the most prolific attacks against American infrastructure on record. President Joe Biden was briefed on the events that took place, and government bodies offered assistance in the restoration the network.

While the impacts on the service and wider economy were devastating in of themselves, the cherry on top was a ransomware payout of $4.4 million USD.

The average ransomware payout is reportedly just over $300,000 USD, and while conventional advice including our own is to avoid paying a ransom at all costs, the stakes for Colonial Pipeline as a major pipeline operator were simply far too high.

The payment was made entirely in BitCoin, likely on account of the cryptocurrencies’ capacity for anonymous transactions.

Joseph Blount, the CEO of Colonial Pipelines, has chalked the payment up as a necessity, stating that “It was the right thing to do for the country.”

Following investigations, the FBI has confirmed that the ransomware group “DarkSide” is responsible for deploying the attack.

DarkSide is a group that offers Ransomware-as-a-Service, meaning that they can be paid to deploy ransomware attacks against target organisations.

DarkSide claims to have a philanthropic approach to their cybercrime, targetting ‘Big Game’ targets and donating a portion of proceedings to charity. In this event, the ramifications of this attack had a knock-on effect on the entire economy, putting to question whether or not their ‘Robin Hood’ antics are truly charitable at all.

DarkSide representatives have issued an apology for the knock-on effects of their attack against Colonial Pipelines, claiming to choose their future targets more carefully.

Few of us are responsible for such large-scale operations as Colonial Pipelines, however, there are a number of key learnings we can take from their recent struggles:

• Backup your data: Depending on the extent of a ransomware attack, backups can potentially restore your data and systems, enabling you to then focus on securing your systems instead of paying out a hacker. Back up your systems and data regularly so you have some potential wiggle room in the event of an attack.
  
• Train your organisation: Human error is repeatedly the leading cause of cybercrime. While Colonial Pipeline has not disclosed how the ransomware attack occurred, it’s entirely possible that a simple misclick or phishing email created a point of entry for the attackers. Deploy regular awareness training at all levels of your organisation to reduce your human-risk as much as possible.
  
• Treat payment as a last resort: The problem with paying an attacker is that there’s no guarantee they’ll restore your access, or delete the data they’ve stolen. Work with security professionals to determine the best course of action, and only make payment if it’s impossible to recover through other means.

Not sure about the next steps to take for your cybersecurity? Visit cyberaware.com for key safety tips and takeaways. 

You may remember in late March that not only Channel Nine, but also Federal Parliament, were making headlines for being targetted by significant cyber attacks.

While there was ample coverage and information available regarding Channel Nine, we’re only now receiving further information regarding the attack against the Department of Parliamentary Services (DPS).

Over a 24 hour period, the federal parliament network was targeted by a brute force attack; an attack method that aims to guess or ‘crack’ passwords and login information through sheer volume of attempts.

Senator Scott Ryan reported that while the brute force attempt was not successful, it did lead to a significant disruption of service as many user accounts were locked down between March 27th and April 5th.

Thankfully, the attack was contained and mitigated before systems and data could actually be compromised, however, this isn’t the first time that Parliamentary services have been disrupted as a result of cybercrime.

2019 saw a malware injection – reportedly launched by state actors – against Parliamentary systems, which also led to services being shutdown during required security measures.

And only recently, yet another state-actor suspected cyber attack was launched on Western Australia’s Parliament, notably during a state election.

While there is a world of difference between government cybersecurity and business cybersecurity, there’s also plenty of common-ground learning that can be taken away from this recurrent slew of attacks:

• Lock down your devices: After an attack or suspicious activity has been identified, it is pertinent to restrict access on impacted or neighboring systems. This way, any malicious attackers can be locked out, and any damages can be contained pending further investigation.
  
• Enforce your password policy: While there hasn’t been clarification on whether Parliament’s login interfaces were manually or automatically locked, it’s crucial that your password and login systems are configured to automatically lock after too many failed attempts. Furthermore, make sure your passwords meet a minimum strength requirement of:
  
  • At least 8 characters in length
  • A mixture of upper and lower-case letters
  • A mixture of numeric, alphabetical and special characters
    
• Keep your software up to date: The recent WA attack involved attempted exploitation of Microsoft exchange vulnerabilities, and foreign governments have fallen victim to similar Microsoft-related attacks. It’s crucial to stay up-to-date on known vulnerabilities and updates for your organization’s software and ensure you have a prompt update policy in place.

Not sure about the next steps to take for your cybersecurity? Visit cyberaware.com for key safety tips and takeaways.