This appeared last week.
Recent cyber attacks just the tip of the iceberg for Australia
Toll Group, BlueScope and Service NSW have all fallen victim to cyber criminals in recent days. The government and industry need to sharpen their response.
Alastair MacGibbon Contributor
May 18, 2020 – 1.00pm
In a year already marred by natural and biological crises, cyber security failures remain a critical threat.
Government agencies and big Australian companies have fallen victim to cyber attacks with unprecedented visibility.
Industry and government need to understand why we are more exposed, what we can learn from recent national security events, and how to build a more cyber-resilient nation.
The increased reporting of cyber incidents among big Australian companies has been noticeable. Toll Group, the Melbourne based global logistics company, has been hit twice by ransomware attacks, in January by MailTo and last week by Nefilim.
Over the past week, cyber incidents have affected government agency ServiceNSW, steel maker BlueScope, and a financial services company, MyBudget.
These organisations present an attractive target for hackers, whether a nation-state interested in a strategic asset, or a cyber-criminal group looking to make an easy buck. This is just the tip of the iceberg; many organisations fail to report cyber breaches, or worse, do not know about them.
The recent attacks are revealing in several ways. We are more used to seeing prominent US organisations being the victims of big cyber incidents, for example, Google or Equifax. Although Australian organisations have always had cyber vulnerabilities, the increase in large attacks since mid-2019 shows we are increasingly visible and attractive to cyber attackers.
The data is patchy but we have observed an increase in attacks and a rise in the penetration of networks and targeting of confidential information.
One prevalent "kill chain" technique involves the compromise of weak remote access channels and the deployment of ransomware. This can shut down a company’s operations while incident responders desperately try to restore systems, identify the source and prevent future intrusions.
Governments and industry are failing to respond with sufficient urgency and sophistication.
More sophisticated and destructive attacks involve the compromise of user computers, quiet traversal of networks and exfiltration or manipulation of confidential data.
Cyber criminals have exploited the pandemic and there has been a noticeable rise in COVID-19-related phishing scams. Attackers take advantage of people’s anxieties, tricking them into clicking on malicious links, delivered under the guise of urgent health updates or government support.
Health and medical research facilities have also proved attractive targets. The Australian Cyber Security Centre identified that "advanced persistent threat" actors, a term often associated with nation-state adversaries, are targeting the health sector. Just last week, the FBI officially cited Chinese government-backed groups of such activities.
Lots more here:
and then right on cue we had this:
My Health Record system hit by hack attempt
ADHA reveals external perimeter targeted.
The My Health Record system was the subject of an attempted hack over the past 11 months, the Australian Digital Health Agency has revealed.
National health chief information officer Ronan O’Connor told a parliamentary inquiry into cyber resilience the cyber incident was one of two “potential data breaches” to occur since July 2019.
Both were reported to the Office of the Australian Information Commissioner as part of the notifiable data breaches scheme and neither resulted in any access to the system or data loss.
O’Connor said the first data breach notification related to a “potential compromise to external IT infrastructure supporting the wider My Health Record system”.
“Somebody tried to hack our system, so the external perimeter for our system,” he said on Tuesday.
“I want to assure the committee that there was no access into the My Health Record whatsoever. No information or personal sensitive information was accessed.”
O’Connor said the ADHA’s security monitoring tools picked up the “potential vulnerability within the system and as a consequence of that we notified the OAIC”.
“The OAIC has received what we shared with them and we also worked with the Australian Cyber Security Centre, and on that basis they were happy with the outcome,” he said.
More here:
These paras further down are interesting:
“O’Connor also noted the the ADHA is fully compliant with the essential eight mitigation strategies and has a comprehensive security program that is overseen by a dedicated cyber security centre.
“We’ve got quite a comprehensive program of system and security monitoring, whereby we have specialist real-time monitoring tools configured and tuned to automatically detect any anomalies in the system itself,” he said.
“This auditing of activity ranges from system to system activity, so in relation to endpoints. All traffic [that] stems to and from the My Health Record System is monitored.
“And if there is any unusual behaviours or activity we’ve got the opportunity to notify that organisation and then in instances where we we’ve got particular concern we can suspend access to the My Health Record system.”
To me they make it clear that the myHR system endpoints are not secure but that they are just carefully watched. We can only hope they are good at it!
The take away message is that health data is a target for hackers and that the biggest honeypot we have is not immune from being attacked. I have to say it is something of a worry the ADHA do not know who was attacking them:
““Is there any conclusion or evidence as to who tried to hack it?” Hill asked. “Was it a teenage kid sitting at home? Was it a state-sponsored actor?”
But despite working “very closely” with the ACSC, O’Connor said they simply “don't know the actor” who tried to break into the $2 billion My Health Record system.
O’Connor also told the committee of another potential breach of My Health Record, but it turned out to be a false alarm.”
Here is the link:
David.
5 comments:
One attack seems low. However, they identified and prevented so pat on the back.
O’Connor also noted the the ADHA is fully compliant with the essential eight mitigation strategies and has a comprehensive security program that is overseen by a dedicated cyber security centre.
A couple of questions come to mind:
1. Is he referring to the MyHR or the ADHA ICT??
2. What does he mean fully compliant? To what maturity level?
Maturity Level One: Partly aligned with the intent of the mitigation strategy.
Maturity Level Two: Mostly aligned with the intent of the mitigation strategy.
Maturity Level Three: Fully aligned with the intent of the mitigation strategy.
One thing is clear O’Conner knows how to play the game.
O’Connor said the first data breach notification related to a “potential compromise to external IT infrastructure supporting the wider My Health Record system”.
So it wasn't a hack on MyHR.
To claim that they prevented something that never happened or even tried to happen is a bit rich.
The Health Department and ADHA must be salivating like Pavlov's dog at the possibilities.....
As Chinese authorities expand use of health tracking apps, privacy concerns grow
https://www.reuters.com/article/us-health-coronavirus-china-tech/as-chinese-authorities-expand-use-of-health-tracking-apps-privacy-concerns-grow-idUSKBN23212V
The codes had so far met with little public resistance, seen as a necessary tool to get the economy back up on its feet again.
Or that was the case until the eastern city of Hangzhou proposed on Friday permanently assigning each of its residents a coloured health badge and giving them a score from 0-100 based on their medical records and lifestyle habits.
May 27, 2020 12:50 PM Good pickup. What does that actually mean? Is it Wheaton Infrastruture like the HI service or is it the data centre infrastructure?
What does that actually mean? - one non-event reporting on another non-event using nonsense.
Post a Comment