Australia is no stranger to significant cyber attacks.
In just one month in late 2022, two major data breaches were reported, impacting telecommunications giant Optus and health insurer Medibank. Smaller breaches during that time also claimed some high-profile victims Down Under, including the Australian Defence Department.
In the Optus case, the data of some 9.8 million people was stolen–more than a third of all Australians. Of those, a smaller but still troubling cohort of 2.8 million had their passport and/or driver license numbers stolen, making them particularly vulnerable to identity theft.
For Medibank, the hackers made off with all of their current and past customers’ data–8 million Australians and 2 million more from other countries. The stolen data includes health claim records.
Although it is not believed the stolen data can be used for identity theft, it is still sensitive information that most people would prefer to keep private.
In both cases, the perpetrators demanded ransoms in exchange for pledges not to release the data. In neither case did the company comply with the ransom request, and it’s not clear if the hackers would have held up their end of the bargain even if their demands had been met.
The damage resulting from these breaches is not limited to the individuals whose data was stolen. For example, following public disclosure of the Optus breach, government driver license offices were inundated with requests for new licenses, and were unable to keep up with the demand.
Further, the extent of the breaches has attracted global media attention to these companies, and not in a good way. Optus and Medibank are now dealing with damaged reputations, angry customers, and investigations from the Office of the Australian Information Commissioner.
Australian organizations are required to report data breaches and must meet other data privacy and security regulations, depending on the industry they are in.
The bottom line is that Optus and Medibank face hefty fines, expensive civil litigation, judgments, and settlements. The long-term financial impact on these businesses is unknown.
How did these breaches happen?
Any data breach depends on two basic factors: How the perpetrators get in, and how they get the data out.
In Medibank’s case, the criminals apparently were able to purchase the stolen credentials for a user account with elevated privileges. It’s not clear how those credentials were compromised.
Once the thieves had that level of access, however, they had free rein to snoop around and identify and access databases with sensitive information.
For Optus, a subsidiary of Singapore Telecommunications, the perpetrators didn’t even need stolen credentials. Optus had a public-facing application programming interface (API) that not only provided direct access to sensitive data, it did so without requiring any credentials at all.
All the criminals had to do was write scripts using the API.
In both cases, the data was extracted through “backdoors” that the perpetrators set up. For Medibank, some 200 GB of data made it out this way in compressed files.
It’s not clear in either case how long the criminals were able to roam around the compromised systems.
In general, however, it is believed that hackers are able to operate undetected for long periods of time–over six months, on average. Their ability to cover their tracks and evade detection means that they don’t need to hurry, and the longer they have access, the more data they can steal–and the bigger their payoff, either in paid ransoms or by selling the stolen data. Or both.
Cybersecurity is an ongoing challenge for all organizations. Hackers are using ever more sophisticated techniques, and a huge underground market for stolen credentials and data is thriving on the “dark web.” And no organization is too small or too large to be a target for cybercrime.
At the same time, the growth of interconnected systems and digital transformation is providing an ever larger “attack surface” for hackers to exploit. Despite the evolution of sophisticated security tools, the cybersecurity technician’s job is getting harder, not easier.
That said, a few simple, well-known steps can go a long way towards making it harder for hackers to ply their trade:
Frequent readers of this blog know that maintaining the security of a Microsoft 365 environment is a complex undertaking. And just because it’s in Microsoft’s software-as-a-service (SaaS) environment does not mean it’s inherently secure. You are still responsible for setting up the security tools and monitoring your Microsoft 365 ecosystem.
CoreView is here to help. CoreView offers a free, no obligation health check on your Microsoft 365 environment.
Given this is often the biggest investment and most widely used software for most organizations, it’s a smart move. The health check provides immediate visibility to vulnerabilities you are likely not aware of.
Further, CoreView’s Continuous Compliance feature enables organizations to incorporate their security policies in the system. This feature sends automatic reports and alerts when any activity violates these policies.
No cybersecurity system is bulletproof, but CoreView relieves you of the burden of pulling data from multiple sources and analyzing them to determine if a breach has occurred. CoreView’s innovative technology monitors these sources to alert you to data breaches in real time so you can take proactive steps to mitigate the damage.
With CoreView, you have peace of mind that your Microsoft 365 security is at last under control. To learn more about how CoreView can help your organization, request a free demo today.