Rash of Breaches Hit Businesses in Australia Hard

Recent spate of breaches in Australia spur huge fines to push security teams to tighten their external attack surface.

The Australian businesses community has been hit hard by a string of breaches that have exasperated legislators, roiled security teams and exposed the private data of tens of millions of Australian citizens to attackers. 

The flurry of breaches have come so fast and with such regularity exasperated Australian government officials have responded by increasing financial penalties against companies who are repeatedly involved in serious breaches. It’s an attempt to nudge all companies to harden their cybersecurity defenses.

The attacks raise the stakes for businesses which can now add massive financial penalties to the list of breach deterrents and consequences. 

What is publicly known about the attacks is they range from targeted ransomware incidents to double extortion attacks, where an adversary encrypts data and exfiltrates it for additional ransom payment leverage. How are adversaries penetrating these companies’ defenses? Piecing together what we know and what we can assume, the attack vector has been the organizations’ external attack surface.

An external attack surface is often what an adversary sees and tries to hack first when attempting to pierce a company’s perimeter defenses, reminds Anne Marie Zettlemoyer, CyCognito’s chief security officer. This underscores why companies need to prioritize cybersecurity hygiene, she said. “When organizations can quickly gain visibility and understanding of where their risk and exposures are, they will be best suited to defend and recover fast.”

What is Behind the Attacks? 

Companies targeted in the string of attacks are not inconsequential. In the last several weeks, nearly a dozen well-known companies have come forward to disclose they are victims of cyberattacks and breaches that resulted in serious customer data leaks.

Security experts affirm that the recent uptick in attacks is tied to a “skills shortage leaves an understaffed, overworked cybersecurity workforce ill-equipped to stop it,” according to Sanjay Jha, chief scientist at the University of New South Wales institute for cybersecurity, quoted in a recent Reuters report.

Strata management company SSKB is one of the latest victims, publicly disclosing a breach tied to a ransomware attack in late October. SSKB said in a statement that a third-party gained unauthorized access to SSKB’s IT environment, downloaded data and posted a ransom-demand on the dark web.

In another high-profile attack, one of Australia’s largest private health insurers, Medibank, which covers one-sixth of Australians, was extorted for money when an adversary stole 200 gigabytes of data tied to 9.7 million of its customers.

The largest of the recent Australian businesses breached involves Australian mobile carrier and second largest telecom provider Optus. In September attackers are believed to have penetrated the telco’s perimeter defenses and breached data tied to 9.8 million customer accounts. The carrier could face millions in fines by the Australian Communications and Media Authority (ACMA) and the Office of the Australian Information Commissioner (OAIC) who have both launched investigations into the Optus breach, according to published reports.

And the list goes on. Other recent cyberattack impacting Australian-based firms and those with significant beacheads in the country include, Telstra, NAB (the National Bank of Australia), MyDeal, an online retail marketplace, and Vinomofo, an online wine merchant.

As for the Telstra breach, Reuters news agency reported that the Australian government believes the breach was “due to a basic security gap”. In the case of Vinomofo, it publicly stated “an unauthorized third party unlawfully accessed our database on a testing platform that is not linked to our live Vinomofo website.”

These breaches underscore the need for organizations to reevaluate how they define and protect their external attack surface. Also up for re-evalution is their imperative to quickly identify opaque business risks and mitigate highest-risk vulnerabilities immediately. 

Financial Penalties Drive an EASM Imperative 

Recent attacks have pushed the Australian government to increase financial penalties against companies who are repeatedly involved in a serious breach. The penalty, previously $2.2 million AUD (about $1.4 million), will increase to at least $50 AUD million (about $32 million) for “serious or repeated privacy breaches”. 

Attorney General Mark Dreyfus made the announcement and said plans are in place to make changes to the country’s federal Privacy Act, which will allow regulators to increase fines.

“When Australians are asked to hand over their personal data they have a right to expect it will be protected,” Dreyfus is quoted in news reports. “Unfortunately, significant privacy breaches in recent weeks have shown existing safeguards are inadequate.”

Making the EASM Case

The string of Australian business breaches are a reminder of the importance an external attack surface management (EASM) platform can play in mitigating cyber risk and business risk. EASM platforms, such as CyCognito’s, continuously map an organization’s entire attack surface, identify the path of least resistance an attacker could use to breach a firm and helps security teams prioritize what risks to patch first – based on real world threat intelligence.

By using automation for key aspects of EASM, CyCognito significantly reduces costs associated with security team work cycles. According to a recent report, sponsored by Forrester, the CyCognito platform saves 70% in labor costs tied to identifying vulnerable assets and where they are in an organization and who manages them.

In a 2022 report, Enterprise Strategy Group research revealed 69% of breached business attributed the attack to unknown, unmanaged or poorly managed assets within their organizations’ external attack surface. This includes every pathway into an organization’s network including those owned by subsidiaries, public clouds, third-parties and software supply chains.

“Firms are… deploying new types of devices as part of digital transformation initiatives, further exacerbating the growing attack surface, which leads to management challenges, vulnerabilities, and potential system compromises,” wrote Jon Oltsik, ESG senior principal analyst. 

Rule Your Risk and Attack Surface with CyCognito 

CyCognito takes an attacker’s approach to providing visibility into your external attack surface risk. We use natural language processing and machine learning to do reconnaissance of your organization and subsidiaries and many other connected networks that are often unexpected ways attackers will breach a network.

That’s just the start. We then help you look at all your assets and test running code, the way an attacker would, looking for vulnerabilities, misconfigurations, exposed data and more.

Regular testing of application programming interfaces, web applications and all external facing systems is key for holistic defense. Automating checks and remediation allows defenders to stay a step ahead, as cyber criminals are constantly evolving. 

Here is how CyCognito protects your organization against ransomware attacks. Our software-as-a-service platform delivers: 

• Visibility of your entire external attack surface, ALL of the time
• Continuous attack surface security testing
• Efficient prioritization of security issues
• Streamlined elimination of attack surface risks