Peter A Clarke

For the proverbial 15 minutes cyber attacks are now the focus of Australian media in light of the cyber attack that laid low Channel Nine in Sydney on Sunday.  Perhaps a slight exaggeration.  But data security issues are dealt with quite superficially in the main.

The Australian reports that the Nine cyber attack could cost $1million in remediation costs.  The cyber attack was a ransomware attack without the ransom.  That is the malicious software encrypted files but the attackers did not demand payment, the ransom, in exchange for the decryption key.

I never cease to be amazed how the reporting of insights from experts on how the data breach may have occurred, the problems with data security and the need to improve has such a breathless quality.  It is as if it has been discovered for the first time.  I have been posting on this and other cyber security and privacy issues for more than a decade.

But now cyber security is a hot topic the Australian reports on another cyber attack, this time on Taylor wines.  As usual Read the rest of this entry »

The Australian magazine had a big piece on cyber security titled Why the world is under cyber-attack.  It touches all the bases, malicious attacks are on the rise, they are growing in sophistication, they are attacking infrastructure, ransomware is on the rise and governments are becoming ever bigger players.  Not too much new though it is quite an involved piece with a dystopian bent.

The unfortunate thing about pieces like this is that it does not seem to move governments to properly regulate through adequate legislation and then ensure the agency or whatever other body is charged with regulation actively regulates.  That is happening on a more adequate level in Europe and even in the United Kingdom.  In the United States the regulation is patchy.  In Australia it is lamentable.  The Privacy Act is replete with carve outs and over broad exemptions.  The Information Commissioner is congenitally timid and ineffective.  Which bodes badly for the state of cyber protection for Australian busineses.  And on that note it is relevant to see the Australian reports that Nine Network’s Sydney office has been hit by a cyber attack which Read the rest of this entry »

In today’s Australian Andrew Hastie, Assistant Defence Minister, has taken up the call in an Australian article, Cyber war puts business at risk of costly attack, that Australian businesses are at risk of being the subject of a cyber attack.  The context of this call is the continuing exploitation of  Microsoft Exchange zero day vulnerabilities that is causing real problems for businesses worldwide and leading to some spectacular ransomware attacks. The article is Read the rest of this entry »

I recently gave a presentation on data breaches where I highlighted as a trend the matuation of ransomeware strategies and attacks.  This is point raised in the Cyber Security Industry Advisory Committee report, I posted on recently, titled Locked Out: Tackling Australia’s ransomware threat. Hackers are known to target businesses with cyber insurance and make demands in line with the coverage of the policy. That presupposes knowledge of policy details, acquired from the target businesses or the insurer or its brokers.  

In a wide ranging, techy speak and a little shambolic interview on The Record  an anonymous member of  REvil, a hacking group,  confirms that businesses with cyber insurance are Read the rest of this entry »

When in doubt set up a committee.  Beyond meeting a committee should prepare a paper.  The Cyber Security Industry Advisory Committee is no different.  The Minister for Home Affairs announced the establishment of the Committee on 20 October 2020. Its specific role is to help guide the introduction of Australia’s Cyber Security Strategy 2020 which was announced on 6 August 2020.

The Committee has prepared a paper on Ransomware, Locked Out: Tackling Australia’s ransomware threat which was released by the the Minister for Home Affairs, Peter Dutton MP on 10 March 2021.

Even though Ransomware has been a favoured weapon by cyber criminals for some time the problem is now chronic.  As an example only, yesterday the BBC reported in Russian pleads guilty to Tesla ransomware plot where a Russian offered a Tesla employee a million dollars to infect the company with ransomware.

The report is Read the rest of this entry »

The growth in cyber attacks is hardly news.  Even cyber attacks by state agencies is not novel.  There have been explicit warnings by governments and reports in the media to that effect.  What is relatively new is the brazenness of the attacks by state players and the prolonged nature of those attacks and the motivation for those attacks.  Cyber attacks are becoming more overtly political.

On that note the ABC Reports that China is suspected of a cyber attack on the Western Australian Parliament during the last state election.   The source of entry was the weakness discovered Read the rest of this entry »

Surveillance cameras, baby cameras and other monitoring devices connected to the internet have been particularly prone to cyber attack.  They are attractive targets, successful hacks result in high profile press coverage and huge embarrassment for both the users and the manufacturers of the device. The motivations are varied.  In 2014 hackers remotely turned on baby cameras and shouted obscenities at parents and their babies. I wrote about the vulnerabilities of these devices in 2016.  In 2019 G Post raised the similar issue with Yes, Your Video Baby Monitor Can Be Hacked. No, You Don’t Have to Stop Using It. 

For all of that forewarning and knowledge of the attractiveness of surveillance cams being target of hacking and the well known vulnerabilities that could be addressed Verkada, a provider of cameras and surveillance equipment has been the subject of a massive data breach.  The ABC Read the rest of this entry »

It governance has provided its list of data breaches and cyber attacks in February 2021, estimating that 2.3 billion records were breached. The cyber attacks range from the relatively modest in number, with 208 records of the Watermark Retirement Communities residents across 10 states being affected, to the catastrophically large attack, involving millions of user records of Raychat being destroyed and the records of 102 million consumers of two mobile operators in Brazil.  There were also other significant data breaches, including 400 million records of a delivery company, Bykea, being leaked in Pakistan and Australia’s Oxfam discovered that its database of 1.7 million records were being offered for sale on a hacker forum. The humiliating Oxfam data breach required it to issue the now all too familiar sort of candid post of where matters are at on 1 March 2021 which Read the rest of this entry »

Thursday 28 January 2021 is Data Privacy Day. It is also the 40th anniversary of Convention 108 and the 15th edition of the Data Protection Day.

The National CyberSecurity Alliance aptly describes what the day is about where it states:

Data Privacy Day is a global effort — taking place annually on January 28th — that generates awareness about the importance of privacy, highlights easy ways to protect personal information and reminds organizations that privacy is good for business. Data Privacy Day began in the United States and Canada in January 2008 as an extension of the Data Protection Day celebration in Europe. Data Protection Day commemorates the Jan. 28, 1981, signing of Convention 108, the first legally binding international treaty dealing with privacy and data protection. Data Privacy Day is observed annually on Jan. 28.

Data Privacy Day is the signature event in a greater privacy awareness and education effort. Year-round, NCSA educates consumers on how they can own their online presence and shows organizations how privacy is good for business.

In 2021, NCSA is encouraging individuals to “Own Your Privacy” by learning more about how to protect your valuable data online, and encouraging businesses to “Respect Privacy”, which advocates for holding organizations responsible for keeping individuals’ personal information safe from unauthorized access and ensuring fair, relevant and legitimate data collection and processing. These themes are encouraged through the below messaging and calls to action:

The Victorian Information Commissioner marked the day by Read the rest of this entry »

Ambulance Tasmania has suffered a massive data breach. According to the ABC’s Tasmania Police called in after ambulance patient details published online personal information of every Tasmanian who called the Tasmanian Ambulance Service since November 2020 has been accessed and posted on line by a third party.  The specific nature of the breach is unknown but it was to the paging system.  What makes this breach so damaging is that the data accessed is sensitive information, relating to a person’s health status as well as that person/s age, gender and address.

What is both surprising and disturbing is that the data hacked from Ambulance Tasmania has been publicly visible since November last year.

What is less surprising is that it appears that previously deficiencies had been identified in the communications system and processes.  That is quite a common situation.  The problems are apparent but there is no incentive to attend to those problems because time and money can be spent elsewhere which provides more immediate benefit and the legal consequences of a data breach are small because the legislation is weak and the regulators are timid.

The Government response follows the dreary, obsolete path adopted by many Australian Government agencies of the responsible minister being concerned, referring Read the rest of this entry »