Cyber, Privacy & Technology | February Update
Toll Group suffers from significant “cyber security incident”
Arguably already the biggest Australian cyber incident of the year. In early February Toll reported it had to shut down “a number” of IT systems due to a “cyber security incident” now understood to be involving the Ransomware tool Mailto. Over a month later the organisation is still not fully operational and continues to suffer from the event. The worst part of the incident in my opinion is that reportedly there a number of business who have reported they have been so significantly impacted by the incident, they are reviewing the ongoing viability of their businesses.
Hackers using coronavirus scare to spread Emotet malware
Cybercriminals are using global fears about the virus to spread the Emotet trojan. Researchers with IBM X-Force and Kaspersky have discovered that cybercriminals are spreading a popular malware strain through malicious emails and links related to the coronavirus outbreak that started in Wuhan, China in January.
Flaw in Philips Smart Light Bulbs Exposes Your WiFi Network to Hackers
Another practical example of the vulnerability OT can bring to organisations. There are over a hundred potential ways hackers can ruin your life by having access to your WiFi network that's also connected to your computers, smartphones, and other smart devices. Whether it's about exploiting operating system and software vulnerabilities or manipulating network traffic, every attack relies on the reachability between an attacker and the targeted devices. In the latest research shared with The Hacker News, Check Point experts today revealed a new high-severity vulnerability affecting Philips Hue Smart Light Bulbs that can be exploited over-the-air from over 100 meters away to gain entry into a targeted WiFi network.
Norsk Hydro enjoys further cyber insurance compensation
Norsk Hydro is among the many businesses, big and small, that have fallen victim to cybercriminals around the world. Thankfully, while last year’s extensive cyberattack impacted the whole of the Oslo-headquartered enterprise, the company has the much needed protection offered by cyber insurance. “The financial impact of the cyberattack is estimated to be around NOK650-750 million (around AU$105 million – AU$121 million) for the full year. Hydro has robust cyber insurance in place with recognised insurers. Hydro has recognised NOK187 million (around AU$30.2 million) insurance compensation in the fourth quarter with the majority reflected in extruded solutions result.”
Man charged over $11m cyber hit on super funds
A nice reminder the risk that people present to organisations, whether their actions are intentional or unintentional. A South Australian man has been charged over an alleged $11 million fraud in which he obtained the personal details of individuals to modify payroll data and create fraudulent bank accounts. The 31-year-old was arrested at a library in the Sydney city fringe precinct of Green Square on Wednesday, following a joint investigation by detectives from NSW Police and South Australia Police.
Former NSW contractor charged with unauthorised data access
And here’s another one… A NSW man has been charged over allegedly accessing the servers of an unnamed Australian-based sales company without authorisation while he was employed as a contractor. The 58-year-old was served with a court attendance notice in December following “extensive investigations” from NSW Police’s cybercrime squad detectives. He is charged with causing an unauthorised computer function with the intention of committing a serious offence, which – like other serious indictable offences – carries a penalty of five years or more.
FBI: BEC scams accounted for half of the cyber-crime losses in 2019
The FBI received 467,361 internet and cyber-crime complaints in 2019, which the agency estimates have caused losses of more than $3.5 billion, the bureau wrote in its yearly internet crime report released today. The FBI said that almost half of the reported losses -- an estimated $1.77 billion -- came from reports of BEC (Business Email Compromise), also known as EAC (Email Account Compromise) crimes. BEC/EAC is a sophisticated scam targeting businesses and individuals performing wire transfer payments.
ASX Aussie tech index launches
Australia will finally get its own official index of publicly listed technology companies trading on the now thoroughly virtualized floor of the Australian Securities Exchange, with ratings agency Standard and Poors launching the much awaited S&P/ASX All Technology Index on 21 February. It is understood the highly anticipated index, that many investor expect will effectively become the NASDAQ of the southern hemisphere, will initially consist of a basket of around 46 constituent stocks, including the so-called WAAAX basket – WiseTech, Afterpay, Appen, Altium and Xero. The launch of the S&P/ASX All Technology Index is a momentous day for the local technology sector that has for the two decades arguably struggled to spark the interest of institutional and retail investors addicted to minerals, banks and telecommunications