Australian organisations are being hit in new spate of ransomware and cybersecurity attacks.
Over the past few weeks, a number of Australian organisations have been affected by malware and cybersecurity breaches, including the Australian Parliament.
Australia's top-selling auto manufacturer, Toyota Australia, has been without email internal services for a number of days. While Toyota has not confirmed the source of the outage, some sort of ransomware is a possible cause.
Ransomware has been confirmed as the root cause of the encryption of medical records held by the Melbourne Heart Group, a specialist health care organisation (HCO) working at Malvern Victoria's Cabrini Hospital.
Australian Parliament accounts compromised
No details have been supplied from the Australian government regarding the cybersecurity incident reported in February, apart from the requirement of all members and staff to reset their passwords, and that the political party networks of the Liberal, National and Labor parties had also been compromised.
The Parliament House breach has been taken under the Australian Signals Directorate's control, Australia's most secretive communications organisation.
Cybersecurity breach takes Toyota Australia email offline for days
Reports from Motoring magazine and News Corp papers have revealed that employees have been instructed to use face to face communications, phones and SMS messages while the email services were being restored. As of the 21st of February, staff had been without email for three days.
Ransom paid by Melbourne Heart Group after ransomware attack
Heart specialists “Melbourne Heart Group” at the Cabrini private hospital in Malvern, Victoria were forced to pay a ransom to retrieve at least some of their data when it became encrypted following a malware outbreak that locked staff out of their data and unable to service their clients for over three weeks.
Fortunately, the data network was independent to that of the hospital, which was not affected. According to The Age, the Australian Federal Police and the Australian Cyber Security Centre were involved in the recovery.
On Monday the 25th of February, the Melbourne Heart Group announced on their website that all data had been recovered and that no patient privacy had been compromised.
Is your business protected from potential cyberattacks?
Regardless of size, organisations need to take a multi-tiered approach to their cybersecurity. There are a number of active and passive methods that businesses and not-for-profit organisations can use to protect themselves from cyberattacks.
1. Next generation firewalls and sandboxes
Modern firewalls include software to inspect the traffic going in and out of the firewall, rather than just passively block traffic by a limited set of rules. Additionally, firewalls can now provide a “Sandbox” feature, where suspicious files can be tested in a simulated environment prior to being passed on to a user.
A sandbox is your best protection against brand new malware threats, known as “zero day attacks”. Zero day malware threats are too new to be known to anti-virus developers and are a significant threat to all organisations.
2. Staff training
The vast majority of successful cyberattacks use social engineering to break through your defences. People remain the weakest link in your cybersecurity armour.
3. Penetration testing
Experts stress the need for regular cybersecurity training, along with "ethical hacking". Ethical hacking involves simulated social engineering attacks and penetration testing by professional and legitimate hackers, known as "white hats". Read our blog to learn more about this new cybersecurity service, written by our Technology Consultant, Glendin Franklin-Browne.
4. Password complexity
Password lists sold between black-hat (malicious intent) hackers reveal just how lazy many of us are in setting passwords. Passwords like "Password123" continue to be popular, despite the ease in which they are cracked.
For advice on setting a password that meets up-to-date security standards, review our blog on "Why your password isn't good enough".
5. Detached backup
It’s no longer sufficient to have backup servers on site - backups must be kept in a manner where they’re not at risk if there is fire, theft or data destruction.
Security blogger Brian Krebs reported that US Email provider VFEMail has suffered a “catastrophic” data loss, where a hacker had broken into the system and deleted not just the email server’s data but also the data on all of the backup servers.
Many ransomware packages now seek and destroy data backups on attached storage and network shares. Backup data must be stored in a location where it's not available to an intruder or malware program. Having your backup in the cloud behind a secure gateway, or having a rotating store of RDX cartridges kept off-site gives your organisation that extra level of safety should the worst happen.
Cybersecurity and privacy protection is your responsibility
Following the introduction of the European Union’s GDPR in 2018, there is an expectation amongst experts that rather than seeing compromised organisations as victims, that instead these organisations will face increased scrutiny on whether they made reasonable efforts to prevent the breach.
Public backlash and loss of confidence can damage an organisation following a data security breach, and the future risk of government fines and civil law suits over breaches is increasingly likely.
It falls to decision-makers to be pro-active and vigilant in protecting the privacy and security of their data.
If you need help protecting your organisation or want us to review your current set up and processes, contact one of our Business Technology Managers or Technology Consultants for expert guidance today.