Australian companies targeted by cyberattacks again

Barely months after Australian companies suffered data breaches, cybercriminals have launched cyberattacks on businesses in the country again. The latest cyberattack involves digital payments firm Latitude Group Holdings and intellectual property services provider IPH Ltd.

The cyberattack on Latitude, a company that issues consumers loans and buy now pay later schemes, revealed that hackers have stolen the personal information of more than 300,000 customers. In a statement with the Australian Stock Exchange, Latitude said it detected unusual activity on its system over the last few days which appears to be a sophisticated and malicious cyber attack.

According to the statement, while Latitude took immediate action, the attacker was able to obtain Latitude employee login credentials before the incident was isolated. Latitude also stated that the attacker appeared to have used employee login credentials to steal personal information that was held by two other service providers.

“As of today, Latitude understands that approximately 103,000 identification documents, more than 97% of which are copies of driver’s licenses, were stolen from the first service provider. Approximately 225,000 customer records were also stolen from the second service provider,” the statement said.

Australia’s Minister of Cybersecurity Clare O’Neil also twitted about the incident, stating “the incident is another reminder for everyone in the community to be vigilant about their personal cyber security and to make use of all the tools and advice available…”

I am aware of the recent cyber security incident affecting Latitude Financial.

The @CyberGovAU is working with Latitude and relevant law enforcement agencies to respond to this cyber security incident.

— Clare O’Neil MP (@ClareONeilMP) March 16, 2023

Meanwhile, IPH reported that the company detected unauthorized access to a portion of its IT environment on 13 March 2023. The company commenced securing its IT environment as soon as the incident was detected and is working with external cybersecurity and forensic IT advisors to respond and conduct a forensic investigation.

Based on preliminary analysis, IPH believes the incident is primarily limited to the document management systems (DMS) of the IPH head office and two IPH member firms in Australia, Spruson & Ferguson (Australia) and Griffith Hack, and the practice management systems (PMS) of these two member firms.

“The information contained in the DMSs includes documents relating to the administration of these entities and, in the case of the two IPH member firms, client documents and correspondence. The PMSs contain IP case management information (such as filing timelines) relating to the practice of the two IPH member firms,” it said in a statement.

IPH also stated that the investigation underway is focused on determining whether the information stored in these systems has been accessed by the unauthorized third party.

“We have enacted our business continuity plan (BCP) and, while the functionality of some systems has been affected, we have transitioned to alternative processes which are working adequately to enable the relevant firms to continue to conduct operations, albeit with some disruption,” added IPH.

Despite efforts taken by businesses and the government, Australia continues to be a target for cybercriminals. Last year, the country saw several cyberattacks targeting large organizations from several industries. The government has since announced new measures and regulations businesses need to adhere to when it comes to dealing with their customers’ data.

Cyberattacks will continue in Australia

Tech Wire Asia also caught up with several cybersecurity experts to get their views on the latest cyberattacks in the country.

Jacqueline Jayne, Security Awareness Advocate for APAC at KnowBe4, commented, “What we see at the moment is the next level of data being breached and stolen, affecting millions of Australians – the ‘Unique Identifiers’ such as Medicare numbers, passport numbers, driver’s license numbers, tax file numbers and the CVV number on the back of a credit card or an account number for a service such as electricity, gas or phone, etc.  It’s the unique identifiers that cybercriminals want more than anything.  They can add it to the basic data they already have and then use it for fraudulent activities and even steal our identity.”

Jayne also pointed out that it will not be easy to avoid these data breaches. She explained that most IT Teams in organizations worldwide, including Australia, are, for the most part, doing everything they possibly can to protect against cyber attacks.  No matter how advanced they are, cybercriminals still prevail – the question is why.

“To give you an answer, we should look at a non-cyber analogy for a moment – driving a car.  You can be the safest driver in the world, have the most secure and safe car in the world, be driving on the best roads, supported by the best tires, and despite your best efforts, you can have an accident.  How about securing your house? You can have a ridiculously secure perimeter, guards, alarms, and locks everywhere, and if someone wanted to break in, they could tunnel under the ground to gain access – if they wanted to.

My point is that we, as consumers, must accept that our basic and unique identifier data will be stolen.  We need to apply more levels of protection and basic cyber hygiene and realize that cybersecurity is everyone’s responsibility,” explained Jayne.

Securing the supply chain is key

For Sumit Bansal, Vice President for Asia Pacific and Japan at Blue Voyant, visibility into supply chain cyber security risk remains an ongoing problem in Australia. Bansal feels this latest breach with Latitude Financial is a reminder for companies to look at their vendors, suppliers, and other third parties.

Bansal also highlighted that last month, another Australian company, The Good Guys was also hit by a supply chain breach, and it’s a reminder that these companies are not the only ones to be negatively impacted by a breach related to a third party, and most likely will not be the last.

“To help prevent breaches, organizations should first make sure they know which third parties they use or have used in the past, and what data and network access they may have. Managing your own network is a challenge in and of itself, and adding on the complexity of additional third parties providing services brings yet another layer on top of that. This should be ongoing and continuous and not merely a yearly compliance check,” commented Bansal.

He also pointed out that once organizations know their digital supply chain, they should be continuously monitoring their third parties and working closely with them to quickly remediate any issues to avoid cyberattacks. Many organizations instead use questionnaires to monitor their vendors but this only gives a point-in-time view. Often having a client reach out to a third party with a cybersecurity vulnerability will make remediation happen quicker. If vendors are unresponsive, enterprises should consider switching providers.

At the same time, Bansal feels that organizations should only provide employees and third parties with access to the data needed for their role. This helps to control what data can be accessed in the event of cyberattacks. They should also put policies in place to prevent third parties from retaining data after their services are no longer used.

“The best way for organizations to protect their data is with defense in depth. When different cybersecurity defenses are layered, it makes it more difficult for cyber attackers to access sensitive systems and data. By continuously monitoring both internal networks and third parties, having access control, plus good cyber hygiene, like multi-factor authentication, companies can make it more difficult for attackers to gain access,” he concluded.

---

---

---

---