Could a nation-state be behind the Optus cyberattack?

Singtel-owned Optus is Australia’s second-largest telecoms company. With about 10 million customers, Optus recently stated that an unspecified number of its customers’ data was accessed following a cyberattack on its systems.

Now, as investigations into the breach continue, could the data breach be the work of state-sponsored hackers? Telco companies continue to be targeted by cybercriminals and reports have shown that state-sponsored hackers have been targeting them as well.

In a media release, Optus stated that the data breached included customer names, dates of birth, phone numbers, email addresses as well as addresses and identity document numbers including driver’s license and passport numbers. The telco also mentioned that payment detail and account passwords have not been compromised.

Optus also said that it had immediately shut down the attack upon discovering it but the scale of the data breach was not mentioned. The telco company is now working with the Australian Cyber Security Centre to mitigate any risks to customers. Optus has also notified the Australian Federal Police, the Office of the Australian Information Commissioner, and key regulators.

According to Kelly Bayer Rosmarin, Optus CEO, they have already begun an investigation into the data breach.

“As soon as we knew, we took action to block the attack and began an immediate investigation. While not everyone may be affected and our investigation is not yet complete, we want all of our customers to be aware of what has happened as soon as possible so that they can increase their vigilance. We are very sorry and understand customers will be concerned. Please be assured that we are working hard, and engaging with all the relevant authorities and organizations, to help safeguard our customers as much as possible,” said Rosmarin.

Optus services, including mobile and home internet, are not affected, and messages and voice calls have not been compromised. Optus services remain safe to use and operate as normal.

“Optus has also notified key financial institutions about this matter. While we are not aware of customers having suffered any harm, we encourage customers to have heightened awareness across their accounts, including looking out for unusual or fraudulent activity and any notifications which seem odd or suspicious,” added Rosmarin.

Investigations are ongoing

The Guardian reported that Australian home affairs minister Clare O’Neil stated that the Australian Cyber Security Centre was providing cyber security advice and technical assistance to Optus and that Australian companies and organizations were being consistently targeted for cyber-attacks by cybercriminals and hostile nations.

“The Australian Signals Directorate’s (ASD) Australian Cyber Security Centre (ACSC) has seen broad targeting of Australians and Australian organizations, through rapid exploitation of technical vulnerabilities by state actors and cybercriminals seeking to exploit weaknesses and steal sensitive data,” said O’Neil.

The Guardian also reported that the Office of the Australian Information Commissioner (OAIC) issued a statement late stating it was working with Optus “to ensure compliance with the requirements of the Notifiable Data Breaches (NDB) scheme”.

“Under the NDB scheme, organizations covered by the Privacy Act must notify affected individuals and the OAIC as quickly as possible if they experience a data breach that is likely to result in serious harm to individuals whose personal information is involved,” the OAIC said.

Mitigating the Optus cyberattack

Separately, Phillip Ivancic, APAC Head of Solutions Strategy at Synopsys commented that the Optus breach reinforces the complexity of cyber-security as well as the need for organizations to adopt continuous vigilance and assessment.

“From the little, we know so far, it looks like the hardworking Optus IT Security teams should be commended for their swift actions. The fact their CEO, Kelly Bayer Rosmarin, was able to provide initial details and a public statement seemingly within hours on a national public holiday means that Optus must have a well-established, and well-practiced, Incident Response Plan. The early reports indicate that the breach was picked up as a part of their continuous assessment framework another example of important and multi-layered defenses,” said Ivancic.

Meanwhile, Curtis Simpson, CISO at Armis pointed out that the overreaching consequences of this attack are still to be uncovered.

“With sensitive data of millions of customers leaked, it has become one of the largest attacks Australia has ever experienced. The company confirmed that they have stopped the hacker from moving further into their operations, which could have resulted in more visible disruptions to the everyday lives of civilians – causing intermittent cell service availability, blocking access to streaming services, etc. But the consequences are still devastating and rapidly advancing in the Australian system. Data is a valuable resource and needs to be protected with the utmost care, as it could easily be used by fraudsters,” explained Simpson.

Simpson also highlighted that for wireless operators, whose landscape is significantly evolving and has changed monumentally in recent years, protection involves having continuous visibility and insights into the behavior of all assets. Of particular importance are unmanaged assets with the potential to disrupt critical operations and/or client services; this includes IoT devices, OT infrastructure, and cellular IoT, amongst others.

“Maintaining safe service availability in such an eclectic and hybrid ecosystem requires a foundational and continuous understanding of the technology in the business landscape.  All downstream proactive and reactive risk and threat management strategies must be executed per this continuously evolving view into the business and attack surfaces,” added Simpson.

A nation-state cyberattack?

Optus is just one of the many telco companies in the Asia Pacific that have suffered data breaches in recent times. In June, it was reported that Chinese government-backed hackers have breached major telecommunication companies by exploiting known software flaws in routers and other popular networking gear.

The National Security Agency and the US Cybersecurity and Infrastructure Security Agency as well as the FBI had released a statement warning telco companies about the potential threat and to take necessary precautions.

While it is unclear if the Optus breach is caused by a nation-state, the reality is the possibility of such an attack should not be ruled out and looked into as well, especially with the information breached involving personal details and not financial details.

---

---

---

---