Jun 192018
 

The Australian Cyber Security Centre (ACSC), the Office of the Australian Information Commissioner (OAIC) and IDCARE have released a joint statement:

18 June 2018

On Friday 1 June 2018 PageUp Limited, an online recruitment services organisation, notified their customers about a data incident in relation to the integrity of their systems – proactively informing of a possible breach.

PageUp self-identified suspicious activity on its network and undertook immediate actions to investigate and contain the incident. PageUp notified their corporate customers and the Australian Cyber Security Centre (ACSC) of the issue, enabling the ACSC to quickly assess the incident and support PageUp in their response. In line with the new Notifiable Data Breaches (NDB) scheme, PageUp also notified the Office of the Australian Information Commissioner (OAIC). PageUp is in contact with its corporate clients to facilitate notification to individuals.

Although investigations are ongoing, PageUp believes that certain information pertaining to staff members, applicants and referees was accessed by an unauthorised third party. Further information about the types of information affected can be found at PageUp’s website. PageUp has advised that no employment contracts, applicant resumes, Australian tax file numbers, credit card information or bank account information were affected.

While recognising that investigations are ongoing and that the situation may therefore change, the ACSC emphasises that there is a significant distinction between information being accessed (which means there has been a systems breach) and information being exfiltrated by the offender. In other words, no Australian information may actually have been stolen.

IDCARE is Australia’s expert community identity and cyber support service and has been working with impacted organisations and members of the community in relation to this incident.

Dave Lacey, Managing Director, IDCARE says:

‘Whilst it is important to acknowledge that breached personal information impacts people in different ways, based on investigations undertaken to date by PageUp, at this point IDCARE assesses that the direct risk of identity theft is unlikely. Identity thieves typically require other forms of personal information to successfully manipulate this type of data, such as driver licence, passport, and account details, in order to obtain credit in a person’s name or related acts of impersonation.

IDCARE assesses that there are other risks that are likely to be more relevant to impacted individuals, including the possibility of phishing emails, telephone scam calls, and specific risks to individuals concerned about their contact information, physical address, and employment details (and applications) becoming known to third parties.’

PageUp has provided public updates, and has held multiple corporate customer information sessions facilitated through the ACSC to help keep affected organisations informed.

Alastair MacGibbon, Head of the Australian Cyber Security Centre and National Cyber Security Adviser says:

‘PageUp has committed to advising impacted organisations and individuals if there are any new findings to arise as they complete their investigations. PageUp has demonstrated a commendable level of transparency in how they’ve communicated about, and responded to, this incident: they came forward quickly and engaged openly with affected organisations.’

In this era of widespread cyber security threats, organisations must be prepared to prevent, detect and respond to incidents, to engage with relevant authorities and to provide timely and open communications to those affected.

Consistent with previous advice, the OAIC, ACSC and IDCARE jointly recommend that individuals who believe their information may be held by one or more of the organisations impacted consider the following measures:

  • Immediately change passwords that may be the same as the one used during the recruitment process undertaken with impacted organisations.
  • Regularly change passwords and make them hard to guess.
  • Be wary of phishing emails by reviewing the sender of the email and be cautious of links and attachments – if in doubt, make your own enquiries with the organisation and individual concerned using other means.
  • Avoid telephone scammers – good organisations don’t call you and then ask for your details – if in doubt, finish the call and do your own research by finding an alternative contact point and checking to see if the real organisation did call.

For further information on how to protect your identity and respond to identity concerns please visit the OAIC’s data breach guidance for individuals and IDCARE’s Learning Centre.

For general easy-to-use information for the public and small to medium businesses, visit the Australian Cyber Security Centre’s Stay Smart Online website.

To report a cyber security incident visit the Australian Cyber Security Centre’s website.

To notify the Office of the Australian Information Commissioner of an eligible data breach involving personal information, organisations should use the the OAIC’s Notifiable Data Breach form.

 

Alastair MacGibbon
Head of the Australian Cyber Security Centre and National Cyber Security Adviser

Angelene Falk
Acting Australian Information Commissioner and acting Australian Privacy Commissioner

Dave Lacey
Managing Director, IDCARE

Jun 182018
 

Jennifer Hamilton-McCharles reports:

One of the province’s most well-known home care service providers has fallen victim of a cyber-attack.

The attack has breached CarePartners‘ computer system and as a result patient and employee information held in that system, including personal health and financial information, has been inappropriately accessed, according to Ontario’s Local Health Integration Network.

Read more on Nugget.

Jun 172018
 

I haven’t posted anything new about Rex Mundi since 2016, but I’ve continued to compile information on them, in part because their use of the extortion model predated the same approach by TheDarkOverlord. But now it appears that all eight members of Rex Mundi have been arrested in a series of arrests beginning in June, 2017. And the fact that Europol was able to link available information on one attack in the U.K. to a French national within one hour, well…. that’s impressive.  Here’s Europol’s press release of June 14: 

FRENCH CODER WHO HELPED EXTORT BRITISH COMPANY ARRESTED IN THAILAND – EUROPOL

A 25-year-old coder was arrested on 18 May by the Royal Thai Police based on a French international arrest warrant. The arrest of this young cybercriminal was the eight (sic) in an international operation supported by Europol and the Joint Cybercrime Action Taskforce (J-CAT) that started exactly one year ago.

In May 2017 a British-based company was the victim of a cyber-attack during which a large amount of customer data was compromised. The attack was immediately claimed by an organisation called Rex Mundi. A few days later, the company received a phone call from a French-speaking person explaining that he was a member of Rex Mundi. This person shared a large number of credentials with the company to prove that they had access to the data. He also demanded ransom of either almost EUR 580 000 for the non-disclosure of the customer data or over EUR 825 000 for information on the security breach and how to handle it. For each day the company failed to pay, there would be a ransom of EUR 210 000. The ransom was to be paid in Bitcoin.

Based on information from the Metropolitan Police in the UK, the French National Police (High Tech Crime Unit Central Office OCLCTIC-DCPJ) and Europol were informed and an intense international cooperation started. Within an hour, Europol’s 24/7 Operational Centre was able to link the available information to a French national. Five people were arrested in June 2017 by the French authorities. The main suspect admitted his involvement in the blackmail but hired the services of a hacker on the dark web to carry out the cyber-attack. The French National Police arrested two hackers in France in October 2017 and a final accomplice, also a French national with coding skills, was recently apprehended in Thailand.

This case illustrates that cyber-related extortion remains a common tactic among cybercriminals, as identified in the IOCTA 2017. As indicated in the report, for such financially motivated extortion attempts, attacks are typically directed at medium-sized or large enterprises, with payment almost exclusively demanded in Bitcoins.

SOURCE: Europol

Jun 172018
 

MyBroadband reports that hackers are attempting to extort Liberty Life:

Financial services provider Liberty stated late on Saturday night that it had been hit by an IT systems breach.

The company posted a notice to its website which said it had suffered “unauthorised access to its IT infrastructure”.

[…]

According to a report in the Sunday Times on 17 June 2018, the hackers have demanded millions from Liberty.

The report stated the hackers have obtained “sensitive data” about “top clients”.

Read more on MyBroadband.  The following is a copy of the notice posted on Liberty.co.za’s web site:

Notice posted on liberty.co.za

Jun 172018
 

Jason Auslander reports:

The District Attorney’s Office on Friday dismissed its case against the owner of a basalt roofing company accused of hacking into a competitor’s computer files and using the information to undercut and sabotage the competitor’s bids.

Gregg Mackey, owner of Red Eagle Roofing, was first charged with a computer crime felony equal to that of second-degree murder, though the charge was significantly downgraded to a far lesser felony a few months later.

On Friday, prosecutor Don Nottingham dismissed the case completely.

Read more on Post Independent.

There are still charges pending against one employee, who has claimed that this was Mackey’s doing. So Mackey has had charges dismissed, but still seems to be dealing with a lot of reputation injury and future reputation/bad press from this matter. Sometimes the idea of not publishing defendants’ names until later in a case makes sense. Certainly anyone googling Mackey will likely come across media coverage of the original charges, and perhaps even updates like this one. But it’s still not the way you want your name to be indexed by Google.