Australian defence e-communications platform ForceNet has reportedly been hit with a ransomware attack, in yet another attack of a similar nature on an Australian organisation.
ForceNet, a service used by the Australian Department of Defence for auditable communications and personnel information sharing, has been revealed as the subject of a ransomware attack carried out by as-yet-unidentified threat actors.
Although there is no indication that sensitive data belonging to the military was stolen in the attack, it's believed that between 30,000 and 40,000 staff records may have been contained in the affected data set. Both current and former military personnel, as well as public servants, could be affected by the potential data breach.
"I want to stress that this isn't an attack or a breach on defence (technology) systems and entities," said assistant minister for defence Matt Thistlethwaite, on Australian Broadcasting Corporation (ABC) Radio.
"At this stage, there is no evidence that the data set has been breached, that's the data that this company holds on behalf of defence".
Employees within the Australian DoD have been ordered to change their passwords, and an investigation into the precise nature of the data set is ongoing.
The Australian Signal Directorate (ASD), the agency responsible for military signals intelligence and cyber warfare, had posted an advisory in November 2021 warning that software suite SiteCore contained a remote code execution vulnerability. Tracked as CVE-2021-42237, the vulnerability affected SiteCore Experience Platform, and had been actively exploited by threat actors to install malware and webshells on the websites of victims.
SiteCore was used to build ForceNet, along with some other Australian public organisation websites. No link has yet been conclusively drawn between the advisory and the reported attack, although the degree to which the ASD was aware of a potential weakness in ForceNet is likely to become a matter of interest to security teams.
“The most important step the Australian government could take towards both preventing and mitigating breaches such as this is mandating MFA,” said Rob Griffin, CEO of MIRACL.
"Password abuse remains the number one means of installing malware and is the cause of 70% of all breaches. Moreover, in mitigation, any user credentials that malware captured would be of little value if MFA had been in place. We can see from the report that the Assistant Minister for Defence has suggested that potential victims should change their passwords - this wouldn’t now be necessary.
RELATED RESOURCE
"If the Australian government or ForceNet wanted to go the extra mile, they would implement single-step MFA, meaning they would not have to sacrifice the service’s accessibility for the added security.”
Australian firms have faced a wave of malicious activity in the past few months. On 26 October, health insurance provider Medibank revealed a widespread hack, with attackers gaining access to around 3.9 million customer records — around 15% the population of Australia. In September and October, Australia’s second-largest telco, and Singtel subsidiary, Optus confirmed a cyber attack, and the largest telco Telstra suffered a data breach of its own.
The former prompted a government minister to criticise Optus for having caused ‘systemic ID problems for 10 million Australians’, with at least 2.1 million customers directly impacted by the breach. The same month, another Singtel subsidiary Dialog discovered that its employee information had been posted to the dark web, following a “cyber security incident”.
In response to the attacks, the Australian government recently increased the maximum penalties for serious breaches of privacy, through the Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022. Whereas the maximum is currently A$2.22 million, the new limit will be the greater of either A$50 million, three times the value obtained by the company as a result of the breach of privacy, or 30% of the adjusted turnover during the breach period.
-
RSAC Conference 2025: The front line of cyber innovationITPro Podcast Ransomware, quantum computing, and an unsurprising focus on AI were highlights of this year's event
-
Anthropic CEO Dario Amodei thinks we're burying our heads in the sand on AI job lossesNews With AI set to hit entry-level jobs especially, some industry execs say clear warning signs are being ignored
-
LockBit data dump reveals a treasure trove of intel on the notorious hacker groupNews An analysis of May's SQL database dump shows how much LockBit was really making
-
‘I take pleasure in thinking I can rid society of at least some of them’: A cyber vigilante is dumping information on notorious ransomware criminals – and security experts say police will be keeping close tabsNews An anonymous whistleblower has released large amounts of data allegedly linked to the ransomware gangs
-
It's been a bad week for ransomware operatorsNews A host of ransomware strains have been neutralized, servers seized, and key players indicted
-
Everything we know about the Peter Green Chilled cyber attackNews A ransomware attack on the chilled food distributor highlights the supply chain risks within the retail sector
-
Scattered Spider: Who are the alleged hackers behind the M&S cyber attack?News The Scattered Spider group has been highly active in recent years
-
Ransomware attacks are rising — but quiet payouts could mean there's more than actually reported
News Ransomware attacks continue to climb, but they may be even higher than official figures show as companies choose to quietly pay to make such incidents go away.
-
Cleo attack victim list grows as Hertz confirms customer data stolen – and security experts say it won't be the lastNews Hertz has confirmed it suffered a data breach as a result of the Cleo zero-day vulnerability in late 2024, with the car rental giant warning that customer data was stolen.
-
‘Phishing kits are a force multiplier': Cheap cyber crime kits can be bought on the dark web for less than $25 – and experts warn it’s lowering the barrier of entry for amateur hackersNews Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
