IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Australia's Department of Defence becomes latest victim of regional ransomware attacks

Military information was not stolen in the breach, which may affect the records of 40,000 defence personnel

The Australian flag, made of binary code

Australian defence e-communications platform ForceNet has reportedly been hit with a ransomware attack, in yet another attack of a similar nature on an Australian organisation.

ForceNet, a service used by the Australian Department of Defence for auditable communications and personnel information sharing, has been revealed as the subject of a ransomware attack carried out by as-yet-unidentified threat actors.

Although there is no indication that sensitive data belonging to the military was stolen in the attack, it's believed that between 30,000 and 40,000 staff records may have been contained in the affected data set. Both current and former military personnel, as well as public servants, could be affected by the potential data breach.

"I want to stress that this isn't an attack or a breach on defence (technology) systems and entities," said assistant minister for defence Matt Thistlethwaite, on Australian Broadcasting Corporation (ABC) Radio.

"At this stage, there is no evidence that the data set has been breached, that's the data that this company holds on behalf of defence".

Employees within the Australian DoD have been ordered to change their passwords, and an investigation into the precise nature of the data set is ongoing.

The Australian Signal Directorate (ASD), the agency responsible for military signals intelligence and cyber warfare, had posted an advisory in November 2021 warning that software suite SiteCore contained a remote code execution vulnerability. Tracked as CVE-2021-42237, the vulnerability affected SiteCore Experience Platform, and had been actively exploited by threat actors to install malware and webshells on the websites of victims.

SiteCore was used to build ForceNet, along with some other Australian public organisation websites. No link has yet been conclusively drawn between the advisory and the reported attack, although the degree to which the ASD was aware of a potential weakness in ForceNet is likely to become a matter of interest to security teams.

“The most important step the Australian government could take towards both preventing and mitigating breaches such as this is mandating MFA,” said Rob Griffin, CEO of MIRACL.

"Password abuse remains the number one means of installing malware and is the cause of 70% of all breaches. Moreover, in mitigation, any user credentials that malware captured would be of little value if MFA had been in place. We can see from the report that the Assistant Minister for Defence has suggested that potential victims should change their passwords - this wouldn’t now be necessary.

Related Resource

Six myths of SIEM

Things have changed when it comes to SIEM solutions

Whitepaper cover with black & white birds eye view of a cityscapeFree Download

"If the Australian government or ForceNet wanted to go the extra mile, they would implement single-step MFA, meaning they would not have to sacrifice the service’s accessibility for the added security.”

Australian firms have faced a wave of malicious activity in the past few months. On 26 October, health insurance provider Medibank revealed a widespread hack, with attackers gaining access to around 3.9 million customer records — around 15% the population of Australia. In September and October, Australia’s second-largest telco, and Singtel subsidiary, Optus confirmed a cyber attack, and the largest telco Telstra suffered a data breach of its own.

The former prompted a government minister to criticise Optus for having caused ‘systemic ID problems for 10 million Australians’, with at least 2.1 million customers directly impacted by the breach. The same month, another Singtel subsidiary Dialog discovered that its employee information had been posted to the dark web, following a “cyber security incident”.

In response to the attacks, the Australian government recently increased the maximum penalties for serious breaches of privacy, through the Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022. Whereas the maximum is currently A$2.22 million, the new limit will be the greater of either A$50 million, three times the value obtained by the company as a result of the breach of privacy, or 30% of the adjusted turnover during the breach period.

Featured Resources

2022 State of the multi-cloud report

What are the biggest multi-cloud motivations for decision-makers, and what are the leading challenges

Free Download

The Total Economic Impact™ of IBM robotic process automation

Cost savings and business benefits enabled by robotic process automation

Free Download

Multi-cloud data integration for data leaders

A holistic data-fabric approach to multi-cloud integration

Free Download

MLOps and trustworthy AI for data leaders

A data fabric approach to MLOps and trustworthy AI

Free Download

Recommended

Why Japan finds it so hard to digitally transform
digital transformation

Why Japan finds it so hard to digitally transform

1 Dec 2022
MSG giant Ajinomoto's chipmaking foray helps break financial records
Business strategy

MSG giant Ajinomoto's chipmaking foray helps break financial records

30 Nov 2022
India to trial digital rupee from December 2022
digital currency

India to trial digital rupee from December 2022

30 Nov 2022
Japan considers creating new cyber defence agency as attacks ramp up in region
cyber attacks

Japan considers creating new cyber defence agency as attacks ramp up in region

24 Nov 2022

Most Popular

Empowering employees to truly work anywhere
Sponsored

Empowering employees to truly work anywhere

22 Nov 2022
Salesforce co-CEO Bret Taylor resigns with cryptic parting message
Business operations

Salesforce co-CEO Bret Taylor resigns with cryptic parting message

1 Dec 2022
The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

14 Nov 2022