Australian defence e-communications platform ForceNet has reportedly been hit with a ransomware attack, in yet another attack of a similar nature on an Australian organisation.
ForceNet, a service used by the Australian Department of Defence for auditable communications and personnel information sharing, has been revealed as the subject of a ransomware attack carried out by as-yet-unidentified threat actors.
Although there is no indication that sensitive data belonging to the military was stolen in the attack, it's believed that between 30,000 and 40,000 staff records may have been contained in the affected data set. Both current and former military personnel, as well as public servants, could be affected by the potential data breach.
"I want to stress that this isn't an attack or a breach on defence (technology) systems and entities," said assistant minister for defence Matt Thistlethwaite, on Australian Broadcasting Corporation (ABC) Radio.
"At this stage, there is no evidence that the data set has been breached, that's the data that this company holds on behalf of defence".
Employees within the Australian DoD have been ordered to change their passwords, and an investigation into the precise nature of the data set is ongoing.
The Australian Signal Directorate (ASD), the agency responsible for military signals intelligence and cyber warfare, had posted an advisory in November 2021 warning that software suite SiteCore contained a remote code execution vulnerability. Tracked as CVE-2021-42237, the vulnerability affected SiteCore Experience Platform, and had been actively exploited by threat actors to install malware and webshells on the websites of victims.
SiteCore was used to build ForceNet, along with some other Australian public organisation websites. No link has yet been conclusively drawn between the advisory and the reported attack, although the degree to which the ASD was aware of a potential weakness in ForceNet is likely to become a matter of interest to security teams.
“The most important step the Australian government could take towards both preventing and mitigating breaches such as this is mandating MFA,” said Rob Griffin, CEO of MIRACL.
"Password abuse remains the number one means of installing malware and is the cause of 70% of all breaches. Moreover, in mitigation, any user credentials that malware captured would be of little value if MFA had been in place. We can see from the report that the Assistant Minister for Defence has suggested that potential victims should change their passwords - this wouldn’t now be necessary.
RELATED RESOURCE
"If the Australian government or ForceNet wanted to go the extra mile, they would implement single-step MFA, meaning they would not have to sacrifice the service’s accessibility for the added security.”
Australian firms have faced a wave of malicious activity in the past few months. On 26 October, health insurance provider Medibank revealed a widespread hack, with attackers gaining access to around 3.9 million customer records — around 15% the population of Australia. In September and October, Australia’s second-largest telco, and Singtel subsidiary, Optus confirmed a cyber attack, and the largest telco Telstra suffered a data breach of its own.
The former prompted a government minister to criticise Optus for having caused ‘systemic ID problems for 10 million Australians’, with at least 2.1 million customers directly impacted by the breach. The same month, another Singtel subsidiary Dialog discovered that its employee information had been posted to the dark web, following a “cyber security incident”.
In response to the attacks, the Australian government recently increased the maximum penalties for serious breaches of privacy, through the Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022. Whereas the maximum is currently A$2.22 million, the new limit will be the greater of either A$50 million, three times the value obtained by the company as a result of the breach of privacy, or 30% of the adjusted turnover during the breach period.
-
Acer’s laptop made from oyster shells is now available in the UKNews The Acer Aspire Vero 16 aims to combine performance and sustainability, the company said
-
UK cybersecurity workers are overworked and burning out faster than global counterpartsNews Gaps in visibility, poor board communication, and a lack of cyber maturity are leading to high levels of burnout
-
Hackers breached a 158 year old company by guessing an employee password – experts say it’s a ‘pertinent reminder’ of the devastating impact of cyber crimeNews A Panorama documentary exposed hackers' techniques and talked to the teams trying to tackle them
-
The ransomware boom shows no signs of letting up – and these groups are causing the most chaosNews Thousands of ransomware cases have already been posted on the dark web this year
-
Everything we know about the Ingram Micro cyber attack so farNews A cyber attack on Ingram Micro severely disrupted operations and has been claimed by the SafePay ransomware group.
-
A prolific ransomware group says it’s shutting down and giving out free decryption keys to victims – but cyber experts warn it's not exactly a 'gesture of goodwill'
News The Hunters International ransomware group is rebranding and switching tactics
-
Swiss government data published following supply chain attack – here’s what we know about the culpritsNews Radix, a non-profit organization in the health promotion sector, supplies a number of federal offices, whose data has apparently been accessed.
-
Ransomware victims are getting better at haggling with hackersNews While nearly half of companies paid a ransom to get their data back last year, victims are taking an increasingly hard line with hackers to strike fair deals.
-
LockBit data dump reveals a treasure trove of intel on the notorious hacker groupNews An analysis of May's SQL database dump shows how much LockBit was really making
-
‘I take pleasure in thinking I can rid society of at least some of them’: A cyber vigilante is dumping information on notorious ransomware criminals – and security experts say police will be keeping close tabsNews An anonymous whistleblower has released large amounts of data allegedly linked to the ransomware gangs
