Optus has been Cyber Attacked Before By Brian Simpson

I have no evidence beyond a detective-like suspicion, but I would not be surprised to learn that the meltdown of Optus last week was in the end linked to a cyber-attack, which would include internal sabotage. Mere problems arising from software and other blah blahs, does not to my mind explain the extent of the problem, but, I am not an expert, at anything at all, really. However, Optus did have a cyber-attack in 2022, and it has just legally failed to keep secret a report on that. It would be interesting to see, if the report gets in the public domain, any clues that may be in it. The system is nervous about admitting to cyber-attacks as it scares people, as these attacks show that the IT system has feet of clay and is extremely vulnerable if the right nasties target it.

For example, the entire population of the US state of Maine has had their data stolen by on-line thieves. This arose as a ransomware attack that the authorities discovered on May 31 this year. It has impacted upon 1.3 million individuals. And, if it can happen there, it can happen here too.

https://www.theguardian.com/business/2023/nov/10/optus-cyber-attack-report-released-secret-court-case-deloitte?fbclid=IwAR335ala7tACFjfnqQ_DP8k2r-cbHWGRU-K5Va-eTToe6EllHphac2hJVGA

 

“Optus has lost a bid in the federal court to keep secret a report on the cause of the 2022 cyber-attack – which resulted in the personal information of about 10 million customers being exposed – after a judge rejected the telco’s legal privilege claim.

After the hack, the company announced in October last year that it had recruited consultancy firm Deloitte to conduct a forensic assessment of what had led to the cyber-attack.

Since then, the company has also faced an investigation by the Office of the Australian Information Commissioner (OAIC), and a class action case in the federal court.

 

As part of the class action case, law firm Slater and Gordon, acting for the applicants, had sought access to the Deloitte report that was never made public.

Optus had argued in court that the dominant purpose of the report was to assess the legal risk to the company. It claimed Deloitte’s report would assist the company’s internal and external lawyers on how to advise the company about the risks associated with the hack.

But Justice Jonathan Beach found that the company citing the Deloitte report in an October 2022 media release presented “a real problem” for Optus’s case it was for legal advice, because the release did not say the report was recommended by a lawyer or that it was for the purpose of legal advice.

He pointed to comments in the statement from Optus’s chief executive, Kelly Bayer Rosmarin, who the release said recommended the review to the board, that it would “help ensure we understand how it occurred and how we can prevent it from occurring again”.

“It will help inform the response to the incident for Optus,” Rosmarin was quoted as saying in the statement.

“This may also help others in the private and public sector where sensitive data is held and risk of cyberattack exists.”

 

Beach said he would hear further orders on discovery, and indicated that while he had found the whole report not to be subject to legal privilege, that did not mean parts of the report might not be subject to legal privilege.

Orders will be made at a later date.

The report will not be made public unless it is used as evidence in the case – should it proceed – and Optus does not seek to prevent its public release.

It came as the embattled CEO faces pressure over the company’s handling of a 14-hour outage on Wednesday, that took phone and internet services offline for 10 million customers, delayed trains, disconnected call centres and hospital phone lines.

The company has not announced any independent report into the incident, but it is now subject to two government investigations and a Senate inquiry.

 

https://mashable.com/article/maine-moveit-ransomware-attack?fbclid=IwAR28ByVLkQUkGtchQMgywLjuoNTlNYfoKBAIgkAtGwIkAN5NIMlmCsf7pfc

 

“It's not everyday that roughly the entire population of a U.S. state gets their data stolen by online thieves.

But, according to the state of Maine, that's what happened this year.

In a new notice posted on Maine's official state government website, 1.3 million residents have had their data stolen as part of a ransomware attack that was first discovered on May 31 of this year. Again, 1.3 million individuals are affected in this data breach. Maine has over 1.3 million residents according to the 2022 U.S. Census.

According to the notice, the ransomware attack occurred between May 28 and May 29 of this year. Cyber criminals took advantage of a "software vulnerability" in a third-party file transfer tool known as MOVEit. The state says that this tool is "used by thousands of entities worldwide to send and receive data." During that period, an exploit in the tool was weaponized by a cybercriminal group which was able to download swaths of data from multiple state government agencies. 

Just how much data was scooped up in this ransomware attack is a major cause for concern. It appears that these cybercriminals have access to many Maine residents' sensitive personal data. Exactly how each individual is affected is dependent on that person and their "association with the state." For example, if a specific person has provided certain data as part of a specific program connected to an agency, that data has potentially been breached.

Maine has confirmed that some points of data that the cybercriminals could potentially have on an individual includes their name, Social Security number, date of birth, driver’s license or state ID number, and taxpayer ID number. Medical information as well has health insurance information may also have been affected.

Officials in Maine dealt with the issue by shutting off access to MOVEit as soon as the breach was discovered. However, significant amounts of data had already been accessed. It's unclear exactly who was behind the breach, although it is believed to be a cybercriminal group known as Clop. However, as of today, that data has still yet to be released by the ransomware group.”

 

 

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Monday, 04 March 2024

Captcha Image