Hello and welcome back to our re-cap of the biggest stories in cybersecurity.
Australia remains in the cybersecurity hot seat after organizations across the land down under are being hit with attacks. There have been at least five data breaches in the last month or so at companies such as Optus, Telstra and EnergyAustralia. But the hardest hit may be MediBank, one of the country's largest health insurers. This week it revealed that every single customer had their data stolen during its breach. According to The Guardian, customers will be provided a hardship financial support package if they are in a “uniquely vulnerable position” as a result of the hack. The company also says it will reimburse customers for costs associated with the reissuing of ID documents for those that were compromised in the hack.
The Tata Group is well known throughout India, so it's not surprising it was an attractive target to hackers. To that end, the Hive ransomware group is claiming responsibility for a cyber attack at Tata Power earlier this month. Tata Power is India's largest integrated power company based in Mumbai. Hive operators claim they encrypted Tata Power's data on October 3rd. Two weeks later, on Friday, October 14th, the company disclosed a cyber attack on its "IT infrastructure impacting some of its IT systems" in a stock filing without sharing additional information with regard to the whereabouts of the threat actor.
Iranian hacking group Black Reward hacked an email server belonging to a subsidiary of Iran's atomic energy organization. Black Reward also published information online that it obtained in the hack. The group has declared the hack an act of support for protesters in Iran. Data released included "management and operational schedules of different parts of Bushehr power plant", passports and visas of Iranian and Russian specialists working there, and "atomic development contracts and agreements with domestic and foreign partners".
Also this week, CISA announced cybersecurity goals for critical infrastructure. CISA Director Jen Easterly thinks of the goals as "a bit of a quick-start guide". They are meant to help operators, especially small and medium sized businesses, prioritize investment for the most critical practices across IT and OT. President Biden called for the goals in April of 2021.
On Thursday The New York Post said it had been "hacked" by an employee after the tabloid newspaper's Twitter account posted a series of antagonistic messages, including a call for the assassination of US President Joe Biden. The rogue messages were quickly removed.
A phishing email campaign purportedly from Linkedin slipped past Google's email security controls. The email's subject line "We noticed some unusual activity" was apparently targeted at users from a travel organization with the goal to pilfer their credentials. Recipients were led to a fake landing page that mimicked a legitimate LinkedIn sign in page displaying LinkedIn logos, language and illustrations that closely resembled ts branding.
That's a wrap for the week. Thanks for stopping by!
Top Global Security News
Cyberscoop (October 27, 2022) CISA announces cybersecurity performance goals for critical infrastructure
The Cybersecurity and Infrastructure Security Agency released long-awaited performance goals aimed at setting baseline vital practices for critical infrastructure.
The agency created the voluntary goals to broadly apply across all 16 critical infrastructure sectors with a particular focus on the smaller organizations that lack the resources for a robust cybersecurity plan.
“The [cybersecurity performance goals] can be thought of as a bit of a quick-start guide,” CISA Director Jen Easterly told reporters on Thursday. “Really a place to start to drive, prioritize investment for the most critical practices across both IT and OT.”
AFP (October 27, 2022) News New York Post 'Hacked' in Tweets Calling for Assassination of Biden, Lawmakers
The New York Post said Thursday it had been "hacked" by an employee after the tabloid newspaper's Twitter account posted a series of antagonistic messages, including a call for the assassination of US President Joe Biden. The rogue tweets were removed late Thursday morning.
"The New York Post's investigation indicates that the unauthorized conduct was committed by an employee," the Post said in a statement to AFP, adding that the worker in question had been fired.
Channel News (October 26, 2022) Medibank Admits Every Customer’s Data Stolen, Shares Down 14%
Medibank has admitted that every one of its customer had their data stolen during its breach, meaning more than 4 million Australians have been impacted.
CEO David Koczkar confirmed the news this morning, after yesterday informing the ASX the hack was bigger than first reported.
Given Medibank has 3.8 million current customers, and is required by law to keep past records for seven children and children until they turn 25, the number of Aussies impacted is likely to be well over 4 million.
Bleeping Computer (October 25, 2022) Hive claims ransomware attack on Tata Power, begins leaking data
Hive ransomware group has claimed responsibility for a cyber attack disclosed by Tata Power this month. A subsidiary of the multinational conglomerate Tata Group, Tata Power is India's largest integrated power company based in Mumbai.
In screenshots seen by BleepingComputer, Hive operators have posted data they claim to have stolen from Tata Power, indicating that the ransom negotiations failed.
Hive operators claim that they encrypted Tata Power's data on October 3rd. On Friday, October 14th, Tata Power disclosed a cyber attack on its "IT infrastructure impacting some of its IT systems" in a stock filing without sharing additional information with regard to the whereabouts of the threat actor.
Dark Reading (October 25, 2022) LinkedIn Phishing Spoof Bypasses Google Workspace Security
A phishing email purportedly from LinkedIn with the subject line "We noticed some unusual activity" was discovered targeting users at a travel organization, in an attempt to pilfer their credentials on the social-media platform.
The phishing campaign slipped past Google's email security controls after cheating email authentication checks via SFP and DMARC, according to Armorblox, whose email security system at the victim organization found and stopped the attack pointed at some 500 user inboxes.
"The main call-to-action button (Secure my account) included within the email contains a bad URL and took victims to a fake landing page. This fake landing page ... mimicked a legitimate LinkedIn sign in page that included LinkedIn logos, language, and illustrations that mirrored true LinkedIn branding," Armorblox wrote in a post about the attack campaign.
Reuters (October 23, 2022) Iran's atomic energy organization says e-mail was hacked
Iran's atomic energy organization said that an e-mail server belonging to one of its subsidiaries had been hacked from a foreign country and information published online, state media reported on Sunday.
An Iranian hacking group, Black Reward, said in a statement published on Twitter that it had released hacked information relating to Iranian nuclear activities, declaring the action an act of support for protesters in Iran.
Their statement, published on Saturday, ended with the words "In the name of Mahsa Amini and for women, life, freedom" - a show of support for protests ignited by her death in the custody of morality police last month.
Black Reward said the information released included "management and operational schedules of different parts of Bushehr power plant", passports and visas of Iranian and Russian specialists working there, and "atomic development contracts and agreements with domestic and foreign partners."
Other Top Security News