Cyber Security Awareness Month

As part of Cybersecurity Awareness Month, we will be sharing essential and relevant cybersecurity information throughout October and November.

Kindly share this information with your friends and co-worker.

Recent Breach News:
More Breaches that are of real concern:
This concern impact lots of business and individual. It is perhaps time to think hard about the importance of Risk Analysis. Such incidents will impact how we live and work!

October

Risk to Business = Severe

Microsoft: Software Company

Exploit: Misconfiguration

https://thehackernews.com/2022...

Even the biggest companies can fall victim to human error and be stuck dealing with unpleasant consequences.

Microsoft confirmed that it inadvertently exposed information related to thousands of customers following a misconfiguration of Azure Blob Storage. The company said in a statement that the misconfiguration “resulted in the potential for unauthenticated access to some business transaction data corresponding to interactions between Microsoft and prospective customers, such as the planning or potential implementation and provisioning of Microsoft services”. The misconfiguration of the Azure Blob Storage was spotted on September 24, 2022.

Microsoft states that the exposed data included names, email addresses, email content, company name, and phone numbers and attached files relating to business “between a customer and Microsoft or an authorized Microsoft partner.”

October

Australia – EnergyAustralia

Utility companies in Australia have had a rough fall as cybercriminals continue to hammer Australian organizations.

Risk to Business = Moderate

Exploit: Hacking

EnergyAustralia has become the latest company to be targeted by a cyber-attack, with hundreds of customers’ details exposed. In a statement released late on Friday, the electricity company said 323 residential and small business customers were affected by unauthorized access to their online platform, My Account. The company said there was “no evidence” customer details were transferred outside the company’s platform. They also said sensitive documents such as driver’s licenses or passports were not stored on the platform. No other EnergyAustralia systems were affected. The breach occurred in late September and customers were informed in October.

October

STOP PRESS : Australia – Medibank Private

Exploit: Ransomware

Medibank Private: Health Insurer

Risk to Business = Extreme

The Medibank cyber incident has got worse. Initially reported no evidence of customer data having been removed from its network, further updates released over the past two weeks gradually found more and more customer data had been impacted as a new update revealed the alleged hacker had access to the data of at least four million customers – and the health insurer did not have cyber insurance. Among other Personally Identifiable Information (PII) details impacted by this incident, such as names, addresses, phone numbers, and Medicare numbers, samples of stolen data also contained highly sensitive health claims data.

Similar to the Optus incident last month, this attack also raises a range of data privacy concerns surrounding how long companies should hold data, and what expected penalties should be in the event of a serious breach.

Medibank confirmed that it had been contacted by hackers over 200GB of customer data allegedly stolen from their systems and sample records were included in the negotiation process including very sensitive information.