Australia Cyber Landscape 24 September to 24 October

Australia is not under Cyber-Attack

TL:DR

I would like to start this report by explaining the reasons for creating it, in the hopes that it does not cause panic, but instead awareness. It is fitting that it is still Cybersecurity Awareness Month.

I believe that Situational Awareness reduces the anxiety, fear and misconception around cybersecurity and cyber-attacks.

I am writing this report to showcase what the cyber landscape across the Deep/Dark Web and chat forums has looked like since the announcement of the Optus breach, which has pulled back the curtain for much of the Australian public to what is happening in cyberspace. For many, the Optus breach was the first time they heard about or cared about a data breach or a ‘cyber-attack’. Those like myself who sit in this space daily, while shocked by the potential size of the Optus breach were also looking at it as business as usual.

But the public has been awoken, cyber has been splashed across major outlets at unprecedented levels in this country and since the Optus breach there have been several other high-profile companies in the headlines.

But, what if I told you that was not the full picture? What if I said to you that there is much more happening behind the curtain than you would expect? What if I said to you that these breaches and cyber-events whilst in the media at present are far from unique?

Because that is the reality, since the Optus breach I have tracked around 50 ‘cyber-events’ relating to Australia across several Deep/Dark web forums and chat services. With awareness comes understanding and with understanding the stress and uncertainty that is now around cyber might well be alleviated, it is not my intention to create more fear and concern, but to take you fully behind the curtain and explain to you just what is there in the hopes that next time this happens there will be more understanding. (Yes, there will be other big breaches)

Once again — Australia is not under cyber-attack, there is no sustained campaign against us.

What is a Cyber-Event?

Firstly, let me define what I mean by a cyber-event in the context of this report. A cyber-event is any post, breach, ransomware leak, or anything related to Australia since the 24 September till 24 October.

To clearly showcase the cyber-events that are related to Australia I have broken them down into groups:

Documented Breaches

These are the breaches that have been heavily documented in the news:

All breaches are bad, but some of these would not have made a regular news cycle, there have been big and terrible breaches this year that have not had the same attention. Highlighting two things:

Ransomware

I will name the victims of the Ransomware attacks as they have all been posted to leak-sites for some time now.

Lockbit Ransomware Gang — Have posted 137 victims since 22 September:

Karakurt Extortion Gang — Have posted 5 victims since 22 September:

Qilin Ransomware Gang — Have posted 6 victims since 22 September:

These are not unique victims and make up a small number of victims posted daily to leak sites. They are also not unique victims with targeting taking place as a result of opportunity far more often than being targeted and calculated.

In the following section I will remove organization names unless I know they have been mentioned publicly prior. I will also provide context to each to provide further understanding.

Australia Organizations/Data Posted

Australia Data or Access Requested

Almost all of these are generic posts that are put on forums all day everyday for countries all over the world, often they get little engagement.

Final Points

Knowledge is power and awareness reduces anxiety, well at least that is what I hope from sharing this. Just know that while cyber-events are in the news that they are not targeted. They are not unique and it is likely there will be more into the future, but having the situational awareness of the threat landscape can help reduce the anxiety and fear created by the Optus breach.

The Following are Excellent Resources and Guides:

https://www.cyber.gov.au/ — Australian government will post advisories and advice here.

https://www.scamwatch.gov.au/ — Australian government information on scams and guidance on how to deal with them.

https://haveibeenpwned.com/ — Website that lets you check if your email address has been involved in a databreach.

https://risky.biz/subscribe/ — News website that provides newsletters and podcasts about the cyber landscape.

https://www.bleepingcomputer.com/ — News websites that provides updates and insights about the cyber landscape.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Cyberknow

Situational Awareness Updates | Threat Intelligence | OSINT | Threat Research | Memes | Cybersecurity