“Cybercrime poses an existential threat for organisations of all sizes” – Thomas Knudsen, Managing Director, Toll Group
In the last two months, numerous public and private sector organisations have been subjected to cyber threats. There are no clear links between the attacks, which include two separate ransomware attacks on global logistics company, Toll Group, and attacks on MyBudget, BlueScope and Service NSW.
iTnews reported that Toll’s latest ransomware attack, known as Nefilim, exfiltrated commercial agreements and employee data from at least one server. Company comments suggest that backups may have been placed on servers outside corporate retention policies.
Toll’s previous cyber-attack in February was via a ransomware tool called Mailto, where it is believed that hackers used phishing emails to access the Toll system.
The attacker is known to publish stolen data to the dark web rather than conventional online platforms. Nefilim first appeared in March and is based on code used by a ransomware operation called Nemty. To date, it appears to have attacked several large international businesses in addition to Toll Group.
Nefilim’s encryption is secure, which means data can’t be recovered by third-party tools. Threat analyst Brett Callow says attacks such as Nefilim “in which data is both encrypted and (potentially) exfiltrated are increasingly common and extremely problematic”. The stolen data invariably includes customer and partner details, which may be sold on the dark web or used in phishing scams.
Toll is working with the Australian Cyber Security Centre, and has been forced to use manual processes during a period of high demand due to COVID-19.
Toll’s MD, Thomas Knudsen, commented “it is more important than ever for business, regulators and government to adopt a united effort in combatting the very real risk cyber-crime presents to the wider community”.
BlueScope, MyBudget and Service NSW have also recently been subjected to ransomware attacks, highlighting that all types of organisations need to be vigilant about their security.
BlueScope was forced to pause some processes and revert to manual operations due to a cyber-attack. The specific details of the attack have not been disclosed, however the cyber threat was initially detected in one of their US businesses, with some Australian manufacturing and sales operations impacted.
Over the last few months, Agilient has experienced an increase in cybersecurity related enquiries. Tom Uren, a cyber expert at the Australian Strategic Policy Institute also noted “criminals are becoming more sophisticated with hacking into systems”.
Most recently, large scale cyber-attacks in Australia are believed to be linked to criminals rather than state actors. However, it is concerning that there is a global increase in cyber-attacks on medical research facilities and hospitals, as numerous countries are working on potential vaccines and treatments for COVID-19 patients.
The Australian Cyber Security Centre in the recent Advisory 2020-009, noted that “Advanced Persistent Threat (APT) actors are actively targeting health sector organisations and medical research facilities”. The COVID-19 pandemic is placing the health sector under increased pressure, therefore “it is critical that health sector organisations ensure that their networks are protected from malicious cyber actors who may seek to disrupt essential services or compromise business-critical systems”.
Agilient strongly urges organisations to review their online protections, as the increase in the number of cyber-attacks is adversely impacting day-to-day business operations.
Agilent’s expert consultants are readably available to assist. Please contact us for a consultation.