Australia Now a Cyberattack Hotbed With Defence Department the Latest Target

Spread the love


The Australian Defence Force has become the latest target in a spate of ongoing cyberattacks against major organisations in the country .

The Defence Department’s internal communication platform, Forcenet, was targeted in the ransomware attack. The platform is used for communication between serving defence members and their families, containing data from 2018.

Matt Keogh, the minister for defence personnel, said there was no evidence personnel information had been taken.

“We haven’t seen any evidence of that information being made available to anyone as a result of that attack, but we just want to make sure that all Defence staff and personnel remain vigilant, and we’re working with that external contractor now to make sure we get the best picture of what has occurred,” he said in a press conference on Oct. 31

Keogh also stressed that defence systems were not affected.  

“But it is always important, as it is for all Australians, to ensure that people remain vigilant about protecting their personal data,’ he said.

“We have seen these sorts of cyber activities with a number of organisations across Australia now, that people remain particularly vigilant around these issues, and we’re connecting Defence personnel with an external provider to support them as well if they need assistance in protecting their ID documents or their personal information.”

Assistant Minister for Defence Matt Thistlethwaite also said the Defence Department suggested all users of the Forcenet consider changing passwords and moving to two-factor authentication.

The attack occurred in early October.

News of the incident comes after several cyber incidents which targeted major public companies like Medibank, Australia’s larger health insurer, Optus, the second largest telecommunications company, and EnergyAustralia, one of the three largest energy companies.

Other companies targeted include Vinomofo, Woolworths’ MyDeal, and Medlab.

Cyber Minister Criticised for Slow Response

The federal Cybersecurity Minister Clare O’Neil has faced scrutiny over the government’s response to the attacks with Shadow Minister for Cyber Security James Paterson questioning the time it’s taken the minister to respond to the first incident involving Medibank.

“Ms. O’Neil should explain why she accepted the company’s initial denial; this was serious, delaying government engagement by a week,” Paterson said in a statement.

“In a cyber attack, time is of the essence. Early engagement by the government allows the facts to be established, data theft to potentially be disrupted, and gives customers time to take any necessary steps to mitigate the consequences of the breach.”

He also called on the federal government to release a timeline of the actions they have taken.

“Medibank victims have every right to know what steps the Albanese government took and when,” Paterson said.

To Counteract Cyberattacks, Labor Ups Regulation

The government has responded to the increasing cyberattacks by introducing an amendment to the Privacy Bill on Oct. 26.

The amendment will significantly increase penalties to organisations for serious or repeated privacy breaches, a move the Labor government hopes can compel businesses to do more on cybersecurity.

It will also strengthen the Notifiable Data Breaches scheme to ensure the Information Commissioner has knowledge of an incident and the data compromised.

“These amendments are targeted and measured,” Attorney General Richard Dreyfuss said. “They respond to the most pressing issues arising from the Optus data breach and other recent cyber incidents.”

Yet business expert, Rob Nicholls, of the University of New South Wales has previously warned against simply increasing red tape for businesses, saying a part of the problem is the amount of data companies are required to obtain under law.

“The real problem with keeping it is that it creates what’s called in cyber-attacks, a honeypot. The value of the data in a breach is higher because it has more items which actually identify the people involved,” he previously told The Epoch Times.

He said companies were required to obtain identity documents under the Know Your Customer guidelines that includes birth certificates, driver’s licenses, or passport numbers.

Victoria Kelly-Clark

Follow

Victoria Kelly-Clark is an Australian based reporter who focuses on national politics and the geopolitical environment in the Asia-pacific region, the Middle East and Central Asia.





Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.