Australian Defence Department Impacted In Ransomware Attack

It has been reported that the Australian Department of Defence fears the personal data of personnel, such as dates of birth, may have been compromised after a communications platform used by the military was hit by a ransomware attack.

Notify of

2 Expert Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Sam Curry
Sam Curry , Chief Security Officer
InfoSec Expert
November 2, 2022 2:20 pm

It is reassuring to hear from the Australian government that its defence’s weren’t breached in this latest ransomware attack. Ransomware attacks on federal, state and local governments and critical infrastructure operators have increased in 2022 and that trend will continue into the new year. The bottom line is that the Australian government and any nation, for that matter, can’t pay it’s way out of ransomware. 2022 headlines speak for themselves as brazen ransomware gangs have attacked state and local governments in the UK, United States, Albania, Chile and Montenegro, to name a handful. Now is the time to prepare during peacetime, maintain good security hygiene and regularly update and patch operating systems and other software. And also evaluate locking down critical accounts when possible. The path attackers often take in propagating ransomware across a network is to escalate privileges to the admin domain-level and then deploy the ransomware.

Don’t pay the ransom unless it is a matter of life and death. Ransomware can be stopped and operations returned to normal. By stopping ransomware before files can be encrypted, the attackers will move onto softer targets.

To reduce their risk to ransomware, governments and public and private sector organisations should do the following:

–Practicing good security hygiene like implementing a security awareness program for employees, assuring operating systems and other software are regularly updated and patched.

–Assuring key players can be reached at any time of day as critical response actions could be delayed during the upcoming holiday season as more attacks occur during off hours and on weekends and holidays.

–Ensuring clear isolation practices are in place to stop any further ingress on the network or spreading of the ransomware to other devices. Teams should be proficient at things like disconnecting a host, locking down a compromised account, and blocking a malicious domain, etc. Evaluating these procedures with scheduled or unscheduled drills at least every quarter is recommended.

–Evaluating lock-down of critical accounts when possible. Teams should create highly secured, emergency-only accounts in the active directory that are only used when other operational accounts are temporarily disabled as a precaution or inaccessible during a ransomware attack.

Last edited 25 days ago by Sam Curry
Julia O’Toole
Julia O’Toole , Founder and CEO
Industry Leader
October 31, 2022 6:16 pm

Another week, another breach. It seems like things are going from bad to worse down under.  

It is not clear how this latest incident occurred, but it raises further alarm bells at a time when the world’s eyes are already on the security of Australia.

The bad news is things are only likely to continue until organisations take back control over their digital network access.

In almost all security breaches, hackers don’t hack in, they log in. They steal credentials without any obstacles because employees make and control the digital keys (passwords), to access an organisation’s network.

As long as these organisations continue to let their employees create their own keys to access their digital building and open all doors at the same time, there will be no respite. Attackers have consistently used employees’ credentials to log into systems, move inside the network and launch ransomware attacks. And this technique won’t change until organisations decide to control their access keys and improve their resilience.

The reality is this can easily be done through access encryption and segmentation, where employees use encrypted credentials without the need to see, make or know any of them. This would stop exposing organisations to human errors and effectively prevent network doors being breached.

Last edited 27 days ago by Julia O’Toole
Information Security Buzz
Would love your thoughts, please comment.x