australia - X-Industry - Red Sky Alliance2024-03-29T06:52:10Zhttps://redskyalliance.org/xindustry/feed/tag/australiaAustralian Ports Shut Downhttps://redskyalliance.org/xindustry/australian-ports-shut-down2023-11-24T13:30:00.000Z2023-11-24T13:30:00.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><p><a href="{{#staticFileLink}}12296561270,RESIZE_710x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}12296561270,RESIZE_400x{{/staticFileLink}}" width="250" alt="12296561270?profile=RESIZE_400x" /></a>A cyberattack that caused port operations to grind to a halt at four container terminals should be subject to a federal probe as a union pushes for DP World to reveal what it knew about the risks. The Dubai-controlled stevedore, which handles 40% of the nation's international freight, closed its Sydney, Melbourne, Brisbane and Fremantle port operations after detecting a breach on November 10. Trucks were left idling at port gates and the transfer of 30,000 containers was delayed, with the backlog still being worked through.</p>
<p>DP World on 20 November 2023, confirmed there was reason to believe some of the data accessed could relate to worker information, but the nature and extent of the breach was still unclear. "We have communicated these early findings to our employees including recommendations for early steps which can be taken in response," a spokesman told AAP. "As our investigation progresses we will be contacting individuals directly as required." </p>
<p>The Maritime Union of Australia is calling on Home Affairs Minister Clare O'Neil to launch an investigation into local managers' knowledge about the risks of the attack on critical supply chain infrastructure. The union described the shutdown as "one of the gravest failures of corporate governance in recent memory" and claimed the company did not apply security patches to its IT systems that would have addressed its vulnerability to an attack. "This cyberattack was not a terrible accident but an appalling failure and the managers responsible should be held accountable," assistant national secretary Adrian Evans said.</p>
<p>The company is currently locked in enterprise agreement negotiations with its workforce, with DP World's Oceania director previously accusing the union of aggressively pursuing a 27 per cent pay increase while rejecting workplace changes that would ensure more productivity.</p>
<p>DP World said it was working closely with multiple government agencies, including the Australian Federal Police, and would continue to provide updates on the progress of the investigation.</p>
<p><em>This article is presented at no charge for educational and informational purposes only.</em></p>
<p>Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments, a demo or assistance, please contact the office directly at 1-844-492-7225, or feedback@redskyalliance.com </p>
<p>Weekly Cyber Intelligence Briefings:</p>
<p>Reporting: <a href="https://www.redskyalliance.org/">https://www.redskyalliance.org/</a></p>
<p>Website: <a href="https://www.redskyalliance.com/">https://www.redskyalliance.com/</a></p>
<p>LinkedIn: <a href="https://www.linkedin.com/company/64265941">https://www.linkedin.com/company/64265941</a></p>
<p>Weekly Cyber Intelligence Briefings:</p>
<p>REDSHORTS - Weekly Cyber Intelligence Briefings</p>
<p><a href="https://attendee.gotowebinar.com/register/5993554863383553632">https://attendee.gotowebinar.com/register/5993554863383553632</a></p>
<p>[1] <a href="https://news.yahoo.com/cyber-attack-crippled-british-library-130000506.html">https://news.yahoo.com/cyber-attack-crippled-british-library-130000506.html</a></p></div>Cyber Attack on Aussie Utilityhttps://redskyalliance.org/xindustry/cyber-attack-on-aussie-utility2023-08-23T12:20:00.000Z2023-08-23T12:20:00.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><p><a href="{{#staticFileLink}}12202194684,RESIZE_1200x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}12202194684,RESIZE_400x{{/staticFileLink}}" width="250" alt="12202194684?profile=RESIZE_400x" /></a>A cyber-attack on Australian utility company, Energy One Limited (EOL), could have international impact with the firm’s corporate systems in the UK, which was also affected. The company, a global supplier of software and services to the wholesale energy market, confirmed that it had taken steps to limit the impact of the incident and had alerted both the Australian Cyber Security Centre and “certain UK authorities.”</p>
<p>According to a document signed by Andrew Bonwick, Board Chairman of EOL, it was established that the firm’s corporate systems had been affected on 18 August 2023. The statement was made on 21 August and published on the Australian Securities Exchange website (ASX).<a href="#_ftn1">[1]</a> EOL is currently investigating the incident and is attempting to identify if any additional systems have been impacted.</p>
<p>The Bonwick statement added that key lines of ongoing inquiry are attempting to establish whether or what personal information and/or customer-facing systems have been affected as well as what the initial point of entry for the attacker was.</p>
<p>The VP of EMEA at Versa Networks commented: “It’s important for both customers and employees not to panic. In the meantime, people should be on the lookout for any potential phishing emails or any other form of unsolicited communication.” He also praised EOL for what he said was a “quick response time” which will mitigate the impact of the attack. “Quickly isolating an attack can be the difference between services and systems being available to customers or not, as well as sensitive data or personal information being stolen,” he said. </p>
<p>Commenting on the incident, the CEO and co-founder of Keeper Security, said: “As Energy One investigates, remediates and determines the scope of this incident, it has disabled some of the links between its corporate systems and customer-facing systems. However, the energy providers it sells its software and services to must be particularly vigilant during this time and investigate any abnormality.” Some security experts have also noted that the incident follows a pattern of cyber-criminals targeting the energy sector and critical national infrastructure (CNI).</p>
<p>Claroty said: “The attack on Energy One follows a trend of increased cyber-attacks against the energy sector. Following on from warnings to the sector from the UK’s NCSC and National Security Agency (NSA), industries such as energy are at a heightened risk due to playing a vital role in society's daily functioning. Disruptions to these sectors can have far-reaching consequences, including impacting the national economy, causing shortages and halting society's operation.</p>
<p>EOL has been listed on the Australian Stock Exchange since 2007 and primarily serves Asia-Pacific and UK and Europe. </p>
<p><em>This article is presented at no charge for educational and informational purposes only.</em></p>
<p>Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments, or assistance, please get in touch with the office directly at 1-844-492-7225, or feedback@redskyalliance.com</p>
<p>Weekly Cyber Intelligence Briefings:</p>
<p>Reporting: <a href="https://www.redskyalliance.org/">https://www.redskyalliance.org/</a> <br /> Website: <a href="https://www.redskyalliance.com/">https://www.redskyalliance.com/</a><br /> LinkedIn: <a href="https://www.linkedin.com/company/64265941">https://www.linkedin.com/company/64265941</a></p>
<p>Weekly Cyber Intelligence Briefings:</p>
<p>REDSHORTS - Weekly Cyber Intelligence Briefings</p>
<p><a href="https://attendee.gotowebinar.com/register/5993554863383553632">https://attendee.gotowebinar.com/register/5993554863383553632</a> </p>
<p><a href="#_ftnref1">[1]</a> <a href="https://www.infosecurity-magazine.com/news/cyberattack-australian-utility/">https://www.infosecurity-magazine.com/news/cyberattack-australian-utility/</a></p></div>Aussie BlackCat Attackhttps://redskyalliance.org/xindustry/aussie-blackcat-attack2023-06-30T16:00:00.000Z2023-06-30T16:00:00.000ZJim McKeehttps://redskyalliance.org/members/JimMcKee<div><p><a href="{{#staticFileLink}}12127003474,RESIZE_584x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}12127003474,RESIZE_400x{{/staticFileLink}}" alt="12127003474?profile=RESIZE_400x" width="250" /></a>The Office of the Australian Information Commissioner (OAIC) says some of its files were stolen in a ransomware attack on law firm HWL Ebsworth <a href="https://hwlebsworth.com.au">https://hwlebsworth.com.au</a>.</p>
<p>One of the largest law firms in Australia, HWL Ebsworth, says in an incident notice on its website that it became aware of the incident on 28 April 2023, after the ALPHV_BlackCat ransomware gang boasted about the hack, and that it immediately informed the Australian authorities and started investigating the incident.<a href="#_ftn1">[1]</a></p>
<p>See: <a href="https://redskyalliance.org/xindustry/the-blackcat-is-back">https://redskyalliance.org/xindustry/the-blackcat-is-back</a></p>
<p>BlackCat, aka ALPHV, is used in Ransomware-as-a-Service (RaaS) operations. BlackCat is the first ransomware group to breach organizations using Rust3 successfully. The ransomware leverages previously compromised user credentials to gain initial access to the victim's system. ALPHV has developed its ransomware that compiles information about the people it has previously targeted online into a searchable database. “The investigation indicates the threat actor had accessed and exfiltrated certain information on a confined part of the firm’s system, but not on our core document management system,” the law firm explains. On 09 June 2023, HWL Ebsworth says, the ransomware group published some of the data allegedly stolen from its systems on their leak site, suggesting that the firm did not cave into the gang’s ransom demands. The law firm says it has yet to determine the full impact of the data breach and will notify all individuals whose personal information might have been compromised.</p>
<p>A full-service commercial law firm and the largest partnership among Australian law firms, HWL Ebsworth, serves organizations across multiple sectors, including dozens of federal or state government departments. OAIC, the Australian privacy and freedom watchdog, is one of HWL Ebsworth’s clients to have disclosed the impact of the data breach. “On Saturday, 10 June 2023, HWL Ebsworth advised the OAIC that a document or documents relating to a limited number of OAIC files were included in the breach experienced by HWL Ebsworth,” OAIC said in a statement.</p>
<p>The incident reportedly impacted the NDIS Quality and Safeguards Commission, the Australian Federal Police, the Commonwealth Director of Public Prosecutions, the Department of Defense, the Department of Home Affairs, the Department of Foreign Affairs, and the Taxation Office.</p>
<p>The National Australian Bank (NAB), one of the four largest banks in the country, also disclosed some impact from the incident, stating that a small percentage of its customers might have been affected. “We are aware that HWL Ebsworth, a law firm engaged by NAB for some legal services, has been impacted by a cyber-attack. NAB’s systems were not impacted and remain secure. We are working with HWLE as they continue to get more information in relation to the content of these matters,” NAB said.</p>
<p>The ALPHV ransomware gang has leaked roughly 1.5 terabytes of data from the roughly 3.6 terabytes it allegedly stole from HWL Ebsworth. Last week, the law firm was granted an injunction restricting everyone, including the media, from discussing what information was stolen.</p>
<p> </p>
<p><em>This article is presented at no charge for educational and informational purposes only.</em></p>
<p>Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments, or assistance, please get in touch with the office directly at 1-844-492-7225, or feedback@redskyalliance.com</p>
<p>Weekly Cyber Intelligence Briefings:</p>
<ul>
<li>Reporting: <a href="https://www.redskyalliance.org/">https://www.redskyalliance.org/</a></li>
<li>Website: <a href="https://www.redskyalliance.com/">https://www.redskyalliance.com/</a></li>
<li>LinkedIn: <a href="https://www.linkedin.com/company/64265941">https://www.linkedin.com/company/64265941</a></li>
</ul>
<p>Weekly Cyber Intelligence Briefings:</p>
<p>REDSHORTS - Weekly Cyber Intelligence Briefings</p>
<ul>
<li><a href="https://attendee.gotowebinar.com/register/5504229295967742989">https://attendee.gotowebinar.com/register/5504229295967742989</a></li>
</ul>
<p> </p>
<p><a href="#_ftnref1">[1]</a> <a href="https://www.securityweek.com/australian-government-says-its-data-was-stolen-in-law-firm-ransomware-attack/">https://www.securityweek.com/australian-government-says-its-data-was-stolen-in-law-firm-ransomware-attack/</a></p></div>Is the Tasmanian Devil Real ?https://redskyalliance.org/xindustry/has-the-tasmanian-devil-attacked-tafe2023-04-13T18:20:00.000Z2023-04-13T18:20:00.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><p><a href="{{#staticFileLink}}11026551884,RESIZE_584x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}11026551884,RESIZE_400x{{/staticFileLink}}" alt="11026551884?profile=RESIZE_400x" width="250" /></a>Tasmania's Tafe system, the state's Teachers Registration Board and the office of the Commissioner for Children and Young People have been caught up in a recent Tasmanian government data breach, but a security expert says reporting about hack needs to be measured.</p>
<p>On 7 April, the Tasmanian government said 16,000 documents had been released online after hackers accessed data from the Department of Education, Children and Young People through the third-party file transfer service GoAnywhere MFT. The Education Department's website said the data included the names of children and the school they attended, their home room and year group. It also potentially included the bank account details and birth dates of TasTafe students. Those affected have been sent emails urging them to monitor their bank accounts and report any suspicious financial activity. Who's the culprit?? The Tasmanian Devil?</p>
<p>On the weekend, the Tasmania Police Chief Commissioner and the Secretary of the Department of Premier and Cabinet took the unusual step of writing a joint letter to members of the Labor Opposition and media outlets, urging them not to give further coverage to the topic because it could increase the state's vulnerability to cyber-attacks. "Cyber criminals … operate as organized crime and work on a ransomware business model that creates uncertainty and fear. The current media environment is fueling that business model," they wrote. "I would appreciate your cooperation by heeding the same advice and not doing any further media.</p>
<p>The joint statement said authorities would now only be providing comment on the breach "if there is a significant event to inform the community. [We] would strongly encourage a united approach," they said. "The security advice is that continual coverage … can increase the cyber risk to Tasmania."</p>
<p>The reaction to the letter was swift on social media, with several Labor figures and lawyers labelling the direction ‘extraordinary’ and ‘outrageous.’ Advice to government being extended to try and silence the opposition from asking critical questions?" Labor's representative wrote on Twitter. The Australian Lawyers Alliance said it set "a very troubling precedent." "In a democracy we rely on opposition parties, and we rely on the media, to keep government accountable," he said. "Some very serious matters have been raised about the competence of the Rockliff government's handling of this matter and it's incumbent on the opposition and the media to ensure that they continue public scrutiny of the government. We have not seen in Australia any police commissioner do anything like this in such a ham-fisted way. It's saying if there's any compromise of Tasmanian databases, we shouldn't talk about it, we should just let the government have their way."</p>
<p>A former national cybersecurity adviser to the Australian federal government and chief strategy officer for advisory firm CyberCX, has been engaged to provide technical assistance to the Tasmanian government on the data breach. He told media outlets that one of the first tasks was to assess its "blast radius. We certainly have seen [hackers] contact journalists, and just like in terrorist situations or in situations of self-harm, there does need to be caution sometimes on how these things are reported," he said. "That shouldn't be read as saying the media shouldn't report it. The intent of the letter seems to be not about asking questions per se, but the reporting of it and how it could be used by the hacker and thousands of people who might be concerned about their data."</p>
<p>CyberCX said in previous incidents like the Medibank security breach, the media was used by offenders to amplify the impact. "They are real offenders and they cause real harm," he said. "They'll try to extort money from victim organizations and if you don't do what they want, they'll try to create more harm through publicity, to warn the next victim, 'you'd better cooperate with me.' "In terms of blame for the government, that'll come out in the wash, but clearly governments are always exposed to questioning by the media and the opposition as part of the parliamentary process. And the media has a big role to play in educating the public about what to do if their information is leaked."</p>
<p>The breach of the US-based third-party file transfer service GoAnywhere MFT was first revealed at the end of March. At first, the Science and Technology Minister said there was "no indication" government-held data had been compromised, but added the investigations were "ongoing." A few days later she announced there was a risk sensitive data; including names, addresses and bank account numbers held by the Department of Education, Children And Young People has been accessed. The minister confirmed that the breach involved up to 16,000 documents. "My concern is for individual students, parents; we need to triage that, we'll be working through that," she said.</p>
<p>Source: <a href="https://www.msn.com/en-au/news/australia/tasmanian-cyber-attack-grabs-tastafe-teachers-registration-board-data/ar-AA19HhOI">Tasmanian cyber attack grabs TasTafe, Teachers Registration Board data (msn.com)</a></p>
<p>Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@wapacklabs.com </p>
<p>Weekly Cyber Intelligence Briefings:</p>
<ul>
<li>Reporting: https://www. redskyalliance. org/</li>
<li>Website: https://www. wapacklabs. com/</li>
<li>LinkedIn: https://www. linkedin. com/company/64265941 </li>
</ul>
<p>Weekly Cyber Intelligence Briefings:</p>
<p>REDSHORTS - Weekly Cyber Intelligence Briefings</p>
<p><a href="https://attendee.gotowebinar.com/register/5504229295967742989">https://attendee.gotowebinar.com/register/5504229295967742989</a></p></div>Balloons, Buoys and the Yellow Submarinehttps://redskyalliance.org/xindustry/balloons-buoys-and-the-yellow-submarine2023-02-25T14:40:00.000Z2023-02-25T14:40:00.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><p><a href="{{#staticFileLink}}10972510291,RESIZE_930x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}10972510291,RESIZE_400x{{/staticFileLink}}" alt="10972510291?profile=RESIZE_400x" width="250" /></a>The Canadian military has discovered Chinese spy buoys in the Arctic which allegedly are monitoring US submarines and melting ice sheets. Such "activity is not new,” Canadian defense minister said in recent televised remarks, implying that China has been engaging in surveillance efforts in the region for some time.<a href="#_ftn1">[1]</a> Russia has long sought an Arctic trade route to create shorter vessel travel to Europe. Seems the Chinese may have the same idea, and oh; spy on its adversaries.</p>
<p>Officials described the objects as “dual-purpose technologies,” but they have been reported in Canadian media as buoys used for spying. It is unclear whether the Chinese buoys floated into Canadian waters or were purposefully anchored into the waters. Monitoring buoys can follow environmental and weather conditions, the salinity of water, and track fish.</p>
<p>Earlier this week, a giant mystery ball washed ashore in Japan, later found to be empty and a maritime buoy, though no owner has laid claim.<a href="#_ftn2">[2]</a> False flag, or a genuine maritime buoy? </p>
<p>The Canadian Department of National Defense said its military found and retrieved the monitoring devices but gave no further information about the operation. China has long been interested in building a presence in the Arctic which will allow it to secure a shorter trade route to Europe as glaciers melt. But as China's presence expands globally, so have concerns over undue influence, surveillance and espionage.</p>
<p>Canada’s foreign minister said that China is an increasingly disruptive power, in an interview with CNN. “When it comes to China, we will challenge China when we ought to, and we will cooperate with China when we need to,” she said. “When it comes to issues over the Arctic within our maritime borders, or any form of foreign interference, we will be clear, and that’s how we will address this issue.”</p>
<p>Earlier this month a suspected Chinese spy balloon flew over Canadian airspace into the US, before the American military shot it down into the Atlantic Ocean. Beijing has denied that the balloon served any surveillance purposes, saying instead that it was a weather research “airship.” The Canadian parliament is also currently investigating allegations of Chinese election interference.</p>
<p>Then there’s the Yellow Submarine. A mysterious bright yellow submarine-like object that washed ashore at a remote Australian beach has baffled marine experts and sparked a hunt for its identity and purpose. The yellow object was found on the shore at Double Island Point, a beach in the Great Sandy National Park north of Queensland's Sunshine Coast on the morning of 23 February.</p>
<p>A local camper was driving along the beach at low tide when he found the object at around 5:15am and took photos to compare it to other maritime objects, to try and identify it. He said that he has “never seen anything like it” in his 30 years of camping at the nearby Teewah Beach. The object has a large boat-like body with a long protrusion that holds two lights on its end and two rudder-like components on its rear. Other objects such as military target finders also bear resemblance to the object, however no identification has been confirmed.<a href="#_ftn3">[3]</a> Interesting, but still positively unidentified. </p>
<p>Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or <a href="mailto:feedback@wapacklabs.com">feedback@wapacklabs.com</a> </p>
<p>Weekly Cyber Intelligence Briefings:</p>
<ul>
<li>Reporting: https://www. redskyalliance. org/ </li>
<li>Website: https://www. wapacklabs. com/ </li>
<li>LinkedIn: https://www. linkedin. com/company/64265941 </li>
</ul>
<p>Weekly Cyber Intelligence Briefings:</p>
<p>REDSHORTS - Weekly Cyber Intelligence Briefings</p>
<p><a href="https://attendee.gotowebinar.com/register/5504229295967742989">https://attendee.gotowebinar.com/register/5504229295967742989</a> </p>
<p><a href="#_ftnref1">[1]</a> <a href="https://www.telegraph.co.uk/world-news/2023/02/23/china-using-spy-buoys-arctic-says-canada/">https://www.telegraph.co.uk/world-news/2023/02/23/china-using-spy-buoys-arctic-says-canada/</a></p>
<p><a href="#_ftnref2">[2]</a> <a href="https://www.nytimes.com/2023/02/24/world/asia/japan-buoy-sphere.html">https://www.nytimes.com/2023/02/24/world/asia/japan-buoy-sphere.html</a></p>
<p><a href="#_ftnref3">[3]</a> <a href="https://www.msn.com/en-au/news/others/mysterious-yellow-watercraft-stranded-on-queenslands-double-island-point-still-unidentified/ar-AA17S4xd">https://www.msn.com/en-au/news/others/mysterious-yellow-watercraft-stranded-on-queenslands-double-island-point-still-unidentified/ar-AA17S4xd</a></p></div>The Monkey'shttps://redskyalliance.org/xindustry/the-monkey-s2023-02-14T18:20:00.000Z2023-02-14T18:20:00.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><p><a href="{{#staticFileLink}}10966778259,RESIZE_584x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}10966778259,RESIZE_400x{{/staticFileLink}}" alt="10966778259?profile=RESIZE_400x" width="250" /></a>Back in the 1960’s there was a popular American TV derived band called the Monkees. Then in Australia, there was first ‘The Three Drunk Monkey’s’ – now it’s just called The Monkey’s. The Monkey’s is a creative solutions company that create advertising, entertainment and technology products. Monkey clients include The University of Sydney, Telstra, IKEA, UBank and Parmalat. The Monkey’s are now working close with Telstra in a new device cyber security campaign.<a href="#_ftn1">[1]</a> </p>
<p>When it comes to the cyber world. There's no such thing as too much security. Telstra, an Australian company,<a href="#_ftn2">[2]</a> has released its latest integrated marketing campaign to communicate its commitment to cyber security and how Telstra helps protect customers from millions of cyber threats every day. The campaign, developed in partnership with The Monkeys, part of Accenture Song, will include 60” and 30” TVC, outdoor & digital placements.</p>
<p>The campaign imagines a supersized, dramatic security detail helping to protect a family on a road trip as a visual metaphor for the scale of Telstra’s security credentials and its Cleaner Pipes initiative which sees it block millions of phone, email and SMS scams every day. The campaign’s intention is to highlight that, when it comes to protecting what matters, Telstra takes the protection of our customers very seriously.</p>
<p>The campaign will appear in premium positioning and sponsorships of top-rating programs. In the upcoming weeks, this AD campaign it will appear in key news, sport and popular programs across free to air networks and on-demand viewing.</p>
<p><a href="{{#staticFileLink}}10966778272,RESIZE_930x{{/staticFileLink}}"><img class="align-right" src="{{#staticFileLink}}10966778272,RESIZE_400x{{/staticFileLink}}" alt="10966778272?profile=RESIZE_400x" width="400" /></a>Telstra said: “Since joining Telstra, I’ve been blown away by the dedication of our people to help make Telstra the best mobile network in the country and one of the safest. "This AD is a celebration of that. Huge thanks to my brilliant Telstra marketing team and our partners at the Monkeys. I’m proud for this to be the first ad under my watch as CMO.”</p>
<p>The chief creative officer at The Monkeys<a href="#_ftn3">[3]</a> – part of Accenture Song: “As one of Australia’s biggest brands and network providers, Telstra plays a huge role to help keep their customers safe. It can be hard to properly imagine or understand cyber security, so our latest work is a simple metaphor for the scale of security Telstra is providing behind the scenes to millions of customers every day."</p>
<p>So who knew Monkey’s can handle cyber security.</p>
<p>Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or <a href="mailto:feedback@wapacklabs.com">feedback@wapacklabs.com</a> </p>
<p>Weekly Cyber Intelligence Briefings:</p>
<ul>
<li>Reporting: https://www. redskyalliance. org/ </li>
<li>Website: https://www. wapacklabs. com/ </li>
<li>LinkedIn: https://www. linkedin. com/company/64265941 </li>
</ul>
<p>Weekly Cyber Intelligence Briefings:</p>
<p>REDSHORTS - Weekly Cyber Intelligence Briefings</p>
<p><a href="https://attendee.gotowebinar.com/register/5504229295967742989">https://attendee.gotowebinar.com/register/5504229295967742989</a> </p>
<p><a href="#_ftnref1">[1]</a> <a href="https://www.adnews.com.au/news/telstra-s-cyber-threat-campaign-via-the-monkeys">https://www.adnews.com.au/news/telstra-s-cyber-threat-campaign-via-the-monkeys</a></p>
<p><a href="#_ftnref2">[2]</a> <a href="https://www.telstra.com.au/cyber-security-and-safety">https://www.telstra.com.au/cyber-security-and-safety</a></p>
<p><a href="#_ftnref3">[3]</a> <a href="https://themonkeys.com.au/">https://themonkeys.com.au/</a></p></div>Healthcare Cyber Attacks on the Risehttps://redskyalliance.org/xindustry/healthcare-cyber-attacks-on-the-rise2022-10-13T13:35:07.000Z2022-10-13T13:35:07.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><p><a href="{{#staticFileLink}}10841022296,RESIZE_584x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}10841022296,RESIZE_400x{{/staticFileLink}}" alt="10841022296?profile=RESIZE_400x" width="250" /></a>There has been a very disturbing trend of criminal hackers targeting healthcare providers and directly at hospitals. The NHS system in the UK was recently attacked, numerous healthcare and hospitals in the US and now in Australia. What was once a “white collar crime” of only attacking financial institutions, these cyber-attacks are compromising the health and safety of people around the globe. Health insurer Medibank Private says it has been hit by a cyber-attack. </p>
<table width="100%">
<tbody>
<tr>
<td> </td>
</tr>
</tbody>
</table>
<p><strong>Key points</strong>:</p>
<p>It is Australia's latest cyber-attack after the Optus breach last month, which affected millions of customers</p>
<p>Medibank's ahm and international student policy management systems are currently offline</p>
<p>Investigations into the cyber-attack are ongoing</p>
<p>The Australian company said "unusual activity" had been detected on its network on 12 October but there was no evidence sensitive data, including customer information, had been accessed.<a href="#_ftn1">[1]</a> Some customer-facing systems have been taken down which will cause "regrettable disruptions" to some customers, but health services will still be available, Medibank said. It is the latest cyber-attack after the Optus breach last month, which affected millions of customers. China would be the likely culprit.</p>
<p>Medibank’s chief executive said it recognized its responsibility, given the sensitive data it holds about people's health. "I apologize and acknowledge that in the current environment this news may make people concerned," he said. "Our highest priority is resolving this matter as transparently and quickly as possible." Medibank's Australian Health Management (AHM) and international student policy management systems are currently offline.</p>
<p>Cybersecurity expert and founder of StickmanCyber said insurers such as Medibank were valuable targets for malicious cyber activity, thanks to the highly sensitive personal information that they held. "It is encouraging to see large organisations like Medibank now coming forward and taking accountability for cyber-attacks and data breaches," he said. "Communication is key in any incident, including cyber, or the public will speculate and draw their own conclusions, leading to erroneous information being circulated. Being on the front foot and taking action, even when it may be disruptive to business, along with keeping customers and the public up-to-date is a step in the right direction." StickmanCyber said businesses, regardless of their size and scale, needed to at least inform the Office of Australian Information Commission of a suspected or confirmed breach, and request assistance from Australian Cyber Security Centre and any third parties who could help with the investigation and remediation.</p>
<p>Medibank said investigations into the cyber-attack are ongoing. The company requested a trading halt on the ASX while it investigated. </p>
<p>Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or <a href="mailto:feedback@wapacklabs.com">feedback@wapacklabs.com</a> </p>
<p>Weekly Cyber Intelligence Briefings:</p>
<ul>
<li>Reporting: https://www. redskyalliance. org/ </li>
<li>Website: https://www. wapacklabs. com/ </li>
<li>LinkedIn: https://www. linkedin. com/company/64265941 </li>
</ul>
<p>Weekly Cyber Intelligence Briefings:</p>
<p>REDSHORTS - Weekly Cyber Intelligence Briefings</p>
<p><a href="https://attendee.gotowebinar.com/register/5504229295967742989">https://attendee.gotowebinar.com/register/5504229295967742989</a></p>
<p><a href="#_ftnref1">[1]</a> <a href="https://www.abc.net.au/news/2022-10-13/health-insurer-medibank-hit-by-cyber-attack/101531392">https://www.abc.net.au/news/2022-10-13/health-insurer-medibank-hit-by-cyber-attack/101531392</a></p></div>Relaxed API Permissions Lead to a Telecoms Breachhttps://redskyalliance.org/xindustry/relaxed-api-permissions-lead-to-a-telecoms-breach2022-09-29T22:23:49.000Z2022-09-29T22:23:49.000ZJD Thomasonhttps://redskyalliance.org/members/JDThomason<div><p><span style="font-size:10pt;"><a href="{{#staticFileLink}}10831065267,RESIZE_710x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}10831065267,RESIZE_400x{{/staticFileLink}}" width="250" alt="10831065267?profile=RESIZE_400x" /></a></span></p>
<p> </p>
<p><span style="font-size:10pt;">This past week, the Australian telecoms company Optus is coming under fire for a breach of customer data. Optus’ initial press release regarding this breach went out on 21 September 2022, informing customers that services were not affected and that they were investigating a possible breach [1]. Optus has subsequently release further updates, including informing customers that they will be contacted if their data was compromised. In addition, Optus will be offering the Equifax Protect service to affected customers at no cost [2].</span></p>
<p><span style="font-size:10pt;"> </span></p>
<p><span style="font-size:10pt;"><a href="{{#staticFileLink}}10831066453,original{{/staticFileLink}}"><img class="align-right" style="padding:50px;" src="{{#staticFileLink}}10831066453,RESIZE_584x{{/staticFileLink}}" width="550" alt="10831066453?profile=RESIZE_584x" /></a></span></p>
<p> </p>
<p> </p>
<p><span style="font-size:10pt;">On September 17<sup>th</sup>, an anonymous user named “optusdata” posted a data-for-sale listing on a popular breach forum. This user claimed to have millions of records containing Optus user information, demanding payment from Optus or else records would be sold. If Optus did not pay this user, 10,000 records would be released publicly daily for four days until a decision was made. Two sample packs containing 100 records each was released, along with one pack of 10,000 records since apparently no ransom payment was made.</span></p>
<p><span style="font-size:10pt;"> </span></p>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<p><span style="font-size:10pt;">Perhaps unexpectedly, the user optusdata has taken down this listing and the associated data as of September 27<sup>th</sup>. Their update indicates that this breach has “too many eyes” and that they are sorry to Optus and the 10,200 affected users who had their information leaked. They also claim that Optus had no obvious method of contact and that the ransom was not paid. </span></p>
<p><span style="font-size:10pt;"><a href="{{#staticFileLink}}10831066099,original{{/staticFileLink}}"><img class="align-center" src="{{#staticFileLink}}10831066099,RESIZE_710x{{/staticFileLink}}" width="710" alt="10831066099?profile=RESIZE_710x" /></a></span></p>
<p><span style="font-size:10pt;">Following this announcement, the breached data was then reposted by a user named “FazyMalone.” Thus, until further notice, the number of records released by this breach is 10,200. Specifically, each record may contain the following information about Optus customers:</span></p>
<ul>
<li><span style="font-size:10pt;">Name</span></li>
<li><span style="font-size:10pt;">Birthday</span></li>
<li><span style="font-size:10pt;">Gender</span></li>
<li><span style="font-size:10pt;">Email Address</span></li>
<li><span style="font-size:10pt;">Phone Number</span></li>
<li><span style="font-size:10pt;">Notification Preferences</span></li>
<li><span style="font-size:10pt;">Physical Address</span></li>
<li><span style="font-size:10pt;">Driver’s License Information</span></li>
<li><span style="font-size:10pt;">Passport Number</span></li>
</ul>
<p>Perhaps unexpectedly, the user optusdata has taken down this listing and the associated data as of September 27<sup>th</sup>. Their update indicates that this breach has “too many eyes” and that they are sorry to Optus and the 10,200 affected users who had their information leaked. They also claim that Optus had no obvious method of contact and that the ransom was not paid. </p>
<p><span style="font-size:10pt;">This breach is currently under investigation by Optus and the Australian Federal Police, neither of which have commented on whether user “optusdata” is responsible for the breach. The Australian government has also requested assistance of the US Federal Bureau of Investigation (FBI). Further, security researcher Jeremy Kirk says that it is unclear why the decision to sell the data was changed and that he had been in contact with the user optusdata [3]. Kirk also asserts that this breach involved the use of an unauthenticated API, "api.www[dot]optus.com.au", which would allow anyone to have access to Optus data [4]. This endpoint has since been secured.</span></p>
<p><span style="font-size:10pt;">In addition to this specific breach, we can see that suspicious activity related to Optus has seemingly been taking place for at least six weeks. Red Sky Alliance data collections are indicating a significant increase in sinkholed traffic related to SINGTEL OPTUS PTY LTD, along with numerous username and passwords from accounts with “optus.com.au” email addresses since the beginning of August 2022. An abbreviated listing of our collections can be seen below, with a full table available <a href="{{#staticFileLink}}10831069272,original{{/staticFileLink}}">here</a>. </span></p>
<p><span style="font-size:10pt;"><a href="{{#staticFileLink}}10831066853,RESIZE_1200x{{/staticFileLink}}"><img class="align-center" src="{{#staticFileLink}}10831066853,RESIZE_584x{{/staticFileLink}}" width="500" alt="10831066853?profile=RESIZE_584x" /></a></span></p>
<p style="text-align:center;"><span style="font-size:10pt;"><em>Table 1. Abbreviated table of sinkhole collection data regarding Optus.</em></span></p>
<p><span style="font-size:10pt;"> </span></p>
<p><span style="font-size:10pt;"><strong>[1]</strong>: <a href="https://www.optus.com.au/about/media-centre/media-releases/2022/09/optus-notifies-customers-of-cyberattack">https://www.optus.com.au/about/media-centre/media-releases/2022/09/optus-notifies-customers-of-cyberattack</a></span></p>
<p><span style="font-size:10pt;"><strong>[2]</strong>: <a href="https://www.optus.com.au/content/optus/en/for-you/support/cyberattack.htm">https://www.optus.com.au/content/optus/en/for-you/support/cyberattack.htm</a></span></p>
<p><span style="font-size:10pt;"><strong>[3]</strong>: <a href="https://www.reuters.com/technology/australias-no-2-telco-optus-government-clash-over-massive-data-breach-2022-09-27/">https://www.reuters.com/technology/australias-no-2-telco-optus-government-clash-over-massive-data-breach-2022-09-27/</a></span></p>
<p><span style="font-size:10pt;"><strong>[4]</strong>: <a href="https://thehackernews.com/2022/09/hacker-behind-optus-breach-releases.html">https://thehackernews.com/2022/09/hacker-behind-optus-breach-releases.html</a></span></p>
<p><span style="font-size:10pt;"> </span></p>
<p><span style="font-size:13.3333px;"><strong>About Red Sky Alliance</strong></span></p>
<p><span style="font-size:10pt;">Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments, or assistance, please contact the office directly at 1-844-492-7225 or </span><span style="font-size:10pt;"><a href="mailto:feedback@wapacklabs.com">feedback@wapacklabs. com</a></span><span style="font-size:10pt;"> </span></p>
<p> </p>
<p><span style="font-size:10pt;"><strong>Weekly Cyber Intelligence Briefings:</strong></span></p>
<p><span style="font-size:10pt;">Reporting: https://www. redskyalliance. org/</span></p>
<p><span style="font-size:10pt;">Website: https://www. wapacklabs. com/</span></p>
<p><span style="font-size:10pt;">LinkedIn: https://www. linkedin. com/company/64265941 </span></p>
<p> </p>
<p><span style="font-size:10pt;"><strong>Weekly Cyber Intelligence Briefings:</strong></span></p>
<p><span style="font-size:10pt;">REDSHORTS - Weekly Cyber Intelligence Briefings</span></p>
<p><span style="font-size:10pt;"><a href="https://attendee.gotowebinar.com/register/5504229295967742989">https://attendee.gotowebinar.com/register/5504229295967742989</a></span></p>
<p><span style="font-size:10pt;"> </span></p>
<p><span style="font-size:10pt;"> </span></p>
<p><span style="font-size:10pt;"> </span></p>
<p><span style="font-size:10pt;"> </span></p>
<p> </p>
<p> </p></div>INTELLIGENCE REPORT: CYBER THREATS – ALL SECTORhttps://redskyalliance.org/xindustry/intelligence-report-cyber-threats-all-sector2021-10-15T13:00:04.000Z2021-10-15T13:00:04.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><h2><a href="{{#staticFileLink}}9704153466,RESIZE_930x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}9704153466,RESIZE_400x{{/staticFileLink}}" alt="9704153466?profile=RESIZE_400x" width="250" /></a>Activity Summary - Week Ending 15 October 2021:</h2>
<ul>
<li>Red Sky Alliance identified 37, 307 connections from new IP’s checking in with our Sinkholes</li>
<li>Analysts identified 1,873 new IP addresses participating in various botnets</li>
<li>Sality remains the top Malware Variant at 33,705 times seen</li>
<li>AtomSilo targeting Confluence</li>
<li>FamousSparrow and Hotels</li>
<li>BloodyStealer</li>
<li>Another .edu Hit in the UK</li>
<li>Pointing a Finger at China</li>
<li>Spanish Melia Hotels hacked</li>
<li>Afghan Telcom Roshan</li>
</ul>
<p>Link to full report: <a href="{{#staticFileLink}}9704681061,original{{/staticFileLink}}">IR-21-288-001_weekly_288.pdf</a></p></div>Does this Sound Familiar? The Quadrilateral Security Dialogue (Quad)https://redskyalliance.org/xindustry/does-this-sound-familiar-the-quadrilateral-security-dialogue-quad2021-09-29T19:50:13.000Z2021-09-29T19:50:13.000ZJim McKeehttps://redskyalliance.org/members/JimMcKee<div><p><a href="{{#staticFileLink}}9621574087,RESIZE_400x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}9621574087,RESIZE_400x{{/staticFileLink}}" alt="9621574087?profile=RESIZE_400x" width="250" /></a>The Quadrilateral Security Dialogue (Quad) has signaled its commitment to cybersecurity by announcing a dedicated new group that will promote best practices and shared standards. The announcement came after the first-ever in-person meeting of the Quad, which comprises the US, India, Japan, and Australia in an alliance of democratic nations designed to counter Chinese aggression.</p>
<p>A White House briefing on the leaders’ summit detailed multiple areas of cooperation between the four nations, from COVID-19, climate change, and infrastructure to emerging technologies, space, and cybersecurity. “Building on longstanding collaboration among our four countries on cybersecurity, the Quad will launch new efforts to bolster critical infrastructure resilience against cyber threats by bringing together the expertise of our nations to drive domestic and international best practices,” it noted.</p>
<p>The newly announced Quad Senior Cyber Group looks set to be the key driver of new initiatives in this space. “Leader-level experts will meet regularly to advance work between government and industry on driving continuous improvements in areas including adoption and implementation of shared cyber standards; development of secure software; building workforce and talent, and promoting the scalability and cybersecurity of secure and trustworthy digital infrastructure,” the briefing claimed.</p>
<p>There was also progress on critical and emerging technologies which may have cybersecurity implications, most notably a new dialogue designed to promote Open RAN deployment. The Open RAN movement allows newer players to develop innovative products by leveraging open interfaces between the components, thus enabling cost-effective, agile, and scalable mobile networks.<a href="#_ftn1">[1]</a></p>
<p>The open standard is seen as a critical way to reduce democratic nations’ reliance on 5G infrastructure from China, which has raised significant security concerns in the West.</p>
<p>The Quad also announced it would establish new “contact groups” focused on standards development and research for AI and advanced communications. This could be viewed in the context of concerns that Chinese engineers have been instrumental in setting 5G standards, providing the nation with a potential geopolitical advantage.</p>
<p>The Quad news comes just days after the US, UK, and Australia announced a new AUKUS pact that will see close cooperation between the Anglophone nations on AI, quantum, cybersecurity, and more.</p>
<p>Readers Note: Red Sky Alliance was founded over 10 years for companies around the world to work together to defend against cyber threats. Here is a section from our first brochure printed on 17 September 2011:</p>
<p>The Red Sky® Alliance is a private subscription-based service modeled after the Information Sharing and Analysis Centers (ISAC) only better. Red Sky® Alliance offers a full and rich set of social media tools to enable complete unfiltered interaction between information security professionals using tools the new generation experience and use to communicate every day. Companies can research, collaborate, share indicators, incident information, and lessons learned in the privacy of a closed environment using full-featured social media tools.</p>
<p>Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@wapacklabs.com</p>
<p>Weekly Cyber Intelligence Briefings:</p>
<ul>
<li>Reporting: <a href="https://www.redskyalliance.org/">https://www.redskyalliance.org/</a></li>
<li>Website: <a href="https://www.wapacklabs.com/">https://www.wapacklabs.com/</a></li>
<li>LinkedIn: <a href="https://www.linkedin.com/company/64265941">https://www.linkedin.com/company/64265941</a></li>
</ul>
<p>Weekly Cyber Intelligence Briefings:</p>
<p>REDSHORTS - Weekly Cyber Intelligence Briefings</p>
<p><a href="https://attendee.gotowebinar.com/register/3702558539639477516">https://attendee.gotowebinar.com/register/3702558539639477516</a></p>
<p> </p>
<p><a href="#_ftnref1">[1]</a></p>
<p><a href="https://www.infosecurity-magazine.com/news/us-led-quad-launches-cyber-group/">https://www.infosecurity-magazine.com/news/us-led-quad-launches-cyber-group/</a></p></div>