Follow ISA Cybersecurity on LinkedIn for the latest cybersecurity news
Weekly CyberTip: Delete Unused Accounts
You can help protect your digital privacy by deleting unused online accounts, or requesting that online services purge your personal details on your behalf. If you no longer have a relationship with the business, it’s in your best interest to get your information off their servers. The JustDeleteMe web page offers a thumbnail description of dozens of common websites and how to request that they “forget” you. After all, you can’t be caught up in a data breach if the company doesn’t have your information anymore!
High costs of public sector cyber attacks hit home
Last week, two reports from the broader public sector in Canada illustrated the significant financial costs involved in responding to cyber incidents:
Item: A report released by the Town of St. Marys, Ontario on April 10 reported that a double extortion attack on municipal systems has cost the town a total of $1.3 million (all figures CDN) to date, including a network rebuild of about $440,000 and incident management and investigation costs of over $860,000 (including a Bitcoin ransom payment of $290,000). A LockBit attack in July 2022 encrypted town systems and exfiltrated sensitive data.
Item: On April 11, the government of the Northwest Territories announced that it had spent $716,000 on “containment, investigation and response efforts” in response to a cyber attack on its systems in November 2022. The government has released few details on the incident, and only acknowledged that it had even happened just a week before the announcement.
Denial-of-service attack knocks out Hydro-Québec’s website and app
On April 13, access to Hydro-Québec’s website and mobile app was affected by a cyber attack that disrupted services for about a day. A pro-Russia hacker group called NoName057 (16) has claimed responsibility for the denial-of-service attack on the province’s critical infrastructure. The group did not offer an explanation for why they allegedly launched the attack.
On their website, HQ sought to allay fears of a data breach: “We wish to reassure our customers and other users of our website and Customer Space: Hydro‑Québec’s critical systems were not affected during the cyberattack. There was no infiltration or exfiltration of data. Rest assured that our cybersecurity teams remain vigilant and continue to monitor the situation.”
The attack was just another in a series of disruptive attacks on Canadian organizations in early April. Similar denial-of-service campaigns were reported on the official website of Prime Minister Justin Trudeau’s website, the websites of the Senate of Canada and the National Capital Commission, the Laurentian Bank of Canada website, and the websites of Port of Montreal and Port de Québec, among others.
In a denial-of-service (or “DoS”) attack, a threat actor swamps an Internet service or system with data traffic, thereby preventing users from accessing websites and online services.
Ransom demand received in Latitude Financial breach
The ongoing story of the cyber incident response at Australia’s Latitude Financial took another turn this week as the company announced that it had received a ransom demand, allegedly from the criminals behind a March 14 cyber attack. Latitude has vowed not to pay any ransom, as is consistent with the official position of the Australian government.
Latitude made an initial announcement about the breach on March 16, when they reported that compromised employee credentials had been pivoted to steal information from two downstream service providers. The initial reports suggested that 103,000 identification documents were taken from one party, and about 225,000 customer records were stolen from the second service provider. However, by March 27, the real scope of the breach became clear. Investigations by the non-bank lender revealed that “approximately 7.9 million recent Australian and New Zealand driver licence numbers, and approximately 53,000 passport numbers were stolen. Further, approximately 6.1 million records dating back to at least 2005 were also stolen”.
As the situation enters its second month, Latitude is still in the process of restoring systems taken offline in the early days of the response. Latitude was forced to stop acquiring new customers and several of its systems were shut down by the attack, but has now advised that “regular business operations are being restored” and “new customer originations have also recommenced”.
Latitude is one of Australia’s largest personal loans providers and the country’s largest non-bank consumer credit lenders, offering consumer finance services, unsecured personal loans, credit cards, car loans, personal insurance, and interest-free retail finance products.
Over 150,000 affected in Government of Tasmania data breach
On April 14, the government of Australia’s island state of Tasmania announced that 150,000 individuals and businesses had been notified about a data breach dating back to March 24. In the update Minister for Science and Technology, Madeleine Ogilvie, said that there is no evidence that any further data has been released since the disclosure of some 16,000 documents by the Clop ransomware gang weeks earlier. The government had confirmed the authenticity of the stolen data that appeared on the dark web on April 7, which included the personal information of schoolchildren and their caregivers.
Australian government to lead war games with banking and finance
In the wake of high-profile cyber incidents in Australia involving Optus and Medibank – and more recently Latitude and the Tasmanian government – Australia Home Affairs Minister Clare O’Neil announced the launch of a program of tabletop exercises or “war games” to test the cyber preparedness of the banking and finance sectors. O’Neil said the government is designing a set of cyber attack scenarios that will test the coordination and cooperation of the government and key sectors.
According to The Sydney Morning Herald, O’Neil said: “[W]hat the Australian government is doing is starting something that business have called for and asked for which is for us to collaborate with industry to run large-scale national cyber exercises… It’s a really important thing for us to be doing.”
The program started with a three-hour tabletop exercise involving representatives from the Reserve Bank, the Australian Securities and Investments Commission, the Australian Prudential Regulation Authority and Australian Federal Police to examine how they would respond to attacks involving the theft of sensitive data and encryption of information technology. Similar exercises are planned with individual financial institutions, after which the government intends to move on to the aviation sector and other critical infrastructure networks.