Hacking companies is happening and will only increase

/in


While the idea of a teenage “script kiddie” – a novice hacker using unsophisticated tools – might seem like the stuff of a bad 1990s movie, the threat to some of Australia’s biggest businesses is very real. “Optusdata”, the anonymous hacker who in late 2022 made away with the personal data of more than 10 million Optus customers before backing down from a $1.5 million ransom threat, was described as “unprofessional” and “stupid” by their hacker peers on the dark web.

The Optus mass data breach occurred through an unprotected and publicly exposed end point, meaning anyone who discovered it could connect to it without submitting a username or password. The attack was far from sophisticated, according to O’Reilly and other experts.

“For attackers, especially those utilising low-cost, high-reward strategies, the investment is minimal compared to the potential pay-off, which can range from financial gain to significant data breaches, or even reputational damage to the targeted organisation,” O’Reilly says.

According to the Australian Signals Directorate, more than 127,000 hacks against Australian servers were recorded between the 2022 and 2023 financial years – an increase of more than 300 per cent over the prior year – and O’Reilly says that matches what he’s seeing on the ground.

In the shadows

O’Reilly spends much of his time monitoring the dark web, which ransomware groups use to leak data and boast about their bounties. He regularly reports his findings to the Australian Signals Directorate.

The dark web is a shadowy part of the internet accessible only through special software, allowing users to remain anonymous. It is commonly used for illegal activities such as buying and selling drugs and weapons, as well as stolen credentials.

The group suspected to be behind the 2022 Medibank data breach, Russian cybercriminal gang REVil, posted customer names, birthdates and Medicare details under “good” and “naughty” lists on its dark web site, called Happy Blog. The leaked data included patients who had undergone treatment for drug addictions and terminated non-viable pregnancies.

“I recommend to sell Medibank stocks,” the group said in the…

Source…