Tag Archive for: NSW

Sydney Trains and Transport for NSW cyber security flaws exposed in ‘red team’ hacker attack


Anti-hacking defences put up by Sydney Trains and Transport for NSW were no match for a simulated cyber attack orchestrated by a government watchdog, a new report reveals.

The “red team” hacking exercise conducted by the NSW Auditor-General revealed “significant weaknesses” in the agencies’ cyber security schemes, the watchdog wrote in the report released on Tuesday.

“Transport for NSW and Sydney Trains are not effectively managing their cyber security risks,” Auditor-General Margaret Crawford wrote in the report.

“Significant weaknesses exist in their cyber security controls, and both agencies have assessed that their cyber risks are unacceptably high.”

The report also notes that few staff members at the agencies have received basic cyber security training and that executives do not receive regular detailed cyber risk briefings.

“As a result, neither agency is fostering a culture where cyber security risk management is an important and valued aspect of executive decision-making,” Ms Crawford wrote.

The test was conducted by allowing “authorised attackers” to try to penetrate the computer systems.

The “red team” also tested the security of some of the train systems’ physical sites that were relevant to cyber security, the report said.

Transport for NSW and Sydney Trains were made aware in advance that the test would occur.

The exercise revealed security holes that the agencies weren’t previously aware of, it was revealed.

The agencies fought to suppress exactly what those weaknesses were because they feared revealing the vulnerabilities could expose them to further attacks.

“TfNSW and Sydney Trains have advised that in the six months from December 2020 and at the time of tabling this audit report, they have not yet remediated all the vulnerabilities identified,” Ms Crawford wrote in a foreword.

“As a result, they, along with Cyber Security NSW, have requested that we not disclose all information contained in this audit report to reduce the likelihood of an attack on their systems and resulting harm to the community.

“I have conceded to this request because the vulnerabilities identified have not yet been remediated and leave the agencies exposed to…

Source…

NSW Transport agency extorted by ransomware gang after Accellion attack


Transport for NSW

The transport system for the Australian state of New South Wales has suffered a data breach after the Clop ransomware exploited a vulnerability to steal files.

Transport for NSW is New South Wales’ transport system in charge of the buses, ferries, regional air operators, and cargo transportation.

Last week, Transport for NSW disclosed that their agency suffered a data breach after their secure file-sharing system, Accellion FTA, was attacked and hackers stole data.

The agency is currently investigating the breach to determine what data was stolen and is receiving help from Cyber Security NSW, the New South Wales government information security team.

“Cyber Security NSW is managing the NSW Government investigation with the help of forensic specialists.”

“We are working closely with Cyber Security NSW to understand the impact of the breach, including to customer data,” Transport for NSW disclosed in a data breach notification.

Data leaked on Clop ransomware site

In December, threat actors began using a zero-day vulnerability in the Accellion FTA secure file sharing application to download and steal data.

Accellion FTA is commonly used by government agencies, educational instructions, and organizations to share files with people external to their organization securely.

After the Clop ransomware gang began leaking data stolen during these attacks and ransoming victims, it became clear that the ransomware group was behind the attacks. A report by Mandiant further confirmed the connection after analysis found shared IOCs between the attacks and the ransomware group.

Accellion FTA attack ransom note
Accellion FTA attack ransom note

This weekend, the Clop ransomware published screenshots of alleged emails and documents stolen from the NSW government during an attack on their Accellion FTA device.

Transport for NSW data leak
Transport for NSW data leak

In a message on the data leak site, the ransomware gang states that Transport for NSW or other interested parties can make a payment to prevent the leak or buy the stolen data.

“Want to delete a page or buy data? write to the email indicated on the home page,” the Clop gang states on the data leak site.

The leaked data includes confidential documents, steering committee documents, and…

Source…