Week 42 | 17th – 21st October 2022

Key Issue: Australian businesses continue to be targeted by cybercriminal groups
Cybercriminals: Continued targeting with LockBit 3.0 ransomware
Nation-State: China-backed groups in lengthy espionage campaigns
Hacktivist: Hacking group updates Furball spyware to evade detection

KEY ISSUE:

This week we reported on the continued targeting of Australian businesses by cybercriminal groups
with health insurer Medibank disclosing a data breach. The threat actor claims to have stolen 200GB of highly
sensitive data that may include details of medical procedures, diagnoses, addresses, Medicare numbers, and
credit card information. This incident is the latest of several high-profile data breaches affecting Australian
businesses. In October 2022, IT services consultancy firm Dialog also suffered a data breach affecting 1,000
current and former employees, weeks after Optus, which is owned by the same telecommunications
multinational, disclosed a massive data breach affecting 9.8 million customers in September 2022. Australia’s
largest telecommunications company Telstra also disclosed a data breach in October 2022 that occurred via a
third-party supplier. We assess that financially motivated threat actors will likely continue targeting businesses
in the telecommunications and insurance sectors owing to the high volumes of sensitive data they are known
to store. In response to this spate of data breaches, the Australian government is expected to implement new
privacy legislation that aims to reduce the amount of sensitive data held by companies on its citizens. This has
potential implications for the future threat landscape as the international adoption of similar legislation would
disrupt the incentive for cybercriminal groups to engage in data leak extortion operations, owing to the
substantially reduced volume of sensitive data held by potential victims.