According to a recent analysis using data from the Center for Strategic and International Studies, Australia is the sixth most targeted country in the world for major cybersecurity attacks.

We are also continuing to see an increase in the frequency and severity of cybersecurity attacks in Australia. For instance, our common threat, phishing attacks, are currently up 44% compared with the same time last year.

To add context to the nature of these threats for organisations, here are some prominent examples of cybersecurity breaches that have recently affected well-known organisations.

Australian National University: Sophisticated Breach Initiated with Spear-Phishing Email

In late 2018, the Australian National University (ANU) suffered a major data breach, in which hackers gained access to many years’ worth of sensitive data from the university’s Enterprise Systems Domain. The data included names, addresses, phone numbers, dates of birth, emergency contact details, payroll information, bank account details, tax file numbers and academic results.

After the breach was discovered in May 2019, forensic analysis found the hackers had used a variety of sophisticated tactics to breach the university’s cybersecurity, initiated with an intricate spear-phishing email. The email sent to an ANU staff member required no interaction, but by simply previewing the email this enabled hackers to access the staff member’s credentials and then the wider ANU network.

“It is confronting to say this, but we are certainly not alone, and many organisations will already have been hacked, perhaps without their knowledge.”

ANU Vice-Chancellor

In the aftermath of the breach, the ANU has heavily increased its investment in cybersecurity and is actively seeking to raise awareness about cybersecurity threats.

The Government identified this attack as being orchestrated by hackers based in China.

Canva: One of Australia’s Largest Cybersecurity Breaches

In May 2019, Sydney-based startup Canva – now one of Australia’s biggest tech companies – suffered a massive cyber breach, with up to 139 million users affected. Stolen data included usernames, real names, email addresses and geographical information, as well as encrypted password data.

Unlike the cases above, the hacker reported this attack to tech news site ZDNet and claimed responsibility. Known as ‘GnosticPlayers’, they are thought to be responsible for breaching 45 companies and offering the data of about one billion users for sale on the dark web.

Equifax: One of the World’s Largest Cybersecurity Breaches Involving Sensitive Data

In 2017, one of the USA’s largest credit reporting agencies suffered a cyber breach, in which the personal data of 147 million people was compromised (i.e. nearly half the nation’s population!). The amount of sensitive data stolen in the attack made this breach unprecedented globally, with names, addresses, phone numbers, social security numbers, driver licence numbers and credit card numbers being stolen.

The breach was initially made through a consumer complaint web portal, where hackers were able to use a common vulnerability that Equifax’s IT team should have identified and resolved with a patch that was released about two months before the first breach. Had the patch been applied to the system, the breach would have been prevented.

Once Equifax discovered and then later disclosed the breach, numerous lawsuits were filed and it ultimately faced one of the largest class-actions in US history. After sustaining considerable damage to its reputation, the company negotiated a global settlement, pursuant to which Equifax is paying $425M to people affected by the breach.

In February 2020, the US government charged four Chinese military personnel with the Equifax breach, which the Chinese government has denied.

“Monitor activity on your network – who’s coming in and what’s going out? An effective system of intrusion detection could have helped Equifax detect the vulnerability sooner”

US Federal Trade Commission

Marriott International: 383 Million Guests Affected

In 2014, Starwood Hotels and Resorts suffered a data breach that went undiscovered for four years, during which Starwood merged with Marriott International.

The data breach affected 383 million guests, with hackers gaining access to names, addresses, phone numbers, email addresses, passport numbers and credit card information. This gave rise to concerns about identity and financial theft, and also exposed potentially sensitive information about when, where and with whom people had travelled such as diplomats, spies and others.

Hackers were able to access this data through the reservation system of a number of hotels, having obtained the login credentials of two employees with malware that is suspected to have originated inside a phishing email. Poor internal cybersecurity policies and practices were blamed for the breach, such as a lack of two factor authentication (2FA).

According to Marriott, the breach cost the company about $72M USD (for which it was partly insured), though it has also been fined £99M by the UK’s Information Commissioner’s Office and is still facing class-action litigation. To make matters worse, the company has suffered a further breach this year, with 5.2 million guests exposed.

The 2018 attack is now known to be part of a Chinese intelligence-gathering effort.

Want to Learn More About Cybersecurity?

To learn about the current cybersecurity landscape and solutions available to mitigate the risks of an attack, join our next monthly Cybersecurity Virtual Event on 25 September at 12.30 pm.

These events are conducted as a 1 hour webinar, with time for questions. Attendance is free and open to clients and the public, though the events are tailored towards leaders of small-to-medium enterprise and not-for-profits. Enter your details below and we’ll be in touch with the details.