11 October 2024

5 min read

Australia plans ransomware payment reporting | Cyber Intelligence Briefing: 11 October 2024

October 2024
Australia plans ransomware payment reporting | Cyber Intelligence Briefing: 11 October 2024 placeholder thumbnail
Australia plans ransomware payment reporting | Cyber Intelligence Briefing: 11 October 2024
4:20

Top news stories this week

  1. Extortion. Australia introduces bill requiring companies to report ransomware payments.
  2. Birthday blues. Ukrainian hackers target Russian state TV and radio channel on Putin's 72nd birthday.
  3. Flashback. Comcast, CF Medical, and Truist Bank affected by ransomware attack on third party supplier.
  4. Déjà vu. Casio and ADT suffer repeat cyber attacks.
  5. Rising threats. Trinity ransomware emerges amid ongoing attacks on US critical infrastructure.
  6. Patch me if you can. Microsoft and Ivanti release patches for actively exploited vulnerabilities.

 

1. Australia introduces bill requiring companies to report ransomware payments

Australia has introduced a new cyber security bill to parliament that requires companies responsible for critical infrastructure assets to report ransomware payments within 72 hours or face a civil penalty. The new bill, if enacted, also bans default passwords and introduces other security standards for smart devices.

So What?

Australia's proposed cyber security bill could set a global precedent and encourage other countries to implement mandatory reporting requirements for ransomware payments.

[Researcher: Waithera Junghae] 


2. Ukraine hackers target Russian state broadcaster on Putin’s birthday

Ukrainian hackers have targeted Russian state broadcaster VGTRK on President Vladimir Putin’s 72nd birthday. VGTRK is Russia's main national and regional TV and radio station, which has been sanctioned by the EU, Canada and the UK since Russia's invasion of Ukraine.

So what?

Since the Russian invasion of Ukraine, attacks on media institutions from both sides have been part of the war arsenal and are not uncommon.

[Researcher: Lena Krummeich]


3. Comcast, CF Medical, and Truist Bank affected by ransomware attack on third party supplier

The US telecom giant Comcast, medical debt-purchasing company CF Medical and Truist Bank have revealed that cyber criminals stole the data of  hundreds and thousands of their customers after a ransomware attack on their third party provider, Financial Business and Consumer Solutions (FBCS). FBCS initially said no Comcast data had been affected during the attack in February. Subsequent investigations revealed that 4.2 million individuals, including Comcast customers, had their data breached in the FBCS hack.

So what?

Organisations should ensure third parties have adequate security controls to protect their data. Additionally, trusted and reputable organisations should be used for incident response to ensure that the full impact of the incident can be identified.

[Researcher: Milda Petraityte]


4. Casio and ADT suffer repeat cyber attacks

Casio has confirmed that disruption to some of its services was caused by an unauthorised third party gaining access to its network. This comes a year after an attack on the company led to a data breach impacting customers from 148 countries. Separately, ADT have confirmed a second breach two months after compromised credentials were used to access the company’s infrastructure.

SO WHAT? 

Conducting a comprehensive lessons learned session after a cyber security incident is essential to ensure resilience against future attacks.

[Researcher: David Broome]


5. Trinity ransomware emerges amid ongoing attacks on US critical infrastructure

The US Department of Health and Human Services has issued an advisory on the new threat actor group, Trinity, warning that the group poses a significant threat to the country’s healthcare sector.

Separately, the US water and sewage company American Water Works announced it experienced an unspecified cyber incident, prompting them to disconnect several systems and pause services as part of their containment strategy.

SO WHAT? 

Threat actors are increasingly targeting critical infrastructure, making it essential for organisations in this sector to remain vigilant.

[Researcher: Aditya Ganjam Mahesh]


6. Microsoft and Ivanti release patches for actively exploited vulnerabilities

Microsoft has released patches for 117 security flaws in October's Patch Tuesday update. This includes three critical vulnerabilities and 42 remote code execution vulnerabilities. Ivanti has also released patches for three vulnerabilities in the Cloud Services Appliance that are actively being exploited by threat actors.

So what?

Organisations should keep their systems up to date with the latest Microsoft patches and update  to version 5.0.2. if using Ivanti CSAs.

[Researcher: Aditya Ganjam Mahesh]

 

SUBSCRIBE TO RECEIVE OUR WEEKLY CYBER THREAT INTELLIGENCE BRIEFING VIA EMAIL

The S-RM Cyber Intelligence Briefing is a weekly round-up of the latest cyber security news, trends, and indicators, curated by our intelligence specialists.

To discuss this briefing or other industry developments, please reach out to one of our experts.

Editors

Share this post

Subscribe to our insights

Get industry news and expert insights straight to your inbox.