CyberCX uses local 2020 cyber victims list to light a fire under both Aussies and Kiwis

The Australia and New Zealand cyber heavyweight is hoping to encourage businesses to do what they can to avoid being on the 2021 cyber victim list.

Australia and New Zealand cyber megamix CyberCX is hoping to fill the gap left by global security firms, focusing locally to forge ahead with a more regionally appropriate response to countering cyber threats.

In its Annual Threat Assessment report [PDF], CyberCX, the group of security companies headed by two of Australia's most experienced technology and cyber veterans, has offered a handful of recommendations for businesses operating in Australia and New Zealand, with the first, under the banner "strategic", encouraging the development of an incident response plan.

"The faster an organisation can detect and respond to an incident, the less likely the incident is to have a significant impact on data, customer trust, operations, reputation, and revenue," it said.

Although obvious, the report drums in the importance of educating and training staff on practices such as good cyber hygiene, creating a security culture, as well as creating and maintain a consistent, up-to-date cybersecurity policy suite.

See also: Australia's answer to thwarting ransomware is good cyber hygiene

CyberCX, backed by private equity firm BGH Capital, was formed a little over one year ago when it brought together 12 of Australia's independent cybersecurity brands: Alcorn, Assurance, Asterisk, CQR, Diamond, Enosys, Klein&Co, Phriendly Phishing, Sense of Security, Shearwater, TSS, and YellIT.

It is headed by Alastair MacGibbon, former head of the Australian Cyber Security Centre and once special adviser on cybersecurity to former Prime Minister Malcolm Turnbull, as well as CEO John Paitaridis, who was formerly Optus Business' managing director.

Since launch, CyberCX has gone on an expansion spree, scooping up a number of local cybersecurity startups simultaneously.

In its report, CyberCX encouraged the use of local cybersecurity firms.

"Using Australian and New Zealand cybersecurity vendors drives innovation at home and boosts jobs in the local cybersecurity market. Local vendors offer cybersecurity solutions of global calibre and at the same time provide the added benefit of a local perspective," it wrote.

"Analysis tailored specifically to the Australia-New Zealand context is often missing from international vendors, many of which tend to be US-centric."

See also: Former PM Turnbull suggests Australia boosts its cyber capability by buying local

The next item on its checklist is "technical" and includes practices such as securing the attack surface, increasing network visibility, implementing end-point controls, adopting multi-factor authentication, and adopting the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) framework.

"Australian and New Zealand organisations remain attractive targets for a range of cyber threat actors," MacGibbon added in his foreword.

"Over the past year, we have seen prominent organisations and agencies suffer incidents, and cyber crime soar off the back of COVID-19 … the threat actors involved in these incidents have been both financially motivated cyber criminals and state-sponsored groups."

2020 victim list

The report also details cyber incidents that occurred in the region in 2020. Here's the timeline of some of the biggest incidents from Australia and New Zealand:

In January, Australian logistics provider Toll Group was infected by Netwalker ransomware affecting its entire global infrastructure. In March, the Australian branch of car-auction house, Manheim Auctions, similarly falls victim to ransomware.

Intrusion activity is targeted against COVID-19 research in Australian, US, UK, Spanish, South Korean, and Japanese laboratories in April, while Toll Group suffers its second ransomware incident, this time caused by the Nefilim malware.

In May, Service NSW reported it was the victim of a phishing attack that compromised the information of 186,000 customers through the accessing of 47 staff email accounts. BlueScope Steel also experienced a ransomware incident triggering manual processes, but resulting in no material impact to operations.

The same month, a man was prosecuted for carrying out DDoS attacks against two Australian retail and telecommunications entities in 2019.

In June, food and beverage company Lion, with operations in Australia and New Zealand, suffered a ransomware incident, shutting down IT systems and causing disruption to suppliers and customers.

Also in June, a spam campaign distributed banking trojan RM3, targeting Australia-based financial institutions, and New Zealand whitegoods manufacturer, Fisher & Paykel, was struck by Nefilim ransomware, impacting its manufacturing and distribution operations.

A research company in New Zealand experienced a privacy breach in July that compromised of contact details of people who called the police.

Australian provider Regis Healthcare in August suffered a Maze ransomware incident resulting in a breach of client data, while the New Zealand Stock Exchange (NSX) suffered sustained DDoS attacks impacting network connectivity and trading for four days.

In September, misconfiguration at the University of Tasmania caused personally identifiable information of 20,000 students to be leaked through SharePoint to the entire staff and student body; while ransomware operators exfiltrated 17GB of sensitive data from aged care provider Anglicare Sydney.

MetService, the meteorological service of New Zealand, also experienced a DDoS attack in September, resulting in no notable loss of performance after all web traffic was redirected to a secured back-up site.

French maritime shipping giant CMA CGM's offices in China were also hit by Ragnar Locker ransomware causing significant shipping delays in Australia.

Australian media-monitoring company Isentia disclosed a ransomware intrusion in October that reportedly cost at least AU$7 million.

Facilities service provider Spotless also experienced a ransomware incident during merger and acquisition activity by Downer, while an Australian gas producer, retailer, and distributor disclosed that it recently discovered a data breach that occurred in 2014 on a third-party software system.

Law In Order, an Australian supplier of document and digital services to law firms, suffered a Netwalker ransomware incident a month later in November, at the same time, Nexia, a network of solutions-focused accountancy and consultancy firms in Australia and New Zealand, suffered a REvil ransomware incident.

Ending the year, New Zealand-based financial services firm Staircase suffered a Netwalker ransomware incident in December, which saw personal information belonging to its clients published on multiple dark web forums after the company failed to pay the ransom within the designated timeframe.

A breach of 2.6 million email addresses and hashed passwords from Nitro PDF then exposed 4,000 .nz email addresses.

The effects of one of the largest supply chain attacks in history were felt by Aussies and Kiwis, respectively, with SolarWinds customers including entities in the government, technology, healthcare, research, and extractive sectors in North America, Europe, Asia, and the Middle East.

Lastly, multiple Australian and New Zealand organisations were compromised through an exploit of Accellion File Transfer Appliance software. Transport for New South Wales (TfNSW) confirmed being affected, as did the Australian Securities and Investments Commission (ASIC) and the Reserve Bank of New Zealand.

Need to disclose a breach? Read this: Notifiable Data Breaches scheme: Getting ready to disclose a data breach in Australia

MORE FROM CYBERCX