• Join ccmfans.net

    ccmfans.net is the Central Coast Mariners fan community, and was formed in 2004, so basically the beginning of time for the Mariners. Things have changed a lot over the years, but one thing has remained constant and that is our love of the Mariners. People come and go, some like to post a lot and others just like to read. It's up to you how you participate in the community!

    If you want to get rid of this message, simply click on Join Now or head over to https://www.ccmfans.net/community/register/ to join the community! It only takes a few minutes, and joining will let you post your thoughts and opinions on all things Mariners, Football, and whatever else pops into your mind. If posting is not your thing, you can interact in other ways, including voting on polls, and unlock options only available to community members.

    ccmfans.net is not only for Mariners fans either. Most of us are bonded by our support for the Mariners, but if you are a fan of another club (except the Scum, come on, we need some standards), feel free to join and get into some banter.

Optus - Hack

midfielder

Well-Known Member
Copied below is some advice, and possible insight into the Optus Hack, received from one of my accounting support services. Its worth reading.



Optus hack puts all Australia on alert, accountants in front line

TECHNOLOGY

Risks from the huge data breach go far beyond the people directly compromised, cyber security specialist says.

The huge hack into Optus customer details late last week will affect everyone in Australia and puts accountants in the front line of fraud prevention, says one cyber security specialist.

He said risks from the breach went far beyond individual issues for the millions of Optus users whose personal information had been spilled because those details opened doors to much larger targets.

“This is one of the biggest hacks we've ever seen,” said Eftsure marketing manager Niek Dekker. “There's been some data losses with Microsoft and Facebook, but they are technology providers and actually don’t know all that much about you.”
However the Optus attack had much more potential with crucial identifiers in the data and the dangers to the Australian economy were being understated, he said.

Optus admitted names, dates of birth, phone numbers, email addresses and in some cases addresses, driver's licence or passport numbers were compromised.

"We are devastated to discover that we have been subject to a cyberattack that has resulted in the disclosure of our customers’ personal information to someone who shouldn’t see it,” said Optus CEO Kelly Bayer Rosmarin.

The ACCC’s Scamwatch advised Optus customers to “take immediate steps to secure all of their accounts, particularly their bank and financial accounts. You should also monitor for unusual activity on your accounts and watch out for contact by scammers.”

But Mr Dekker said personal accounts were just the start for the cyber criminals.

“Every time they have these hacks they say the customers that are affected by this hack should be extra vigilant. But most of the time, accountants are the end target of these hacks,” he said.

“People are going to use all this data to try to make accounts payable managers pay the wrong bank account details – that's how they get to their money.”

He said the cyber criminals would have been ready as soon as they got into the Optus system.

“It will go pretty fast from now. Organisations will have put all the infrastructure in place already.

“They will run the names through a database like the ABR (Australian Business Register) or ABN, trying to find matches for business owners. Once you know that somebody's a director, you have their passports, you have everything, it becomes very easy to come up with some plot to get them to click on anything.

“Once they click, the fraudsters have complete access to the system via malicious software. They get into the communication they have with other businesses and those are the actual targets.”

The hackers would gain access to the emails of small businesses with minimal cyber security, and set up scams from there.

“They're going to try to intercept the email traffic between the larger customer and the small organisation that they've just got into, and then try to get in between those payments by changing invoices or by changing the bank account details in an email.

“A good example would be they go to a local plumbing business and try to defraud a big, general contractor in construction to make the wrong payment for work that has been done.”

“Banks don't name-check, so fraudsters can just change the numbers on the invoice.

“This is what the data will be used for the most because it's by far the easiest way to make this compromised data valuable. The more data they have, the more precise their attacks will be.”

Mr Dekker said some within the cyber security community were saying that

the entire database was for sale for $US300,000 four days before the breach was made public, with claims they would refrain from selling if Optus paid $US1 million ransom.

He said even if the breach involved just 10 per cent of the almost 10 million customers thought to be exposed, there was no question the criminal upside was enormous.

“These criminals are having a massive payday whoever they are,” he said. “Selling and reselling this type of data is probably more valuable than Optus can pay in ransom. This data will flow from the dark web and will be sold to as many people as want to buy it.”

“If it’s just credit card information, that's about $10 per 1,000 records. But this could be like a massive multiplier on that.”

“The scary thing about this is it's passports, ID documentation, which people usually don't change for years and years. That makes the data extremely valuable for a long time.”

People had the wrong idea about cyber crooks, he said, because they were very different from the Hollywood hoods or disgruntled teens of popular imagination.

“It’s organised businesses – they have stakeholders, they have revenue targets, they have investors, we've seen businesses with company benefits.”

“They have a lot of use for this data and they'll use it for their own specialised area. Some of them are really good at defrauding via business email compromise. Others will ask for credit on the data that they have. It's an economy on its own.”

He said Australia was a popular target because it was rich and the police and authorities responded to hacks in predictable ways. The Optus hack made all Australians more of a target, regardless of whether they were directly involved.

“People that are not affected by the hack directly feel a sense of relief [but] there's been so much data compromised, that it will affect you,” Mr Dekker said.

“Whether you’re are an Optus customer or not, there will be a need for a heightened sense of vigilance, security.”

“It's a hack that might change the way Australians do business.”

Mr Dekker, whose company Eftsure sells software to prevent payment fraud, said it was crucial for businesses to protect themselves.

First, computer systems needed to have the right protections in place, including multi-factor authentication, firewalls and virus scans.

And when came to financial controls, there were two vulnerable points: invoices from new suppliers, and changes in bank details.

He said callback controls were essential because fraudsters often called ahead, while phone numbers needed to be thoroughly checked with third parties to ensure one given in an email was genuine.
 

Online statistics

Members online
16
Guests online
403
Total visitors
419

Forum statistics

Threads
6,716
Messages
378,685
Members
2,709
Latest member
Julihrb
Top