- Is classic Outlook crashing when you start or reply to an email? A fix is on the way
- Samsung will still give you $50 for reserving a Galaxy S25 preorder within the next few hours
- Preparing for the PCI 4.0 Implementation in the Retail environment
- Securing Election Integrity In 2024: Navigating the Complex Landscape of Modern Threats
- Simplifying Zero Trust Security for the Modern Workplace
Hackers Target Australian Defense Communications Platform With Ransomware
Threat actors have conducted a ransomware attack against a communications platform used by Australian military personnel and defense staff.
Named ForceNet, the company is one of the defense department’s external service providers employed to run one of its websites.
At the time of writing, it would appear that no data has been compromised, according to Assistant Minister For Defence Matt Thistlethwaite, who spoke with ABC Radio earlier today, as reported by Reuters.
Still, some private information like dates of birth and enlistment details of military personnel may have been stolen, reported the Australian Broadcasting Corp, citing an unnamed source with knowledge of the matter.
ForceNet has become the latest company hacked in Australia, following some of the biggest firms in the country suffering data breaches over the last couple of months.
These include telecoms giant Optus, owned by Singapore Telecommunications, and the country’s largest health insurer, Medibank.
“Another week, another breach. It seems like things are going from bad to worse down under,” Julia O’Toole, CEO of MyCena Security Solutions, told Infosecurity, commenting on the news.
“It is not clear how this latest incident occurred, but it raises further alarm bells at a time when the world’s eyes are already on the security of Australia.”
According to the security expert, the bad news trend is likely to continue until organizations take back control over their digital network access.
“In almost all security breaches, hackers don’t hack in; they log in. They steal credentials without any obstacles because employees make and control the digital keys (passwords) to access an organization’s network,” O’Toole explained.
“As long as these organizations continue to let their employees create their own keys to access their digital building and open all doors at the same time, there will be no respite.”
To tackle these vulnerabilities, organizations should take control of their access keys and improve their resilience.
“This can easily be done through access encryption and segmentation, where employees use encrypted credentials without the need to see, make or know any of them,” O’Toole concluded. “This would stop exposing organizations to human errors and effectively prevent network doors from being breached.”
For more information about how companies can defend against ransomware attacks, you can read this analysis by Steve Forbes, a government cybersecurity expert at Nominet.
