In
2022,
59
percent
of
business
in
the
Asia-Pacific
region
reported
being
the
victim
of
a
cyber
attack,
32
percent
reported
being
the
victim
of
multiple
cyber
attacks
and
the
region
suffered
a
shortage
of
2.1
million
cyber
security
professionals.
This
has
culminated
in
the
Asia-Pacific
region
being
victim
to
a
number
of
high-profile
cyber
attacks
within
the
last
12
months.
In
this
article,
Cyber
Security
Hub
explores
seven
of
these
attacks.
Contents
-
New
Zealand
government
compromised
in
third-party
attack -
Medibank
suffers
data
leak
that
affects
9.7
million
people -
Toyota
admits
to
data
breach
after
access
key
is
posted
on
GitHub -
MyDeal
data
breach
impacts
2.2
million
people -
Vulnerabilities
in
GPS
tracker
could
put
1.5
million
vehicles
in
danger -
Data
breach
sees
Telstra
employees’
details
posted
online -
Details
of
11
million
customers
accessed
in
Optus
data
breach
New
Zealand
government
compromised
in
third-party
cyber
attack
In
December
2022,
an
IT
managed
service
provider
that
supports
a
range
of
organizations
across
New
Zealand
including
several
within
its
government
suffered
a
cyber
attack,
compromising
access
to
its
data
and
systems.
Those
affected
by
the
cyber
security
incident
includes
some
providers
contracted
to
Te
Whatu
Ora
(Health
New
Zealand),
although
health
service
delivery
was
not
been
affected.
The
Ministry
of
Justice
was
also
affected
by
the
third-party
data
breach
and
confirmed
the
cyber
attack
impacted
access
to
some
coronial
data.
This
allegedly
included
thousands
of
autopsy
reports.
New
Zealand’s
National
Cyber
Security
Center
(NCSC)
said
that
it
was
coordinating
governmental
response
to
the
cyber
attack,
both
within
the
Government
Communication
Security
Bureau
and
alongside
the
New
Zealand
Police,
CERT
NZ
and
the
Privacy
Commissioner.
Lisa
Fong,
deputy
director-general
of
the
NCSC,
said
that
the
organization
is
working
with
the
compromised
third
party
to
“understand
more
fully
the
nature
of
the
data
that
has
been
impacted”
and
how
the
cyber
attack
occurred.
Medibank
suffers
data
leak
that
affects
9.7
million
people
On
October
13,
2022,
Australian
health
insurance
provider
Medibank
suffered
a
data
breach
which
affected
9.7
million
people.
The
malicious
actor
responsible
for
the
breach
attempted
to
extort
the
company
by
contacting
them
directly
to
negotiate
the
release
of
the
data.
Medibank
refused,
which
led
to
the
hacker
releasing
private
medical
information
obtained
in
the
breach
on
the
dark
web.
The
hacker
posted
a
file
labelled
“abortions”
to
a
site
backed
by
Russian
ransomware
group
REvil
on
November
10,
2022,
which
apparently
contained
information
on
procedures
that
policyholders
have
claimed
on,
including
miscarriages,
terminations
and
ectopic
pregnancies.
They
also
released
files
containing
customer
data
called
“good-list”
and
“naughty-list”
on
November
9,
2022.
The
so-called
“naughty-list”
reportedly
includes
details
on
those
who
had
sought
medical
treatment
for
HIV,
drug
addiction
or
alcohol
abuse
or
for
mental
health
issues
like
eating
disorders.
The
hacker
added
to
the
November
10
data
leak
post,
saying:
“Society
ask
us
about
ransom,
it’s
a
10
millions
(sic)
usd.
We
can
make
discount
9.7m
1$=1
customer.”
During
question
time
in
Australian
Parliament
on
November
10,
minister
of
home
affairs
Clare
O’Neil
hit
back
at
the
hackers,
saying:
“I
want
the
scumbags
behind
this
attack
to
know
that
the
smartest
and
toughest
people
in
this
country
are
coming
[at]
you.
“I
want
to
say,
particularly
to
the
women
whose
private
health
information
has
been
compromised
overnight,
as
the
minister
for
cyber-security
but
more
importantly,
as
a
woman,
this
should
not
have
happened,
and
I
know
this
is
a
really
difficult
time.”
David
Koczkar,
CEO
of
Medibank,
called
the
release
of
the
data
“disgraceful”
and
a
“weaponization
of
people’s
private
information”.
He
also
called
those
involved
in
the
cyber-attack
and
data
leak
“deplorable”.
In
an
attempt
to
protect
those
affected
by
the
cyber
security
incident
and
the
subsequent
data
leaks,
Medibank
urged
members
of
the
public
and
the
media
to
not
“unnecessarily
download
sensitive
personal
data
from
the
dark
web”
and
to
“refrain
from
contacting
customers
directly”.
Toyota
admits
to
data
breach
after
access
key
is
posted
on
GitHub
On
October
7,
2022,
Japanese
car
manufacturer
Toyota
issued
a
statement
and
an
apology
after
it
was
discovered
that
third
parties
may
have
gained
unauthorized
access
to
customer
details
between
December
2017
and
September
2022.
The
breach
occurred
because
a
section
of
the
source
code
for
T-Connect,
an
app
which
allows
customers
to
connect
their
phone
to
their
car,
had
been
posted
on
source
code
repository
GitHub
in
December
2017.
As
the
source
code
contained
an
access
key
for
the
server,
this
may
have
allowed
unauthorized
access
to
customer
data
for
five
years.
Any
customers
who
registered
for
the
app
from
December
2017
to
September
2022
were
at
risk
for
their
data
being
accessed,
meaning
the
data
for
a
potential
296,019
customers
may
have
been
leaked.
The
information
available
for
access
included
email
addresses
and
customer
management
numbers.
Personal
or
sensitive
information
including
payment
card
information,
name
and
address
were
not
accessed.
Following
a
security
investigation,
Toyota
said
that
while
it
“cannot
confirm
access
by
a
third
party
based
on
the
access
history
of
the
data
server
where
the
customer’s
email
address
and
customer
management
number
are
stored,
at
the
same
time
[it]
cannot
completely
deny
it”.
Toyota
also
said
that
it
would
individually
notify
all
those
who
were
affected
by
the
breach.
MyDeal
data
breach
impacts
2.2
million
people
Australian
online
retail
marketplace
MyDeal
confirmed
in
October
2022
that
it
was
the
victim
of
a
data
breach
that
exposed
the
data
of
around
2.2
million
customers.
The
retailer,
which
is
a
subsidiary
of
supermarket
chain
Woolworths,
said
that
it
would
be
contacting
all
those
affected
by
the
breach
via
email,
as
well
as
alerting
the
“relevant
regulatory
authorities
and
government
agencies”.
Woolworths
said that
the
breach
was
caused
by
a
malicious
actor
using
“a
compromised
user
credential”
to
gain
unauthorized
access
to
MyDeal’s
Customer
Relationship
Management
(CRM)
system.
Customer
information
exposed
during
the
cyber-attack
included
names,
dates
of
birth,
phone
numbers
and
email
addresses.
For
1.2
million
customers,
the
data
exposed
was
limited
to
their
email
address.
Confidential
information
like
passport,
payment
card
and
drivers
license
details
is
not
stored
by
MyDeal,
and
therefore
was
not
exposed
in
the
hack.
Vulnerabilities
in
GPS
tracker
could
put
1.5
million
vehicles
in
danger
A
GPS
tracker
manufactured
by
Chinese
company
MiCODUS
was
been
revealed
to
have
numerous
critical
cyber
security
vulnerabilities
that
could
allow
bad
actors
to
remotely
hack
a
vehicle’s
system
in
August
2022.
At
the
time
of
the
discovery,
the
MiCODUS
MV720
GPS
tracking
device
had
been
sold
to
customers
across
169
countries
and
installed
in
more
than
1.5
million
devices.
The
critical
cyber
security
issues
were
first
discovered
by
cyber
security
startup
BitSight.
Following
the
discovery
of
the
vulnerabilities,
BitSight
informed
the
US
Department
of
Homeland
Security’s
Cybersecurity
and
Infrastructure
Security
Agency
(CISA).
The
CISA
confirmed
that
“successful
exploitation
of
these
vulnerabilities
could
allow
an
attacker
control
over
any
MV720
GPS
tracker,
granting
access
to
location,
routes,
fuel
cutoff
commands
and
the
disarming
of
various
features
(e.g.
alarms)”.
In
a
report
on
the
vulnerabilities,
BitSight
said
it
had
found
MiCODUS
devices
were
being
used
by
a
range
of
organizations
including
“a
Fortune
50
energy
company,
a
national
military
in
South
America,
a
national
government
and
a
national
law
enforcement
organization
in
Western
Europe,
and
a
nuclear
power
plant
operator”.
It
was
also
revealed
that
MiCODUS
has
a
global
customer
base
of
420,000,
with
1.5
million
devices
sold.
However,
BitSight
did
note
that
it
was
unable
to
determine
the
number
of
MiCODUS
MV720
units
currently
in
use
globally,
as
well
as
the
number
of
MiCODUS
devices
used
for
personal
or
businesses
uses.
Data
breach
sees
Telstra
employees’
details
posted
online
Australian
telecommunications
company
Telstra
revealed
on
Tuesday
that
it
had
been
hit
by
a
data
breach
that
had
revealed
the
details
of
30,000
current
and
former
employees.
The
details
included
employee’s
first
and
last
names
and
email
addresses,
and
were
posted
on
hacking
forum
BreachedForums.
In
a
tweet,
Telstra
confirmed
that
the
data
leak
“wasn’t
a
breach
of
any
Telstra
system”
and
that
it
has
notified
its
employees
and
authorities
first,
before
notifying
former
employees,
despite
“minimal
risk”
to
them.
You
may
have
heard
about
a
data
breach
involving
Telstra
employee
details.
Here
are
the
key
facts:👉
This
wasn’t
a
breach
of
any
Telstra
system
👉
No
customer
account
info
was
included
👉
The
data
includes
first/last
names
and
employee
addresses
👉
The
data
is
from
2017—
Telstra
(@Telstra)
October
4,
2022
A
Telstra
spokesperson
said
the
company
had
been
“made
aware
of
a
data
breach
affecting
a
third
party
that
included
limited
Telstra
employee
information
from
2017.”
Of
the
information
shared,
12,800
of
the
employees
named
were
current
employees.
Details
of
11
million
customers
accessed
in
Optus
data
breach
Australian
telecommunication
company
Optus
suffered
a
devastating
data
breach
on
September
22,
2022
that
led
to
the
details
of
11
million
customers
being
accessed.
The
information
accessed
includes
customers’
names,
dates
of
birth,
phone
numbers,
email
addresses,
home
addresses,
driver’s
license
and/or
passport
numbers
and
Medicare
ID
numbers.
Payment
detail
and
account
passwords
were
not
compromised
in
the
breach.
Optus
confirmed
that
it
has
now
contacted
all
customers
to
notify
them
of
the
cyber-attack’s
impact,
beginning
with
those
who
had
been
affected
by
the
breach
and
finishing
with
those
who
had
not
had
their
data
accessed.
Someone
claiming
to
be
the
hacker
told
Australian
journalist
Jeremy
Kirk
that
they
had
“accessed
an
unauthenticated
API
endpoint”
meaning
that
they
did
not
have
to
log
in
to
access
the
data
and
that
it
was
“all
open
to
internet
for
any
one[sic]
to
use”.
A
person
claiming
to
be
the
hacker
responsible
for
the
data
breach
posted
a
small
sample
of
the
customer
data
stolen
to
the
hacking
forum
BreachedForums
on
September
23.
Using
the
alias
optusdata,
the
hacker
demanded
that
Optus
pay
them
$1mn
ransom,
or
they
would
leak
the
data
of
all
11
million
customers
affected
by
the
breach.
When
Optus
did
not
respond
to
the
ransom
demand,
optusdata
then
posted
a
text
file
of
10,000
customer
data
records
on
September
26,
allowing
other
malicious
actors
to
use
the
data
in
their
own
phishing
campaigns.
Victims
of
the
breach
reported
on
September
27
that
they
had
been
contacted
with
demands
that
they
pay
AU$2,000
(US$1,300)
or
their
data
will
be
sold
to
other
hackers.
However,
on
the
same
day,
the
supposed
hacker
posted
a
new
message
on
BreachedForums,
rescinding
their
demand
and
apologizing
to
Optus.
The
hacker
said
there
were
“too
many
eyes”
so
they
will
not
be
selling
the
data
to
anyone
and
claimed
that
they
had
deleted
all
the
data
from
their
personal
drive,
and
that
they
had
not
made
any
copies.
They
offered
an
apology
also
to
the
10,200
people
who
had
their
data
exposed
via
their
posts
on
BreachedForums,
and
to
Optus
itself,
saying
“hope
all
goes
well
with
this”.
They
finished
by
saying
they
“would
have
reported
[the]
exploit
if
[Optus]
had
[a]
method
to
contact”
and
that
while
the
ransom
was
not
paid,
they
“dont[sic]
care
anymore”
as
it
was
a
“mistake
to
scrape
publish
data
in
the
first
place”.
About Author
