The Australian Defense Force is the latest target in a series of ongoing cyberattacks against major organizations in the country.
Forcenet, the Department of Defense’s internal communications platform, was targeted in a ransomware attack. The platform will be used for communication between Defense members and their families, including 2018 data.
Defense Minister Matt Keough said there was no evidence that personnel information had been stolen.
“While we have seen no evidence that that information was made available to anyone as a result of that attack, we simply wish to keep all defense staff and personnel on alert and are currently Please work with your contractor to find out exactly what happened,” he said. Press conference October 31st
Keogh also stressed that defense systems were not affected.
“However, as with all Australians, it is always important that people remain vigilant about protecting their personal data,” he said.
“We are currently seeing this type of cyber activity in many organizations across Australia and people remain particularly vigilant about these issues and are connecting our defense personnel with external providers to protect them. We also support you if you need assistance: ID or its personal information.”
Assistant Secretary of Defense Matt Thistlethwaite also said the Department of Defense has suggested that all Forcenet users consider changing their passwords and moving to two-factor authentication.
The attack occurred in early October.
News of the incident targeted major public companies like Australia’s larger health insurer Medibank, second largest telecommunications company Optus and EnergyAustralia one of the three largest energy companies. Came after some cyber incidents.
Other companies targeted include Vinomofo, Woolworths’ MyDeal, and Medlab.
Cyber minister criticizes slow response
Federal Cybersecurity Minister Claire O’Neill faces scrutiny over the government’s response to the attack, while Cybersecurity Minister James Patterson said it took the minister to respond to the first incident involving Medibank. I question time.
“MS. O’Neill must explain why he accepted the company’s initial refusal. This is serious and delayed government involvement by a week,” Patterson said. statement.
“Time is of the essence in cyberattacks. Early government involvement gives customers time to establish the facts, potentially thwart data theft, and take the necessary steps to mitigate the impact of a breach.” can give.”
Statement regarding the Medibank attack: https://t.co/UQwvAcUT7H pic.twitter.com/6mYQbsXmjl
— James Patterson (@SenPaterson) October 24, 2022
He also called for a timeline of actions taken by the federal government to be made public.
“Medibank victims have a right to know when and what action the Albanian government took,” Patterson said.
Labor-up regulations to combat cyberattacks
In response to the increase in cyberattacks, governments fix to the October 26 privacy bill.
This amendment significantly increases penalties for organizations for serious or repeated privacy breaches. With this, the Labor government hopes companies will do more with cybersecurity.
It will also strengthen the Notifiable Data Breach scheme to ensure that the Information Commissioner is aware of the incident and the data compromised.
“These amendments are targeted and measured,” said Attorney General Richard Dreyfuss. “They address the most pressing issues arising from the Optus data breach and other recent cyber incidents.”
But business expert Rob Nichols of the University of New South Wales has previously said part of the problem is the amount of data companies must obtain under the law, noting simply the red tape for companies. It warned against increasing the .
“The real problem with maintaining it is creating so-called honeypots in cyberattacks. There are many items that actually identify the parties involved, which makes the data more valuable in the event of a breach,” he said. previously told the Epoch Times.
He said businesses must obtain identification under Know Your Customer guidelines, including birth certificates, driver’s licenses or passport numbers.