August 28, 2023
- CYBERSECURITY HEADLINES TODAY -
Medibank Data Breach May Reach $80M
Poland Railway Disrupted by $30 Hack
Cloud Account Takeovers on the Rise
Today in Tech History
In this Episode:
Marcel Brown: August 27th, 2003. The city of Fairbanks, Alaska connected to what was at the time the world’s largest battery backup. Designed to help prevent serious blackouts that plagued the city every two to three years, it was reported that in the first two years of operation, the battery system prevented at least 81 power failures.
Edwin Kwan: The 2022 data breach of Medibank is set to cost the health insurer $35 million in 2024. The data breach had cost them $46.4 million in the 2022 to 2023 financial year. They forecast that the total cost by next year could pass $80 million.
Hillary Coover: Could a $30 radio hack bring a nation’s railway system to a standstill? Saboteurs disrupted Poland’s railway system by using a basic “radio-stop” command that could be transmitted with inexpensive equipment- costing around $30.
Katy Craig: Cloud account takeover incidents have witnessed a sharp rise in recent times, The past six months have seen an astonishing 100% surge in successful breaches. Paradoxically, despite the widespread adoption of MFA by organizations, instances of account takeovers have risen significantly. It’s startling that nearly 35% of compromised users had MFA enabled.
The Stories Behind the Cybersecurity Headlines
Financial Effects of Medibank Data Breach May Reach $80M
This is Edwin Kwan from Sydney, Australia.
Australian health insurer, Medibank, suffered a data breach in October, 2022. This was one of the largest data breaches in Australia, and data from 9.7 million past and present customers were stolen.
The information included email addresses, phone numbers, addresses, Medicare numbers, names, dates of birth, passport numbers, and visa details. Health claims data for 192,000 customers, including private medical information, were also stolen.
The company’s annual report disclosed that the data breach had cost them $46.4 million in the 2022 to 2023 financial year. They forecast that the total cost by next year could pass $80 million. The cost already incurred covered the incident response costs and the customer support package. The company expects to spend another $30 to $35 million in 2024 for further IT security uplift, legal costs, and other costs related to regulatory investigations and litigation.
This shows that a data breach can have long-lasting financial consequences, even for years after the cyber incident.
Poland Railway Disrupted by $30 Hack
Could a $30 radio hack bring a nation’s railway system to a standstill? Saboteurs disrupted Poland’s railway system by using a basic “radio-stop” command that could be transmitted with inexpensive equipment- costing around $30.
Hi, this is Hillary Coover in Washington, DC.
This disruption occurred over August 25th and 26th, affecting more than 20 trains carrying passengers and freight. Although initially labeled as a “cyber attack,” the incident involved a much simpler technique- a disturbingly simple technique.
The perpetrator sent unencrypted radio-stop commands via radio frequency to the trains. These commands lacked encryption or authentication, allowing anyone with basic radio equipment to trigger the trains’ emergency stop function. This disruption is believed to be in support of Russia and is being investigated by Polish Intelligence Services. The railway system is crucial for supplying Western aid and weapons to Ukraine as part of NATO’s defense efforts against Russian invasion.
This radio-stop command has been discussed in Polish train forums and on YouTube for years. Poland plans to upgrade its railway systems to encrypted GSM cellular radios by 2025, but until then, the vulnerable system susceptible to the attack will remain in use.
There is a potential bright side, though. The attack’s main constraint is its proximity requirement, as saboteurs need to be relatively near the target trains. While simple, getting close enough to the trains is risky and will hopefully be a lot harder after this incident.
While the disruption revealed vulnerability of Poland’s unauthenticated trained communication systems, it also highlighted the potential impact of seemingly simple attacks- underscoring the country’s vulnerability as a supporter of Ukraine in conflict.
Cloud Account Takeovers on the Rise
Cloud account takeover incidents have witnessed a sharp rise in recent times. The past six months have seen an astonishing 100% surge in successful breaches with high-level executives at major corporations around the world being the primary targets.
This is Katy Craig in San Diego, California.
At the heart of these breaches lies a potent tool named EvilProxy. This phishing tool leverages a reverse proxy architecture, enabling cyber criminals to sidestep multifactor authentication (MFA), and gain unauthorized entry into critical accounts. Paradoxically, despite the widespread adoption of MFA by organizations, instances of account takeovers have risen significantly. It’s startling that nearly 35% of compromised users had MFA enabled.
The perpetrators orchestrating these breaches are far from amateur. They’ve ingeniously combined Adversary-in-the-Middle phishing techniques with sophisticated methods for account takeovers. The outcome is a chilling accuracy in pinpointing high-value profiles, particularly those of executives.
The ongoing campaign has involved the distribution of approximately 120,000 phishing emails to targeted organizations worldwide. The attackers have adroitly posed as trusted services, making it exceedingly difficult to detect their malicious intentions. Their multi-step infection approach involves routing through legitimate sources, introducing complexity to their tactics.
The attack comprises three distinctive phases.
1) In Phase one, attackers deploy phishing emails that mimic renowned services like Concur, DocuSign, and Adobe to redirect victims to malicious websites.
2) In phase two executives, specifically those holding high-value, succumb to the phishing ploy. The attackers efficiently access their Microsoft 365 accounts in a matter of seconds, showcasing a streamlined process.
3) In phase three, once inside, the attackers establish a lasting presence within the victim’s cloud environment, they manipulate multifactor authentication and even exploit legitimate Microsoft 365 applications to enhance their unauthorized access.
This surge in breaches underscores the imperative for comprehensive cybersecurity measures. Organizations must invest in robust email security, promptly detect account takeovers, and enhance user awareness. As attackers evolve their methods, proactive defense strategy becomes pivotal to safeguard precious data and invaluable assets.
This is Katy Craig, stay safe out there.
This Day, August 27 and 28, in Tech History
August 27th, 2003. The city of Fairbanks Alaska connected to what was at the time the world’s largest battery backup. Designed to help prevent serious blackouts that plagued the city every two to three years, the batteries could provide power to the city for a few minutes, enough time to start up the city’s backup diesel generators.
The battery contains 13,760 cells. Covering more than 10,000 square feet. It was reported that in the first two years of operation, the battery system prevented at least 81 power failures.
August 28th, 2009. Apple releases Mac OS X, 10.6, Snow Leopard, for their Macintosh computers. Snow Leopard was an important release as it was the first to drop support for Power PC based Macs and focus optimization for the Intel processor based Macs.
The networking protocol that Apple had used since the 1980s, Apple Talk, was also discontinued in Snow Leopard.
Apple Talk was the first true plug and play networking protocol and during its heyday in the late eighties, Apple Talk was the most widely used networking protocol in the world.
That’s your technology history for today. For more, tune in tomorrow and visit my website ThisDayInTechHistory.com.