June – July 2023

Your monthly readout of the Australia and New Zealand cyber threat environment from the desk of CyberCX Intelligence. Cyber Adviser cuts through the noise – delivering you insights and expert analysis in 5 minutes or less.

By the numbers

Case files

We like to move it move it: Are you ready for the next mass data heist?

In June, the Cl0p cyber extortion group claimed widespread exploitation of the MOVEit file transfer application as part of a global mass extortion campaign. This is the third mass exploitation of a file transfer application by Cl0p, and the third time in 2023 the group has been linked to zero-day exploit development. Threat actors are increasingly seeking (and exploiting) vulnerabilities in the common digital platforms used by hundreds, if not thousands, of organisations. File transfer systems are particularly attractive – since they’re gateways to data. CyberCX Intelligence assesses it is likely that Cl0p is developing more exploits for high value edge systems to facilitate future global data heists.

A bear in wolf’s clothing: DDoS attacks against 24+ Australian organisations unlikely to have been authentic grassroots ‘hacktivism’

In June, a CyberCX Intelligence investigation revealed that that there is a real chance that high traffic DDoS attacks against at least 24 Australian organisations in March and April were linked to the Russian state. We assess with moderate confidence that these attacks are the first instance of large scale targeting against Australia associated with the Russia-Ukraine war. The attacks primarily targeted education, aviation and healthcare organisations. You can read CyberCX Intelligence’s full investigation here.

Market manipulation: Are cyber extortion groups watching your business announcements?

In June, cyber extortion group Alphv threatened to time the release of data it had stolen from Reddit to damage Reddit’s IPO. Alphv is also one of the most prolific cyber extortion groups in Australia and New Zealand. CyberCX Intelligence has observed cyber extortion groups increasingly citing local media reporting, economic conditions and laws, indicating that they exploit their victim’s context to maximise reputational – and financial – harm. CyberCX Intelligence urges all organisations to consider major commercial changes like IPOs and mergers & acquisitions as times of heightened cyber risk.

Environment scanning

APRA announced it will increase Medibank’s capital adequacy requirement by $250 million, following a review of the health insurer’s cyber incident in October 2022. APRA’s decision reflects the increasing regulatory risks organisations face from cyber incidents.

There continues to be a “live discussion” in Canberra about classifying customer data as critical infrastructure, according to the head of Australia’s critical infrastructure centre. The Australian government is widely expected to deliver a new national Cyber Strategy in Q2 FY24.

Consultation on the federal government’s “responsible AI” discussion paper opened. Across industry, CyberCX is seeing more organisations developing AI use policies, especially for generative tools like ChatGPT.

Subscribe to Cyber Adviser

Receive the latest cyber insights and expert analysis, straight to your inbox.

About CyberCX Intelligence

CyberCX Intelligence is a uniquely Australia and New Zealand focused capability, with unparalleled visibility into the AUNZ cyber threat landscape. We have the information, access and context to give our partners a decision advantage. Our partners receive:

• Actionable, contextualised intelligence, analysed by experts in AUNZ threat analysis.
• Sector and organisation-specific insights that are relevant and timely. 
• High value, low volume artefacts that help their information overload, not add to it.
• A two-way partnership with intelligence designed for your organisation and how you plan to use it.