[Security Weekly] Cyberattack at Optus Exposes Personal Data of 10 Million Australians
October 2022, Issue I
1. Cyberattack at Optus compromises personal info of 10 million Australians
Optus, Australia’s second-largest telecoms company, suffered a cyberattack in late September that compromised the personal information of 10 million customers, or 40% of the country’s population.
The hackers are suspected to be affiliated with criminal groups. The Australian Cyber Security Centre stepped in to shut down Optus’ systems to prevent the attack from spreading further. Although an initial notification of the attack was made in late September, it took up to two weeks for Optus to confirm the exact scale of the breach.
According to a statement made by its CEO on October 3, about 1.2 million customers had at least one ID number exposed, while another 900,000 had their expired ID numbers compromised. The remaining 7 million customers had their dates of birth, phone numbers, and email addresses accessed. Optus reaffirmed that financial information and account passwords were safe. Nevertheless, related banks were notified of the breach in case of potential phishing attacks.
The scale of this incident has triggered the Australian parliament to discuss plans on reinforcing the country’s privacy rules so that financial institutions can be alerted to cyberattacks quicker.
2. Chaos malware written in Go language spreads on Windows and Linux devices
A new malware named “Chaos” was found to infect both Windows and Linux systems. Written in Google’s Go programming language, the malware is used to steal device resources to launch DDoS attacks.
Discovered by network security firm Lumen, Chaos supports multiple chip architectures, enabling it to infect a range of systems from servers and routers to smartphones and IoT devices. Known to exploit unpatched vulnerabilities in network firewalls, once a device is infected, the malware enables its operators to send remote shell commands to the device, install additional modules, spread across the device’s network by guessing SSH private keys, and most importantly, to utilize the device to launch DDoS attacks.
Lumen suggested it had already witnessed a compromise of a GitHub server, as well as DDoS attacks launched by the malware operator against financial, tech, gaming, and entertainment firms. Other DDoS-as-a-service operators were also targeted in an attempt to demolish competitors.
It remains unknown whether Chaos is operated by an existing hacker group. Nevertheless, the malware is likely built and operated by Chinese hackers given that its name is written in Chinese and that the C2 servers are located in China.
3. American Airlines’ employee email accounts compromised in phishing attack
American Airlines, one of the flagship airlines of the US, issued a customer notification letter on September 16 stating that some of its employee inboxes were accessed by unauthorized third parties, exposing the personal information of “a small number of” customers.
The data breach took place in July, after which forensic investigations revealed that it originated from a phishing attack. The company reassured that the attackers were only able to access limited emails and were not able to reach its customer databases. However, some customer information was contained in email exchanges, including names, dates of birth, home and email addresses, phone numbers, and passport numbers.
The exact number of customers affected is not disclosed. American Airlines said it has provided impacted customers two years of identity theft protection service by Experian.
Check out Penta Security’s product lines:
Web Application Firewall: WAPPLES
Database Encryption: D’Amo
Identity and Access Management: iSIGN+
Car, Energy, Factory, City Solutions: Penta IoT Security