Latest news with #AustralianCyberSecurityCentre
Forbes
3 days ago
- Business
- Forbes
FBI Issues Critical Cyberattack Alert — Act Now As Victims Skyrocket
FBI issues Play ransomware warning as attacks multiply. The Federal Bureau of Investigation has issued a joint cybersecurity advisory in conjunction with the U.S. Cybersecurity and Infrastructure Security Agency, as the number of confirmed observed victims of Play ransomware attacks skyrocketed in May. The threat actors have, the FBI warned, impacted victims covering a broad spectrum of organisations, including businesses as well as critical infrastructure providers, in both North and South America, as well as across Europe. Here's what you need to know and, more importantly, do to mitigate the chances of your organisation becoming the next on the list. As part of a joint effort between the FBI, CISA and the Australian Cyber Security Centre, the latest update to the Play ransomware cybersecurity advisory comes as result of new investigations this year that have uncovered an evolution of the cybercriminal group's tactics, techniques and procedures. In May, the FBI confirmed that it had become aware of 900 organizations that had been exploited by the crime gang and had fallen victim to the Play ransomware attacks. To put that in some perspective, it is three times the number when the FBI last released such information. The joint critical cybersecurity advisory, which forms part of the ongoing Stop Ransomware campaign, aims to help organizations best defend themselves against attacks by keeping them informed of changes to the aforementioned tactics, techniques, and procedures, as well as new indicators of compromise that can be useful in attack detection efforts. Advisory AA23-352A warned that Play is thought to be what is known as a closed ransomware group actor, acting alone to 'guarantee the secrecy of deals' when it comes to the exfiltrated data that is held to ransom. The ransom notes that are left with the victim do not, the advisory stated, 'include an initial ransom demand or payment instructions; rather, victims are instructed to contact the threat actors via email.' Those emails have one of two German email domains, but the actual email address is unique in every case. 'A portion of victims are contacted via telephone,' the FBI said, 'and are threatened with the release of the stolen data and encouraged to pay the ransom.' These tactics are designed to lead the victim straight onto a negotiation footing where the attacker has the upper hand. Thought to be linked to a North Korean state-sponsored attack group, one that is known to be part of the Democratic People's Republic of Korea's 'Reconnaissance General Bureau,' the Play ransomware campaign shows no sign of slowing down. For that to happen, organizations need to up their game and get their defenses in order. Erecting mitigation barricades is the only answer to such determined ransomware actors. The FBI has recommended the following mitigating actions to be taken as a matter of some urgency:
Hans India
14-05-2025
- Hans India
Four simple ways to keep yourself safe from cyber scams
Think about how many things you have done online today. Paid a bill? Logged into your bank account? Used social media or spent time answering emails? Maybe you have used your phone to pay at a supermarket or train station. We are all plugged in, and that's not necessarily a bad thing. But with all these conveniences comes a growing risk many Australians are unprepared for: cybercrime. According to the most recent cyber threat report by the Australian Cyber Security Centre, more than 87,000 reports of cybercrime were made in 2023-2024. That's a report every six minutes. And that's just what gets reported. Many people do not even realise they have been hacked or scammed until it's too late. Earlier this year, Scamwatch, run by the Australian Competition and Consumer Commission, revealed Australians lost nearly A$319 million to scams in 2024 alone. In a recent example, cyber criminals used stolen login details to hack several major superfunds in Australia and steal a collective A$500,000 of people's retirement savings. A big part of this worsening problem is poor 'digital hygiene'. Here are five easy ways to improve yours. First, what exactly is 'digital hygiene'? Just like brushing your teeth keeps cavities away, digital hygiene is all about keeping your online life clean, safe and protected from harm. It is a simple idea: the better your habits when using technology, the harder it is for scammers or hackers to trick you or get access to your personal information. It means being aware of what you are sharing, whom you are trusting, and how your devices are set up. Unfortunately, most of us are probably more hygienic in bathrooms than we are online. How should you protect yourself? The good news is that you do not need to be a computer whizz to keep clean online. Here are five simple practical steps anyone can take: 1. Stop and think before clicking: Got an unexpected message from your bank asking you to verify your account? Or a text about a missed parcel delivery with a link? Scammers love urgency. It gets people to click before they think. Instead of rushing, pause. Ask yourself: was I expecting this? Is the sender's email or phone number legitimate? Do not click the link, go directly to the official website or app. 2. Use strong, unique passwords: Using your pet's name or '123456' is not going to cut it. And if you reuse passwords across websites, a breach on one site means hackers can try the same password everywhere else. This is called a credential stuffing attack, and it is how the cyber-attack on superannuation funds happened earlier this year. The best move? Begin securing your online accounts by using a password manager and updating any reused passwords, prioritising your most sensitive accounts such as emails, banking and cloud storage first. 3. Turn on multi-factor authentication: Multi-factor authentication means you need something more than just a password to login, such as a code sent to your phone or an app such as Google Authenticator or Microsoft Authenticator. It is a simple step that adds a powerful layer of protection. Even if someone guesses your password, they cannot log in without your second factor. 4. Update your apps and devices: Yes, those software updates are annoying, but they are important. Updates fix security holes that hackers can use. Make it automatic if you can, and do not ignore update prompts, especially for your operating systems such as Windows, iOS or Android. Outdated software harbours known vulnerabilities that hackers actively can target. While keeping devices longer supports sustainability, there is a balance to strike. If your device no longer receives security updates, it may be safer to responsibly recycle it and invest in a newer supported model to maintain your digital safety. 5. Be mindful of what you share: Oversharing on social media makes you an easy target. Public posts that include your birthday, where you went to school, or your pet's name can be used to guess security questions or build convincing fake messages. Think before you post – would a stranger need to know this? What should I do if I have been hacked? To check if your passwords have been leaked in a breach, you can use HaveIBeenPwned – a free tool trusted by security experts. If you have been hacked, follow the tips provided by the Australian Cyber Security Centre. For example, you should change all your passwords and passcodes and use software to scan for malware on your computer. Need more help? Visit for practical guides, especially for parents, teachers and young people. Digital hygiene is not a personal responsibility, it is a collective one. We are connected through emails, group chats, workplaces and social media. One weak link can put others at risk. Talk to your family and friends about the risk of scams and how to avoid them. The more we talk about this, the more normal and effective digital hygiene becomes. Because just like washing your hands became second nature during the COVID-19 pandemic, keeping your online life clean should be a habit, not an afterthought. (The writer is associated with CQ University Australia)
NDTV
13-05-2025
- NDTV
Ways To Keep Yourself Safe From Cyberfraud
Rockhampton: Think about how many things you have done online today. Paid a bill? Logged into your bank account? Used social media or spent time answering emails? Maybe you have used your phone to pay at a supermarket or train station. We are all plugged in, and that's not necessarily a bad thing. But with all these conveniences comes a growing risk many Australians are unprepared for: cybercrime. According to the most recent cyber threat report by the Australian Cyber Security Centre, more than 87,000 reports of cybercrime were made in 2023-2024. That's a report every six minutes. And that's just what gets reported. Many people do not even realise they have been hacked or scammed until it's too late. Earlier this year, Scamwatch, run by the Australian Competition and Consumer Commission, revealed Australians lost nearly A$319 million to scams in 2024 alone. In a recent example, cyber criminals used stolen login details to hack several major superfunds in Australia and steal a collective A$500,000 of people's retirement savings. A big part of this worsening problem is poor "digital hygiene". Here are five easy ways to improve yours. First, what exactly is 'digital hygiene'? Just like brushing your teeth keeps cavities away, digital hygiene is all about keeping your online life clean, safe and protected from harm. It is a simple idea: the better your habits when using technology, the harder it is for scammers or hackers to trick you or get access to your personal information. It means being aware of what you are sharing, whom you are trusting, and how your devices are set up. Unfortunately, most of us are probably more hygienic in bathrooms than we are online. How should you protect yourself? Good news: you do not need to be a computer whizz to keep clean online. Here are five simple practical steps anyone can take: 1. Stop and think before clicking Got an unexpected message from your bank asking you to verify your account? Or a text about a missed parcel delivery with a link? Scammers love urgency. It gets people to click before they think. Instead of rushing, pause. Ask yourself: was I expecting this? Is the sender's email or phone number legitimate? Do not click the link, go directly to the official website or app. 2. Use strong, unique passwords Using your pet's name or "123456" is not going to cut it. And if you reuse passwords across websites, a breach on one site means hackers can try the same password everywhere else. This is called a credential stuffing attack, and it is how the cyber attack on superannuation funds happened earlier this year. The best move? Begin securing your online accounts by using a password manager and updating any reused passwords, prioritising your most sensitive accounts such as emails, banking and cloud storage first. 3. Turn on multi-factor authentication Multi-factor authentication means you need something more than just a password to login, such as a code sent to your phone or an app such as Google Authenticator or Microsoft Authenticator. It is a simple step that adds a powerful layer of protection. Even if someone guesses your password, they cannot log in without your second factor. 4. Update your apps and devices Yes, those software updates are annoying, but they are important. Updates fix security holes that hackers can use. Make it automatic if you can, and do not ignore update prompts, especially for your operating systems such as Windows, iOS or Android. However, it is important to recognise that older devices often stop receiving updates because manufacturers stop supporting older models or are not developing updates for older devices as it can be costly. Outdated software harbours known vulnerabilities that hackers actively can target. While keeping devices longer supports sustainability, there is a balance to strike. If your device no longer receives security updates, it may be safer to responsibly recycle it and invest in a newer supported model to maintain your digital safety. 5. Be mindful of what you share Oversharing on social media makes you an easy target. Public posts that include your birthday, where you went to school, or your pet's name can be used to guess security questions or build convincing fake messages. Think before you post - would a stranger need to know this? What should I do if I have been hacked? To check if your passwords have been leaked in a breach, you can use HaveIBeenPwned - a free tool trusted by security experts. If you have been hacked, follow the tips provided by Australian Cyber Security Centre. For example, you should change all your passwords and passcodes and use software to scan for malware on your computer. Need more help? Visit for practical guides, especially for parents, teachers and young people. Digital hygiene is not a personal responsibility, it is a collective one. We are connected through emails, group chats, workplaces and social media. One weak link can put others at risk. Talk to your family and friends about the risk of scams and how to avoid them. The more we talk about this, the more normal and effective digital hygiene becomes. Because just like washing your hands became second nature during the COVID-19 pandemic, keeping your online life clean should be a habit, not an afterthought. This article is republished from The Conversation under a Creative Commons license. Read the original article. (Disclosure statement: Meena Jha does not work for, consult, own shares in, or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.)
