Latest news with #JamiesonO'Reilly
Sydney Morning Herald
23-07-2025
- Business
- Sydney Morning Herald
High-end heist: Australians caught up in Louis Vuitton data breach
'The Louis Vuitton breach is just the latest in a string of cyber incidents for the sector, with big names like Tiffany, Dior, Adidas, Victoria's Secret and Cartier disclosing incidents since just April. Ransomware group ShinyHunters is likely behind some, but not all of these.' Loading ShinyHunters, which was formed in 2020 and named after a Pokemon, has claimed credit for some of the most significant data breaches globally, affecting millions of people including Australians. It hasn't yet claimed responsibility for the Louis Vuitton breach. 'ShinyHunters' MO is stealing large datasets. Often, they sell these datasets to other criminals; sometimes, they leak them as a publicity stunt,' Mansted said. She said CyberCX was seeing far fewer businesses in Australia, and globally, pay ransoms to cybercriminals. The criminals aren't stopping, however, but are instead operating in sectors and places more willing to pay ransoms or changing their service offerings. Some are reverting to stealing and selling data to make money. 'The retail sector is in a sweet spot for cybercriminals,' she said. 'The sector hasn't faced the same regulatory pressure to uplift cyber maturity as banks, telcos and other critical providers. But at the same time, it holds huge consumer datasets. These datasets are highly valuable – whether transacted by powerful data brokers, or unlawfully on the dark web by criminals. 'The high-end retail heist also highlights a growing problem confronting all businesses: third-party cyber risk. We're still understanding these incidents, but it's very possible that the source of at least some of these breaches is a third-party vendor commonly used across the sector.' Australian companies now face fines of up to $50 million for serious breaches of the Privacy Act, after high-profile data breaches affected Optus and Medibank customers. The Office of the Australian Information Commissioner was contacted for comment. The latest breach comes after 5.7 million Qantas customers had their information accessed by hackers this month, including information on frequent flyer accounts, addresses and food preferences. The airline said last week it had found no evidence yet of stolen data being released, but it was 'actively monitoring'. Cybersecurity researcher Jamieson O'Reilly said while no passwords or financial data had been taken, the scope of stolen Louis Vuitton data still presented significant opportunities for exploitation. 'That is especially true when the breached entity is a high-profile luxury brand with a highly engaged and brand-loyal customer base,' he said. Jamieson, who runs cybersecurity consultancy DVULN, said he had already noticed online chatter and victim reports indicating that Louis Vuitton customers had received phishing emails impersonating the company. 'Notably, this email referenced a known artist, Clara Bacou, who previously published conceptual NFT artwork for Louis Vuitton back in 2021,' he said. Loading 'Anyone who searched the artist's name would find legitimate links tying her to Louis Vuitton, giving the email a false sense of authenticity. Combined with accurate customer data from the breach, the setup is precise enough to fool even security-aware recipients.' He said it was highly likely that threat actors are already using the stolen data for nefarious purposes. 'While breaches are frequent, that does not make them acceptable,' he said.
The Age
23-07-2025
- Business
- The Age
High-end heist: Australians caught up in Louis Vuitton data breach
'The Louis Vuitton breach is just the latest in a string of cyber incidents for the sector, with big names like Tiffany, Dior, Adidas, Victoria's Secret and Cartier disclosing incidents since just April. Ransomware group ShinyHunters is likely behind some, but not all of these.' Loading ShinyHunters, which was formed in 2020 and named after a Pokemon, has claimed credit for some of the most significant data breaches globally, affecting millions of people including Australians. It hasn't yet claimed responsibility for the Louis Vuitton breach. 'ShinyHunters' MO is stealing large datasets. Often, they sell these datasets to other criminals; sometimes, they leak them as a publicity stunt,' Mansted said. She said CyberCX was seeing far fewer businesses in Australia, and globally, pay ransoms to cybercriminals. The criminals aren't stopping, however, but are instead operating in sectors and places more willing to pay ransoms or changing their service offerings. Some are reverting to stealing and selling data to make money. 'The retail sector is in a sweet spot for cybercriminals,' she said. 'The sector hasn't faced the same regulatory pressure to uplift cyber maturity as banks, telcos and other critical providers. But at the same time, it holds huge consumer datasets. These datasets are highly valuable – whether transacted by powerful data brokers, or unlawfully on the dark web by criminals. 'The high-end retail heist also highlights a growing problem confronting all businesses: third-party cyber risk. We're still understanding these incidents, but it's very possible that the source of at least some of these breaches is a third-party vendor commonly used across the sector.' Australian companies now face fines of up to $50 million for serious breaches of the Privacy Act, after high-profile data breaches affected Optus and Medibank customers. The Office of the Australian Information Commissioner was contacted for comment. The latest breach comes after 5.7 million Qantas customers had their information accessed by hackers this month, including information on frequent flyer accounts, addresses and food preferences. The airline said last week it had found no evidence yet of stolen data being released, but it was 'actively monitoring'. Cybersecurity researcher Jamieson O'Reilly said while no passwords or financial data had been taken, the scope of stolen Louis Vuitton data still presented significant opportunities for exploitation. 'That is especially true when the breached entity is a high-profile luxury brand with a highly engaged and brand-loyal customer base,' he said. Jamieson, who runs cybersecurity consultancy DVULN, said he had already noticed online chatter and victim reports indicating that Louis Vuitton customers had received phishing emails impersonating the company. 'Notably, this email referenced a known artist, Clara Bacou, who previously published conceptual NFT artwork for Louis Vuitton back in 2021,' he said. Loading 'Anyone who searched the artist's name would find legitimate links tying her to Louis Vuitton, giving the email a false sense of authenticity. Combined with accurate customer data from the breach, the setup is precise enough to fool even security-aware recipients.' He said it was highly likely that threat actors are already using the stolen data for nefarious purposes. 'While breaches are frequent, that does not make them acceptable,' he said.
Daily Mail
30-04-2025
- Business
- Daily Mail
Thousands of Commonwealth Bank, ANZ, NAB, Westpac customers' login details are leaked on the dark web
Cybercriminals are sharing the banking passwords of thousands of Australian customers online, sometimes for free, and banks are unable to stop it. A recent sweep of dark web and encrypted messaging threads by information security firm Dvuln found at least 31,000 Australian internet banking passwords had been exposed by hackers in the last four years. The Sydney-based firm identified credentials belonging to at least 14,000 Commonwealth Bank customers, 7,000 ANZ customers, 5,000 NAB customers and a further 4,000 customers of Westpac. 'The actual number of compromised customer devices is likely substantially higher, as many infections remain undetected or are traded in private channels outside our visibility,' Dvuln said in a report released on Tuesday. The passwords were stolen through so-called 'info-stealer malware', a malicious software installed on devices through online ads, SMS messages and emails. Harvested data includes the usernames, passwords, browsing data, credit card details, local files and cryptocurrency wallets of Australian consumers. A global industry has spawned to take advantage of the hack, in which providers build the malware and distributors share the harvested information. 'The exposures were linked to consumer device infections, not breaches of bank systems,' Dvuln founder Jamieson O'Reilly told Daily Mail Australia. It was for this reason the affected banks were not named in the initial report, though Mr Jamieson has since confirmed the figures. 'Naming them could create misleading headlines and shift attention away from the real issue - the need for the public to improve cyber hygiene,' the expert explained. 'Our intent was to raise awareness and encourage collaboration across the sector, not to single out individual institutions.' Australian Banking Association chief executive Anna Bligh agreed, stating the issue related to breaches of individual devices including phones and laptops. 'Keeping customers secure online is the top priority for Australia's banks,' Ms Bligh told Daily Mail Australia. 'They continue to invest security defences to help keep customers safe, including using advanced intelligence systems to monitor both open and dark web sources for compromised customer credentials.' Cybercriminals can harvest valuable data for years after a device has been corrupted, allowing hackers to retrieve information to take over accounts and conduct fraudulent transactions long beyond the initial attack. The infections overwhelmingly targeted computers operating on Windows software though a growing number of mobile devices are also being targeted. Australian consumers are not unique in being targeted by the malware, with research from KELA identifying an estimated 3.9billion stolen passwords circulating online globally last year. So abundant is the harvested data that cybercriminals have begun selling bundles of credentials at discounts and even for free in a bid to secure future business. Given the depth and adaptability of the threat, the standard security approaches of multi-factor authentication and regular password changes may not solve the issue. Mr O'Reilly likened changing passwords from an infected machine to 'locking the door while the burglar is still inside'. Instead, customers should change their passwords from a separate device and to regularly undertake software and antivirus updates. 'Have a clean device. If you're dealing with money - banking, investments, tax - use a machine that's never touched a game, torrent, or a free movies app,' he said. Mr O'Reilly advised online banking be kept separate from the family computer. 'If your kids are using a computer, make sure it's not the one that has access to your financial life. This is the equivalent of not writing your bank PIN on a sticky note beside your front door. Yet it's happening in thousands of homes every day,' he said.
