Latest news with #Mansted
Sydney Morning Herald
23-07-2025
- Business
- Sydney Morning Herald
High-end heist: Australians caught up in Louis Vuitton data breach
'The Louis Vuitton breach is just the latest in a string of cyber incidents for the sector, with big names like Tiffany, Dior, Adidas, Victoria's Secret and Cartier disclosing incidents since just April. Ransomware group ShinyHunters is likely behind some, but not all of these.' Loading ShinyHunters, which was formed in 2020 and named after a Pokemon, has claimed credit for some of the most significant data breaches globally, affecting millions of people including Australians. It hasn't yet claimed responsibility for the Louis Vuitton breach. 'ShinyHunters' MO is stealing large datasets. Often, they sell these datasets to other criminals; sometimes, they leak them as a publicity stunt,' Mansted said. She said CyberCX was seeing far fewer businesses in Australia, and globally, pay ransoms to cybercriminals. The criminals aren't stopping, however, but are instead operating in sectors and places more willing to pay ransoms or changing their service offerings. Some are reverting to stealing and selling data to make money. 'The retail sector is in a sweet spot for cybercriminals,' she said. 'The sector hasn't faced the same regulatory pressure to uplift cyber maturity as banks, telcos and other critical providers. But at the same time, it holds huge consumer datasets. These datasets are highly valuable – whether transacted by powerful data brokers, or unlawfully on the dark web by criminals. 'The high-end retail heist also highlights a growing problem confronting all businesses: third-party cyber risk. We're still understanding these incidents, but it's very possible that the source of at least some of these breaches is a third-party vendor commonly used across the sector.' Australian companies now face fines of up to $50 million for serious breaches of the Privacy Act, after high-profile data breaches affected Optus and Medibank customers. The Office of the Australian Information Commissioner was contacted for comment. The latest breach comes after 5.7 million Qantas customers had their information accessed by hackers this month, including information on frequent flyer accounts, addresses and food preferences. The airline said last week it had found no evidence yet of stolen data being released, but it was 'actively monitoring'. Cybersecurity researcher Jamieson O'Reilly said while no passwords or financial data had been taken, the scope of stolen Louis Vuitton data still presented significant opportunities for exploitation. 'That is especially true when the breached entity is a high-profile luxury brand with a highly engaged and brand-loyal customer base,' he said. Jamieson, who runs cybersecurity consultancy DVULN, said he had already noticed online chatter and victim reports indicating that Louis Vuitton customers had received phishing emails impersonating the company. 'Notably, this email referenced a known artist, Clara Bacou, who previously published conceptual NFT artwork for Louis Vuitton back in 2021,' he said. Loading 'Anyone who searched the artist's name would find legitimate links tying her to Louis Vuitton, giving the email a false sense of authenticity. Combined with accurate customer data from the breach, the setup is precise enough to fool even security-aware recipients.' He said it was highly likely that threat actors are already using the stolen data for nefarious purposes. 'While breaches are frequent, that does not make them acceptable,' he said.
The Age
23-07-2025
- Business
- The Age
High-end heist: Australians caught up in Louis Vuitton data breach
'The Louis Vuitton breach is just the latest in a string of cyber incidents for the sector, with big names like Tiffany, Dior, Adidas, Victoria's Secret and Cartier disclosing incidents since just April. Ransomware group ShinyHunters is likely behind some, but not all of these.' Loading ShinyHunters, which was formed in 2020 and named after a Pokemon, has claimed credit for some of the most significant data breaches globally, affecting millions of people including Australians. It hasn't yet claimed responsibility for the Louis Vuitton breach. 'ShinyHunters' MO is stealing large datasets. Often, they sell these datasets to other criminals; sometimes, they leak them as a publicity stunt,' Mansted said. She said CyberCX was seeing far fewer businesses in Australia, and globally, pay ransoms to cybercriminals. The criminals aren't stopping, however, but are instead operating in sectors and places more willing to pay ransoms or changing their service offerings. Some are reverting to stealing and selling data to make money. 'The retail sector is in a sweet spot for cybercriminals,' she said. 'The sector hasn't faced the same regulatory pressure to uplift cyber maturity as banks, telcos and other critical providers. But at the same time, it holds huge consumer datasets. These datasets are highly valuable – whether transacted by powerful data brokers, or unlawfully on the dark web by criminals. 'The high-end retail heist also highlights a growing problem confronting all businesses: third-party cyber risk. We're still understanding these incidents, but it's very possible that the source of at least some of these breaches is a third-party vendor commonly used across the sector.' Australian companies now face fines of up to $50 million for serious breaches of the Privacy Act, after high-profile data breaches affected Optus and Medibank customers. The Office of the Australian Information Commissioner was contacted for comment. The latest breach comes after 5.7 million Qantas customers had their information accessed by hackers this month, including information on frequent flyer accounts, addresses and food preferences. The airline said last week it had found no evidence yet of stolen data being released, but it was 'actively monitoring'. Cybersecurity researcher Jamieson O'Reilly said while no passwords or financial data had been taken, the scope of stolen Louis Vuitton data still presented significant opportunities for exploitation. 'That is especially true when the breached entity is a high-profile luxury brand with a highly engaged and brand-loyal customer base,' he said. Jamieson, who runs cybersecurity consultancy DVULN, said he had already noticed online chatter and victim reports indicating that Louis Vuitton customers had received phishing emails impersonating the company. 'Notably, this email referenced a known artist, Clara Bacou, who previously published conceptual NFT artwork for Louis Vuitton back in 2021,' he said. Loading 'Anyone who searched the artist's name would find legitimate links tying her to Louis Vuitton, giving the email a false sense of authenticity. Combined with accurate customer data from the breach, the setup is precise enough to fool even security-aware recipients.' He said it was highly likely that threat actors are already using the stolen data for nefarious purposes. 'While breaches are frequent, that does not make them acceptable,' he said.
The Advertiser
02-06-2025
- Business
- The Advertiser
Strip clubs to education hubs hacked in password grab
More than 2300 business websites, including dozens in Australia, have been compromised and used to steal consumers' information as part of a year-long, "highly orchestrated phishing campaign", a security firm warns. Almost 80 small and medium-sized Australian businesses have been hacked in the operation, with the websites targeted ranging from a children's education provider to three Queensland strip clubs. Australian online security firm CyberCX revealed details of the attack on Tuesday after alerting compromised businesses, and warned consumers to take care when following website instructions, including completing CAPTCHAs. The details come weeks after several superannuation firms were targeted in a co-ordinated online attack and less than a year after 12.9 million Australians had private information stolen from health provider MediSecure. In a paper called DarkEngine detailing the campaign, CyberCX said it discovered a group had compromised at least 2353 websites since June 2024, including 79 from Australia, 50 from the United Kingdom, and 34 from Canada. The online criminals targeted hundreds of websites using "search engine optimisation poisoning" to publish hacked versions of a commonly used website management tool, the report said. This allowed them to install malicious code on the websites, including fake CAPTCHA features ordinarily used as a security measure to identify website visitors. The effort and resources put into the phishing campaign suggested the criminals behind it were highly motivated, CyberCX intelligence and public policy director Katherine Mansted said, and would sell whatever credentials they could steal. "They're quite omnivorous - there are sex shops through to kids' education websites," she said. "What their objective is here is to compromise as many ordinary citizens' computers as possible for the purposes of financially motivated crime." Stolen credentials such as personal information, logins and passwords had become the leading cause of online attacks, Ms Mansted said, taking over from email phishing attempts. "What we're seeing is an ongoing professionalisation and industrialisation of the cybercrime ecosystem," Ms Mansted told AAP. "I'd love to say that by outing this particular campaign the harm is stopped but it's not, as this is just an example of what we're seeing more and more of." Individuals who might have had their details stolen in the Dark Engine campaign should change their passwords, employ a password manager, and use multi-factor authentication on accounts when possible. Website visitors should also carefully scrutinise CAPTCHA features that look unprofessional, appear in a pop-up window, or ask users to copy code into a computer's command prompt. Stolen passwords were also used to break into 10 AustralianSuper accounts in April in a theft that cost $750,000, National Cyber Security Co-ordinator Lieutenant General Michelle McGuinness confirmed in May. More than 2300 business websites, including dozens in Australia, have been compromised and used to steal consumers' information as part of a year-long, "highly orchestrated phishing campaign", a security firm warns. Almost 80 small and medium-sized Australian businesses have been hacked in the operation, with the websites targeted ranging from a children's education provider to three Queensland strip clubs. Australian online security firm CyberCX revealed details of the attack on Tuesday after alerting compromised businesses, and warned consumers to take care when following website instructions, including completing CAPTCHAs. The details come weeks after several superannuation firms were targeted in a co-ordinated online attack and less than a year after 12.9 million Australians had private information stolen from health provider MediSecure. In a paper called DarkEngine detailing the campaign, CyberCX said it discovered a group had compromised at least 2353 websites since June 2024, including 79 from Australia, 50 from the United Kingdom, and 34 from Canada. The online criminals targeted hundreds of websites using "search engine optimisation poisoning" to publish hacked versions of a commonly used website management tool, the report said. This allowed them to install malicious code on the websites, including fake CAPTCHA features ordinarily used as a security measure to identify website visitors. The effort and resources put into the phishing campaign suggested the criminals behind it were highly motivated, CyberCX intelligence and public policy director Katherine Mansted said, and would sell whatever credentials they could steal. "They're quite omnivorous - there are sex shops through to kids' education websites," she said. "What their objective is here is to compromise as many ordinary citizens' computers as possible for the purposes of financially motivated crime." Stolen credentials such as personal information, logins and passwords had become the leading cause of online attacks, Ms Mansted said, taking over from email phishing attempts. "What we're seeing is an ongoing professionalisation and industrialisation of the cybercrime ecosystem," Ms Mansted told AAP. "I'd love to say that by outing this particular campaign the harm is stopped but it's not, as this is just an example of what we're seeing more and more of." Individuals who might have had their details stolen in the Dark Engine campaign should change their passwords, employ a password manager, and use multi-factor authentication on accounts when possible. Website visitors should also carefully scrutinise CAPTCHA features that look unprofessional, appear in a pop-up window, or ask users to copy code into a computer's command prompt. Stolen passwords were also used to break into 10 AustralianSuper accounts in April in a theft that cost $750,000, National Cyber Security Co-ordinator Lieutenant General Michelle McGuinness confirmed in May. More than 2300 business websites, including dozens in Australia, have been compromised and used to steal consumers' information as part of a year-long, "highly orchestrated phishing campaign", a security firm warns. Almost 80 small and medium-sized Australian businesses have been hacked in the operation, with the websites targeted ranging from a children's education provider to three Queensland strip clubs. Australian online security firm CyberCX revealed details of the attack on Tuesday after alerting compromised businesses, and warned consumers to take care when following website instructions, including completing CAPTCHAs. The details come weeks after several superannuation firms were targeted in a co-ordinated online attack and less than a year after 12.9 million Australians had private information stolen from health provider MediSecure. In a paper called DarkEngine detailing the campaign, CyberCX said it discovered a group had compromised at least 2353 websites since June 2024, including 79 from Australia, 50 from the United Kingdom, and 34 from Canada. The online criminals targeted hundreds of websites using "search engine optimisation poisoning" to publish hacked versions of a commonly used website management tool, the report said. This allowed them to install malicious code on the websites, including fake CAPTCHA features ordinarily used as a security measure to identify website visitors. The effort and resources put into the phishing campaign suggested the criminals behind it were highly motivated, CyberCX intelligence and public policy director Katherine Mansted said, and would sell whatever credentials they could steal. "They're quite omnivorous - there are sex shops through to kids' education websites," she said. "What their objective is here is to compromise as many ordinary citizens' computers as possible for the purposes of financially motivated crime." Stolen credentials such as personal information, logins and passwords had become the leading cause of online attacks, Ms Mansted said, taking over from email phishing attempts. "What we're seeing is an ongoing professionalisation and industrialisation of the cybercrime ecosystem," Ms Mansted told AAP. "I'd love to say that by outing this particular campaign the harm is stopped but it's not, as this is just an example of what we're seeing more and more of." Individuals who might have had their details stolen in the Dark Engine campaign should change their passwords, employ a password manager, and use multi-factor authentication on accounts when possible. Website visitors should also carefully scrutinise CAPTCHA features that look unprofessional, appear in a pop-up window, or ask users to copy code into a computer's command prompt. Stolen passwords were also used to break into 10 AustralianSuper accounts in April in a theft that cost $750,000, National Cyber Security Co-ordinator Lieutenant General Michelle McGuinness confirmed in May. More than 2300 business websites, including dozens in Australia, have been compromised and used to steal consumers' information as part of a year-long, "highly orchestrated phishing campaign", a security firm warns. Almost 80 small and medium-sized Australian businesses have been hacked in the operation, with the websites targeted ranging from a children's education provider to three Queensland strip clubs. Australian online security firm CyberCX revealed details of the attack on Tuesday after alerting compromised businesses, and warned consumers to take care when following website instructions, including completing CAPTCHAs. The details come weeks after several superannuation firms were targeted in a co-ordinated online attack and less than a year after 12.9 million Australians had private information stolen from health provider MediSecure. In a paper called DarkEngine detailing the campaign, CyberCX said it discovered a group had compromised at least 2353 websites since June 2024, including 79 from Australia, 50 from the United Kingdom, and 34 from Canada. The online criminals targeted hundreds of websites using "search engine optimisation poisoning" to publish hacked versions of a commonly used website management tool, the report said. This allowed them to install malicious code on the websites, including fake CAPTCHA features ordinarily used as a security measure to identify website visitors. The effort and resources put into the phishing campaign suggested the criminals behind it were highly motivated, CyberCX intelligence and public policy director Katherine Mansted said, and would sell whatever credentials they could steal. "They're quite omnivorous - there are sex shops through to kids' education websites," she said. "What their objective is here is to compromise as many ordinary citizens' computers as possible for the purposes of financially motivated crime." Stolen credentials such as personal information, logins and passwords had become the leading cause of online attacks, Ms Mansted said, taking over from email phishing attempts. "What we're seeing is an ongoing professionalisation and industrialisation of the cybercrime ecosystem," Ms Mansted told AAP. "I'd love to say that by outing this particular campaign the harm is stopped but it's not, as this is just an example of what we're seeing more and more of." Individuals who might have had their details stolen in the Dark Engine campaign should change their passwords, employ a password manager, and use multi-factor authentication on accounts when possible. Website visitors should also carefully scrutinise CAPTCHA features that look unprofessional, appear in a pop-up window, or ask users to copy code into a computer's command prompt. Stolen passwords were also used to break into 10 AustralianSuper accounts in April in a theft that cost $750,000, National Cyber Security Co-ordinator Lieutenant General Michelle McGuinness confirmed in May.
West Australian
02-06-2025
- Business
- West Australian
Strip clubs to education hubs hacked in password grab
More than 2300 business websites, including dozens in Australia, have been compromised and used to steal consumers' information as part of a year-long, "highly orchestrated phishing campaign", a security firm warns. Almost 80 small and medium-sized Australian businesses have been hacked in the operation, with the websites targeted ranging from a children's education provider to three Queensland strip clubs. Australian online security firm CyberCX revealed details of the attack on Tuesday after alerting compromised businesses, and warned consumers to take care when following website instructions, including completing CAPTCHAs. The details come weeks after several superannuation firms were targeted in a co-ordinated online attack and less than a year after 12.9 million Australians had private information stolen from health provider MediSecure. In a paper called DarkEngine detailing the campaign, CyberCX said it discovered a group had compromised at least 2353 websites since June 2024, including 79 from Australia, 50 from the United Kingdom, and 34 from Canada. The online criminals targeted hundreds of websites using "search engine optimisation poisoning" to publish hacked versions of a commonly used website management tool, the report said. This allowed them to install malicious code on the websites, including fake CAPTCHA features ordinarily used as a security measure to identify website visitors. The effort and resources put into the phishing campaign suggested the criminals behind it were highly motivated, CyberCX intelligence and public policy director Katherine Mansted said, and would sell whatever credentials they could steal. "They're quite omnivorous - there are sex shops through to kids' education websites," she said. "What their objective is here is to compromise as many ordinary citizens' computers as possible for the purposes of financially motivated crime." Stolen credentials such as personal information, logins and passwords had become the leading cause of online attacks, Ms Mansted said, taking over from email phishing attempts. "What we're seeing is an ongoing professionalisation and industrialisation of the cybercrime ecosystem," Ms Mansted told AAP. "I'd love to say that by outing this particular campaign the harm is stopped but it's not, as this is just an example of what we're seeing more and more of." Individuals who might have had their details stolen in the Dark Engine campaign should change their passwords, employ a password manager, and use multi-factor authentication on accounts when possible. Website visitors should also carefully scrutinise CAPTCHA features that look unprofessional, appear in a pop-up window, or ask users to copy code into a computer's command prompt. Stolen passwords were also used to break into 10 AustralianSuper accounts in April in a theft that cost $750,000, National Cyber Security Co-ordinator Lieutenant General Michelle McGuinness confirmed in May.
Perth Now
02-06-2025
- Business
- Perth Now
Strip clubs to education hubs hacked in password grab
More than 2300 business websites, including dozens in Australia, have been compromised and used to steal consumers' information as part of a year-long, "highly orchestrated phishing campaign", a security firm warns. Almost 80 small and medium-sized Australian businesses have been hacked in the operation, with the websites targeted ranging from a children's education provider to three Queensland strip clubs. Australian online security firm CyberCX revealed details of the attack on Tuesday after alerting compromised businesses, and warned consumers to take care when following website instructions, including completing CAPTCHAs. The details come weeks after several superannuation firms were targeted in a co-ordinated online attack and less than a year after 12.9 million Australians had private information stolen from health provider MediSecure. In a paper called DarkEngine detailing the campaign, CyberCX said it discovered a group had compromised at least 2353 websites since June 2024, including 79 from Australia, 50 from the United Kingdom, and 34 from Canada. The online criminals targeted hundreds of websites using "search engine optimisation poisoning" to publish hacked versions of a commonly used website management tool, the report said. This allowed them to install malicious code on the websites, including fake CAPTCHA features ordinarily used as a security measure to identify website visitors. The effort and resources put into the phishing campaign suggested the criminals behind it were highly motivated, CyberCX intelligence and public policy director Katherine Mansted said, and would sell whatever credentials they could steal. "They're quite omnivorous - there are sex shops through to kids' education websites," she said. "What their objective is here is to compromise as many ordinary citizens' computers as possible for the purposes of financially motivated crime." Stolen credentials such as personal information, logins and passwords had become the leading cause of online attacks, Ms Mansted said, taking over from email phishing attempts. "What we're seeing is an ongoing professionalisation and industrialisation of the cybercrime ecosystem," Ms Mansted told AAP. "I'd love to say that by outing this particular campaign the harm is stopped but it's not, as this is just an example of what we're seeing more and more of." Individuals who might have had their details stolen in the Dark Engine campaign should change their passwords, employ a password manager, and use multi-factor authentication on accounts when possible. Website visitors should also carefully scrutinise CAPTCHA features that look unprofessional, appear in a pop-up window, or ask users to copy code into a computer's command prompt. Stolen passwords were also used to break into 10 AustralianSuper accounts in April in a theft that cost $750,000, National Cyber Security Co-ordinator Lieutenant General Michelle McGuinness confirmed in May.
