Latest news with #MediSecure
The Advertiser
2 days ago
- Business
- The Advertiser
Strip clubs to education hubs hacked in password grab
More than 2300 business websites, including dozens in Australia, have been compromised and used to steal consumers' information as part of a year-long, "highly orchestrated phishing campaign", a security firm warns. Almost 80 small and medium-sized Australian businesses have been hacked in the operation, with the websites targeted ranging from a children's education provider to three Queensland strip clubs. Australian online security firm CyberCX revealed details of the attack on Tuesday after alerting compromised businesses, and warned consumers to take care when following website instructions, including completing CAPTCHAs. The details come weeks after several superannuation firms were targeted in a co-ordinated online attack and less than a year after 12.9 million Australians had private information stolen from health provider MediSecure. In a paper called DarkEngine detailing the campaign, CyberCX said it discovered a group had compromised at least 2353 websites since June 2024, including 79 from Australia, 50 from the United Kingdom, and 34 from Canada. The online criminals targeted hundreds of websites using "search engine optimisation poisoning" to publish hacked versions of a commonly used website management tool, the report said. This allowed them to install malicious code on the websites, including fake CAPTCHA features ordinarily used as a security measure to identify website visitors. The effort and resources put into the phishing campaign suggested the criminals behind it were highly motivated, CyberCX intelligence and public policy director Katherine Mansted said, and would sell whatever credentials they could steal. "They're quite omnivorous - there are sex shops through to kids' education websites," she said. "What their objective is here is to compromise as many ordinary citizens' computers as possible for the purposes of financially motivated crime." Stolen credentials such as personal information, logins and passwords had become the leading cause of online attacks, Ms Mansted said, taking over from email phishing attempts. "What we're seeing is an ongoing professionalisation and industrialisation of the cybercrime ecosystem," Ms Mansted told AAP. "I'd love to say that by outing this particular campaign the harm is stopped but it's not, as this is just an example of what we're seeing more and more of." Individuals who might have had their details stolen in the Dark Engine campaign should change their passwords, employ a password manager, and use multi-factor authentication on accounts when possible. Website visitors should also carefully scrutinise CAPTCHA features that look unprofessional, appear in a pop-up window, or ask users to copy code into a computer's command prompt. Stolen passwords were also used to break into 10 AustralianSuper accounts in April in a theft that cost $750,000, National Cyber Security Co-ordinator Lieutenant General Michelle McGuinness confirmed in May. More than 2300 business websites, including dozens in Australia, have been compromised and used to steal consumers' information as part of a year-long, "highly orchestrated phishing campaign", a security firm warns. Almost 80 small and medium-sized Australian businesses have been hacked in the operation, with the websites targeted ranging from a children's education provider to three Queensland strip clubs. Australian online security firm CyberCX revealed details of the attack on Tuesday after alerting compromised businesses, and warned consumers to take care when following website instructions, including completing CAPTCHAs. The details come weeks after several superannuation firms were targeted in a co-ordinated online attack and less than a year after 12.9 million Australians had private information stolen from health provider MediSecure. In a paper called DarkEngine detailing the campaign, CyberCX said it discovered a group had compromised at least 2353 websites since June 2024, including 79 from Australia, 50 from the United Kingdom, and 34 from Canada. The online criminals targeted hundreds of websites using "search engine optimisation poisoning" to publish hacked versions of a commonly used website management tool, the report said. This allowed them to install malicious code on the websites, including fake CAPTCHA features ordinarily used as a security measure to identify website visitors. The effort and resources put into the phishing campaign suggested the criminals behind it were highly motivated, CyberCX intelligence and public policy director Katherine Mansted said, and would sell whatever credentials they could steal. "They're quite omnivorous - there are sex shops through to kids' education websites," she said. "What their objective is here is to compromise as many ordinary citizens' computers as possible for the purposes of financially motivated crime." Stolen credentials such as personal information, logins and passwords had become the leading cause of online attacks, Ms Mansted said, taking over from email phishing attempts. "What we're seeing is an ongoing professionalisation and industrialisation of the cybercrime ecosystem," Ms Mansted told AAP. "I'd love to say that by outing this particular campaign the harm is stopped but it's not, as this is just an example of what we're seeing more and more of." Individuals who might have had their details stolen in the Dark Engine campaign should change their passwords, employ a password manager, and use multi-factor authentication on accounts when possible. Website visitors should also carefully scrutinise CAPTCHA features that look unprofessional, appear in a pop-up window, or ask users to copy code into a computer's command prompt. Stolen passwords were also used to break into 10 AustralianSuper accounts in April in a theft that cost $750,000, National Cyber Security Co-ordinator Lieutenant General Michelle McGuinness confirmed in May. More than 2300 business websites, including dozens in Australia, have been compromised and used to steal consumers' information as part of a year-long, "highly orchestrated phishing campaign", a security firm warns. Almost 80 small and medium-sized Australian businesses have been hacked in the operation, with the websites targeted ranging from a children's education provider to three Queensland strip clubs. Australian online security firm CyberCX revealed details of the attack on Tuesday after alerting compromised businesses, and warned consumers to take care when following website instructions, including completing CAPTCHAs. The details come weeks after several superannuation firms were targeted in a co-ordinated online attack and less than a year after 12.9 million Australians had private information stolen from health provider MediSecure. In a paper called DarkEngine detailing the campaign, CyberCX said it discovered a group had compromised at least 2353 websites since June 2024, including 79 from Australia, 50 from the United Kingdom, and 34 from Canada. The online criminals targeted hundreds of websites using "search engine optimisation poisoning" to publish hacked versions of a commonly used website management tool, the report said. This allowed them to install malicious code on the websites, including fake CAPTCHA features ordinarily used as a security measure to identify website visitors. The effort and resources put into the phishing campaign suggested the criminals behind it were highly motivated, CyberCX intelligence and public policy director Katherine Mansted said, and would sell whatever credentials they could steal. "They're quite omnivorous - there are sex shops through to kids' education websites," she said. "What their objective is here is to compromise as many ordinary citizens' computers as possible for the purposes of financially motivated crime." Stolen credentials such as personal information, logins and passwords had become the leading cause of online attacks, Ms Mansted said, taking over from email phishing attempts. "What we're seeing is an ongoing professionalisation and industrialisation of the cybercrime ecosystem," Ms Mansted told AAP. "I'd love to say that by outing this particular campaign the harm is stopped but it's not, as this is just an example of what we're seeing more and more of." Individuals who might have had their details stolen in the Dark Engine campaign should change their passwords, employ a password manager, and use multi-factor authentication on accounts when possible. Website visitors should also carefully scrutinise CAPTCHA features that look unprofessional, appear in a pop-up window, or ask users to copy code into a computer's command prompt. Stolen passwords were also used to break into 10 AustralianSuper accounts in April in a theft that cost $750,000, National Cyber Security Co-ordinator Lieutenant General Michelle McGuinness confirmed in May. More than 2300 business websites, including dozens in Australia, have been compromised and used to steal consumers' information as part of a year-long, "highly orchestrated phishing campaign", a security firm warns. Almost 80 small and medium-sized Australian businesses have been hacked in the operation, with the websites targeted ranging from a children's education provider to three Queensland strip clubs. Australian online security firm CyberCX revealed details of the attack on Tuesday after alerting compromised businesses, and warned consumers to take care when following website instructions, including completing CAPTCHAs. The details come weeks after several superannuation firms were targeted in a co-ordinated online attack and less than a year after 12.9 million Australians had private information stolen from health provider MediSecure. In a paper called DarkEngine detailing the campaign, CyberCX said it discovered a group had compromised at least 2353 websites since June 2024, including 79 from Australia, 50 from the United Kingdom, and 34 from Canada. The online criminals targeted hundreds of websites using "search engine optimisation poisoning" to publish hacked versions of a commonly used website management tool, the report said. This allowed them to install malicious code on the websites, including fake CAPTCHA features ordinarily used as a security measure to identify website visitors. The effort and resources put into the phishing campaign suggested the criminals behind it were highly motivated, CyberCX intelligence and public policy director Katherine Mansted said, and would sell whatever credentials they could steal. "They're quite omnivorous - there are sex shops through to kids' education websites," she said. "What their objective is here is to compromise as many ordinary citizens' computers as possible for the purposes of financially motivated crime." Stolen credentials such as personal information, logins and passwords had become the leading cause of online attacks, Ms Mansted said, taking over from email phishing attempts. "What we're seeing is an ongoing professionalisation and industrialisation of the cybercrime ecosystem," Ms Mansted told AAP. "I'd love to say that by outing this particular campaign the harm is stopped but it's not, as this is just an example of what we're seeing more and more of." Individuals who might have had their details stolen in the Dark Engine campaign should change their passwords, employ a password manager, and use multi-factor authentication on accounts when possible. Website visitors should also carefully scrutinise CAPTCHA features that look unprofessional, appear in a pop-up window, or ask users to copy code into a computer's command prompt. Stolen passwords were also used to break into 10 AustralianSuper accounts in April in a theft that cost $750,000, National Cyber Security Co-ordinator Lieutenant General Michelle McGuinness confirmed in May.
West Australian
2 days ago
- Business
- West Australian
Strip clubs to education hubs hacked in password grab
More than 2300 business websites, including dozens in Australia, have been compromised and used to steal consumers' information as part of a year-long, "highly orchestrated phishing campaign", a security firm warns. Almost 80 small and medium-sized Australian businesses have been hacked in the operation, with the websites targeted ranging from a children's education provider to three Queensland strip clubs. Australian online security firm CyberCX revealed details of the attack on Tuesday after alerting compromised businesses, and warned consumers to take care when following website instructions, including completing CAPTCHAs. The details come weeks after several superannuation firms were targeted in a co-ordinated online attack and less than a year after 12.9 million Australians had private information stolen from health provider MediSecure. In a paper called DarkEngine detailing the campaign, CyberCX said it discovered a group had compromised at least 2353 websites since June 2024, including 79 from Australia, 50 from the United Kingdom, and 34 from Canada. The online criminals targeted hundreds of websites using "search engine optimisation poisoning" to publish hacked versions of a commonly used website management tool, the report said. This allowed them to install malicious code on the websites, including fake CAPTCHA features ordinarily used as a security measure to identify website visitors. The effort and resources put into the phishing campaign suggested the criminals behind it were highly motivated, CyberCX intelligence and public policy director Katherine Mansted said, and would sell whatever credentials they could steal. "They're quite omnivorous - there are sex shops through to kids' education websites," she said. "What their objective is here is to compromise as many ordinary citizens' computers as possible for the purposes of financially motivated crime." Stolen credentials such as personal information, logins and passwords had become the leading cause of online attacks, Ms Mansted said, taking over from email phishing attempts. "What we're seeing is an ongoing professionalisation and industrialisation of the cybercrime ecosystem," Ms Mansted told AAP. "I'd love to say that by outing this particular campaign the harm is stopped but it's not, as this is just an example of what we're seeing more and more of." Individuals who might have had their details stolen in the Dark Engine campaign should change their passwords, employ a password manager, and use multi-factor authentication on accounts when possible. Website visitors should also carefully scrutinise CAPTCHA features that look unprofessional, appear in a pop-up window, or ask users to copy code into a computer's command prompt. Stolen passwords were also used to break into 10 AustralianSuper accounts in April in a theft that cost $750,000, National Cyber Security Co-ordinator Lieutenant General Michelle McGuinness confirmed in May.
Perth Now
2 days ago
- Business
- Perth Now
Strip clubs to education hubs hacked in password grab
More than 2300 business websites, including dozens in Australia, have been compromised and used to steal consumers' information as part of a year-long, "highly orchestrated phishing campaign", a security firm warns. Almost 80 small and medium-sized Australian businesses have been hacked in the operation, with the websites targeted ranging from a children's education provider to three Queensland strip clubs. Australian online security firm CyberCX revealed details of the attack on Tuesday after alerting compromised businesses, and warned consumers to take care when following website instructions, including completing CAPTCHAs. The details come weeks after several superannuation firms were targeted in a co-ordinated online attack and less than a year after 12.9 million Australians had private information stolen from health provider MediSecure. In a paper called DarkEngine detailing the campaign, CyberCX said it discovered a group had compromised at least 2353 websites since June 2024, including 79 from Australia, 50 from the United Kingdom, and 34 from Canada. The online criminals targeted hundreds of websites using "search engine optimisation poisoning" to publish hacked versions of a commonly used website management tool, the report said. This allowed them to install malicious code on the websites, including fake CAPTCHA features ordinarily used as a security measure to identify website visitors. The effort and resources put into the phishing campaign suggested the criminals behind it were highly motivated, CyberCX intelligence and public policy director Katherine Mansted said, and would sell whatever credentials they could steal. "They're quite omnivorous - there are sex shops through to kids' education websites," she said. "What their objective is here is to compromise as many ordinary citizens' computers as possible for the purposes of financially motivated crime." Stolen credentials such as personal information, logins and passwords had become the leading cause of online attacks, Ms Mansted said, taking over from email phishing attempts. "What we're seeing is an ongoing professionalisation and industrialisation of the cybercrime ecosystem," Ms Mansted told AAP. "I'd love to say that by outing this particular campaign the harm is stopped but it's not, as this is just an example of what we're seeing more and more of." Individuals who might have had their details stolen in the Dark Engine campaign should change their passwords, employ a password manager, and use multi-factor authentication on accounts when possible. Website visitors should also carefully scrutinise CAPTCHA features that look unprofessional, appear in a pop-up window, or ask users to copy code into a computer's command prompt. Stolen passwords were also used to break into 10 AustralianSuper accounts in April in a theft that cost $750,000, National Cyber Security Co-ordinator Lieutenant General Michelle McGuinness confirmed in May.
The Age
23-05-2025
- Politics
- The Age
Australia news LIVE: PM speaks from disaster zone; Calwell and Bradfield races tighten further; McCormack says Littleproud has been ‘messy'
Latest posts Latest posts 2.01pm Calwell count tightens as independent leaps ahead of Liberals By Adam Carey The race for the last undeclared seat in Victoria has tightened, with Labor still in doubt of retaining the once super-safe seat of Calwell in Melbourne's outer north. Carly Moore, a three-time council mayor who quit the ALP to run as an independent, has catapulted into second place as counting progresses in what the Australian Electoral Commission called the most complicated count in its history. Moore currently commands 45.8 per cent of votes, compared to Labor's candidate Basem Abdo's 54.2 per cent after preferences. Moore needs to secure 64.4 per cent of preferences from Liberal and Greens votes in Calwell as those parties' candidates are eliminated from the count in coming days. Loading Moore told this masthead that she believed the result would come down to the wire in a complex contest in which multiple independents polled well, and their preferences sprayed around. Moore campaigned on a platform of grievance about perceived Labor neglect of the economically disadvantaged and ethnically diverse electorate. She preferenced Abdo last on her how-to-vote card. 'All the things that we were saying during the campaign are true, that this community feels like we're being taken advantage of,' she said. 'We've been treated like a safe seat because we've been a safe seat'. Moore said Labor, which previously held Calwell with a 12.4 per cent margin, would have to devote more resources to the seat in future elections, no matter who wins this time. 'This should be Labor heartland. I hope that they see this as a bit of a wake-up call to make sure they're listening to what the community is telling them, because I don't think they have been'. Abdo was contacted for comment. Labor has not lost a single seat in the 2025 election. But it suffered a primary vote swing of 14.3 per cent in Calwell. 1.39pm Australia must prepare for 'Hollywood'-style cyberattack: Cybersecurity sheriff By Jennifer Dudley-Nicholson Australia has yet to suffer a critical, Hollywood-style cybersecurity incident, according to the nation's top online cop, but our defences are being tested and criminals grow in number. The rate of cyberattacks against Australian businesses may also be higher than statistics indicate, she warned as small businesses continue bearing the brunt of financial losses. National Cyber Security Co-ordinator Lieutenant General Michelle McGuinness issued the warnings at the AusCERT Cyber Security Conference on the Gold Coast today, while also promising public consultation to inform future online safety policies. The event has drawn 900 delegates and comes a month after large superannuation firms were targeted in a co-ordinated online attack and less than a year after 12.9 million Australians had private information stolen in the MediSecure hack. Loading Despite a growing number of attacks on large Australian organisations including in the healthcare and telecommunications sectors and legal firms, McGuinness told the audience none had damaged the nation's critical infrastructure or had a lasting impact. 'Australia has seen the dark side of significant cyber incidents such as Optus, Medibank, Latitude Financial, Ramsay Health Care… but we are actually yet to see a catastrophic cyber incident with impacts across multiple critical infrastructure sectors,' she said. 'We must continue to evolve and thrive to ensure that those scenes we see in Hollywood [movies] never actually eventuate.' The Annual Cyber Threat Report released in November found Australian cybercrime reports grew by 12 per cent in 2024 and the cost of attacks to individuals grew by 17 per cent to an average of $30,700. The Australian Cyber Security Strategy, launched in November 2023, is due to be updated by 2026 to address a broader range of cybersecurity investments, and a public consultation will be launched in the coming months. Read how to protect yourself here. AAP
