Latest news with #MichelleMcGuinness
West Australian
23-05-2025
- Business
- West Australian
Australia must prepare for Hollywood-style cyber attack
Australia has yet to suffer a critical, Hollywood-style cyber security incident, according to the nation's top online cop, but our defences are being tested and criminals grow in number. The rate of cyber attacks against Australian businesses may also be higher than statistics indicate, she warned as small businesses continue bearing the brunt of financial losses. National Cyber Security Co-ordinator Lieutenant General Michelle McGuinness issued the warnings at the AusCERT Cyber Security Conference on the Gold Coast on Friday, while also promising public consultation to inform future online safety policies. The event has drawn 900 delegates and comes a month after large superannuation firms were targeted in a co-ordinated online attack and less than a year after 12.9 million Australians had private information stolen in the Medisecure hack. Despite a growing number of attacks on large Australian organisations including healthcare, telecommunications and legal firms, Lt Gen McGuinness told the audience none had damaged the nation's critical infrastructure or had a lasting impact. "Australia has seen the dark side of significant cyber incidents such as Optus, Medibank, Latitude Financial, HWL Ebsworth, Ramsay Health Care and Medisecure (but) we are actually yet to see a catastrophic cyber incident with impacts across multiple critical infrastructure sectors," she said. "We must continue to evolve and thrive to ensure that those scenes we see in Hollywood never actually eventuate." The most recent high-profile cyber attack in which criminals stole $750,000 from 10 AustralianSuper accounts had been the result of a "credential-stuffing attack", Lt Gen McGuinness confirmed, involving criminals using passwords leaked from another data breach. Financial losses from the attack were "relatively small" but aimed at a large financial market, she said, and should serve as a reminder for all parties to bolster online defences. The Annual Cyber Threat Report released in November found Australian cyber crime reports grew by 12 per cent in 2024 and the cost of attacks to individuals grew by 17 per cent to an average of $30,700. Cyber crime's cost to businesses fell by eight per cent according to the report, but Lt Gen McGuinness said the true cost of online crime was likely to be significantly higher given most Australian businesses were categorised as small and lost an average of $49,600 per incident. "These businesses don't have the staff and the resources to have dedicated IT professionals or security functions, let alone the capacity to respond to an incident without help," she said. "Our adversaries also know this." Australian businesses of all sizes should develop and practise incident response plans to avoid data theft, she said, and should refrain from paying ransoms demanded by criminals if possible to avoid being re-targeted. The Australian Cyber Security Strategy, launched in November 2023, is due to be updated by 2026 to address a broader range of cyber security investments, and a public consultation will be launched in the coming months.
Perth Now
23-05-2025
- Business
- Perth Now
Australia must prepare for Hollywood-style cyber attack
Australia has yet to suffer a critical, Hollywood-style cyber security incident, according to the nation's top online cop, but our defences are being tested and criminals grow in number. The rate of cyber attacks against Australian businesses may also be higher than statistics indicate, she warned as small businesses continue bearing the brunt of financial losses. National Cyber Security Co-ordinator Lieutenant General Michelle McGuinness issued the warnings at the AusCERT Cyber Security Conference on the Gold Coast on Friday, while also promising public consultation to inform future online safety policies. The event has drawn 900 delegates and comes a month after large superannuation firms were targeted in a co-ordinated online attack and less than a year after 12.9 million Australians had private information stolen in the Medisecure hack. Despite a growing number of attacks on large Australian organisations including healthcare, telecommunications and legal firms, Lt Gen McGuinness told the audience none had damaged the nation's critical infrastructure or had a lasting impact. "Australia has seen the dark side of significant cyber incidents such as Optus, Medibank, Latitude Financial, HWL Ebsworth, Ramsay Health Care and Medisecure (but) we are actually yet to see a catastrophic cyber incident with impacts across multiple critical infrastructure sectors," she said. "We must continue to evolve and thrive to ensure that those scenes we see in Hollywood never actually eventuate." The most recent high-profile cyber attack in which criminals stole $750,000 from 10 AustralianSuper accounts had been the result of a "credential-stuffing attack", Lt Gen McGuinness confirmed, involving criminals using passwords leaked from another data breach. Financial losses from the attack were "relatively small" but aimed at a large financial market, she said, and should serve as a reminder for all parties to bolster online defences. The Annual Cyber Threat Report released in November found Australian cyber crime reports grew by 12 per cent in 2024 and the cost of attacks to individuals grew by 17 per cent to an average of $30,700. Cyber crime's cost to businesses fell by eight per cent according to the report, but Lt Gen McGuinness said the true cost of online crime was likely to be significantly higher given most Australian businesses were categorised as small and lost an average of $49,600 per incident. "These businesses don't have the staff and the resources to have dedicated IT professionals or security functions, let alone the capacity to respond to an incident without help," she said. "Our adversaries also know this." Australian businesses of all sizes should develop and practise incident response plans to avoid data theft, she said, and should refrain from paying ransoms demanded by criminals if possible to avoid being re-targeted. The Australian Cyber Security Strategy, launched in November 2023, is due to be updated by 2026 to address a broader range of cyber security investments, and a public consultation will be launched in the coming months.
Dubai Eye
04-04-2025
- Business
- Dubai Eye
Hackers compromise 20k Australian pension funds in cyber attacks
Hackers targeting Australia's major pension funds in a series of coordinated attacks have stolen savings from some members at the biggest fund and compromised more than 20,000 accounts in A$4.2 trillion (AED 10.3 trillion) retirement savings sector. National Cyber Security Coordinator Michelle McGuinness said in a statement she was aware of "cyber criminals" targeting accounts and was organising a response across the government, regulators and industry. It was still unclear how many pension funds and members were affected. AustralianSuper, the country's largest fund managing A$365 billion (AED 893 trillion) for 3.5 million members, confirmed that up to 600 member passwords had been stolen to access accounts and commit fraud. "We took immediate action to lock these accounts and let those members know," AustralianSuper's Chief Member Officer Rose Kerlin said, urging all members to check their online balances. Four AustralianSuper members had a combined A$500,000 (AED 1.2 million) drained from their balances and transferred to other accounts that did not belong to them, according to the source, who was not authorised to speak publicly about the matter. AustralianSuper did not respond immediately to a request for comment. Australian Retirement Trust, the second-largest fund managing A$300 billion (AED 688 billion) for 2.4 million members, said it had detected "unusual login activity" affecting "several hundreds" of accounts. It locked impacted accounts as a precaution, though there were no suspicious transactions or changes made. Rest Super, the default industry pension fund for retail workers, with A$93 billion (AED 213 billion) of assets under management, said it suffered an attack that impacted around 20,000 accounts, or around one per cent of its two million members. "Over the weekend of March 29-30, 2025, Rest became aware of some unauthorised activity on our online Member Access portal," Rest CEO Vicki Doyle said. "We responded immediately by shutting down the Member Access portal, undertaking investigations and launching our cyber security incident response protocols." Insignia Financial, which manages A$327 billion (AED 750 trillion), said a "malicious third-party" attempted to access online pension accounts on its Insignia Financial Expand platform. There had been no financial impact at this stage to members, an Insignia spokesperson said. Hostplus, which has more than 1.8 million members and A$115 billion (AED 264 billion) under management, also confirmed it suffered an attack. A spokesperson said no member losses had occurred but that it was still investigating the extent of the incident. Prime Minister Anthony Albanese said he had been briefed about the hacks and said there would be a "considered" response from government agencies in time. He added that such attacks were a "regular issue" in Australia, with one occurring every six minutes. Australia's largest not-for-profit hospital and aged care provider St Vincent's Health, private health insurer Medibank and telecom Optus have all suffered major breaches. The government in 2023 committed A$587 million (AED 1.3 billion) to fund a seven-year strategy to improve the cybersecurity of citizens, businesses and agencies.
Yahoo
04-04-2025
- Business
- Yahoo
Hackers strike Australia's largest pension funds in coordinated attacks
By Christine Chen SYDNEY (Reuters) -Hackers targeting Australia's major pension funds in a series of coordinated attacks have stolen savings from some members at the biggest fund, according to a source with knowledge of the matter, and compromised more than 20,000 accounts. National Cyber Security Coordinator Michelle McGuinness said in a statement she was aware of "cyber criminals" targeting accounts in the country's A$4.2 trillion ($2.63 trillion) retirement savings sector and was organising a response across the government, regulators and industry. It was still unclear how many pension funds and members were affected. AustralianSuper, the country's largest fund managing A$365 billion for 3.5 million members, confirmed that up to 600 member passwords had been stolen to access accounts and commit fraud. "We took immediate action to lock these accounts and let those members know," AustralianSuper's Chief Member Officer Rose Kerlin said, urging all members to check their online balances. Four AustralianSuper members had a combined A$500,000 drained from their balances and transferred to other accounts that did not belong to them, according to the source, who was not authorised to speak publicly about the matter. AustralianSuper did not respond immediately to a request for comment. Australian Retirement Trust, the second-largest fund managing A$300 billion for 2.4 million members, said it had detected "unusual login activity" affecting "several hundreds" of accounts. It locked impacted accounts as a precaution, though there were no suspicious transactions or changes made. Rest Super, the default industry pension fund for retail workers, with A$93 billion of assets under management, said it suffered an attack that impacted around 20,000 accounts, or around 1% of its 2 million members. "Over the weekend of 29-30 March 2025, Rest became aware of some unauthorised activity on our online Member Access portal," Rest CEO Vicki Doyle said. "We responded immediately by shutting down the Member Access portal, undertaking investigations and launching our cyber security incident response protocols." Insignia Financial, which manages A$327 billion, said a "malicious third-party" attempted to access online pension accounts on its Insignia Financial Expand platform. There had been no financial impact at this stage to members, an Insignia spokesperson said. Hostplus, which has more than 1.8 million members and A$115 billion under management, also confirmed it suffered an attack. A spokesperson said no member losses had occurred but that it was still investigating the extent of the incident. Prime Minister Anthony Albanese said he had been briefed about the hacks and said there would be a "considered" response from government agencies in time. He added that such attacks were a "regular issue" in Australia, with one occurring every six minutes. Australia's largest not-for-profit hospital and aged care provider St Vincent's Health, private health insurer Medibank and telecom Optus have all suffered major breaches. The government in 2023 committed A$587 million to fund a seven-year strategy to improve the cybersecurity of citizens, businesses and agencies. ($1 = 1.5995 Australian dollars)
Yahoo
04-04-2025
- Business
- Yahoo
'Weak' security on super funds as some see $0 balance
People seeing a zero-balance in their retirement funds and those who cannot even check them are being assured their accounts are secure as superannuation managers contact members targeted in a cyber attack. Hackers have targeted hundreds of Australian superannuation accounts from funds managing more than $1 trillion in assets in a coordinated online attack using stolen passwords, with experts warning security needs to be bolstered. Hostplus, Rest, AustralianSuper and Australian Retirement Trust are among those targeted in an attack confirmed on Friday by Australia's National Cyber Security Coordinator Lieutenant General Michelle McGuinness. The nation's biggest fund AustralianSuper said hackers allegedly sought lump sum withdrawals from up to 600 accounts. Its more than 3.4 million members are struggling to log in amid high call-centre traffic and intermittent outages to online services, but some who have been able to gain access have been warned they will not like what they see. "Even though you may not be able to see your account, or you are seeing a $0 balance, your account is secure," the fund said, assuring members it is a temporary glitch. "We are working hard to resolve is as quickly as possible," it said. Cybersecurity expert Matthew Warren said multi-factor authentication, requiring uniquely generated codes in addition to entering a password, needs to be implemented for every customer. "This major cyber attack clearly highlights the weak authentication measures implemented by the Australian superannuation industry," the director of RMIT's cybersecurity centre said. Insignia Financial, which oversees brands including MLC and IOOF, said about 100 accounts on its Expand platform had been targeted, but no financial impact to customers had been detected. Rest said 8000 accounts may have had personal information accessed but no member funds were transferred. "We have already contacted impacted members to reinstate their account access and provide next steps and support," it said. While some targeted accounts were not breached, the Association of Superannuation Funds of Australia revealed "a number of members" had funds stolen and would be contacted. The attack took place on the weekend, and follows rising reports of online security threats in Australia with a cyber crime reported every six minutes. Superannuation and banking firms were working with government agencies to respond to the attack, Lt Gen McGuinness said. Superannuation funds are urging members to check for signs of fraud, ensure banking and contact details are correct, and change passwords if they are not unique to their account. The superannuation industry association also confirmed members' funds had been stolen. "While the majority of attempts were repelled, unfortunately a number of members were affected," the group said in a statement. It is believed that attackers were targeting accounts that could deliver lump sum withdrawals. Government agencies would investigate, Prime Minister Anthony Albanese said, warning online attacks had become common. "There is an attack, a cyber attack in Australia about every six minutes," he said. The Australian Signals Directorate Annual Cyber Threat Report in 2024 revealed cyber crime reports had increased 12 per cent, with an average of 100 calls per day to the Australian Cyber Security Hotline.
