We’re back again with your summary of May’s biggest cyber news. From a cyber attack against a major Australian graphic design platform, to conflicting reports that say our government agencies are both world leaders in security, and highly vulnerable to attacks. It’s been an interesting month to say the least.
Australian Graphic Design Website Suffers Data Breach
Canva, a Sydney-based site that provides graphic design tools, has announced that it discovered a data breach on the 24th of May. A hacking group known as GnosticPlayers has taken credit for the attack, and it claims to have stolen data from around 139 million Canva users.
The data is alleged to include names, usernames, email addresses, location and password hashes. The passwords were hashed and salted with bcrypt, so it is unlikely that the attackers will be able to access them, but those who were affected should still change their passwords to be safe.
GnosticPlayers has become a renowned cybercriminal gang in the past year. According to ZDNet, it claims to have stolen over one billion sets of credentials from 45 companies since February.
Victorian Patient Data Is Vulnerable to Attacks
The state’s public health system has significant flaws, leaving it vulnerable to attacks that could expose patient data, according to a report released by Victoria’s auditor-general Andrew Greaves.
The auditor-general’s report investigated Barwon Health, the Royal Children’s Hospital, the Royal Victorian Eye and Ear Hospital, as well as the Digital Health and the Health Technology Solutions branches of the Department of Human Services.
Among the findings, the report stated that these organisations have password management and access control issues, problems with physical security, and that employees have limited awareness about data security.
Because of these flaws, the investigation concluded that “Victoria’s public health system is highly vulnerable to the kind of cyberattacks recently experienced by the National Health Service (NHS) in England, in Singapore, and at a Melbourne‐based cardiology provider, which resulted in stolen or unusable patient data and disrupted hospital services.”
During the audit, penetration testers breached the security of all four agencies and accessed patient data. This is extremely worrying, because it means that hackers may also be able to access the sensitive details of patients.
If attackers steal patient healthcare data, it can be used in identity theft, bank fraud and other cybercrimes, which can be devastating to victims and hard to recover from. The report made a number of recommendations to improve overall security, including taking a more proactive approach, implementing new defences and improving employee cybersecurity training.
Report Finds Australian Public Sector Is a Global Leader in Cybersecurity
A report from Dimension Data put Australian Government organisations at the top of the list when it comes to worldwide global cybersecurity practices. This comes as a surprise, especially considering the conflicting report from Victoria’s auditor-general above, as well as general pessimism about the country’s cyber defenses.
The report found that the Australian Government was “consistently above the average benchmark across all measured capabilities.” It was rated 2.92 out of five for cyber maturity, compared to a global public sector average of 1.45.
Perhaps it’s best to view the results as a condemnation on the rest of the world, rather than praise for the Australian Government’s approach to security. Just this year, Parliament and the major political parties fell victim to attacks. It’s clear that both Australia and the rest of the world still have a long way to go when it comes to defending themselves against the latest cyber attacks.