NewsBite

Exclusive

Medibank hack: New Aussie plan to stop Russian, Chinese cyber criminals

Australia is looking at new ways to stop becoming a “lucrative target” for Russian and Chinese criminals in the wake of the Medibank saga. See what’s afoot and what you can do now.

Medibank risks multi-million dollar loss

Exclusive: Internet Service Providers will be forced to block nefarious online threats from Russian and Chinese cyber criminals before their scams hit our shores under a plan being considered by the Federal Government.

And Australian companies could be banned from paying ransoms to hackers, with fears such payments are promoting the country as a “lucrative target” to cyber criminals.

As well as increasing fines for companies who suffer data breaches, the Federal Government is also now looking into setting minimum cyber security standards for critical infrastructure used by telcos, health providers or the nation’s own government departments.

Home Affairs and Cyber Security Minister Clare O’Neil said the Medibank and Optus data hack crisis had shown Australia was “playing catch up” and has instructed her agencies to look at multiple options to stop the relentless cyber assaults.

Home Affairs and Cyber Security Minister Clare O’Neil says Australia needs to “react and plan” for this.
Home Affairs and Cyber Security Minister Clare O’Neil says Australia needs to “react and plan” for this.

The Federal Government’s cyber security strategy 2020-23 runs out next year and is being significantly overhauled to be “more ambitious” in outlook in tackling one of the great threats of our time.

The Minister revealed Russian crime gangs “sitting in office blocks for whom this is their day job” are designing software packages that are then onsold to other criminal networks allowing them to hack into data bases around the world.

It is believed hundreds of millions “if not billions” of attempted hacks are carried out on Australian companies each month.

Conservatively it is estimated more than $30 billion a year is lost to the Australian economy from cyber crime.

“We have to react and plan for this new landscape which is essentially the future of crime, it is online,” Ms O’Neil said.

“I think Optus and Medibank are game changers for the nation … the information revealed is an unbelievable threat to Australians”.

$1.7 billion wiped from Medibank's market cap

Authorities investigating the Medibank data leak – which has impacted all 3.9 million members of the health insurer – have established a criminal stole the log in credentials of a senior staff member and sold them to a hacker on an online Russian-language forum.

The initial theft was simple, most probably through a malicious malware email, but was on-sold to a more sophisticated criminal network that spent some time inside the Medibank system with a software tool to harvest vast amounts of data to then use in the extortion bid.

While coy on the cyber strategy reboot, Ms O’Neil confirmed one issue being looked at was a “clean pipes” program where internet service providers (ISPs) – of which there are six major ones in Australia – are mandated to offer customers security as a default, automatically blocking malicious websites and malware.

This would be done at the “landing point” of the 95 per cent of the data that is transmitted into Australia via undersea cables.

ISPs would be forced to run software blocking known malicious or phishing data before it reaches people’s online accounts.

Telstra is currently believed to be the only ISP providing clean pipes – an analogy for water utilities providing clean drinking water – and would be a policy switch from the current onus and burden on the individual customer or business.

“We are looking at the role of infrastructure providers in literally blocking nefarious data that comes into Australia because in Australia we have a limited number of ways in which that data can come into the country, limited number of undersea cables that can bring data into Australia and they are run by a small number of provider,” Ms O’Neil said.

“It will be whether we can do more on the entry and exit of data coming into the country. This is the sort of discussion (being had).”

An option of outlawing the paying of ransoms – which anecdotally the government’s Australian Cyber Security Centre experts believe are “quite common” – was also being reviewed. While not reported, it is understood via legal firms and insurers that most attacks are on small to medium-sized firms.

“The only way you are going to do that (stop fraud) is if you have a regulation that says you can’t pay ransoms and it is enforced,” Australian Strategic Policy Institute (ASPI) International Cyber Policy Centre director Fergus Hanson said.

“That would, in a matter of months, stop the whole market because the unfortunate reality is they (criminal hackers) will just go to a place where they do pay ransoms because at the end of the day they are just running a business and just want to get money. If Australian companies are not paying they will go elsewhere.”

Ms O’Neil said looking at the role of law enforcement was also important, with discussions on whether financial cyber crime was being adequately resourced and tackled by authorities.

She said Russian gangs were targeting Australia in the same way they were other countries and greater international collaboration “in shutting them down” was required.

She has held talks with Five Eyes intelligence partners – Canada, New Zealand, the United Kingdom and the United States – already about this.

“We are in Australian I think playing a bit of catch up to how professionalised and focused these criminals have become,” Ms O’Neil said.

“It is very challenging, it is very hard because vulnerabilities are everywhere and these criminals are roaming around networks trying to find them and we’ve got to get better to fight them off,” she said.

WHAT TO DO IF YOU ARE A MEDIBANK HACK VICTIM

  • Replace your Medicare card, which can be done online through MyGov.
  • If you believe there’s been unauthorised activity using their Medicare number, they can call Service Australia’s Scams and Identity Theft Help Desk.
  • Change your email account passwords. Make sure you have strong passwords that you haven’t used for other accounts.
  • If you are concerned that your identity has been compromised or you may have been a victim of a scam, contact your bank immediately and call IDCARE on 1800 595 160.
  • Secure your devices and monitor their devices and accounts for unusual activity, and ensure you have the latest security updates.
  • Enable multi‑factor authentication for all accounts.
  • Be alert for scams referencing Medibank Private.
  • All Medibank and ahm customers can contact their cyber response hotlines by phone (for ahm customers 13 42 46 and for Medibank customers 13 23 31) or visit the information page on the website for any updates.
  • Customers can also speak to Medibank’s mental health professionals 24/7 over the phone for advice or support around mental health or wellbeing (1800 644 325).
  • Use a Medibank cybercrime customer support package set up for affected customers (it includes financial support, access to specialist identity protection advice and resources from IDCARE, free identity monitoring services for customers who have had their primary ID compromised and reimbursement of fees for reissue of identity documents)
  • You can also contact the Office of the Australian Information Commissioner

Originally published as Medibank hack: New Aussie plan to stop Russian, Chinese cyber criminals

Add your comment to this story

To join the conversation, please Don't have an account? Register

Join the conversation, you are commenting as Logout

Original URL: https://www.heraldsun.com.au/truecrimeaustralia/medibank-hack-new-aussie-plan-to-stop-russian-chinese-cyber-criminals/news-story/1105c1c13167a5306660f40823aa6e92