Paying the Toll for cyber attack
Logistics giant Toll Group says a new variant of ransomware forced it to shut down its IT systems, leading to days of missed deliveries.
Toll Group says it has been hit by a new variant of ransomware, forcing the company to shut down its IT systems leading to days of missed deliveries and lost parcels.
The logistics giant said the in a statement on its website that it was hit by a malicious breach, and that it was working to restore functionality to its systems.
“We can confirm the cyber security incident is due to a targeted ransomware attack which led to our decision to immediately isolate and disable some systems in order to limit the spread of the attack,” Toll said on its website.
"The ransomware that has affected Toll is a new variant of the Mailto ransomware. We have shared samples of the relevant variant with law enforcement, the Australian Cyber Security Centre, and cyber security organisations to ensure the wider community is protected.
"There continues to be no indication that any personal data has been lost as a result of the ransomware attack on our It systems. We continue to monitor this as we work through a detailed investigation."
Darren Hopkins, Partner at McGrathNicol Advisory, told The Australian that the original ransomware variant has been known since early 2019 and it is common now for attackers to customise the malware they use in order to avoid detection by simple antivirus software.
"When ANU released its report on the attack on the university last year the attacker in that event altered the signatures of more common malware to avoid detection. In was also noted in the report that the ANU published that the custom malware was created on actual ANU servers and then deployed from there," he said.
Mr Hopkins added that organisations need to consider a layered approach to security that includes controls to defend against attacks and systems to detect incidents in real-time.
"It is not known yet what Toll group had in place to defend against this type of attack and they have advised that samples of the new malware were sent to the ACSC for analysis, he said.
"The ACSC provides all organisations with guidance on how to defend against various cyber risks and they clearly call out ransomware. They have outlined the ASD Essential Eight mitigation strategies to help organisations reduce the risk of ransomware attacks."
Corey Nachreiner, Chief Technology Officer at WatchGuard Technologies, said that the sophisticated threat actors launching many of these targeted attacks seem to be breaching networks using presumably stolen, privileged user credentials before loading any ransomware.
"In that case, they use this privileged access along with legitimate internal management tools to disable and bypass security controls in order to install the ransomware," he said.
"The general public still doesn’t know exactly how Toll’s attackers got the ransomware into their system, but if it’s similar to other targeted attacks we’ve seen globally, the best way to protect your organisation, and any remote services you use, is to use secure authentication best practices and a multi-factor authentication solution, along with advanced behaviour-based anti-malware services.
"Toll won’t be the last victim of this type of targeted ransomware attack this year, so now is the best time to shore up your defences."
Google dumps diversity hiring targets
The tech giant joins a growing list of US companies to get rid of diversity, equity and inclusion programs, citing it wanted to create more ‘equal opportunities’.
Google kills diversity hiring targets
The tech giant is eliminating goals to hire more minority employees and reviewing DEI programs, part of a pullback across Silicon Valley.