The Patriot Files Forums  

Go Back   The Patriot Files Forums > Military News > DoD

Post New Thread  Reply
 
Thread Tools Display Modes
  #1  
Old 12-18-2021, 10:11 AM
Boats's Avatar
Boats Boats is offline
Senior Member
 

Join Date: Jul 2002
Location: Sauk Village, IL
Posts: 21,784
Cool DOD has a problem - read below

Coles, Westpac, AMP and Department of Defense caught up in ‘significant’ data breach of Finite Recruitment
By: DataBreaches.net - Simon Elvery, Emily Sakzewski, & Matt Liddy Report: 12-18-21
Re: https://www.databreaches.net/coles-w...e-recruitment/

The personal details of job applicants and staff at a range of major Australian companies and government agencies have potentially been exposed in a “significant” data breach and extortion attempt against Australian recruitment company Finite.

Hackers have accessed and released sensitive data that includes resumes, offers of employment, contracts, timesheets and vaccine certificates, with the likely goal of extracting a ransom.

Read more at ABC (AU). This was a Conti ransomware attack. (see below)
-----------------------------------------------------------------------------------------------
Coles, Westpac, AMP and Department of Defense caught up in 'significant' data breach of Finite Recruitment
By: Story Lab / By Simon Elvery, Emily Sakzewski, and Matt Liddy - Posted 22h ago
Re: https://www.abc.net.au/news/2021-12-...-amp/100709232

Key points:

*The group responsible for hacking Finite Recruitment, Conti, was also behind a recent cyber attack on South Australian government employees

* Conti claims to have stolen more than 300 gigabytes of data in this attack

* Cyber experts say the group is ruthless, sophisticated and becoming more brazen

The personal details of job applicants and staff at a range of major Australian companies and government agencies have potentially been exposed in a "significant" data breach and extortion attempt against Australian recruitment company Finite.

Hackers have accessed and released sensitive data that includes resumes, offers of employment, contracts, timesheets and vaccine certificates, with the likely goal of extracting a ransom.

Finite has a long list of major Australian clients, including Coles, Westpac, AMP and the departments of Defense, Health and Home Affairs.

Conti — the same hacking group responsible for the data breach affecting up to 80,000 South Australian government employees disclosed last week — has so far released more than 12,000 files and is threatening to publish more.

A notice posted on the hacking group's website, designed to extract a ransom payment, claims more than 300 gigabytes of data has been stolen, including financials, contracts, customer databases, phone numbers, addresses, passports and a variety of other sensitive personal information.

Onsite - is a link or chart outlining - how much personal data has been secured by Russia.
Russian hackers threaten to release personal information about Australian workers after it hit recruitment company Finite in a ransomware attack.(ABC News)

Finite Recruitment said in a statement sent to the ABC that the data "relates to a one-off cyber incident that occurred back in October", adding that the incident was still being investigated and affected parties would be notified when the investigation concluded.

"We are aware that a small subset of Finite Group's data has been downloaded and published on the dark web," the statement said.

An Australian Cyber Security Centre profile of the hacking group notes that "leaked information is hosted on The Onion Router (TOR) network, enabling greater anonymity to Conti threat actors hosting illicitly obtained material".

However, the group appears to have more recently been posting leaked data on a regular website available to all internet users. The ABC was able to view and access leaked files using a standard web browser.

The data already released includes the personal details of Australians who have sought employment through the firm, including resumes, salary information, reference checks, criminal history checks and visa checks.

What organization's are affected?

A long list of businesses, banks and government agencies were caught up in the leak by way of their ties with Finite, including Westpac, ME Bank, Coles, Adairs, AMP, Suez Australia, NBN Co and the departments of Defense, Home Affairs and Health.

Some of Finite Recruitment's clients contacted by the ABC said they were aware of the leak, while others had not been notified.

A federal health spokesperson said the department used a range of hire firms, including Finite Group APAC Pty Ltd, but did not share "any sensitive or classified data" with those providers.

"The department has not received any correspondence from Finite Group APAC Pty Ltd regarding any security breach or data loss," a spokesperson said.

Coles — which has a service agreement with Finite Recruitment and was listed in the leaked documents — said it was conducting its own investigations into the breach.

"We have engaged directly with Finite to understand what steps they are taking to investigate the incident and to secure their systems, and to assess any impact to Coles contractors or team members," a Coles spokesperson said.

Australian National University — which was also listed in the breach — said in a statement that it had not been informed of this data breach, but added there was nothing to suggest its systems were currently under threat.

The ABC also contacted the departments of Defense and Home Affairs, but neither was able to respond in time for publication. The ABC also reached out to Downer, IBM, AMP, Host-plus and the Australian Cyber Security Centre for comment.

Who is Conti and what do they want?

Conti is a Russian-based criminal organization behind ransomware technologies. In short, they're after money.

Canberra-based cyber security researcher Robert Potter says Conti is a highly professionalized hacking group which uses a variety of well-known tools to gain access to its target's networks before stealing data and seeking a ransom.

Ransomware attacks work by encrypting victims' data, rendering it inaccessible. Groups will then offer to sell the victim a decryption key to re-access that data.

If the victim doesn't give in to the attackers' demands, they can permanently lose access to the data.

Conti affiliates are also known to use a technique known as "double-extortion", which involves threatening to release the stolen data unless payment is made.

Mr. Potter said the group was becoming more brazen and was quite open about who they have targeted in recent times.

He said Conti was increasingly ideological, sometimes using Russian foreign policy talking points, suggesting this might be a tactic to appeal to the people who provide them protection.

"Conti are doing a roaring trade, they're not subtle," Mr. Potter said.

Conti attacks have made headlines before for targeting high-profile organization's, demanding large amounts of money as ransom in exchange for agreeing not to publish full data leaks.

Pro-Draft — a cyber security and intelligence company that monitors incidents of potential cybercrime — said, that since 2020, it had seen data from 567 different companies shared on Conti's extortion site. Pro-Draft also says its teams have noticed a recent surge in Conti attacks.

"Conti has shown itself to be a particularly ruthless group, indiscriminately targeting hospitals, emergency service providers and police dispatchers," the report said.

How much money do they make?

Conti is also offered as a Ransomware-as-a-Service (RaaS). This allows affiliates to use the ransomware as they want, as long as a percentage of the ransom payment is shared with the Conti operators as commission.

Research carried out by Pro-Draft found that, since July 2021, Conti has received more than 500 bitcoin in ransomware payments which, at the time of writing, was worth $32.8 million.

According to Mr. Potter, Conti is sophisticated enough that they take an "almost actuarial approach" to determining ransom amounts, even targeting a dollar value close to what they think an organization's insurance will cover.

Mr. Potter said most Australian organization's hit by ransomware attacks did not pay up, which is the right move.

However, he was aware of at least one large ransom payment from an Australian-based organization targeted by Conti.

-------------------------------------------------------------------------------------------------
Personal note: So much for security once again! Is there nothing that can't
be breached? Are they that much better than we? It seems so. Or there are
too many backdoor entries they entertain? I'm not a geek who deals with
hacking but it seems the world is aware of almost any data they want -
so much for security!
__________________
Boats

O Almighty Lord God, who neither slumberest nor sleepest; Protect and assist, we beseech thee, all those who at home or abroad, by land, by sea, or in the air, are serving this country, that they, being armed with thy defence, may be preserved evermore in all perils; and being filled with wisdom and girded with strength, may do their duty to thy honour and glory; through Jesus Christ our Lord. Amen.

"IN GOD WE TRUST"
sendpm.gif Reply With Quote
Sponsored Links
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On

All times are GMT -7. The time now is 05:30 PM.


Powered by vBulletin, Jelsoft Enterprises Ltd.