Following a spate of cyber attacks with victims ranging from Australia's health sector to WA Premier Mark McGowan, it has been confirmed one of Australia's leading logistics and transport companies was recently in the sights of a ransomware extorsion.
After suspicious activity on its IT systems, early last week Melbourne-based Toll Group confirmed it was the victim of a cyber attack involving ransomware known as 'Nefilim'.
IT systems were shut down once the attack was detected to mitigate the risk of further infection, and Toll notes it has refused from the outset to engage with the attacker's ransom demands.
This approach is consistent with the advice of cyber security experts and government authorities.
Investigations have found the attacker accessed at least one specific corporate server, which Toll clarifies is not designed as a repository for customer operational data.
However, the server in question does hold information relating to some past and present Toll employees, as well as details of commercial agreements with some of the group's current and former enterprise customers.
Toll is now in the process of identifying the specific nature of that information that was downloaded, and it is aware the attacker is known to publish stolen data to the dark web.
The company has notified and is working with the Australian Cyber Security Centre (ACSC) and the Australian Federal Police (AFP).
Toll Group managing director Thomas Knudsen (pictured) says the company has been the victim of an "unscrupulous act".
"We condemn in the strongest possible terms the actions of the perpetrators. This a serious and regrettable situation and we apologise unreservedly to those affected," he said.
"I can assure our customers and employees that we're doing all we can to get to the bottom of the situation and put in place the actions to rectify it."
Given the technical and detailed nature of the analysis in progress, Toll expects it will take a number of weeks to determine more details.
The company has begun contacting people it believes may be impacted, and is implementing measures to support individual online security arrangements.
Knudsen says cyber crime poses "an existential threat for organisations of all sizes, making it more important than ever for business, regulators and government to adopt a united effort in combatting the very real risk it presents the wider community".
Study shows remote working leaves Australian companies vulnerable to attacks
New research from YouGov for CrowdStrike has found Australian businesses believe there are increased cyber risks in the new remote work reality, but only half have provided additional training for their staff to learn how to avoid threats while they work from home.
From February to March alone there was a 100-fold increase in COVID-19 themed malicious files. Yet, survey results show that 62 per cent of workers are using personal devices to conduct business transactions, while 92 per cent believe that their devices are secure against cyber threats while working from home.
Other survey findings show:
- Almost half (47 per cent) of Australian business decision makers surveyed think their business is more likely to experience a serious cyber crime during the Covid-19 situation than it did previously.
- Despite this concern, only half surveyed have provided any additional cybersecurity training on the risks associated with working from home.
- 38 per cent of business decision makers surveyed think their devices are "very" secure, but there is a clear split between those working remotely more often (46 per cent) and those working remotely around the same as before the COVID-19 situation (28 per cent).
"Threat actors have always taken advantage of newsworthy events to launch their attacks on organisations, and with COVID-19 they are preying on the public's fear and desperation for information," says CrowdStrike chief technology officer Michael Sentonas.
"CrowdStrike intelligence shows a significant increase in COVID-19 themed threat activity, posing serious risks for companies of all sizes, especially when you consider the current remote work reality."
Sentonas says the fact that only half of senior business decision makers acknowledge this risk, combined with a lack of training for employees and an over-confidence in the security of devices, means Australian businesses could be hit by an attack at the worst possible time.
"It's vital that businesses have the cybersecurity in place which protects them and their staff from these threats - no matter what device they use or where they are working," he says.
Business News Australia
Help us deliver quality journalism to you.
As a free and independent news site providing daily updates
during a period of unprecedented challenges for businesses everywhere
we call on your support