In this post, the three major cyber threats facing businesses impacted by the Optus breach of September 2022 are discussed. Security responses for each threat are also mentioned to help you reduce the potential of these risks developing into breaches.
1. Business Email Compromise
Business Email Compromise (BEC) is a type of email scam where a cybercriminal, pretending to be an employee, sends an email to colleagues requesting sensitive internal information. Sophisticated hackers could further compromise business emails caught up in the Optus data breach so that these fraudulent messages appear to be coming directly from them. Less sophisticated hackers could still conduct launch this attack, creating a new email that follows a similar convention to the one involved in the Optus breach.
Cybercriminals performing such an attack depend upon recipients being too busy or distracted to notice the subtle differences between such emails. This ideal state of mind is encouraged by composing fraudulent emails with an extreme sense of urgency.
Here’s an example of such a BEC attack from an email purporting to come from the CEO (a cyberattack known as CEO fraud).
Headed to [name of state] for an urgent meeting with a huge potential client. My credit card is maxed out so I need you to transfer $5,000 to my account to cover the trip.
I can’t miss this meeting so I need the money NOW!
Here are my account details:
[cybecriminal account details]
The objective of a BEC attack could be to trick employees into transferring funds into a cybercriminal account or to gain internal network credentials to gain unauthorised access to a corporate network.
Here’s an example of a CEO fraud campaign aiming to steal corporate network credentials. These emails tend to be highly intimidating to ensure all measure of good judgment is overpowered by the crippling fear of disappointment.
Can’t log into the f**king network, and I have a meeting in 2min!
I need to log in with your details. Send me your credentials, and let me know the 2fa code that comes through.
How to Protect your Business fom BEC Attacks Following the Optus Data Breach
The best strategy for avoiding business email compromise is through education. Advise all of your staff of the high likelihood of a BEC attack or general attacks, given that employee credentials, were compromised in the Optus breach.
Advise your staff not to respond to suspicious email requests before confirming the legitimacy of internal emails through trusted internal communication tools like Slack.
Also, ensure your company communication policy addresses the proper practice of disclosing sensitive information. For example, you could stipulate that the CEO will never request or discuss payment transfer details via email and that such communications should be instalty flagged as suspicious.
Business email compromise can also be prevented if stolen credentials from the Optus cyberattack are detected on criminal forums before cybercriminals have a chance to compromise them. This is best done with UpGuard’s credential leak detection solution.
2. Phishing Attacks
Phishing attacks are similar to business email compromise attacks. In a phishing attack, a hacker sends a fraudulent email to an employee purporting to be from a trusted source, such as a known supplier, customer, or law enforcement entity.
Because phishing attacks purport to be communications from external parties, they cannot be as upfront as business email compromise attacks and ask for money transfers or corporate credentials. These attacks have another method of stealing data - they direct recipients to fraudulent websites and trick them into submitting corporate credentials into a very convincing login page.
An example of a phishing attack workflow is as follows:
- An employee receives an email from a supplier querying an invoice error. The email contains a link to view the invoice.
- The employee clicks on the email link.
- A web page appearing like a Google Gmail sign-in page loads.
- Assuming that they were logged out of their account, the employee submits their credentials to log into what they assume to be Gmail again.
- The employee's username and password is sent to the attacker.
Sophisticated phishing attacks are very difficult to identify. Here’s a comparison of a fraudulent and real Gmail login form:
Hackers can create very convincing fraudulent log in pages for just about any business. Here’s an example of a fraudulent login page for the Commonwealth Bank.
If a cybercriminal is aware of your internal security solutions, they could compile a fraudulent network login page to steal internal network credentials.
See how your organization's security posture compares to Optus'.
How to Protect Your Business from Phishing Attacks Following the Optus Breach
Businesses in Australia that have been impacted by the Optus breach are almost guaranteed to be either directly or indirectly targeted by a phishing attack, with each method requiring a unique set of security measures.
Security measures for defending against phishing attacks include:
- Educating staff about phishing attacks and how to report them.
- Warning staff of the high likelihood of being targeted in phishing attacks
- Implementing Multi-Factor Authentication (ideally adaptive MFA) across all login portals - this will make it much harder for unauthorised users to gain access to your network.
- Implementing a credential leak detection solution that shuts down email leaks before they’re targeted in phishing attacks.
3. Third-Party Breaches
A little-known cyber threat resulting from associations with the Optus data reach is the threat of third-party breaches. A third-party breach is when an organisation suffers a data breach through a compromised third-party vendor. When these attacks occur via vendors in the supply chain, they are known as supply chain attacks.
Your organization is at risk of suffering a third-party breach if one of your vendors was compromised in the Optus cyberattack. Your third-party vendors are potential gateways to your sensitive resources, either through shared data resources or internal integrations. An example of such a potential attack vector can be found in the very same event elevating your risk of suffering a third-party breach - the Optus cyberattack.
A cybercriminal gained access to Optus’ customer database by exploiting an unsecured API - a communication interface facilitating data transfer between a business and other software services.
How to Protect Your Business from Third-Party Breaches Following the Optus Breach
To reduce the potential of suffering a third-party breach, all of the security risks associated with your vendors need to be addressed. This is best achieved with a Vendor Risk Management program.
Vendor Risk Management is the practice of detecting, assessing, and remediating the cybersecurity risks of all third-party vendors. At a high-level, VRM programs achieve this objective through a four-stage lifecycle.
- Risk assessments - Risk assessments or security questionnaires are routinely sent to vendors to assess data breach risks and security risks resulting from compliance gaps.
- Remediation planning - With the support of risk assessment data, a remediation plan is created where vendor risks are addressed in order of security criticality.
- Ongoing monitoring - Addressed security risks and emerging security risks are continuously monitored with an attack surface monitoring solution.
- Security posture improvement - The impact of vendor risk remediation efforts is tracked against security rating systems based on 70+ common attack vectors, allowing you to track cybersecurity posture improvements across all vendors.
More Posts about the Optus Data Breach: