Hackers’ next target revealed after Optus and Medibank attacks

Companies storing sensitive personal data have been warned to tighten their security with an expert revealing what motivates online attackers and where they will likely strike next.

The black market for stolen information has been thrust into the spotlight following aggressive data theft from Optus and Medibank over the past two months and smaller businesses becoming victims of hacks.

As a result, the Albanese government launched a joint taskforce involving the Australian Federal Police and the Australian Signals Directorate to “hack the hackers” and disrupt cyber attacks before they begin.

It comes after millions of Australians had their privacy breached in recent cyber attacks on Optus, Medibank and other companies.

Cybercriminals stole sensitive health and financial data which was put up for sale on the black market and can be used for ransom, blackmail or fraud.

CyberCX intelligence and public policy director Katherine Mansted said cybercriminals often have “no morals” and strike where they think they can make money.

Katherine Mansted Portrait — Cyber CX intelligence director Katherine Mansted says essential services like hospitals and schools are a common target for cyber attacks. Gary Ramage Credit: News Corp Australia

“Often organisations that have suffered a breach in the past and had their credentials leaked, maybe those credentials are for sale and cyber criminals will look for that information,” Ms Mansted said.

Just some of the motivations for cyber criminals in determining the price of ransom money include “deep pockets” or a need to continue operations.

Ms Mansted said this is why criminals often target organisations which have “really sensitive information”.

They also target organisations which run “critical operations” such as hospitals or electricity companies who keep lights on in schools.

“If there is something important to disrupt, they could be extorted to pay,” Ms Mansted said.

A disturbing trend observed by cyber security experts is the use of the “clear web” to publish data which has been stolen in attacks.

Unlike the dark web, this information could be accessible to anyone using the internet simply conducting a Google search.

Stolen data from the Optus and Medibank hacks were published on the clear web in an attempt to extort the companies.

STOCK INSURANCE — The sensitive health records of Medibank customers were leaked online in November by a ransomware gang with Russian links. Paul Jeffers Credit: News Corp Australia

But despite how easily the information could be views, Ms Mansted said downloading and exploiting the information is illegal.

She warned law enforcement would come after parties responsible for operating the websites where the stolen data was published.

“Unfortunately we do have these websites that are available on the clear web, but I would be very nervous if I was the founder or host of one of these websites,” Ms Mansted said.

“Law enforcement around the world has taken them down in the past and there’s nothing to say these websites will be around for a long time, and I’m very hopeful that we will see more successful activity for law enforcement to stop the deluge of data breaches posted online at the moment.”

The Australian Prudential Regulation Authority on Monday said it had “intensified” its supervision of Medibank and other companies who were failing to meet the authority’s standards for data protection.

APRA executive Suzanne Smith said businesses had to ask themselves four questions: whether they knew what data they were holding, the location it was stored in, whether it was safe and whether they needed to retain it.

“Recent cyber-attacks reinforce the need for ongoing vigilance and focus by boards on operational resilience,” Ms Smith said.

“Cyber security is a highly significant risk area for all regulated entities and we remind banks, insurers and superannuation funds to remain vigilant in order to protect their beneficiaries and the Australian community.”