勛圖厙桴

MyDeal data breach points to deeper cyber issues: Expert

MyDeal.com.au, a subsidiary of the Woolworths Group, has become the latest company targeted in a string of cyber attacks across Australia with millions of customers details exposed.

“…a compromised user credential was used to gain unauthorised access to its Customer Relationship Management (CRM) system, ” said Woolworths in a statement.

Woolworths acquired a majority stake in MyDeal in September.

It is the third breach at a major Australian company in the last month after Optus data breach and Medibank network disruptions.

A cyber-security expert who is closely watching the recent developments says there are growing concerns about the cyber preparedness of Australian businesses in the increasingly challenging cyber security landscape.

“Cyber risks pose a very real threat to Australian businesses and economy. Even small unsophisticated attacks as we have seen over the past weeks can have overarching implications and costs, cascading to physical, psychological, emotional, financial or reputational harm”, says Elmin Selay.

The expert also dismisses concerns that Optus, Medibank and MyDeal cases might be connected or coordinated, saying “they have their own distinct hallmarks, but the coincidence just highlights how rapidly cyber risks are evolving”.

According to him, “a compromised credential attack” Woolworths cited is “when a malicious actor uses an authorized users login credentials to gain access to otherwise protected networks, data or systems”.

In plain English, this means login information such as the username and password of a privileged account such as of a manager or system administrator is exposed to unauthorized entities.

Attack vectors could be phishing, an infected or stolen computer, unrevoked access of a former employee, unpatched vulnerabilities, unsecured hardware or improperly disposed of hard drives, weak or repeating password practices, stored secrets in application or source codes etc..

Almost always there is a human factor to blame in this kind of cyberattacks, he added.

“Although unrelated, as in Optus data breach, this case points to deep-rooted cyber issues, particularly improper or lacking access control and cybersecurity policies and procedures in Australian businesses.

Unfortunately, an effective detection of compromised credentials is easier said than done. It’s too late to undo what has been done. That’s why we usually talk about cyber resilience, proactive defense and robust processes to anticipate and preempt cyber threats, manage and mitigate risks, and therefore minimize their impact if they do occur.

For instance, multi-factor authentication (MFA) is one of the low hanging fruits to neutralize a compromised credentials attack, or at least make it significantly more difficult. To put simply, it means one set of credentials, such as the username and password, if compromised, is not sufficient to login to a privileged account. The attacker must pass another layer of authentication, such as a code sent to the mobile phone.

It is important that businesses that handle or store sensitive customer data have proper cybersecurity processes, especially a proper identity and access management (IAM) mechanism to manage and monitor access privileges and entitlements of users where a particular staff member is granted only the system permissions required to perform a task, he added.