Adsense HTML

Showing posts with label cybersecurity. Show all posts
Showing posts with label cybersecurity. Show all posts

Giving the Government Power to Disrupt

The Surveillance Legislation Amendment (Identify and Disrupt) Bill 2020 has been subject to criticism   It allows the government to hack into computers of people they think are bad people.  Could innocent bystanders be impacted, just like when Microsoft did protective hacking about 8 years ago?  See  https://www.csoonline.com/article/2449572/microsoft-hammers-no-ip-collateral-damage-includes-hacking-teams-legal-malware.html

Details of the Bill are here:

https://www.homeaffairs.gov.au/about-us/our-portfolios/national-security/lawful-access-telecommunications/surveillance-legislation-amendment-identify-and-disrupt-bill-2020

The Law Council has released a 150 page criticism of the Bill.


Take care if you pay the ransom

In response to the proliferation of ransomware attacks over the last five years, a series of United States Executive Orders and statutes have come to include cyberterrorists amongst the list of banned individuals with whom U.S. persons cannot conduct financial transactions.  This impacts payments to cybercriminals for ransomware attacks.

There is a detailed article from a U.S. law firm here, that sets out when payment of a ransom could lead to breach of U.S. law.  See https://www.friedfrank.com/siteFiles/Publications/NYLJ_03.05.21_Kleinman.pdf


Critical Infrastructure Reforms in Australia

The Australian Government is implementing "Critical Infrastructure reforms".  The consultation process for the new laws is being managed by the Critical Infrastructure Centre which is part of the Department of Home Affairs.

The CIC is currently assessing implementation of the governance rules to accompany the to-be-amended Security of Critical Infrastructure Act 2018 (Cth) at a broad, industry-neutral level. The CIC is intending these rules to provide an overview of the role industry will play in self-assessment and self-reporting, with the specific rules and obligations around assessment standards to come from later consultations.


At a high-level, materials made available by CIC set out CIC’s intention for the governance rules including a breakdown of the intention behind specific provisions in the draft Bill.

 

Key points

 

  • The Bill is not anticipated to pass until mid-2021 – while not all industry-specific rules may be finalised at that stage, consultation should be almost complete by then.
  • Consultation with industry is happening on sequential basis – Electricity and Gas sectors are to start consultation in late March/early April 2021, and then other industries will each have a consultation period one after another.
  • The consultation timeline will be quite aggressive – the governance rules are in consultation this week for publication in late March.
  • The obligations will not activate immediately on enactment of the Bill, and are instead taking a ‘switch on’ approach. The CIC is vague on what the triggers for ‘switching on’ will be and it is not clear if it was an industry-wide event, whether it was incident-based or whether it would occur from a certain point.

An Australian Computer Law Journal

The most recent issue of the Journal of the Australian Society for Computers and the Law is available here:  http://classic.austlii.edu.au/au/journals/ANZCompuLawJl/recent.html

This journal includes articles on privacy law and cybersecurity law.

Landmark White data breach court case

About two years ago, Landmark White (a property valuation firm in Australia) was subject to a number of cyber security incidents.  Justice moves slowly.

Landmark White’s cyber security standards will come under the spotlight this week, as the trial kicks off of an IT contractor accused of stealing customer data from the firm and putting it on the dark web.

See https://www.afr.com/property/commercial/landmark-white-data-breach-trial-begins-20210304-p577sx

APRA's cybersecurity strategy

APRA is stepping up its focus on CPS234 in 2021.  This is not a surprise.  The Australian government has a strong focus on cybersecurity (and Defence, and foreign influence).

https://www.apra.gov.au/news-and-publications/executive-board-member-geoff-summerhayes-speech-to-financial-services

Fraudulent Invoice Scams

A Sydney hedge fund has collapsed after a cyber attack saw its trustee and administrator mistakenly approve $8.7 million in fraudulent invoices.  Scammed by a fake Zoom invite.

The scam, the latest in a series of strikes by offshore criminal gangs against Australian fund managers, has also ensnared ANZ after the bank failed to stop almost $800,000 being withdrawn from an account linked to the cyber criminals.

 

https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c

Hacktivist raided

Swiss Hacktivist was raided at the request of U.S. authorities for data theft and then publishing what was hacked. https://amp.9news.com.au/...