Security Breach – 2 June 2022

Dark Web Monitoring

Security Breach – 2 June 2022

When you’re looking to trim security spending you may ask yourself if you really need some services like dark web monitoring. Changing times have made some security measures less important than they used to be, but dark web monitoring isn’t one of them. These days, it’s not a nice-to-have, it’s a must-have. Bad actors have access to much more data than they used to, increasing the chance that your organisation’s credentials or other sensitive data are exposed. Growing exposure means growing risk and growing danger – making keeping an eye on potential trouble from the dark web a smart move for every organization.

A combination of world events has contributed to a sea change in the cybercrime landscape. Thanks to economic pressures and technological evolution, the dark web is still quickly growing, with more people using the dark web regularly these days than ever before. As of May 2022, the dark web counts just over 3 million active users per day, up from about 1.5 million in January 2020. Some of that growth can be directly attributed to the rise of the Cybercrime-as-a-Service economy, with more skilled cybercrime specialists available for hire than in prior years. That makes it easy for cybercrime groups to conduct more operations than in the past.

Recent Breaches

Australia – Spirit Super

Exploit: Phishing

Risk to Business: Severe: Spirit Super has announced that a cyberattack caused by an employee falling for a phishing message is the cause of a cyberattack that has led to data exposure for an estimated approximately 50,000 member records from 2019/2020. The company said that the incident was quickly mitigated, and the damage contained, with new security measures added.

Risk to Exploited Individuals: Severe: Spirit Super says that the information potentially exposed includes client names, addresses, ages, email addresses, telephone numbers, member account numbers and member balances. The company was quick to assure members that the exposed data doesn’t include dates of birth, government identification numbers or any bank details. 

Customers Impacted: Unknown

Australia – National Disability Insurance Scheme

Exploit: Supply Chain Risk

Risk to Business: Severe: A client management system provided by a service provider and used by the National Disability Insurance Scheme (NDIS) has exposed sensitive data. The system was maintained by CTARS, a Sydney-based software and analytics provider for the disability and care sectors. NDIS disclosed that an unauthorized third party had gained access to its systems on May 15, 2022.

Risk to Exploited Individuals: Severe: NDIS says that personal information relating to patients may have been exposed including details of the diagnoses, treatment, or recovery of a medical condition or disability. Other data possibly compromised includes Medicare and pensioner cards, as well as tax file numbers.

Customers Impacted: Unknown

Talk to a TCT team member today about implementing cyber security and phishing training plan for your staff.

Robert Brown

Follow us on LinkedIn: 

Related Articles:
The Rise in Supply Chain Cyberattacks
Phishing Attack Trends in 2022