ARN provides a weekly wrap of the phishing scams, malware attacks and security breaches impacting organisations across Australia.
This week, cloud-based human resources (HR) software provider PageUp revealed its systems were compromised following a malware infection, with local companies tapping into the provider's service temporarily clamping down on its use.
PageUp revealed that its clients' data may have been compromised after the company detected "unusual activity" in May.
On 5 June, the Australia Post advised that it was writing to all employees whose applications had come through the system since it began using PageUp to let them know how the potential breach may affect them.
PageUp informed customers that details such as name and contact details of users could have been breached as well as usernames and passwords. However, passwords were encrypted, the company said.
Australia Post revealed that the information that may have been breached is extended in the case of successful applicants, and would have included personal information such as bank details, tax file number and superannuation details, diversity information, emergency contact information, conditions of offer and employment and other details.
Telstra advised it had suspended the use of PageUp services while the investigations into the issue takes place.
"This includes all current recruitment activity that has not been progressed past a written offer being placed on hold," the telco said in a blog post on 6 June.
On the same day, iTnews revealed that several others had temporarily suspended their work with PageUp including Aldi Australia, Coles, Commonwealth Bank, Jetstar, Macquarie Group, Medibank, NAB, Programmed, Queensland Rail, Scentre Group, Suncorp, Target, the Tasmanian Government and the University of Tasmania.
Moving to the ransomware threat landscape, Watchguard Technologies revealed the results of a survey conducted during the CeBit conference, held in Sydney on 15 May.
According to the survey's findings, 21 per cent of Australians have suffered a ransomware attack. Watchguard surveyed 245 attendees revealing that 31 per cent were uncertain if they had been hit by ransomware.
The survey also found that 45 per cent of Australians know of an organisation which has been a victim of a ransomware attack.
"What started as a few high-profile attacks caused by a handful of malware variants has developed into a virulent threat landscape in which increasingly unskilled attackers are able to execute highly effective ransomware campaigns against organisations of all sizes and levels of complexity," Watchguard Technologies A/NZ regional director Mark Sinclair said.
"This latest survey data would suggest that the only way in which consumers and businesses will be able to stay one step ahead is to maintain comprehensive visibility and automated mitigation capabilities across their network so that everyday attacks can be instantly detected and blocked before causing any damage.”
On 7 June, email filtering company Mailguard identified a phishing scam aiming to access recipients' login details to their work PCs.
The message asked recipients to click on a link in order to validate their email. According to Mailguard, the link points to a fake email login page asking for name, email address and password of recipients.
By collecting the login information, attackers can gain access to the recipients email account and use it to send out scam messages to third parties.
