Hackers were interested in Australia long before Medibank and Optus breaches


Optus and Medibank hacks resulted from heightened interest in Australia’s cyberspace, not the other way around.

The last couple of months were ripe with news about successfully breached Australian companies. First, Optus, Australia’s second-largest telecoms provider, was hit, with millions losing passport and driver’s license numbers.

Several days later, Australia’s largest telecommunications company Telstra said that details of 30k of the company’s staff members were leaked.

IT services provider Dialog, Australia’s largest health insurance company Medibank Private, and Woolworths subsidiary in Australia, MyDeal, all experienced cyberattacks in the weeks after. Cybercriminals may have compromised a dataset from ForceNet, Australia’s defense e-communications platform.

While a handful of consecutive hacks against established brands could signal an elevated interest in Australian companies, Alex Hamerstone, advisory solutions director at cybersecurity firm TrustedSec, thinks that’s hardly the case.

“Many organizations are breached every day, and most will never be the main story on the news,” Hamerstone told Cybernews.

“Threat actors go where they can make money. An organization such as Optus has a great deal of information about people, and this information can be used for further attacks against other people and organizations,”

Hamerstone said.

Prosperity invites criminals

A report from the Australian Cyber Security Centre (ACSC) published last week shows that the organization has received 76,000 cybercrime reports, 13% more than last year.

The report covers a period from July 2021 to June 2022, meaning the number of cyberattacks grew even before major hacks started dominating Australian headlines.

ASCS report also says that ransomware “remains the most destructive” form of cybercrime as both organizations and their customers often are affected by ransomware attacks. It is estimated that hundreds of thousands of Australians lost their personal information due to the double extortion tactics.

Interestingly, ASCS noted that prominent ransomware groups continuously target Australia, especially the so-called ‘big game’ organizations that have a high profile, high value, or provide critical services.

Optus, Medibank, and other recent hacks are a fitting conclusion to a developing story about threat actors targeting large Australian businesses for a prolonged period of time.

Hacks breed breaches

It’s not uncommon for a large breach to entice threat actors to a particular geographical location. After the record-breaking leak from the Shanghai National Police (SHGA) came about, researchers noted inflated interest in China-based data leaks on hacking forums.

The observed uptick was so great that some veteran forum users complained the platform would be overwhelmed by the newcomers, asking to ban the newbies.

According to Hamerstone, financially motivated threat actors rarely target countries for reasons other than profit. However, fixation on certain geographies may come about due to previous breaches.

“Threat actors go where they can make money. An organization such as Optus has a great deal of information about people, and this information can be used for further attacks against other people and organizations,” Hamerstone said.

Since people often reuse passwords across multiple platforms and websites, a large leak provides threat actors with ammunition to target the specific region, where users exposed in the initial breach reside.

“People are often surprised to learn how organized hacking groups are, and although there are some other motivations for attackers, it is almost always about making money,” Hamerstone explained.