October 27-November 2, 2022 | Issue 25 - Counterintelligence and Cyber (CICYBER)
Keanna Grelicha, CICYBER Team
Shachi Gokhale, Editor; Demetrios Giannakaris, Senior Editor
Date: October 27, 2022
Location: Docklands, Australia
Parties involved: Australia; Australian Federal Police (AFP); Medibank; customers; unknown hacker(s)
The event: Medibank, an Australian health insurance firm that holds 3.9 million customers, suffered a breach due to a ransomware attack. The AFP investigated the impact of the attack on Australian national security. The investigation reported that the hackers stole 200 gigabytes (GBs) of data, including personal identifiable information (PII) of former and current customers like first and last names, addresses, phone numbers, dates of birth, Medicare numbers, passport numbers, claims data, and policy numbers. PII relating to claims data includes the locations and medical services of the customers with codes of their procedures and diagnosis.
Analysis & Implications:
The theft of PII will almost certainly negatively impact Medibank’s reputation as a confidential and secured health insurance firm. Former customers will likely take legal action against them, suing the company for its inability to safely store customers' PII, which hackers could use to conduct identity theft or insurance fraud. The potential lawsuits will almost certainly decrease finances, which could likely lead to bankruptcy if Medibank cannot mitigate data loss and ensure PII security.
The ability of unknown hacker(s) to breach Medibank’s systems with a ransomware attack almost certainly indicates that Medibank’s security system has limited defensive protocols. Their systems very likely lack architectural defenses like malware detection software that would almost certainly increase the security of systems and employee accounts from malicious intrusions. Medibank’s process to repair its security will likely determine how additional threat actors will view the organization as an easy target to pursue future cyberattacks to extort the company.
Date: October 28, 2022
Parties involved: Google; Chrome web browser; Avast; security researchers; users; companies
Analysis & Implications:
Google’s decision to publicly report that they are aware of the flaw very likely incentivized more threat actors to exploit the vulnerability before users attempt to update their Chrome servers. The timeframe between detection by the security researchers and Google’s reporting will very likely allow hackers to implement backdoors within the exploited systems and create a persistent presence within targeted networks. Continued attacks will very likely lead to data theft or the input of malicious code within the software applications to exploit in future operations as hackers surf the system and map out the network.
User's reliance on Chrome to update their browsers is almost certainly an uncontrolled aspect of many software applications, posing security concerns for the user's companies. A potential break due to a flaw in a software application will very likely increase the ability of a hacker to persist within the network and likely leave a backdoor in the system to carry out operations on the company, which could likely lead to data theft. Users' lack of vulnerability awareness will almost certainly increase the risk of being targeted in future cyberattacks if they are unaware of a potential breach.
The Counterterrorism Group (CTG)
 Australian Health Insurer Medibank Suffers Breach Exposing 3.9 Million Customers' Data, The Hacker News, October 2022, https://thehackernews.com/2022/10/australian-health-insurer-medibank.html
 Google Issues Urgent Chrome Update to Patch Actively Exploited Zero-Day Vulnerability, The Hacker News, October 2022, https://thehackernews.com/2022/10/google-issues-urgent-chrome-update-to.html