Rewterz Threat Update – Optus, Australia’s Second Largest Telecom Firm, Suffered A Cyber Attack

Severity

High

Analysis Summary

One of the largest Australian telecom company, Optus, reported a data breach attack in which threat actors gained access to both current and former client data.

With around 10 million users, Optus is Australia’s second-largest telecom provider and a subsidiary of Singapore-owned Singtel.

“Following a cyberattack, Optus is investigating the possible unauthorised access of current and former customers’ information.” 

In a press release on Thursday, Optus stated that the breach resulted in the theft of an undefined number of customer names, dates of birth, phone numbers, email addresses, addresses, and identification document numbers, such as those on a driver’s licence or passport. Payment information and account credentials were not compromised in the attack.

Messages and phone calls have not been compromised, and neither have Optus services like mobile or home internet. Optus services continue to be safe to use and run normally.

Details of the security breach were not made public by the company.

Optus promptly shut down the attack after discovering it. According to them, they are collaborating with the Australian Cyber Security Centre to reduce customer risks. Optus has also informed the Australian Federal Police, the Australian Information Commissioner, and other critical regulators.

They conclude the announcement with,

 “Optus has also notified key financial institutions about this matter. While we are not aware of customers having suffered any harm, we encourage customers to have heightened awareness across their accounts, including looking out for unusual or fraudulent activity and any notifications which seem odd or suspicious.” 

They also mentioned customers are recommended to consult trustworthy sources in order to assist prevent against fraud.

Impact

• Information Theft

Recommendations

• Patch – Patch and upgrade any platforms and software timely and make it into a standard security policy. Prioritize patching known exploited vulnerabilities and zero-days.
• Secure Coding – Along with network and system hardening, code hardening should be implemented within the organization so that their websites and software are secure. Use testing tools to detect any vulnerabilities in the deployed codes.
• 2FA – Enable two-factor authentication.
• Antivirus – Enable antivirus and anti-malware software and update signature definitions in a timely manner. Using a multi-layered protection is necessary to secure vulnerable assets
• Passwords – Ensure that general security policies are employed including: implementing strong passwords, correct configurations, and proper administration security policies.
• Admin Access – limit access to administrative accounts and portals to only relevant personnel and make sure they are not publicly accessible.
• WAF – Web defacement must be stopped at the web application level. Therefore, set up a Web Application Firewall with rules to block suspicious and malicious requests.