Australia faces risk of 'leakware' attacks

By Dylan Bushell-Embling
Thursday, 14 November, 2019

Australia could be at risk of a new type of ransomware attack facing public sector networks in which attackers threaten to publish confidential citizen data online.

So said Dr Roberto Musotto, Research Fellow in Cybersecurity and Law at the Edith Cowan University School of Business and Law and at the Cyber Security Cooperative Research Centre.

In an article for The Conversation, Musotto detailed a ransom attack on Johannesburg’s computer network by a hacker group known as Shadow Kill Hackers.

The attack incorporated an emerging style of attack known as leakware, in which attackers threatened to upload stolen sensitive data online unless a ransom was paid.

In this case, attackers claimed to have gained access to finance and personal population information, and threatened to leak it online, destroy it and reveal how they executed the breach if the city did not pay four bitcoins — the equivalent of over $52,000 — in ransom.

While Johannesburg decided not to pay the ransom, it is unknown whether the data has been released, Musotto said.

“The attack suggests cybercriminals will continue to experiment and innovate in a bid to defeat current prevention and defence measures against leakware attacks,” he said.

“The latest Johannesburg attack was the second leakware attack of this type ever recorded, and a similar attack could hit Australia soon. And although our current cyber-attack defences are more advanced than many countries, we could be taken by surprise because of the unique way leakware operates.”

Traditional methods of coping with ransomware, such as keeping meticulous backups, cannot mitigate the risk of stolen data being released online.

In addition, if government bodies do elect to pay the ransom, there is nothing stopping cybercriminals from going back on their words and monetising the stolen personal information.

Musotto said already in Australia, 81% of Australian companies that experienced a cyber attack were held at ransom, and 51% of these paid. But paying only tends to increase the likelihood of future attacks, both on the victim and on other organisations.

Image credit: ©stock.adobe.com/au/kaptn

Information Technology Professionals Association (ITPA) is a not-for-profit organisation focused on continual professional development for its 18,700 members. To learn more about becoming an ITPA member, and the range of training opportunities, mentoring programs, events and online forums available, go to www.itpa.org.au.