Kaspersky Lab hacked; TPG's iiNet could raise prices; Adobe breached Privacy Act


By Andrew Collins
Tuesday, 16 June, 2015


Kaspersky Lab hacked; TPG's iiNet could raise prices; Adobe breached Privacy Act

Security vendor Kaspersky Lab has revealed that it was the victim of an advanced cyber-intrusion earlier this year, one that affected several of the company’s internal systems.

“The attack was carefully planned and carried out by the same group that was behind the infamous 2011 Duqu APT attack,” the company said. “Kaspersky Lab believes this is a nation-state sponsored campaign.”

The company emphasised that the attack was particularly advanced, saying that it left almost no trace.

“The attack exploited zero-day vulnerabilities and after elevating privileges to domain administrator, the malware is spread in the network through MSI (Microsoft Software Installer) files which are commonly used by system administrators to deploy software on remote Windows computers. The cyberattack didn’t leave behind any disk files or change system settings, making detection extremely difficult,” a statement from the company said.

Kaspersky said that other victims of the attackers have been found in countries in the West, the Middle East and Asia.

“Most notably, some of the new 2014-2015 infections are linked to the P5+1 events and venues related to the negotiations with Iran about a nuclear deal. The threat actor behind Duqu appears to have launched attacks at the venues where the high-level talks took place,” the company said.

According to Kaspersky, the primary goal of the attack that hit its systems was to acquire information on the company’s newest technologies.

However, the firm stressed that the information accessed by the attackers “is in no way critical to the operation of the company’s products”.

“Besides intellectual property theft, no additional indicators of malicious activity were detected,” the firm said. “Kaspersky Lab is confident that its clients and partners are safe and that there is no impact on the company’s products, technologies and services.”

More information on the attack is available at the Kaspersky’s Securelist website and in this PDF from the company.

TPG’s iiNet acquisition could raise prices: ACCC

The ACCC has released its preliminary view on TPG’s proposed acquisition of iiNet, saying that the purchase may lead to higher prices and degraded customer service in the retail fixed broadband market.

This declaration of a preliminary view is part of a Statement of Issues the ACCC released last week regarding the purchase. The ACCC is looking into whether the acquisition would substantially lessen competition in the market for the supply of retail fixed broadband services.

“The proposed acquisition would combine two of the five largest suppliers of fixed broadband in Australia. The ACCC is exploring the extent to which the acquisition of iiNet will reduce competition by reducing the likely competitive tensions in respect of pricing, innovation and service quality,” ACCC Chairman Rod Sims explained.

The ACCC said that its preliminary view of the proposed acquisition is that it “may lead to a substantial lessening of competition, potentially resulting in higher prices and/or degradation of the non-price offers available in the [market for the supply of retail fixed broadband services], including customer service”.

However, it added that the acquisition would be “unlikely to raise competition concerns in other markets, including in relation to the supply of wholesale transmission (or backhaul), mobile broadband and voice services”.

The ACCC emphasised that this view is preliminary and doesn’t necessarily represent its final verdict on the matter.

The ACCC is asking for submissions from interested parties in response to its Statement of Issues. Submissions are due by 2 July 2015.

The Statement of Issues is available on the ACCC website.

Adobe breached the Privacy Act: Privacy Commissioner

The Australian Privacy Commissioner has declared that Adobe (specifically, Adobe Systems Software Ireland Pty Ltd) breached the Privacy Act 1988 by failing to adequately protect customer information from a cyberattack that occurred in late 2013.

The attack affected at least 38 million Adobe customers around the globe, including more than 1.7 million Australians, according to the Office of the Australian Information Commissioner (OAIC).

The Privacy Act stipulates that organisations must take reasonable steps to protect the personal information they hold from misuse and loss and from unauthorised access, modification or disclosure.

The Commissioner, Timothy Pilgrim, said that Adobe breached the Privacy Act by failing to take reasonable steps to protect all of the personal information it held.

The OAIC report on the Commissioner’s investigation into the incident said: “While Adobe generally took a sophisticated and layered approach to information security and the protection of its IT systems, it failed to implement consistently strong security measures across its various internal systems.”

According to the OAIC’s report, the Commissioner recommended that Adobe improve its password protection, network security and access security, and that it regularly review its data security processes.

The OAIC noted that since the breach occurred before 12 March 2014, the Privacy Commissioner’s powers to resolve the investigation were limited to making recommendations.

The Commissioner’s report can be read in full at the OAIC website.

Image courtesy David Orban under CC

Related Articles

Is the Australian tech skills gap a myth?

As Australia navigates this shift towards a skills-based economy, addressing the learning gap...

How 'pre-mortem' analysis can support successful IT deployments

As IT projects become more complex, the adoption of pre-mortem analysis should be a standard...

The key to navigating the data privacy dilemma

Feeding personal and sensitive consumer data into AI models presents a privacy challenge.


  • All content Copyright © 2024 Westwick-Farrow Pty Ltd