iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
The Tasmanian government has said that the cyber attack it was affected by last week has not led to any data being compromised.
The state’s government, which is a user of the GoAnywhere third-party cloud service, said that it was not aware of any data being stolen or accessed by criminals but that, in the future, could change.
“We understand no information has been provided or has been released,” said the Tasmanian Science and Technology Minister Madeleine Ogilvie.
“However, that is not to say things might not change in the future.”
Ogilvie added that the government would not say what information could have been accessed in any way, or what departments were affected.
“One of the last things we want to do is let the hackers have information that they want, perhaps to enliven them at this stage,” she said.
“So sadly, for all of us, this process is ongoing. It is unfortunate, it is difficult, but it is a new world order.
“Hackers are out there; it is a national, international problem.”
The GoAnywhere breach occurred last week, affecting a potential 130 companies, including Rio Tinto, Crown Resorts, and Meriton.
The attack was conducted by a group called Clop ransomware, which conducted the attack over a 10-day period, with the first breach occurring on 30 January.
Fortra, the company that owns the GoAnywhere platform, has said that it has deployed several measures to prevent the breach from developing further.
“We immediately took multiple steps to address this, including implementing a temporary outage of this service to prevent any further unauthorised activity, and sharing mitigation guidance, which includes instructions to our on-prem customers about applying a developed patch,” it said.
Fortra’s communication has been heavily criticised by cyber security experts, who have said that the company needed to communicate more openly and faster to assist security teams.
“To prevent further evolvement of a supply chain attack, it is crucial for the first victim in line to communicate openly and in detail about what happened,” said Dirk Schrader, vice-president of security research at Netwrix.
“It helps other links in this chain to be prepared for an upcoming threat and minimises possible damage. It is likely that the current attack was accelerated due to details about this zero-day not being disclosed in a timely manner.”
Cyber Security Connect reached out to Fortra for comment on the criticism, to which it reiterated the actions it had taken listed earlier.
In addition, it said: “We coordinated with CISA to add information about this vulnerability to their CVE catalog to broaden the reach of information about this issue.
“We are taking this very seriously and continue to help our customers implement mitigation steps to address this issue.”
Be the first to hear the latest developments in the cyber industry.
