Big 4 banks caught up in HWL Ebsworth hack

Of the four, NAB is the only bank that has confirmed that its data had been exposed after hackers from the ALPHV (also known as BlackCat) threat group behind the attack posted online that it had stolen data from it.

“We are aware that HWL Ebsworth, a law firm engaged by NAB for some legal services, has been impacted by a cyber attack,” said a spokesperson from the bank.

The bank added that while data contained by HWL Ebsworth may have been compromised, its own systems remain safe.

“NAB’s systems were not impacted and remain secure. We are working with HWLE as they continue to get more information in relation to the content of these matters,” the spokesperson said.

The other three banks have all said that they are working alongside HWL Ebsworth to determine exactly what data had been exposed and if any of their customer’s data was at risk.

“ANZ is aware of the HWL Ebsworth (HWLE) cyber incident. ANZ’s systems have not been impacted,” ANZ said in a statement.

“ANZ is a client of HWLE for some legal matters.

“We are working with HWLE and others to understand and address the potential exposure, and we will directly contact those employees and customers who may have been impacted and need to be notified.”

The big four banks join several other major institutions as victims of the hack, with over 40 government agencies and departments including several bodies and authorities on cyber safety such as the Office of the Australian Information Commissioner (OAIC) and the Australian Federal Police (AFP) having been affected.

According to CyberCX’s director of cyber intelligence and public policy, Katherine Mansted, attacking high-profile targets such as major organisations and government is in line with ALPHV’s threat pattern of “big game hunting”.

“They’re one of the most prolific threat actors in Australia and have been for some time since they first emerged on the scene,” she told The Australian Financial Review.

“We have observed them compromise at least 14 Australian organisations and a lot of those are in the professional services sector.

“It’s been quite deliberate about the targets that it attacks; professional services in a sector that ALPHV assesses as having some pretty sensitive information that it can hold at risk.”

Ms Mansted added that ALPHV was the first threat group observed posting stolen data on the public internet rather than the dark web, in an effort to maximise the harm caused by exposing stolen data.

While ransomware demands are currently unknown, HWL Ebsworth has said that it is refusing to pay the hacking group what it’s asking.

“We take our ethical and moral duties to the community very seriously. We consider we have a fundamental civic duty to not, in any way, encourage or be seen to condone the criminal activity of extorting money by taking and threatening the publishing of other people’s data,” the law firm told ABC.

“The privacy and security of our client and employee data remains of the utmost importance. We acknowledge and understand the impact this may have and we are communicating closely with our clients.”

The Australian government has been ramping up cyber protections amid a flurry of high-profile attacks in recent months, including the Latitude attack.

On Friday (23 June), the government appointed the nation’s first cyber security coordinator as part of its efforts to make Australia the most cyber secure nation in the world.

The appointment of Air Vice-Marshal Darren Goldie was signed off by the federal cabinet on Tuesday (20 June). The newly appointed coordinator will be part of Home Affairs and has the backing of a National Office for Cyber Security within the department.

His new role as cyber security coordinator will see him gain responsibility for coordinating cyber response across government departments.

Australian Prime Minister Anthony Albanese has said that the appointment was a “vital component” of the government’s response to the emerging challenge that cyber security and threat actors present as technology develops.

“The coordinator, together with the national office of cyber security within the office of Home Affairs, will ensure that we are well positioned to respond to the opportunities but also the challenges that are there in this digital age,” Mr Albanese said.

“In this role, Air Marshal Goldie will support the minister of cyber security to lead the coordination of national cyber security policy, responses to major cyber incidents, work of whole of government cyber incident preparedness efforts, and, of course, strengthening Commonwealth cyber security capability.”

Minister for Home Affairs and Cyber Security Clare O’Neil said that the former government left the state of cyber security in Australia an “absolute mess” and that the appointment of a cyber security coordinator is a crucial part of the “jigsaw puzzle” that is taking control of the current cyber climate.

[Related: Cyber attack “materially worsened” non-bank lender's bottom line]