Optus cyber attacks: New scams could dupe victims for a second time
HOW THE OPTUS CYBER ATTACK COULD INSIGHT NEW SCAMS ON VICTIMS
By Nadine Morton for The Canberra Times
The ramifications of the Optus cyber attack with never really go away, a cyber security expert warns.
The data breach left almost 10 million Australians hugely vulnerable, and on Tuesday 10,000 customer records were shared on the dark web.
Hackers called for Optus to pay a $1.5m ransom or 10,000 new records would be released daily. The telco told ACM it did not pay the ransom.
The main concern for Professor of cybercrime, cyberwar and cyberterror at University of NSW, Richard Buckland, is that with millions of Optus customers on alert, it is easy for other scammers to take advantage.
"There's so much publicity and they [Optus customers] know it's in the news, so they wouldn't be too surprised to get an email from Optus," he said.
Other scammers could now send you an email purporting to be from Optus.
Prof Buckland warned the telco's customers to be aware of identity theft risks and derivative attacks.
Derivative attacks are when innocuous information can be pieced together to commit a crime. It could lead to your social media accounts being hacked, your email password being reset, and your credit cards or driver's licence being reported stolen.
Prof Buckland said email addresses are often used to reset accounts, and hackers know this.
"You can leverage some information with other information," he said.
In an age of artificial intelligence, cybersecurity expert Professor Katina Michael, said data can be retained as "training datasets" used for the development of future AI algorithms.
You can leverage some information with other information.
- Richard Buckland, Professor of cybercrime, cyberwar and cyberterror at UNSW
"[This can] create new threat vectors and ultimately breach security defences of organisations and government agencies," she said.
"Data can also be used to reidentify de-identified personal data, including highly sensitive data like health and financial information, toward bringing once disparate data sources together."
