The US and Australia need generative AI to give their forces a vital edge
The emergence of Generative AI (GenAI) represents a groundbreaking advancement in technological evolution, however despite this remarkable progress, a report from the Special Competitive Studies Project raises concerns about the potential transient nature of the United States' current technological edge in this domain. GenAI's transformative capabilities extend across diverse sectors, from revolutionizing gaming experiences to enhancing diagnostic processes in healthcare, underscoring a profound shift in the dynamics of human-computer interaction.
Recognizing the strategic significance, both the United States and Australia are urged to use GenAI's potential to gain lasting advantages in the Indo-Pacific region, facilitated by collaborative initiatives like the AUKUS partnership. Joint endeavours include the deployment of advanced AI algorithms within defence systems, reflecting a concerted effort to capitalize on GenAI's strategic potential.
While progress is evident, fostering deeper collaboration is imperative to mitigate potential disparities in GenAI adoption. This transformative technology holds the promise of revolutionizing military decision-making and operations, demanding substantial investments in personnel and robust defence mechanisms to counter emerging threats.
232k customers affected in Australian telco cyber incident
Tangerine Telecom has issued a statement regarding a cyber incident that has affected the personal data of 232,000 of its current and former customers, spanning a period from June 2019 to July 2023. The breach has resulted in the exposure of sensitive information including full names, dates of birth, mobile numbers, email addresses, postal addresses, and Tangerine account numbers. However, the reassuring aspect is that no critical financial data such as credit or debit card numbers, driver’s license details, ID documentation, banking information, or passwords were compromised, as confirmed by Tangerine in a statement released on February 21.
Australia, UK governments co-sign memorandum of understanding for online safety and security
The recent agreement between Australia and the UK marks a significant step in digital collaboration, demonstrating their joint commitment to combatting online threats and enhancing cybersecurity. Australian Minister for Communications, Michelle Rowland, highlighted their shared focus on online safety, emphasizing the importance of the memorandum of understanding (MOU).
This agreement outlines a structured approach to address various online safety issues, including challenges posed by emerging technologies like AI, combating illegal content, ensuring child safety, and addressing gender-based violence facilitated by technology.
Aligned with both nations' legislative frameworks, the MOU aims to position Australia and the UK as global leaders in digital safety and security, while also promoting innovation and societal advancement. UK Secretary of State for Science, Innovation and Technology, Michelle Donelan MP, expressed optimism about the partnership's potential to tackle digital challenges and seize opportunities in the digital age.
Tax attack: ATO Commissioner says agency handles 4.7m cyber attacks monthly
During his address at the National Press Club in Canberra, ATO Commissioner Chris Jordan discussed the issue of cyber security, revealing concerns about the potential for incidents that have a potentially severe impact on national security. While the focal point remained tax reform, Jordan shed light on the ATO's ongoing battle against cyber threats, particularly highlighting the expected surge in sophisticated fraudulent activities.
Providing context, he disclosed that the ATO faces an average of 4.7 million cyber attacks monthly that target critical components such as websites, services, and infrastructure.
Moreover, Jordan expressed profound apprehension regarding the industrialization of identity theft following significant breaches, recounting instances of nefarious actors leveraging dark web data to swiftly create fraudulent super funds using automated bots. Urging sustained investment and government support, he emphasized the critical need for continuous funding to effectively combat the evolving landscape of cyber threats.
Russian linked to Medibank hack reportedly detained for alleged cyber crimes
A Russian man Aleksandr Ermakov, who was named responsible for the 2022 Medibank hack, has reportedly been detained in Russia over alleged cybercrimes. More than 9 million Medibank customers had their names, birth dates, Medicare numbers and sensitive health information stolen in the 2022 breach, much of which was published on the dark web for sale. In January, the federal government named Mr Ermakov as the hacker responsible for the data breach in January and used new cyber laws for the first time to lay financial sanctions on the Russian national.
Cybercrime experts say it was unlikely Mr Ermakov acted alone in stealing Medibank data, with Australian intelligence linking Mr Ermakov to the hacking syndicate REvil, a Russian cybercrime gang that supplies hacking tools to novices in return for a cut of any ransoms paid.
Beyond the Essential Eight – where to from here?
In the midst of Australia's strides toward advancing its Cyber Security Strategy and engaging in consultations with various industries regarding legislative reforms, Aidan Tudehope addresses an ongoing discourse. This dialogue revolves around the potential replacement of Australia's Essential Eight (E8) cyber mitigation strategies with a novel framework.
The reason for this consideration stems partly from the United States' progression with the Cybersecurity Maturity Model Certification 2.0 program. The E8 framework, initially introduced in 2017, has evolved to encompass four maturity levels, mandating federal agencies to attain at least level Two. While some states, such as Victoria, have established their frameworks, experts caution against dismissing the efficacy of the E8. They argue that its proven effectiveness, international recognition, and adaptability render it a valuable asset in Australia's cyber defence arsenal.
Advocates propose a more iterative approach, suggesting continual refinement of the E8 within a regulatory framework that aims to foster synergy among government agencies and industry clusters, enabling the protection of cyber defences.
Australian information commissioner launches HWL Ebsworth hack investigation
Following a ransomware attack by ALPHV in April 2023, which led to the exposure of millions of documents on the darknet in June, the Office of the Australian Information Commissioner (OAIC) has launched a comprehensive investigation into the 2023 HWL Ebsworth data breach. This breach impacted 65 government agencies, including Home Affairs and the Australian Federal Police. While initial inquiries began in June 2023, the OAIC's latest probe focuses on assessing HWL Ebsworth's handling of personal information security and the efficacy of its notification procedures for affected individuals.
OAIC underscores the potential interventions, including declarations and civil penalties, contingent upon the investigation's findings. This investigative action coincides with the release of the National Office of Cyber Security's Lessons Learned Review on the hack response, emphasizing the imperative for robust cybersecurity measures and swift, effective responses to such incidents.
AFP Commissioner outlines Medibank hacker hunt and impact of sanctions
The Commissioner of the Australian Federal Police used his opening statement before Senate estimates this week to talk up the AFP’s achievements over the last 12 months, particularly its work in investigating the 2022 Medibank hack.
Senior executives affected in largest observed Microsoft Azure data breach
A Microsoft Azure cloud takeover campaign has resulted in the largest data breach ever seen by the platform, compromising hundreds of accounts, including those of executives, according to a new report.