Major Australian Law Firm Suffers Cyber Attack: Dark Web Leak Threatens Government Data - One2Call

After a recent & significant escalation of cyber criminal activity in Australia, Russian-linked threat actors, known as the AlphV ransomware gang or "Blackcat", have targeted the major Australian law firm HWL Ebsworth. On the June 8th, the group claimed to have released a substantial 1.45 terabytes of the purportedly 4 terabytes of sensitive business data stolen from the firm in a Cyber Attack early May this year. The nature of the leaked information is still under investigation, with some outlets reporting that the attackers were able to gain access to the businesses server from an employee computer, but the breach is believed to include a wide array of company data such as client documents, financial reports, accounting data, credit card details and employee CVs and IDs.

This recent attack raises concerns due to the high-profile nature of HWL Ebsworth's clientele. Notably, the Tasmanian Government, a client of the firm, may have had its data compromised. The situation is particularly troubling as this marks the second serious data breach faced by the Tasmanian Government this year. Earlier, data linked to the Department of Education, Children, and Young People was compromised via a third-party file transfer service.

Government Response and Concerns

The Minister for Science and Technology, Madeleine Ogilvie, expressed her concerns over the incident. She stressed that the Australian Government is adopting a "nationally coordinated approach" to delve into the far-reaching impacts of Blackcat and other Cyber Security attacks. "This is concerning, and we are working closely with the Australian Government to establish if any Tasmanian information has been impacted," she said. While acknowledging that the investigation might be time-consuming due to the volume of data involved, she reassured the public of swift action and regular updates regarding further developments.

A spokesperson for HWL Ebsworth, in a statement to the ABC, made it clear that the firm will not yield to any random demands from cyber criminals. The firm is currently investigating the data leak and are trying to identify what data might have been published thus far. The spokesperson further emphasised the firm's ethical and moral duties towards the community. "We have a fundamental civic duty to not, in any way, encourage or be seen to condone the criminal activity of extorting money by taking and threatening the publishing of other people's data," they added.

Rise of Ransomware Attacks

The Blackcat cyber criminal group is one of three ransomware groups currently targeting Australia. It operates a "ransomware-as-a-service" business model and has been actively attacking large Australian organisations since late 2021. The incident with HWL Ebsworth is yet another stark reminder of the growing threat that cyber crime poses to governments, businesses, and individuals alike. It underscores the need for comprehensive cyber security solution, incident response plan and coordinated responses to tackle this evolving menace.

Cyber Security Best Practices

One2Call work with businesses across the UK to ensure that their business is secure from cyber attacks that could threaten them. We work to understand your current level of Cyber Security and advise the best solutions to ensure that your business is protected against the latest cyber threats. Our Cyber Security Self Assessment form, which can be downloaded below, covers all of the key pillars of a comprehensive Cyber Security solution such as;

• Active Email Threat Protection: This Monitors your Email for Phishing and Targeted Attacks. Using advanced artificial intelligence tools, it is able to monitor for changes in language, brand impersonation attempts, malicious files, check links for legitimacy and much more.
• Endpoint Detection & Response: Compared to Traditional Signature Based Anti-Virus which can only monitor for known viruses, Endpoint Detection & Response uses Artificial Intelligence to monitor for unusual, suspicious or malicious activity on any of your endpoints/devices and stop it in its tracks.
• Dark Web Monitoring: Do you know what the Dark Web is? Do you know if any of your business account credentials could be available on the dark web for anyone to find and use to access your accounts? Our Dark Web monitoring service scours the Dark Web to find if your details have been leaked and notify us and you, so that we can work with you to help you secure your online accounts.
• Multi-Factor Authentication: MFA/2FA can secure you accounts against unauthorised access, even if your account details have been leaked on the dark web, without your unique 2FA/MFA code malicious threat actors can not access your accounts. We can work with your business to implement Multi-Factor Authentication across your accounts.
• Backups: A strong Backup Policy ensure that your business can recover from data loss or encryption attacks quickly and easily. Cyber Attackers have become smart to businesses using a comprehensive backup solution and in recent years have started to target these as part of their attacks, this is why we have implemented Immutable Backups. These backups are "Read Only" meaning that they can not be deleted or targeted as part of a cyber attack, ensuring that you always have a backup to recover from.
• MUCH more, including; Password Policies, Security Awareness Training, Patch Policy Management, SIEM/Log Management, Mobile Device Management & Security, Firewall & Encryption.