Follow us

The CrowdStrike/Microsoft outage naturally dominated headlines in July. It will likely have a short-term impact on the insurance market and the cybersecurity market more generally – a market in which one player notably decided to go it alone, after Wiz rejected Google’s takeover offer.  

Before Minister Tony Burke assumed responsibility for the cyber security portfolio, Minister Clare O’Neil foreshadowed a new bill that would mandate the disclosure of ransom payments if passed. Earlier in the month, the Prime Minister announced a government partnership with AWS to build a new TS Cloud, but it appears the government is otherwise making slow progress against public sector targets in the 2023 – 2030 Australian Cyber Security Strategy.

ASIC announced an information sharing partnership with the OAIC, ACMA accepted an enforceable undertaking from Telstra, and the ASD made waves issuing advice about malicious activities pursued by a group known to be linked to China’s Ministry of State Security.

Internationally, US telco AT&T announced that an arrest has been made following a significant third-party breach impacting its customer data, and a security firm unwittingly hires a hacker. The King’s first speech of the new UK government introduced two technology and cyber bills, while new cybersecurity laws covering critical infrastructure are proposed in Hong Kong.

The cyber incidents that made headlines around the world in July are linked below:


CrowdStrike/Microsoft outage

Was your business disrupted by the CrowdStrike/Microsoft outage in July? Our article, available here, will help you understand your legal position and mitigate cyber risk going forward.

 

Podcast: Cross Examining Cyber with Abigail Bradshaw

Watch out for our next episode of ‘Cross Examining Cyber’, dropping here soon. In Episode 8, we will talk with Ms Abigail Bradshaw, Head of the Australian Cyber Security Centre (ACSC). 

You can catch up on past episodes in our podcast series here. In our ‘Cross Examining Cyber’ series, we explore all things cyber, including the legal, regulatory and policy developments that impact corporates in Australia and around the world. We speak to the people who are shaping the legal and regulatory environment, who are on the front line, raising cyber resilience and protecting our clients from cyber incidents. Recent episodes include interviews with Dr Marcus Thompson, Andrew Penn, Bill Siegel and Hamish Hansford.

 

Cyber risk survey

Thank you to those who participated in our Cyber Risk Survey for 2024. We are collating the results and look forward to sharing our Cyber Risk Survey Report in September at the 2024 Financial Review Cyber Summit.


Government revamps cyber security leadership in ministerial shake-upIT News 28 July 2024

Prime Minister Anthony Albanese has appointed Tony Burke as Australia’s new Minister for Home Affairs and Minister for Cyber Security. Minister Clare O’Neil has been appointed Minister for Housing. The Prime Minister announced that Andrew Charlton MP will serve as a special envoy for cyber security and digital resilience.

 

‘Limited progress’ on public sector cyber uplift since strategy Innovation Australia – 31 July 2024

The Department of Home Affairs confirmed it has made limited progress implementing three of the five actions focused on uplifting public sector cybersecurity, in response to questions from Liberal Senator and shadow cybersecurity minister James Paterson in the last round of Senate estimates. The Department also advised that actions relating to sovereign cybersecurity capabilities have also made “limited progress [or have] yet to be commenced”.

 

Cyber ransom payments will need to be disclosed by businesses under new lawsABC News – 30 July 2024

The Australian government will soon introduce a bill which would require Australian entities to disclose cyber extortion payments. The no-fault regime is intended to reveal to policy makers the scale of payments being made. The bill is also expected to include standards for "Internet of Things" devices.

 

ASIC and OAIC sign information sharing MoU to accelerate data and privacy breach responsesASIC19 July 2024

A memorandum of understanding has been signed between ASIC and the OAIC, allowing for the sharing of data and privacy breach information for the purpose of exercising powers or performing functions. According to ASIC, the approach contemplated by the MoU will help protect public interests efficiently and effectively.

 

Telstra penalised $1.5m for scam rule breachesACMA – 17 July 2024

The Australian Communications and Media Authority (ACMA) fined Telstra $1,551,000 for failing to perform required customer ID authentication processes, leaving customers vulnerable to scams. While ACMA did not find any evidence of direct loss, ACMA emphasised that customers need to be able to trust that their accounts are being protected from fraud. ACMA accepted a two-year enforceable undertaking from Telstra, committing it to an external review and to make improvements where necessary.  

 

Government agencies issued with directives to eliminate foreign vulnerabilitiesAustralian Government Department of Home Affairs 9 July 2024

Three protective security directions have been made under the Protective Security Policy Framework, to manage risks to the Commonwealth. The directions include a requirement for ‘Australian government entities to identify indicators of foreign ownership, control or influence risk as they relate to procurement and maintenance of technology assets’, a requirement for ‘Australian government entities to identify and actively manage the risks associated with vulnerable technologies they manage’, as well as a requirement for ‘Australian government entities using threat intelligence sharing platforms to share cyber threat information with the Australian Signals Directorate.’

 

Australian Government partners with Amazon Web Services to bolster national defence and securityAustralia Government Department of Defence – 4 July 2024

The federal government has announced a new partnership with Amazon and the ASD to establish a purpose-built, sovereign TS Cloud in Australia. At least AU$2 billion will be invested over the next 10 years, to bolster Australia’s cyber capabilities. The TS Cloud builds on AWS’s planned AU$13.2 billion investment in Australian infrastructure to 2027.

 

Mandatory AI and automated risk reviews to land in QueenslandIT News – 4 July 2024

The Queensland public sector will soon be subject to both internal assessments and external reviews designed to evaluate and mitigate risks specific to their use of artificial intelligence and automated decision-making. The mandatory framework is expected to be released in the coming weeks.


What keeps Australia’s critical infrastructure boss up at nightGovernment News – 25 July 2024

Addressing the “Tech in Government” conference delegates in Canberra, the Deputy Secretary of Cyber and Infrastructure Security Group within Department of Home Affairs, Hamish Hansford, outlined that the CrowdStrike incident on 19 July highlighted existing challenges with cyber risk ownership, supply chain management, a protective security policy landscape marred by complexity and overlap, and interdependent risk.

 

Insurers’ losses from global IT outage could reach billionsFinancial Times – 23 July 2024

The CrowdStrike outage is believed to have affected over 8 million devices running Microsoft Windows. Claims under policies are expected for business interruption and system outages, as well as liability claims. Analysists at Jefferies argued that the incident acted as a ‘proof of concept’ for the value of cyber insurance, and Aon suggested the incident may become the most important cyber insurance loss event since the NotPetya malware attacks of 2017.

 

North Korean Hackers Shift from Cyber Espionage to Ransomware AttacksSwap Update – 25 July 2024

A North Korea-linked threat actor with a history of carrying out espionage campaigns, has been observed carrying out financially-motivated attacks involving ransomware. APT45, which overlaps with names such as Andariel, Nickel Hyatt, Onyx Sleet, Stonefly, and Silent Chollima, has been frequently observed targeting critical infrastructure, such as the Kudankulam Nuclear Power Plant in India in 2019. Mandiant has commented that APT45 may be carrying out financially-motivated cyber crime “not only to support of its own operations but to generate funds for other North Korean state priorities”.

 

Japan, US and Australia join forces for first information warfare eventCyber Daily – 17 July 2024

Sailors and officers from the Royal Australian Navy, the United States Navy, and the Japanese Maritime Self-Defense Force (JMSDF) gathered in Sydney for a cyber defence exercise, Exercise Blue Spectrum – the first such exercise since the signing of the memorandum of the JMSDF-US Pacific Fleet-Royal Australian Navy IW Cooperation in April 2024.

 

Labor under pressure to confront China over hackingAustralian Financial Review9 July 2024

The ASD published new advice about the activities of APT40, accusing the group of sustained attacks on Australian networks. According to the ASD, APT40 is a People’s Republic of China state-sponsored cyber group. APT40 is also known as Leviathan, TEMP.Periscope, Kryptonite Panda and Gingham Typhoon. China has firmly rejected the accusations.


Security Firm Accidentally Hires North Korean Hacker, Did Not KnowBe4Dark Reading – 26 July 2024

KnowBe4, a security firm which provides security awareness and training, has discovered that a new hire was in fact a fake IT worker from North Korea. Suspicious activity on the software engineer's workstation was detected shortly after it was received. KnowBe4 believes that no data has been lost, compromised, or exfiltrated. An FBI investigation is underway.

 

Cyber-security firm rejects $23bn Google takeover BBC News – 23 July 2024

Wiz has rejected a US$23 billion offer from Google’s parent company, Alphabet. In an internal memo to staff, Wiz founder and chief executive Assaf Rappaport advised that the company would instead continue along the path to pursuing an IPO and targeting US$1 billion in revenue. Had it been accepted, the transaction would have been Google’s largest-ever acquisition.

 

AT&T reveals arrest made following April cyberattackCyber Daily18 July 2024

AT&T announced that threat actors downloaded data pertaining to nearly all its 114.5 million customers from a third-party platform in April 2024. It was reported that records of calls and text messages were compromised. AT&T reported making a US$370,000 extortion payment and, within days, announced that law enforcement had made at least one arrest in connection with the attack.

 

The first King’s speech of the new Government sets economic growth as its most pressing priority – Tech UK 17 July 2024

In the first King’s speech of the new UK Government, two pieces of technology-related legislation were introduced: the Cyber Security and Resilience Bill and the Digital Information and Smart Data Bill. The Cyber Security and Resilience Bill is intended to strengthen the UK’s cyber defences to protect and secure critical infrastructure and digital services. Notably, the Bill contemplates expanding incident reporting obligations including in relation to ransomware attacks.

 

Key computer system operators to be kept confidential under proposed cybersecurity law, security chief says – Hong Kong Free Press – 2 July

Hong Kong’s Security Bureau is launching a public consultation, with a view to introducing the Protection of Critical Infrastructure (Computer System) Bill into the Legislative Council in 2024. The regime is expected to cover eight sectors: energy, information technology, banking and financial services, land transport, air transport, maritime, communications and broadcasting, and healthcare services.

 

US healthcare organisation fined nearly US$1 billion over 2017 ransomware incidentCyber Daily5 July 2024

Heritage Valley Health System has been fined US$950,000 for HIPAA violations following investigations by the United States Department of Health and Human Services in the wake of a ransomware attack on the healthcare provider in 2017. Amongst other things, it was determined that Heritage Valley had failed to conduct a proper risk analysis of the data it was holding and how it was stored, and it did not have a proper contingency plan in place in case of such an attack.

Cameron Whittfield photo

Cameron Whittfield

Partner, Melbourne

Cameron Whittfield
Peter Jones photo

Peter Jones

Partner, Sydney

Peter Jones
Merryn Quayle photo

Merryn Quayle

Partner, Melbourne

Merryn Quayle
Brendan Donohue photo

Brendan Donohue

Senior Associate, Melbourne

Brendan Donohue
Josh Kain photo

Josh Kain

Senior Associate, Melbourne

Josh Kain
Christine Wong photo

Christine Wong

Partner, Sydney

Christine Wong
Kaman Tsoi photo

Kaman Tsoi

Special Counsel, Melbourne

Kaman Tsoi
Marine Giral photo

Marine Giral

Senior Associate, Melbourne

Marine Giral

Key contacts

Cameron Whittfield photo

Cameron Whittfield

Partner, Melbourne

Cameron Whittfield
Peter Jones photo

Peter Jones

Partner, Sydney

Peter Jones
Merryn Quayle photo

Merryn Quayle

Partner, Melbourne

Merryn Quayle
Brendan Donohue photo

Brendan Donohue

Senior Associate, Melbourne

Brendan Donohue
Josh Kain photo

Josh Kain

Senior Associate, Melbourne

Josh Kain
Christine Wong photo

Christine Wong

Partner, Sydney

Christine Wong
Kaman Tsoi photo

Kaman Tsoi

Special Counsel, Melbourne

Kaman Tsoi
Marine Giral photo

Marine Giral

Senior Associate, Melbourne

Marine Giral
Anne Hoffmann photo

Anne Hoffmann

Partner, Sydney

Anne Hoffmann
Laura Newton photo

Laura Newton

Senior Associate, Sydney

Laura Newton
Cameron Whittfield Peter Jones Merryn Quayle Brendan Donohue Josh Kain Christine Wong Kaman Tsoi Marine Giral Anne Hoffmann Laura Newton