#NSBCS.023 - Slots and Bots: The IT Outsourcing Gamble

Cyber Response & Recovery
Written By Shane Bell
#NSBCS.023 - Slots and Bots: The IT Outsourcing Gamble

Source: NSB Cyber

 

Slots and Bots: The IT Outsourcing Gamble

On May 2, 2024, a significant cybersecurity concern emerged when ClubsNSW, a major entity in the club and hospitality sector in New South Wales, announced a potential data breach involving one of their IT providers, OutABox. This incident highlights critical vulnerabilities within supply chain networks, particularly when key services are outsourced to third-party providers who manage sensitive data across multiple organisations. Such a breach demonstrates the potential widespread impact on various stakeholders, emphasising the interconnectedness and the potential fragility of these networks.

The engagement of foreign developers by firms like OutABox adds another layer of complexity to managing supply chain risks. Employing international talent can provide technical expertise and cost benefits, but it also introduces challenges related to compliance with diverse cybersecurity standards and local data protection laws across jurisdictions. Companies must navigate these challenges by implementing strict contractual agreements and rigorous security protocols.

For IT providers considering offshoring certain functions, here are some key considerations to manage risks effectively:

  • Compliance with International Laws: Understand and comply with data protection regulations in both the home country and the country where services are being offshored.

  • Due Diligence on Partners: Conduct thorough due diligence on offshore partners to evaluate their security practices and compliance with international standards.

  • Data Management Policies: Establish clear data management policies that specify how data is handled, stored, and protected.

  • Regular Security Assessments: Schedule regular security assessments and audits to ensure the offshore team adheres to agreed-upon security protocols.

  • Secure Communication Channels: Implement secure communication channels to protect data in transit between domestic teams and offshore units.

  • Incident Response Coordination: Develop a coordinated incident response plan that includes offshore teams, ensuring quick action can be taken across all locations.

This situation underscores the necessity for organisations to have comprehensive risk management strategies that include continuous monitoring and regular security assessments of all third-party providers, especially those involving cross-border data flows and foreign development teams. This approach is crucial in safeguarding sensitive information and maintaining trust in the digital and global economy, whilst taking #NoStepsBackwards.

For information on NSB Cyber’s Cyber Response & Recovery capabilities or to book a meeting with our team, click here.

What we read this week

  • Qantas App Exposed Sensitive Traveler Details to Random Users - A significant privacy breach occurred with the Qantas Airways mobile app, which inadvertently exposed sensitive personal information of travellers to random users. This glitch affected numerous Qantas customers, revealing details such as names, phone numbers, passport numbers, and booking references. The issue surfaced widely on social media platforms, as bewildered users reported seeing other peoples travel details after logging into their accounts. Qantas confirmed the incident, attributing it to a misconfiguration in its app during a recent system update. The airline assured the public that the bug was swiftly rectified and steps were taken to enhance system security to prevent future occurrences.

  • Change Healthcare Hacked Using Stolen Citrix Account With No MFA - Change Healthcare has confirmed their compromised Network and Account(s) lacked multi-factor authentication (MFA), and the attackers likely had access to patient data and medical information. Following the discovery, Change Healthcare’s IT team has rotated credentials and rebuilt their data center network and core services to enhance their cybersecurity.

  • Hackers Exploiting WP-Automatic Plugin Bug to Create Admin Accounts on WordPress Sites - Hackers have increasingly targeted websites using the WordPress (WP) Automatic plugin, exploiting a vulnerability to inject malicious scripts. This dangerous flaw allows attackers to execute arbitrary code on websites running an outdated version of the plugin, which is designed for importing content to WP from various external sources. Updates to patch this vulnerability have been released, and website administrators using WP Automatic are strongly urged to update immediately to prevent potential website takeovers.

  • Okta Warns of Unprecedented Surge in Proxy-Driven Credential Stuffing Attacks - Okta has issued a warning regarding a significant increase in credential stuffing attacks targeting its user base. Okta has detailed how these sophisticated credential stuffing attacks are leveraging increasingly deceptive techniques, such as the use of authentic-looking but malicious websites and emails. These attacks aim to steal login credentials and gain unauthorised access to corporate networks and sensitive data. Okta urges users and organisations to enhance their vigilance, recommending the implementation of MFA and continuous education to identify threats.

  • Australia Records 388% Quarter-on-Quarter Jump in Compromised Accounts - Australia has experienced a significant surge in cybersecurity incidents, with a 388% increase in compromised accounts in a recent quarter, according to research from VPN outfit Surfshark. Their research attributes this spike primarily to credential stuffing, and the exploitation of outdated software. Experts advise organisations to enhance their cybersecurity measures by updating software regularly, employing multi-factor authentication, and conducting cybersecurity training for employees.

References
https://www.bleepingcomputer.com/news/security/qantas-app-exposed-sensitive-traveler-details-to-random-users/
https://www.bleepingcomputer.com/news/security/change-healthcare-hacked-using-stolen-citrix-account-with-no-mfa/
https://thehackernews.com/2024/04/hackers-exploiting-wp-automatic-plugin.html
https://thehackernews.com/2024/04/okta-warns-of-unprecedented-surge-in.html
https://www.cyberdaily.au/security/10472-australia-records-388-per-cent-quarter-on-quarter-jump-in-compromised-accounts
Shane Bell
Previous

#NSBCS.024 - A Match of Bytes and Boundaries - Comparing the state of the Australian & UK Cyber Market
Next

#NSBCS.022 - Securing Legacies: The Shared Principles of Anzac Day and Cyber Security