Senior government staffer’s email ‘spoofed’ in COVID-19-themed phishing campaign

brand result

The Australian Cyber Security Centre (ACSC) has ramped up its fight against malicious cyber activity to protect families, local businesses, and the health sector, according to Defence Minister Linda Reynolds.

Reynolds on Tuesday said the Australian Signals Directorate has been engaging with hospitals and health service providers across Australia as they respond to the COVID-19 pandemic.

“Hospitals and other health care providers are on the frontline in our fight against COVID-19 and that is why we are working directly with them to reduce their risk of cyber compromise during an already very challenging period,” she said.

“The ACSC is also providing a second layer of defence in detecting malicious cyber activity on critical federal government department networks, including the Department of Health.”

She said the ACSC has also been collaborating with industry, law enforcement and government partners to identify and disrupt malicious cyber criminals offshore, who have been implementing pandemic-themed scams and phishing attacks against families and businesses.

In a threat update on Monday, the ACSC reported that since March 10, it has:

  • Received more than 95 cyber crime reports about Australians losing money or personal information to COVID-19 themed scams and online frauds;
  • Responded to 20 cyber security incidents affecting COVID-19 response services and/or major national suppliers in the current climate; and
  • Disrupted over 150 malicious COVID-19 themed websites, with assistance from Google and Microsoft.

The update noted that on April 7, the ACSC received a report from a federal government department that a “senior staff member’s email was being spoofed” as part of a coronavirus-themed phishing campaign. The email contained an attachment with embedded malware that was designed to steal sensitive information such as banking usernames and passwords.

The ACSC lodged a takedown request with the domain registrar located in South Africa, and contacted Australia’s major telecommunications providers, as well as Google and Microsoft, to block the website from being accessed. The website was flagged as malicious at the browser-level.

ACSC head Abigail Bradshaw said the agency has seen the devastating impact of cyber crime, and was committing to ensuring “Australians remain safe online and our vital services are protected”.

“We are arming Australians, businesses and key sectors, like health and medical services, with information on the threats and practical assistance to enable them to better protect themselves against these global cyber criminals,” she said.

The agency has warned of new phishing campaigns that align with breaking developments — government relief payments or public health guidance, for example — within days or even hours of these announcements occurring.

The agency “strongly encourages” organisations and individuals to be aware of the threat of COVID-19 themed cyber crime activity, including “sophisticated” scams, phishing emails and malicious websites.

The ASD and ACSC have been contributing cyber security expertise to the development of the federal government’s controversial COVID-19 tracing app.

This article was first published by The Mandarin.

NOW READ: Holding out for JobKeeper? There’s a cashflow catch you need to know about

NOW READ: “I sat in the shower and cried”: The COVID-19 crisis is taking a toll on accountants

Trending