Sydney-based events and ticketing startup Qnect has been hit by a cyber attack that involved thousands of its users receiving threats that their data would be posted online unless the business paid the attacker’s ransom.
Business Insider reports users of the platform received text messages yesterday purporting to be from hacker group RavenCrew, which stated there was a “security issue” with the service, and that data, including email addresses and credit card information, would be released online unless the business paid the hackers in digital currency Bitcoin.
Users were invited by the hackers to email the Qnect founders to “convince them to pay”. The Qnect platform is often used by universities in the region to organise social events.
In an email to customers, Business Insider reports chief executive Daniel Liang told customers to “ignore” the attackers and reassured them their credit card details were safe.
“I can confirm that this person does not have any financial information, and all card information is stored with 3rd party payments processor Stripe,” he said in the email.
“Please ignore this person, as they are currently just harassing our community. If they have texted you the maximum they will have is your name, e-mail, phone number to text you on.”
Liang reinforced this with a message posted on the company’s Facebook page, telling customers no sensitive payment details were released and the Australian Federal Police were contacted.
The attack was not a direct assault on the company’s databases. Instead, Liang said one employee fell victim to a phishing email sent by the attackers, allowing them access to the company’s system.
“We have come to reason based on the activity logs of all our systems that this person has not hacked our systems, but rather, used a phishing scam to get remote access of a key employee’s computer, and then going through systems thereafter,” Liang wrote in the post.
“I encourage everyone during this time to ignore this guy, and just be weary [sic] not to open links from SMS’ or e-mail you don’t know who they are from – it’s a pretty deadly word out there on the internet right now.”
The Sydney University Law Society also issued an alert about the scam, warning users about the text messages being sent, and reassured customer credit card information and account passwords were safe.
Cyber security grants soon to be available for SMEs
This attack comes just days after the Council of Small Business Australia (COSBOA) announced a new focus on cybersecurity for SMEs, with chief executive Peter Strong telling SmartCompany at the time the council is looking at “what the government can do to help, what business associations can do to help, and how businesses can help themselves”.
Federal government support for small business cyber security issues was announced at the COSBOA event last week, and will come in the form of a one-off $15 million grant from the Attorney General’s office to the Council of Registered Ethical Security Testers (CREST), reports Fairfax.
This grant will be used to help CREST provide support to SMEs via grants of up to $2100 for support and training on cyber security issues.
CREST has enlisted 33 businesses across the Australia and New Zealand region to provide help to businesses, and chief executive Greg Rudd says the Council is “very pleased” to see a focus on SME cyber security from the government. He says that both the government and federal opposition are on board with the issue, which is “too important to play politics”.
“Small businesses are usually very time poor, putting a focus on getting cashflow going and trying to make a profit. Small businesses don’t want to be subsumed with added tasks, and they want solutions that are simple and effective,” Rudd told SmartCompany.
“Unlike big businesses who are happy to pay whatever for penetration tests and the like, those things are way out of the price range for small businesses.”
Rudd says CREST will work with small businesses to devise and deliver processes to help SMEs get cyber secure, including a “low-cost automated penetration test” to help businesses determine their level of cyber resilience.
For businesses requiring further support, the program will also provide cyber security experts to give advice and provide support. Rudd hopes to sign off on the deal with the Attorney General’s office soon.
SmartCompany contacted Qnect and the Attorney General’s office but did not receive a response prior to publication.