Accounts Payable Security Report April 2023

Each month, the team at Eftsure monitors the headlines for the latest Accounts Payable news. We bring you all the essential stories in our Security Report so your Accounts Payable team can stay secure.

Authorities shut down Genesis Market

On 5 April, authorities announced that law enforcement agencies had shut down Genesis Market, one of the world’s largest criminal marketplaces where cyber-criminals traded stolen passwords and other sensitive information.

Sometimes for less than $1, malicious actors could purchase victims’ “digital fingerprints,” including login details, browser history data and device information, enabling fraudsters to impersonate victims and bypass security measures. With information stolen from both individuals and businesses, the platform boasted 80 million sets of credentials and digital fingerprints for sale.

It was notable for being accessible on the open web, not just the dark web, and for offering users a purpose-built browser that helped fraudsters avoid triggering security alerts – a simple, user-friendly way to defraud people and organisations.

The collaborative operation to dismantle Genesis Market involved authorities from the UK, the US, the Netherlands and other countries across Europe. Though it represents a win against cyber-crime (and is a welcome spot of good security news), copycats and replacement sites are liable to crop up soon.

Service NSW data exposure

Service NSW has apologised for a technical issue that led to the unintentional exposure of user data on 20 March. A software bug resulted in the “My services” dashboard temporarily allowing users to view other users’ personal information, including names, addresses and contact details.

Service NSW rectified the error within 24 hours and promptly notified affected users. The organisation says it has since launched a comprehensive investigation to determine the extent of the issue and is working to implement safeguards to prevent similar incidents in the future.

TAS GoAnywhere data breach

The Tasmanian government has been gradually revealing information about ongoing investigations into its GoAnywhere data breach, which exposed financial data from the Department for Education, Children and Young People (DECYP). In a statement on 7 April, Madeleine Ogilvie, Minister for Science and Technology, revealed that they were aware of malicious actors releasing at least 16,000 documents. According to the DECYP, information appears to include information like names, addresses, school names, DECYP reference numbers, children’s homerooms and year groups.

Earlier this year, the Clop ransomware gang breached the GoAnywhere file transfer platform, used by a range of Australian organisations including Rio Tinto and Crown Resorts. The TAS government has apologised for the breach and urged Australians to be vigilant toward possible scams and suspicious financial activity.

Latitude Financial refuses ransom demand

Australian financial services provider Latitude Financial continues to make headlines following its initial disclosure of a malicious cyber attack last month. Most recently, the company has received a ransom demand from the attackers. Latitude has said it refuses to pay, citing the possibility of incentivising further attacks without any guarantee that customers’ data would be protected.

In mid-March, Latitude disclosed that malicious actors had accessed significant amounts of customer data, including approximately 7.9 million Australian and New Zealand driver’s licence numbers and 53,000 passport numbers stolen. Read more about the incident and the risk it poses to Finance and Accounts Payable (AP) teams.

How malicious actors are gaming Google Play

Research from Kaspersky suggests an alarming reality: cyber-criminals can plant malware-infected apps on the Google Play Store for as little as US$2,000, although some prices range as high as US$20,000.

While most malicious mobile apps are distributed through third-party sites, cyber-criminals sometimes manage to get an asset onto Google Play through a variety of tricks – for instance, uploading a harmless application and later updating it with malicious code. The Kaspersky report examined how these threats are traded between cyber-criminals.

Analysing offers of Google Play threats for sale between 2019 and 2023, the research indicates that the price of a loader capable of delivering a malicious app to Google Play can be as little as a few thousand dollars. And the most popular app categories for smuggling in malware included financial apps, cryptocurrency trackers and QR code scanners.

It’s an unsettling reminder that cyber-crime tactics continue to become more and more accessible, regardless of malicious actors’ funding or technical skill. After all, US$2,000 isn’t exactly a major investment for a budding cyber-criminal!