Scammers use DocuSign API to send fraudulent invoices
CFOs, beware: cybercriminals are exploiting DocuSign’s legitimate business tools to deliver fraudulent invoices directly through trusted channels. This scheme is particularly dangerous …
In the aftermath of several high-profile data breaches in Australia, a joint police operation codenamed “Operation Guardian” claims to have linked 11,000 cybercrime incidents to the Medibank data breach alone.
Disclosed in a submission by Victoria Police to a federal cybercrime inquiry, the figure echoes a warning that Eftsure issued in 2023: stolen data is ammo for other scammers and fraudsters to find new targets, tailor their tactics, and create more convincing ruses.
Let’s look at why, along with what we know about Victoria Police’s claim.
In this webinar recording, we do a deep dive that answers the question. But we’ll recap here, too.
First, it’s important to note that data can end up in the wrong hands for a variety of reasons. In our conversation with CipherStash’s Dan Draper, he explained that there’s a spectrum ranging from accidental exposure to malicious theft.
“When we say ‘breach,’ we could mean something as sinister as an attack but we could also just mean quite simply that information has been made visible – likely inadvertently – to somebody who really shouldn’t have had access.” – Dan Draper, Founder and CEO of data security company CipherStash
Two examples of this spectrum:
One of the primary concerns in the aftermath of a data breach is the potential for identity theft and financial fraud. Cybercriminals can use stolen personal information, such as names, addresses and financial details, to open fraudulent accounts, apply for loans or engage in other illicit activities. Even seemingly innocuous data points can be combined and enriched to create sophisticated scams targeting individuals and businesses.
But the implications extend far beyond financial fraud. Stolen data can also be used for extortion attempts, phishing campaigns, and other malicious activities designed to exploit vulnerabilities and extract value from unsuspecting victims.
Further cybercrime risks are significantly higher in examples like the Medibank attack, but stolen data doesn’t need to come from one of Australia’s most notorious ransomware attacks in order to end up on the dark web. In fact, there’s so much ill-gotten data available on the dark web and in private scammer circles that much of it is traded at relatively cheap prices.
Whether it’s circulated within cybercrime forums or simply seized upon by a single opportunistic fraudster, ill-gotten data doesn’t need to be comprehensive to be useful. Cybercriminals often only need a single piece of information to assemble a very clear picture of their targets – this could mean leveraging the data to infiltrate other systems, or it could mean using the data to tailor their scamming tactics and more easily deceive their target.
“Hackers don’t come in directly for your bank account,” explained Bastien Treptel, co-founder of CTRL Group and former black-hat hacker, during a CommBank security panel at Sydney SXSW 2023. “We’re going to go for your Spotify account and find out what your password is. We’re going to look on the dark web and find all these other copies of your identity. We’re going to use AI to do that in 30 seconds or a minute.
“Then, we’re going to build a profile of you and come in via Instagram… get access to your phone, realise you’ve been part of the Optus breach, then get access to your phone password, then reset your CommBank SMS code, and then just pull the money out of your account.”
Treptel also emphasised that artificial intelligence (AI) is making these pathways even easier for cybercriminals to exploit bits of personal information.
“AI is getting quite imaginative at creating these new attacks. You can now say to a dark version of GPT, ‘Hey, I’ve got this information about this person. How could I extort them? How could I steal some money from them? How could I leverage their access? Who do they know?’”
In other words, one data breach can beget other breaches or cybercrimes. A single exposure can create massive ripple effects.
If a small and inadvertent breach can have major ripple effects, then it’s not hard to see how a devastating attack like that of Medibank – which impacted over 9.7 million customers – can create an even greater volume of scam attempts, identify theft, fraud and cybercrime.
Recent disclosures from Operation Guardian appear to support that notion.
Operation Guardian is a collaborative effort involving federal, state, and territory police agencies, as well as other organisations. It was initially established to monitor and address the misuse of personal information following the Optus data breach in 2022, but its scope quickly expanded to encompass the Medibank, MyDeal, Latitude Financial and GoAnywhere breaches.
In late 2023, the Joint Committee on Law Enforcement opened a parliamentary inquiry into cyber readiness, soliciting submissions from the community and law enforcement agencies.
In their submission, Victoria Police linked major cyber attacks to knock-on incidents like identity theft or phishing attempts.
“Recent attacks illustrate the severity [of cyber attacks],” reads the submission. “The Optus and Medibank Private data breaches impacted over 942,000 Victorians, many of whom continue to turn to Victoria Police for advice and support as they are at risk of identity crime.
“Operation Guardian has so far linked over 11,000 cybercrime incidents to the Medibank data breach.”
One data breach can have ripple effects that extend far beyond its initial impact – and it’s a concept that applies to almost every security incident.
Just as stolen data can create higher scam risks even for those who weren’t impacted in the initial breach, a single compromised system or deceived employee can jeopardise entire ecosystems of businesses and organisations.
Even if your organisation’s cyber defences and control procedures are air-tight, how do you know that all of your vendors’ defences are equally robust? Are you positive that all of your procedures have been designed to combat fast-evolving threats like AI-enabled scams? Often, all that cybercriminals need is one employee to click the wrong link or input the wrong payment details.
Unfortunately, accounts payable (AP) and finance employees are on the frontlines of this type of cybercrime. As guardians of their organisations’ money, they’re popular targets for scammers.
A multi-faceted problem demands multi-faceted solutions. Generally, this means scrutinising three main areas:
CFOs, beware: cybercriminals are exploiting DocuSign’s legitimate business tools to deliver fraudulent invoices directly through trusted channels. This scheme is particularly dangerous …
Because LinkedIn is used as a professional networking platform, account holders don’t use the same caution as they would on Facebook or …
Fraud can strike any time, but certain periods increase your business’s vulnerability to fraudulent activities. During these times, your teams may be …
Eftsure provides continuous control monitoring to protect your eft payments. Our multi-factor verification approach protects your organisation from financial loss due to cybercrime, fraud and error.