Toyota Australia, Healthcare Group Hit By CyberattacksCountry Has Faced a Series of Security Incidents in Recent Weeks
Toyota Australia's computer systems were still down on Friday after the company said it was a victim of an attempted cyberattack.
See Also: Ransomware Recovery in the 'New Normal'
Meanwhile, a Melbourne-based cardiology group acknowleged on Thursday it was struck by ransomware in late January that encrypted patient records and scheduling calendars.
The incidents come as Australia has faced a few tough weeks of cyberattacks. For example, the country's Parliament was hit last week with what the government described as a nation-state attack that gained access to the email archives of lawmakers (see: Suspected State-Sponsored Hackers Pummel US and Australia).
Efforts to reach Toyota Australia officials on Friday weren't successful. But the company says in a statement on its website that "we believe no private employee or customer data has been accessed."
"The threat is being managed by our IT department [which] is working closely with international cybersecurity experts to get systems up and running again," the company says.
Unreachable By Phone, Email
On another part of its website, Toyota Australia writes that it's experiencing technical difficulties and that "we are currently unreachable via phone or email." The outages began late Tuesday evening, according to Caradvice.com.au.
The company says it didn't have further information on the origin of the attack. But the effects would indicate the possibility of a ransomware infection, the file-encrypting malware that has caused IT problems worldwide over the past few years.
The Australian Cyber Security Center, the government's top cybersecurity agency, says it's assisting Toyota, but it declined to comment further on the incident. It noted that it recently provided advice on attacks that were targeting the automotive industry.
With Toyota Australia not saying much, it's difficult to determine what happened, says Chris Culnane, a cybersecurity expert and lecturer with the School of Computing and Information Systems at the University of Melbourne. The incident could stem from cybercrime, industrial espionage or even a disgruntled insider, he says.
That some of Toyota's systems remain offline is an indication that the source of intrusion may not have been isolated yet, Culnane says. Until that is uncovered, "they can't risk bringing the email servers back online," he says.
Ransomware: A Heart Stopper
The Melbourne Heart Group, which leases space at Cabrini Hospital in the Melbourne suburb of Malvern, says it was hit with a cybersecurity incident late last month in which "our patient data was encrypted."
"This means that our patients' information became inaccessible to anyone, including ourselves," the group says. "We have been assured that no patient's privacy has been compromised in any way. We are working through this issue with our I.T. provider and hope to resolve it as soon as possible."
A source close to the investigation said Friday the group was infected by the Hermes 2.1 ransomware.
Although the origin of the infection hasn't been discovered, it likely was a result of someone browsing a malicious website or clicking on a malicious link, the source says. The group also used a very old firewall, the source says, although workstations were running security software from a well-known vendor.
But luckily, all of the patient data was backed up and is now being restored, the source says. "It was a tricky process," the source says. Fortunately, patient data was only encrypted locally by the ransomware and not directly accessed or exfiltrated.
Although Melbourne Heart Group works out of Cabrini Hospital, the hospital says its own data storage and information systems weren't affected.
"No Cabrini data storage or patient related systems or operations have been impacted or compromised by this incident, and there has been no breach of hospital patient data," says Michael Walsh, Cabrini Health's chief executive.
Earlier this week, Australian Prime Minster Scott Morrison declined to lay blame for the cyberattacks against Parliament. The government continues to investigate. Some forensic evidence, however, was destroyed as a result of having to take quick remediation, officials said.
As in many nation-state attacks, China fell under suspicion. But on Friday, China Foreign Ministry spokesman Geng Shuang dismissed the suggestion that it was behind the attacks against Parliament, calling it "baseless speculation," the ABC reported.