21 August 2023
Late last week, the Australian Domain Name Governing Body, auDA, was notified of a claimed security breach by cybercriminals. Upon receiving evidence of the alleged breach, auDA immediately initiated an investigation. The subsequent findings revealed that the data in question did not originate from auDA’s systems but rather from an Australian sole trader. Details are below:
Incident:
- On 18 August, auDA was alerted by cyber criminals claiming to have accessed auDA data.
- As a proactive measure, auDA promptly notified the Australian Cyber Security Centre (ACSC), the Department of Home Affairs, and the Office of the Australian Information Commissioner (OAIC).
- On 20 August, the cyber criminals showcased evidence in the form of five screenshots supposedly from auDA systems.
- auDA advised caution against potential malicious online activities, including phishing and scams.
Investigation Outcome:
- After thorough examination, auDA found no evidence that their systems were compromised or that their data was accessed by cyber criminals.
- The leaked data showcased by the cyber criminals was not from auDA systems but belonged to an Australian sole trader with an Australian domain name.
- The sole trader’s server was compromised due to a malware attack on 10 August 2023. The data was encrypted by the criminals who then demanded a ransom.
- The sole trader did not pay the ransom or respond to the cyber criminals.
- auDA emphasized the importance of data security and urged everyone, especially individuals, sole traders, and businesses, to update their systems regularly to prevent such incidents in the future.
AuDA has a strong history of security robustness and transparency and this fortunately was not an issue. If you have any questions regarding this incident please contact your Account Manager.
About brandsec
brandsec is an Australian domain name management provider that offers online brand management solutions to corporate and government organisations.
Our services include domain name management, domain name security, domain name policy development, dispute management, monitoring, and enforcement services. Additionally, brandsec offers a comprehensive online brand protection service that covers various platforms such as websites, social media, email, and online marketplaces. The service addresses issues related to counterfeiting, fakes, copyright infringement, intellectual property (IP) matters, piracy, and other intellectual protection-related issues.