Cyberattack is a type of attack process which targets computer information systems, computer networks or personal devices that attempt to expose, disable, steal or gain unauthorized access to use other assets.
June 4th, 2019 The Australian National University (ANU) has released a detailed public report that data has been breached in the year 2018. With months of investigation of this cyberattack, they have issued a detailed culmination of the report with all ANU staff, students and alumni. The operation conducted by them was so impressively smooth and done in an efficient way. The investigators said they still do not know exactly how much data was stolen or breached by the hackers.
After many months of forensic analysis along with the government security agencies, the ANU has revealed it’s likely the hackers “didn’t get what they wanted” from their records after all. ANU Vice-Chancellor Professor “Brian Schmidt” said he was committed to making the University’s findings available to the entire ANU community on their website for everyone and he said that “I want to be as transparent with my staff, students, alumni and the wider community as possible about what happened, how it happened and why it happened,”.
The university now believes only a minute amount of the 19 years’ worth of data compromised by the breach was successfully extracted, but vice-chancellor Brian Schmidt. Hackers evolved, spying on staff calendars to try new tactics and keeping one step ahead of ANU security so that they can breach the data without knowing to the third person. An email was sent to the senior staff at ANU and it all took one email for the hackers to breach all the personal information from the university.
Above is one of the fake emails sent to the IT department by the hackers to get the login credentials and get into the network.
How did the Hackers get in?
Like in most of the hacks it all began with a seeming email in the inbox of an IT department officer in 2018 to breach into the login details. But this time everyone is aware if they clicked on anything they shouldn’t have because by simply previewing an attachment was more than enough for hackers to steal a password and breach your personal details.
They look upon an old vulnerable server only months away from mission and it was there that they built their base of operations, installing “shadow infrastructure” to watch their movements on the network as they hunted for a way into its more secure databases.
Investigators say they are confident and they know what the hackers need and they have their main eye on the HR and financial records, for that part of the network to the exclusion of others they could access like research.
What Hackers actually steal?
Once hackers breach into the HR database through a previously unknown vulnerability, they used their own custom made software to bind its data so the detail of exactly what was taken wouldn’t appear on ANU logs. Investigators from ANU say their analysis of data flow leaves them confident the amount taken was just a fraction of the terabytes which was like a fraction of data they have in their database. So after months of investigation they have come to a conclusion that HR records include pay slips, bank account details, tax file, and passport numbers, emergency contacts, and academic records, Sensitive personal information such as medical and counseling records, academic misconduct and financial hardship is not stored in the same part of the network.
After extracting the HR files via another compromised computer, more phishing emails were sent out to breach the credentials and hackers planned to do next, they were interrupted as the ANU has come up with a new scheduled firewall went up, booting them out of their base of operations before they could cover their tracks.
Meanwhile, hackers continued their sting operation, few IT department employees did click on their malicious emails, handing over more credentials to the hackers. Meanwhile, people in the various department recognized the emails for what they were and shut down the new attack station. Unfortunately, they didn’t see them as part of a much bigger attack.
What is ANU doing now?
Professor Brain Schmidt handed down the report with an apology to students and staff and while Acknowledging the university, he said he hoped his “radical transparency” would encourage disclosure about hacks more broadly, rather than providing an instruction manual. ANU did not disclose any questions on funding for the new initiative or IT resources during the hack, but at the time it was discovered staff was in the middle of a significant security upgrade.
Professor Schmidt says the first attack on the university in 2018 was a wake-up call but fortunately nothing was taken during that time.
A copy of the report has been provided to the federal government’s foreign interference taskforce.
ANU handed it down as Australia’s top spy agency launched an investigation into another cyber attack and we hope this kind of attack will not happen in near future and people should be aware of this kind of cyberattacks.