Cyber Security News

How a Healthcare Professional Got Hacked for $100k [podcast]

This is a story of how a medical professional on the South Coast of NSW got hacked for almost $100,000.

Part of what drives us at Cyber Heroes is understanding the personal impact that attacks such as this have on the victims.

$100,000 would be enough of a loss for many small businesses to close their doors forever. But in this example, the business owner's cyber insurance paid out the majority of the loss so the monetary loss was closer to $10,000.

But no insurance policy in the world can undo the harm to a reputation, a loss of trust by the business's clients, and, sadly, the all to common sense of embarrassment for the business owner.

The modern-day cybercriminal is usually well-funded, well organised, and highly skilled at what they do.

Watch this now to learn an important lesson that none of us were born knowing.

Okay, welcome to this episode of cyber heroes live, where we talk about how to protect your people and reputation. Strengthen your cyber posture and learn from the many cybercrime lessons around the world every day. If you're new here, then welcome. And if you've been here before, welcome back. I'm your co-host, Matt, and together with Brad, we're glad that you're here. With that said, Brad, let's dive in. And what have you got for us this week?

Thanks, Mat. So, this week, I'd actually like to talk about a particular case study with a client in the health industry. For the purposes of this discussion, we'll call her Lauren.

So was a couple of years ago, a Wednesday night. And I received a call from this client, and she was quite audibly distressed on the phone. And she said, Brad, I've been hacked. I don't know what to do. They've taken money out of my bank account, tell me what I can do.

So I calmed her down a little bit. Where are you? She was at her work premises. And I said first thing you need to do is get that network cable out of the machine. And after we're done, this gives us a bit of time to breathe. And I actually sort of once I've learned that there are at work, I knew the network, I logged in, and began to shut the whole network down approximately 10 servers, terabytes and terabytes of data for clients, and obviously, particularly sensitive data, because it's the health industry. I blocked access to the firewall, inbound and outbound, but left access for myself to get in knowing where I'd come from. And I continue to interview Lauren. So what actually happened is Lauren, and about 4pm. That day, he got a call from someone saying that from Amazon Prime. Now, a lot of Australians have Amazon Prime subscriptions, popular TV streaming service. And just so happens that streaming service hadn't been working properly, which was coincidence more than anything. And they said they needed to adjust her account settings. Now, she was busily working at this time looking at patient data and doing reports.

So she let these hackers onto her machine. And they had actually just use a perfectly legitimate screen sharing software upon inspection to actually access the machine. But a lot of people have pre saved attributes for bank accounts and all sorts of things on them. So from my initial investigations, as far as I could tell, there was no malicious software or malware on there. But I've isolated the entire network, in that one instance anyway, because we need to go back to zero when something like this happens. So it turns out, she said the damage at that point in her bank account that actually logged into her bank account from her machine was approximately $96,000. They use BPAY transfers, and they paid that money out. They sort of think about the pay, it should be safe and secure business transactions that occur between two businesses. Or in this instance, the VP account had been set up. And we're still not to this day quite sure how something like that was set up and this money was transferred. And before we knew it was gone. My advice to her was immediately contact the bank, which she did. And obviously at that time of night. The banks don't have a lot of people on board. But they do have something where they have a cyber security and most banks have a cyber security and it's active 24/7. So if your credit cards have been compromised, or you think you've been a victim of cybercrime, most banks will give you that service required. The bank obviously isolated their accounts, and over the coming weeks, they obviously did their investigations. The net result was about $20,000 that they lost them that night. So got some of that money back, but not all of it. And there's a very expensive lesson in what actually had occurred there. When I asked permission to tell this story, just last week, I could still see that the person was quite embarrassed was still something that upset them greatly. And I still feel for the situation that she got herself into. So I guess the key takeaways from incidents like this is protected bank accounts, having single authentication on bank accounts where one person can do transfers and not having some app behind or some two-factor authentication when it's over a certain amount is it's really important that you obviously look at that sometimes the pain if you've got a large bills are over $50,000 or something and you need to pay it paying it in two amounts so they can't take large amounts out autonomous is one option. But banks and Business Banking now have many, many features that can stop this type of attack from occurring. Obviously, we see this sort of stuff all the time in businesses as well. And it could happen that your internal person that's doing your pain of your bills could also become someone that will obviously be paid by someone else to use your bank account to extort your business. So having that two-step authentication on your bank accounts or something of that nature, most banks have something I know when I pay a new supplier, my ANZ Bank asked me to put in a six-digit PIN number, and that needs to come from me. So that's the story today met any questions or anyone else that's listening, have any questions about that? I guess,

I think that's really fundamental isn't the point you're making about putting some systems checks and balances in place with your bank. And even, it could be argued that having two signatures, for example, for any transaction over I don't know $5,000, whatever the number is, but I know that you did serve collaborate. And that just seems like a really sensible system to have in place. As you say, it can be a bit of a pain in the backside sometimes, but equally, becoming the victim of cybercrime is much more of a pain in the backside, even this morning, that we were kind of bumping our gums, because now we're going to put another authentication code in, we're going to do this, we're gonna do that, just to get into zoom, for example. But it's in the name of security at the end of the day. And as you know, Lauren's story, she doesn't mean theoretically, Lauren's business could have lost the best part of $100,000.

Absolutely. And if you look at that, in terms of profit, when you make that on money, where a business makes a profit margin of 10 to 20%, that's anywhere up to a million dollars a turn item. And that's a lot of money to lose in two hours. So it's something really to think about there

are some businesses? Yeah, some of the small businesses couldn't sustain that actually.

Absolutely. It's one of those things that it's you just got to think, you know, this whole sort of scenario where people just use hope that's not going to happen to me, is no longer a thing. And in our next segment here, obviously, we can talk about that, because obviously, we've had a large compromise occur in Australia in the last couple of weeks.

Yeah, sure thing, I think that was one of the takeaways for me as well, knowing, knowing the backstory. So let's say with Lauren, even all this time later, she she feels somehow like she's, she's stupid, she's made a mistake. She, it was her fault. And that's really a shame. I have to say. I mean, we had that similar story with the case study in the phentermine Fundamentals course, where they really felt somehow they had some sense of ownership almost in becoming a victim of cybercrime. It's really personal, even though it's digital. And it's not physically someone breaking into your home or breaking into your office, or a bank heist, in the old sort of old fashioned sense of the term. And people it feels that way for the victims. It feels really personal. So anything we can do to avoid that, of course, is is a good thing. All right. Let's talk about the news. It's that time when we take a look at the hottest topic in cybersecurity today, you've given us a hint or anybody thought that might be. And as always, you've picked the one which you think will be the most interesting right now. So you see that it? You've teased us with it, Brad? So tell us all about it.

If you're listening to the news, it was it was headlines at the beginning of this week, and actually earlier after they released it. But Medibank private is obviously a major health provider, lots of personal information about the clients. And at this point in time, they're talking 10 million Australians have been compromised through the Medibank private system. I was in a business meeting this morning. And I asked him if people would have Medibank private room of 30 people, I had about three or four people put their hand up. So three or four people in 20 across Australia, if I use that sort of analogy have been have been compromised by the Medibank private situation. What can you do there? Well, obviously a lot of the systems or health systems that are online now, you'd have a login to that to make your claims and things like that. If that password that you use on Medibank, private anywhere else. We talked about shared passwords or using the same password everywhere. Now's the time to go and change it because that data is now as of this morning the whole history. He has been released into the dark web. And it's selling that data off to other hackers. whole idea there is to obviously come and try and scam Australian citizens out of money. So really important there that we that we have a look at that sort of stuff. I just I'll just quickly share my screen. And you'll see sort of the amount of Well, Matt, I think we need to hold up that screenshare option there. Sorry.

It's enabled. Okay. So it's not giving you that option.

Look, I'll keep talking to it, though. Again, I think it's really important that you protect your own data. And a good thing to do like spring cleaning, where we're at the back end of spring now, have a look at your cyber posture online and all the different sites that you have and think about those sites. One of the good things with a password that was it tells you how long that passwords been there. If you've had it for length of time, but

sorry, Branch, try that many I know because I know you want to share what's on screen, just try that now. Just fiddled around with some advanced options in zoom shouldn't be necessary, but

just talk to.

Okay, so what I wanted to show you there was obviously a few of the news sites that are available. These are just the public news sites, obviously, I'm looking at various other hacking websites and different things like that, which are obviously green hacking websites. They're not ones that are about malicious side of things. But you can see here, Sydney Morning Herald Australian Financial Review, they started posting data, many banks share price has gone and did very, very low. And the thing with that, as well as if you look at your own business, and you do have a compromise, and you have to report that to your clients, especially if it's not a global data breach, and over 3 million we have personal identifiable information, that that trust is lost. So many bank obviously now have a trust issue with their clients. So that's really begging, I guess, you know, if you ask something like that, you'd like to reach out to us either Medibank customer, we'd be more than happy to give some advice if you need it. Nothing I'd like to talk about is today. And this is just something that's not sort of mainstream, but it's more about WordPress sites. We look after approximately 500 WordPress sites for our clients. And we've got a lot of people that have their site on WordPress. It's one of the most popular blogging systems on the internet and having your website run through it. And it's the victim of constant attacks. Because it has so many different plugins. It's not to say it's a bad product. It's just that so many people develop software that sits on WordPress as a plugin or bolts into it, or the main actual core of the data that you need to keep it up to date. But one of the things people don't look at is they look at a WordPress site. I've got a lot that says nothing here to update. But they have plugins that may be what we call abandoned or no longer developed. So there is software out there. And you can ask your web developer, if you've got any abandoned plugins on your website, sometimes those abandoned plugins are things that you don't need anymore, and they can be removed. And why did you want to remove an abandoned plugin? What's old code, it's code that has been developed by someone but then they've decided to stop actually looking at it. So we use a product called main WP, which I'm going to show you here now and just sort of cover up that data there for the clients. But you can actually see here that we have our 14 abandoned plugins across about 40 sites that I've got in this system that I need to obviously go and look at the details for I'm not going to click into those. What I'm sort of showing you there though, is if you have a WordPress site, and you're getting it maintained, which I recommend, or you're maintaining yourself, you need to look at what those abandoned plugins are, and obviously get those updates sorted. That's our news for this week, Matt.

Excellent. Thank you very much. Well, we are coming up on time and look, we create this content because at some stage everyone on the planet is likely to become a victim of cybercrime. And frankly, we don't want you to be one of them. So remember, if you're ever in a position where you think you may have been hacked, go to help dot cyber that are you to read and download the cheat sheet that shares with you the five steps you should follow immediately from Brad and I thanks as always for investing your time to keep yourself safe online. And we'll see you next time.

Thanks Mat. Thanks, everybody.


banks, bank account, plugins, cybercrime, business, clients, data, people, week, victim, systems, cyber, compromised, authentication, money, hacked, sites, abandoned