Who are REvil, the Russia-backed hacker group thought to be behind the Medibank data breach?

Condobloke

Well-Known Member
Joined
Apr 30, 2017
Messages
8,180
Reaction score
6,654
Credits
54,576


Interestingly, this "hack" doesn't appear to have been anything to do with the use of sophisticaled hacking techniques or creative modification of code ... rather it seems the entry into the company's databases was through "compromised credentials of someone with high-level access", which appears to be a euphemism for getting a password. It's quite extraordinary to think how 10million+ confidential datafiles depend on a single password. What happened to encryption?

The info is from: https://www.theguardian.com/austral...-the-health-insurer-fell-to-a-mass-data-theft
 
which appears to be a euphemism for getting a password. It's quite extraordinary to think how 10million+ confidential datafiles depend on a single password. What happened to encryption?

My guess is, you're right about the password :)

The only trouble with encryption is... if I have the right credentials, it's useless.
 
dos2unix wrote:
The only trouble with encryption is... if I have the right credentials, it's useless.
Yes, this is certainly the case. It may just be a matter of getting two passwords, or two credentials instead of one, but with slack practices by the credentialled operatives, not necessarily any more difficult.
 
As I've often remarked, the weakest link is always the human.

PEBKAC...
 
Speaking of passwords....(and not wishing to drag this thread off topic)....but i find it of great interest that the majority of Banks in Australia use a 6 digit long password...made up of the usual lower case/upper case/numerals...I think a few may use symbols..&^%#@ etc etc.....but still a limit of 6 total

I don't see any banks being hacked

I spoke to one of the security guys from Westpac Bank, and he informed me that they study behaviour analysis...(among other things on which he would not elaborate)

I guess it is difficult to introduce that type of analysis into the area of data storage.....but that is definitely an uneducated guess on my part.

Suffice be it to say, that all companies being hacked in the fashion medibank and optus were....their "upper echelon" of managers/ceo's/directors etc etc etc....need a swift kick to the crotch.
 
As I've often remarked, the weakest link is always the human.

PEBKAC...
Or a turncoat. Got an offer he... "couldn't refuse".
 
Or a turncoat. Got an offer he... "couldn't refuse".

Unless I'm missing something, and I did sleep in today, that's still the weakest link being a human and the problem existing between keyboard and chair.

Also, the history of social engineering goes back a long ways. Even Frank Abignali used social engineering for his merry jaunt around the globe. Amusingly, he owns his own security company today. Though, last I knew, folks had concluded that he was a bit prone to exaggeration and made some stuff up out of thin air.

Still, that's what I'd expect a social engineer to do. It worked well enough to make folks consider him an expert on document security.
 
The hackers appear to have released everything in the face of not receiving the ransom they asked for: https://www.abc.net.au/news/2022-12-01/medibank-data-leak-has-everything-been-released-now/101720028.

The writers of the article wrote:
In a statement this morning, Medibank said it was still analysing the information, but confirmed that the data released appeared to be data it believed the criminals had stolen. It said the release consisted of six zipped files but that much of the data is incomplete and hard to understand. It added that health claims data released today had not been joined with customer name and contact details. Medibank said the data stolen, by itself, should not be sufficient to enable identity and financial fraud against affected customers.
Nevertheless, the previously released data did include names connected with ailments and contact details, so whatever Medibank conjectures about the current release being "incomplete and hard to understand" may simply be seen as a challenge for hackers of the dark to make the connections. The uncertainty of the situation itself is enough to be considerably anxiety provoking for Medibank customers. I don't think it can be said that the saga has ended with this "final" release.
 
Agreed.

While there is a dollar on the table.....etc etc ...the perpetrators will not just fade into the ethers.

Rest assured, there will be more to come.
 

Members online


Top