2024 has only just begun, but the dangers posed by cyberthreats are already making an impact on the New Year, with a credential stuffing campaign compromising thousands of Australian’s data.
A credential stuffing campaign is a cyberattack method in which attackers use automated tools to systematically input large volumes of stolen usernames and passwords into online services or websites. Attackers rely on the fact that, in general, many users reuse passwords across multiple platforms.
A number of major brands have been impacted recently, including Guzman Y Gomez, Dan Murphy’s, TVSN Home Shopping Network, The Iconic and Event Cinemas.
This has come as a sharp, and potentially painful reminder to businesses and customers alike that cybersecurity is one of the most important processes you can implement. As has been reported, Australia is ranked sixth in the world for data breaches, highlighting the importance of implementing cybersecurity and safeguarding practices.
Credential Stuffing Campaign: What Happened?
The latest high-profile breach has seen approximately 15,000 people’s log in details, and even more alarming, credit card details stolen in what has been described as a coordinated attack. According to reports from Kasada, local cybercriminals allegedly sourced log in details via purchasing from overseas cybercriminals, before logging in and making online purchases via saved credit card details.
Endeavor Group, the alcoholic drinks retailer behind Dan Murphys, released a statement, saying “A small number of user accounts were subject to fraudulent transactions as a result of email and passwords being obtained through unrelated third-party breaches,” seemingly distancing themselves from being a direct cause of the breach.
Guzman Y Gomez advised they “use advanced monitoring for such attacks and proactively takes action to defend against cyber criminals to protect their guests, including notifying users of suspicious activity.” However, Guzman Y Gomez customers were still a part of the 15,000 people affected.
This credential stuffing campaign has led Australian Prime Minister, Anthony Albanese to comment. “This is a scourge and there are so many vulnerable people being ripped off who’ve acted in absolutely good faith, and we need to make sure they are protected,” he said.
Credential Stuffing Campaign – What Businesses Should Do Now
Often in the event of a widespread data breach, there is panic and fear, which is completely understandable as a result of such an intrusion. There are a number of actions that can be taken immediately in an attempt to mitigate any lingering risks as a result of the breach.
Some of these actions include:
- Change all your current passwords
- Update your passwords periodically
- Enable Multi-Factor Authentication (MFA)
- Remove your automatic payment information from websites.
As mentioned in a previous blog post regarding cybersecurity awareness, there are a number of tips that can be utilised as a means of securing your data:
- Follow the Australian Cyber Security Centre (ACSC) and the Australian Signals Directorate (ASD) Essential 8 mitigation strategies
- Routine Device Vulnerability Scanning
- Update your devices regularly
- Use password managers, such as Keeper
- Research online resources to become more aware of potential cyber threats.
Adept IT Solutions assists our clients to implement robust cyber safety measures and continues to provide education for business owners and their staff to become more cyber wise through comprehensive cybersecurity awareness training.
If you would like to learn more about our services or our cutting-edge cyber security awareness and training platform, click here. Or feel free to contact Adept IT Solutions on 1300 4 23378 (ADEPT) or email us at info@adept-it.com.au.