Latest news with #MattWarren
West Australian
02-07-2025
- Business
- West Australian
JACKSON HEWETT: Qantas cyber hack the latest of many to come
Monday's attack on a Qantas call centre in Manila is the latest in a slew of cyber attacks that appear to be growing in both sophistication and frequency. According to the Global Anti-Scam Alliance, $US1.03 trillion ($A1.57t) was lost globally in 2024, finding nearly half of global consumers experiencing a scam attempt at least once a week. With six million customer records potentially stolen during the breach, Australians were likely to be among those whose personal data could be used to hack financial accounts or to commit identity theft fraud. Australia continues to be a lucrative destination for scammers, drawn by high balances in bank accounts and superannuation funds. In April this year, some of the largest super funds in the country, including including AustralianSuper, Hostplus, REST and Australian Retirement Trust were subjects of a 'credential stuffing' scam, which relies on people using the same password across multiple accounts. AustralianSuper, which has more than 3.5 million customers and $367 billion in funds under management said four accounts in the pension phase were defrauded of a combined $500,000. In many instances the super funds had not turned on multi-factor authentication, which requires users to verify their identity using two or more different factors, such as a password and a code sent to their phone. Australians are becoming better at recognising scams however, and despite it costing an estimated $2b last year, the Government's National Anti-Scam Centre said losses were down by 25 per cent on their peak of $3.1b in 2022. The number of scam reports fell almost 18 per cent over the same period from 601,803 in 2023 to 494,732 in 2024. The top five losses, accounting for 80 per cent of total losses were led by investment scams at almost $1b, followed by romance scams, payment redirection, remote access and phishing. In January the National Anti-Scam Centre launched the 'Stop. Check. Protect.' campaign to encourage Australians to confidently identify, avoid and report scams. But while Australians appear to be getting the message, scammers are using artificial intelligence to become more sophisticated. Matt Warren, director of the RMIT University Centre for Cyber Security Research, said scammers are now using AI to polish their messages, eliminating the spelling and grammar mistakes that used to act as red flags. This makes scam emails harder to detect, especially when people are distracted or in a hurry, with Mr Warren noting 'those warning signs aren't as obvious anymore'. Mr Warren said scammers were already using digital tools to target people at scale, focusing on the 'five per cent or so' of victims who were susceptible to spoof communication. But Daswin De Silva, professor of AI and Analytics and Director of AI Strategy at La Trobe University said AI was enabling scammers with far more impressive tools, such as the ability to mimic recognisable voices, for fooling potential victims. 'The Qantas attack was likely driven by impersonation attacks or social engineering, and with artificial intelligence, we can do this in droves,' he said. 'We already have examples of deep fakes being used impersonate individuals. These attacks are not that sophisticated, but the attack surface and the intensity and complexity of the attacks definitely can increase with AI.' As companies collect more and more consumer data in pursuit of increasing levels of personalisation, the threat expands. 'Companies will use AI to determine certain buying patterns, certain behaviours, but AI can also be used to derive more personalised information than what we would have typically disclosed to a commercial organisation,'Mr De Silva said. 'So there is also that risk that with increased data collection about us and how we live, scammers can develop more ways to trick us.' Mr De Silva said Australia lagged the European Union, which had introduced the General Data Protection Regulation in 2018 which gives individuals more control over how their personal data is collected, used, and stored, and imposes strict rules on organisations that handle such data, including third parties. It also makes companies accountable for infringements, with fines of up to 4 per cent of annual worldwide turnover. In the US, which is far more supportive of innovation than regulation, data protection is governed by a patchwork of Federal and State laws. 'We want to be in the middle between the EU and the US, where there is a healthy balance of supporting, enabling innovations, but also securing and looking after the rights, the privacy, the confidentiality of individuals,' Mr De Silva said. It is not just individuals that were at risk from identity theft, with government transfers an increasingly lucrative scam for criminal gangs. Last week the Federal Bureau of Investigation announced it had seized $US245m and charged hundreds of citizens and medical professionals as part of a widespread identity fraud targeting the US healthcare system that may have resulted in as much as $US15b in losses. Mr Warren said Australia's Medicare system would be a valuable target using similar identity theft techniques. The attack on a third party provider also called into question the security processes expected by companies looking to outsource costly activities like call centres, to providers who may not have made the appropriate investment in their systems. Mr De Silva said stronger regulation could help close cybersecurity gaps by requiring third-party technology providers to meet minimum standards, including mandatory audits and system checks, training, and hiring practices. 'There is definitely opportunity for tighter regulation that ensures the safety of data and individuals,' he said.
Yahoo
24-05-2025
- Politics
- Yahoo
Majority of PENNCREST candidates look ready to advance
In an unofficial count Tuesday night, it seemed a majority of the eight cross-filed candidates for PENNCREST School Board will be on ballots come November. Based on Crawford County's precinct data, Tim Brown, Dani Schmidt, Robert Johnston Jr. and Amber Wright are ahead to be on the Democratic ballot, while Wright, Matt Warren, Kathi Despenes and Fred Bryant were the top candidates for the Republican ballot. Venango County election results were not available as of press time to determine the outcome. Current board President Johnston said his main priority moving forward is balancing the budget. 'We're the closest we've ever been in the eight years I've been on the board,' he said, mentioning that he wants to do it without a tax increase. PENNCREST residents saw a 4-mill tax increase last year, and the current preliminary budget has a deficit just over $525,000. On the Republican ballot, Warren said he wants to balance the budget without increasing taxes and to improve the quality of education. He believes his background gave him a leg up to get on the ballot. 'I have 18 years of business experience and I think I have good business sense and also have common sense,' he said. Also on the Republican ballot and focused on academic achievement is Despenes. She said she's tried to interact with the community as much as possible and hear what's important to them and how that measures up to her strong values. She wants to focus on transparency regarding the budget to let tax payers know where their money is going and hopes to continue test scores improvement. 'I hope I can improve the district if elected in the fall, help others and help work with whoever is elected to the board,' she said. All other leading candidates did not respond immediately for comment. The leading vote count for Crawford County precincts as of Tuesday night for the Republican ballot was Wright, 1,415; Warren, 1,376; Despenes, 1,361; and Bryant, 1,243. The Democratic ballot showed Schmidt, 786; Brown, 760; Johnston Jr., 612; and Wright, 342. Official results will be certified once all provisional ballots and other ballots that must be counted by hand are completed. The final computations, after a five-day posting period in which there are no objections or challenges, will be made official with the final signing by the Crawford County Board of Elections.
Yahoo
08-04-2025
- Business
- Yahoo
Aussies denied major fix before super accounts drained: '$500,000 stolen'
AustralianSuper customers said they questioned a key security weakness in the superannuation fund giant's accounts just weeks before it was hit by a cyber attack. Hundreds of thousands of dollars in retirement savings have been stolen by cybercriminals, with one pensioner fleeced of $406,000. Two AustralianSuper customers said they asked to set up multi-factor authentication on their accounts but were denied. Multi-factor authentication requires customers to input multiple forms of verification, like a unique code sent to their phone. RMIT Centre for Cyber Security Research and Innovation director Matt Warren told Yahoo Finance a lack of multi-factor authentication meant superannuation was an easy target for hackers. 'This problem has been known for a while,' Warren said. 'Multi-factor authentication is a key issue. The problem that a lot of the superannuation funds face is what to do with older Australians.' RELATED $500,000 super reality check for 'lazy' Australians: 'Known problem' Centrelink closures and payment changes to hit millions from next week over Easter and Anzac Day Mastercard's cashless overhaul revealed to prevent $1 billion Aussie issue Western Sydney man Seth Rappe said he asked AustralianSuper about setting up multi-factor authentication on his account last month but was rebuffed and told it was not offered. Rappe was previously caught up in another data breach, so had multi-factor authentication on all his bank accounts and emails. 'When I noticed that [AustralianSuper] didn't offer that, I thought it was pretty strange for a large company," he told the ABC. "And then, two, three weeks later, this cyberattack happened."Perth retiree Sunny Sardana said he also asked the super fund about setting up the security measure last year but was told it wasn't needed to protect his funds. "I was flabbergasted," he told the ABC. AustralianSuper responded to Sardana's request and said it 'takes all necessary steps to ensure security controls are in place to reduce the risk of cyber-attacks as well as unauthorised access to our members' accounts'. 'AustralianSuper don't currently offer Multi-Factor Authentication (MFA) on the member portal login screen,' it said. 'However, MFA is in place requiring an additional security code to be sent to their listed mobile numbers for any high-risk transactions (withdrawals, supermatch, member updates). No changes can be made through login access alone.' Hackers were able to gain access to accounts through 'credential stuffing', where stolen usernames and passwords are used. 'The data was sold on the dark net about customers, which was people's usernames and passwords, which was enough to log into people's superannuation systems,' Warren told Yahoo Finance. 'If people were of a certain age, people could then start to extract funds from that pension or try to source personally identifiable information.' Last year, the Financial Services Council recommended mandating multi-factor authentication systems for its superannuation members by July 2026. It also flagged alternatives like biometrics and one-time passwords. Warren said he thinks stronger multi-factor authentication should be implemented for all customers, with more awareness needed for older customers who are often the most at risk. Cbus confirmed its members were targeted in a mass attack on superannuation funds, with an 'unusually high spike in log-in attempts' several days after the cyber attack that impacted other super funds. Cbus said there was no evidence of any financial losses but it was investigating a small number of accounts that may have been impacted, including those 'where multi-factor authentication was triggered in the hours before and after the spike'. It joins AustralianSuper, Australian Retirement Trust, REST, Hostplus and Insignia who were targeted. AustralianSuper is the only fund to report money being stolen, with four members losing $500,000 including one pensioner who lost $406,000 of that amount. AustralianSuper has vowed to refund members who had funds stolen and said remediations would be made from fund in to access your portfolio
Yahoo
07-04-2025
- Business
- Yahoo
Super warning for 'lazy' Australians after $500,000 vanishes
Aussies are being urged to change their passwords and set up multi-factor authentication after some of the country's biggest superannuation funds were targeted in mass cyber attacks. A cyber security expert said the attacks highlighted the 'weak' security measures implemented by the industry, despite calls for super funds to strengthen their defences. Superannuation funds including AustralianSuper, Australian Retirement Trust, Hostplus, Rest and Insignia were targeted, with a handful of AustralianSuper members losing a combined $500,000 from their accounts. Hackers gained access to the accounts through 'credential stuffing', where stolen usernames and passwords - including those exposed in previous cyber attacks - are used. RMIT Centre for Cyber Security Research and Innovation director Matt Warren told Yahoo Finance superannuation was an easy target for hackers because some accounts did not require multi-factor authentication. RELATED Major superannuation cyber attack update after 'retirement funds stolen' in co-ordinated security breach Centrelink closures and payment changes to hit millions from next week over Easter and Anzac Day Mastercard's cashless overhaul revealed to prevent $1 billion Aussie issue 'This problem has been known for a while,' Warren said. Multi-factor authentication "significantly enhances cyber security" by requiring customers to input multiple forms of verification to access systems or accounts, such as a code generator or entering a texted code. In 2024, the Australian Financial Services Council released a security standard for its superannuation members to make multi-factor authentication systems compulsory. It also suggested alternatives like biometrics and one-time passwords.'The problem is superannuation funds were given two years to implement it, so the end date was in 2026,' Warren said. 'Some companies are still in transition and it's unfortunate timing. If this had happened next year, for instance, it might not have had the same impact. 'The only positive that will come out of this is it will actually speed up companies if they haven't to implement multi-factor authentication.' AustralianSuper, the country's biggest super fund, does not have multi-factor authentication. Instead, the super fund requires two-factor authentication for key interactions that members have with their accounts, such as registering for an online account or resetting passwords. Warren noted super funds were permitted to opt out of multi-factor authentication in cases where the use was 'unduly onerous' on the customer, which he described as a 'very bad move'. 'The problem is people don't want to spend an extra 10, 20 seconds to log in to something because they have to use an app,' he said. "People tend to be a little bit lazy at times and think I just want the convenience and they opt out of multi-factor authentication." Norton managing director APAC Mark Gorrie told Yahoo Finance super accounts were 'prime targets' for cybercriminals because they often held substantial amounts and weren't regularly checked. 'Once they gain access, they can change contact details, redirect communications, and initiate fraudulent withdrawals before the account holder even realises something is wrong,' Gorrie said. 'Given how infrequently many people check their super, these attacks can go unnoticed for weeks or even months.' The first thing is to change your password. "That's the number one thing if people are concerned that they should do," Warren said. 'The data that is on the dark net is people's current passwords. As soon as you change it that data has lost any value." Gorrie recommended creating a 'strong, unique' password and noted that reusing passwords increased the risk of credential compromise. After you do this, you can look at setting up more advanced multi-factor authentication. 'Enabling multi-factor authentication adds an extra layer of security, making it harder for cybercriminals to gain access,' Gorrie said. Warren said multi-factor or biometrics could be worth considering if you were using your mobile phone. Along with adopting stronger multi-factor authentication for all customers, Warren said super funds needed to raise awareness amongst older Australians as they are vulnerable from an e-safety perspective. "They are very vulnerable and they've got access to a lot of financial wealth through their bank accounts, through their superannuation," he said. Aussies have been told to remain vigilant to scams over the coming days, with the possibility of 'spray and pray' phishing attacks over SMS and email. Gorrie said people should stay alert to unexpected messages from their super fund, especially emails or texts about account changes they didn't make. 'If something seems off, it's always best to contact the fund directly rather than clicking on any links,' Gorrie said. 'Be particularly vigilant now as scammers will use the fear and uncertainty from the recent hacking reports to target people seeking help.' He also recommended people check their super balance and account details regularly, and monitor for any unusual in to access your portfolio
