Posted on May 5, 2021 at 10:37 AM
A platinum service provider of Telstra has been hacked by attackers from the Avaddon ransomware group, who claimed to have gained access to thousands of SIM cards.
The telecom company, based in Melbourne, Australia, is contracted to Telstra for the supply of cloud services and phone numbers.
Attack has been confirmed by Telstra
Telstra has also confirmed that attack, admitting that one of its third-party firms has been hit by an attack. A representative of the company stated that the attack led to the compromise of customer data, but denied that any sensitive data may be at risk. The threat group has allegedly placed information about the data on the dark web, demanding a ransom payment from the company or risk exposing the data in public.
“We have a large amount of data on mobile devices, tens of thousands of SIM cards,” the hackers announced, adding that the company has one week to respond and comply with the ransom demand.
Telstra said its system was not affected
Telstra has assured its customers that the recent breach of its third-party firm did not affect any of its systems directly because it uses strict guidelines to protect its servers from such incidences.
According to the reports, some of the customers whose details were exposed by the hack include an Australian property management firm, a Melbourne-based radio station, and a Victoria-based financial service provider.
Reports also revealed that the same Avaddon ransomware gang targeted Newcomb Secondary based in Victoria, with the gang using the same structure by threatening with DDoS attacks if they don’t comply with the ransom demand.
The target organization has three problems to solve
A threat analyst with security firm Emisoft stated that the threat actors used a ‘triple-pronged mode of attack to steal and encrypt data for easy access. The attack has also led to the shutdown of the company’s website for days. Users that tried to access the site receive a website unavailability message.
The security analyst also stated that the attack has presented three major issues the victimized organization needs to deal with. This includes the infiltration and theft of their data, the complete shutdown of the system, and the threat of a DDoS attack on the system if the ransom is not paid.
With the level of attack, the threat actors have carried on the website, the threat of a DDoS attack is another worry the company has to deal with.
A DDoS attack is often used by threat actors that want to shut down a website by flooding it with an unusual amount of traffic request that is too much for the system to handle. This can result in the targeted system rejecting genuine requests to completely shut down, depending on the level of attack.
Investing in a strong security system
Companies in this type of situation, unfortunately, don’t have many options to navigate through or stop the attack before it impacts their reputation. The ideal option is to use preventive measures that can spot and stop an imminent attack before they occur. But in a situation where the threat actors have already hacked into the system, it becomes even more difficult to stop them.
As a result, it seems the company may entertain the option of paying a ransom, even when it’s not a long-term way of stopping such attacks. It gives the company a slight assurance that the stolen files will be deleted once the ransom is paid. Even that option is not guaranteed, because most times the threat actors do not keep to their words.
A ransom amount could be paid, but the stolen files will still somehow appear on public forums later.
As a result, organizations have been advised to use strong preventive measures against DDoS attacks and other forms of attacks. Security researchers have always made it clear that investing in a top security structure that can detect attacks on time is the best way to keep systems safe.