Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
Understanding the dark web and maintaining customer trust vital to combating and responding to increasingly damaging cyber attacks.
A widespread and coordinated cyber attack against Australian super funds late last week rattled the public’s trust in the entities holding their retirement funds.
Accounts were fraudulently logged into, financial data was accessed, and some unlucky customers had their savings robbed by unscrupulous hackers.
“This wasn’t just an attack on individual funds; it was an attack on the public’s trust in the superannuation system,” Louis Droguett, CEO of Australian software firm Software@Scale, told Cyber Daily.
“The industry needs to move beyond traditional security measures and adopt a collaborative approach to combating external threats. We need shared threat intelligence, playbooks, and proactive tooling to tackle credential-based attacks before they succeed.”
According to Droguett, the fact that the attack leveraged stolen credentials without ever needing to breach dedicated cyber defences is particularly worrying.
“These attacks weren’t about breaching firewalls; they exploited compromised member credentials, a clear blind spot in our cyber security landscape,” Droguett said.
“This isn’t a failure of multi-factor authentication or firewalls, it’s a failure to detect what’s already leaked. In fact, our team at Software@Scale regularly monitors malware logs collected from info-stealer campaigns and finds that most enterprises are compromised with significant risk without awareness.”
In other words, the scale of the threat should have been clear, but a lack of dark web monitoring led to all the signs of an imminent attack being ignored.
“The threat was visible but not acted upon,” Droguett said.
This demonstrates a critical need for proactive dark web monitoring. Knowing when member credentials are compromised allows funds to take immediate action, before attackers can exploit them.”
Craig Searle – director, consulting and professional services (Pacific) and global leader of cyber advisory at Trustwave – highlighted the importance of managing supply chain risk and following proper data handling frameworks.
“Financial institutions play a vital role in maintaining trust through transparency and strong cyber defences, as they are prime targets for cyber crime due to the large volumes of sensitive data they handle,” Searle said.
“Several regulatory frameworks mandate the management of supply chain risks. In Australia, organisations must comply with legislation, including the Privacy Act 1988 and the Security of Critical Infrastructure Act 2018, which set requirements for data handling and cyber security measures.
“An effective cyber security framework should include prevention, detection and response measures. Financial institutions should also conduct ongoing and enhanced customer due diligence to manage risks and ensure compliance with regulatory standards.”
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
