Pacnet reveals cyber breach after Telstra acquisition

In April this year Telstra finished its acquisition of Pacnet, giving it access to Asia’s largest privately owned submarine cable network as part of strategy to expand into Asia.

According to news reports it appears that Telstra received a surprise signing bonus when the purchase was completed – notification that the Pacnet corporate IT network had been breached.

The itnews article claims that this wasn’t discovered during due diligence as Telstra and the Pacnet were competitors at the time and it only had limited access to information.

Access to the Pacnet internal network was gained through a SQL injection attack. SQL Injection is one of the many web attack mechanisms used by hackers to steal data from organizations. It is perhaps one of the most common application layer attack techniques used today. It is the type of attack that takes advantage of improper coding of your web applications that allows hacker to inject SQL commands into say a login form to allow them to gain access to the data held within your database.

Attacks of this nature fall under strategy #24 Server Application Hardening ‘e.g. databases, web applications, customer relationship management, finance, human resources and other data storage systems.’ in the Australian Signals Directorate (ASD) Top 35 Mitigation Strategies.

Telstra is now left with the task of advising Pacnet customer about the breach.

Although there are no mandatory breach reporting in Australia although there is strong support for it. In October 2013, the Office of the Australian Information Commissioner (OAIC) released survey findings of community of attitudes towards privacy, which showed that 96 percent of respondents want government agencies and businesses to notify them if their personal information is lost or compromised.

Earlier this year the parliamentary joint committee on intelligence and security (PJCIS) recommended that the Government introduce a mandatory data breach notification scheme before the end of 2015. Australia’s privacy commissioner, Timothy Pilgrim, has highlighted telcos bad track record in Australia highlighting Telstra’s 2011 leak of 734,000 customer details and a further leak of the details of 15,775 customers in 2013.

 

emt Distribution represents Acunetix in Australia and New Zealand. Acunetix was founded to combat the alarming rise in web attacks including SQL Injection and Cross-Site Scripting among others.

emt to distribute Acunetix

acunetix - Copy

Today we are pleased to announce that emt Distribution will begin to exclusively distribute Acunetix products throughout Australia and New Zealand.

Used by IT Security Adminstrators,  and penetration testers and web developers, Acunetix Vulnerability Scanner is one of the leading tools on the market for detecting vulnerabilities. It’s an easy-to-use tool which has been continuously developed for a decade; evolving with the latest vulnerabilities and cyber threats. It’s the tool of choice for customers including the US Army, the US Airforce, Barclays Bank, American Express and more.

Automated hacks such as the recent WordPress cross sight scripting (XSS) Vulnerability late last week saw many people having their public websites defaced. Acunetix Web Vulnerability Scanner can bring these types of vulnerabilities to your attention.

web-vulnerability-scanner

Acunetix Web Vulnerability Scanner is already used by major companies such as Adidas, American Express, CERN, Credit Suisse, NASA, Siemens, Skype, Sony, T-Mobile, the University of Potsdam, the U.S. Air Force and many others and is well suited to join the emt portfolio of security solutions.