Cyber Bites by Edwin Kwan
Cyber Bites
Cyber Bites - 4th July 2025
0:00
-12:45

Cyber Bites - 4th July 2025

  • CommBank Deploys AI Bot Army with Australian Accents to Trap Scammers

  • Former Student Charged Over Extensive Western Sydney University Cyber Attack Campaign

  • NSW Public Hospitals Face Critical Cybersecurity Gaps Despite $40 Million Annual Investment

  • APRA Warns Labor Government That Cyberattacks on Super Funds Could Threaten Banking System

  • Qantas Confirms Major Cyber Incident Exposing Six Million Customer Records


CommBank Deploys AI Bot Army with Australian Accents to Trap Scammers

https://www.smh.com.au/business/banking-and-finance/commbank-unleashes-bot-army-with-aussie-accents-to-trap-scammers-20250626-p5mako.html

Commonwealth Bank has launched a sophisticated counter-offensive against scammers by deploying thousands of AI-powered bot profiles equipped with Australian accents to engage and disrupt criminal networks. The major bank is fighting scammers with bots that talk back with Aussie accents, turning the table on scammers through a fleet of AI-generated bot profiles designed to engage with and disrupt criminal networks. The bots have been developed by Apate.ai, a cyber-intelligence company originating from Macquarie University, and are engineered to interact with scammers, collect vital intelligence, and disrupt fraudulent operations.

The initiative represents a strategic shift in anti-scam tactics, with the bots designed to waste scammers' time through lengthy, go-nowhere conversations that tie up their resources and gather critical intelligence. These AI-bots are engineered to engage scammers, gather critical intelligence and disrupt scam operations with near real-time scam intelligence harnessed by CommBank to safeguard both customers and the wider Australian community. The expanded bot network follows a successful pilot program announced by Macquarie University in late 2024, demonstrating the effectiveness of this honeypot strategy in combating fraudulent activities.

The deployment comes amid escalating scam losses across Australia, with Australians losing nearly $119 million to scams in the first four months of 2025, despite a drop in overall reports, with financial losses rising 28% from early 2024. Australians lost more than $2 billion to scammers in 2024 through investment, romance and other scams, highlighting the urgent need for innovative technological defenses. The bank's approach of "flipping the script" on scammers represents a proactive shift from traditional defensive measures to actively disrupting criminal operations before they can target legitimate victims.


Former Student Charged Over Extensive Western Sydney University Cyber Attack Campaign

https://www.abc.net.au/news/2025-06-26/western-sydney-university-hack-former-student-charged/105462320

A 27-year-old former Western Sydney University student has been charged with 20 offences following an extensive cyber attack campaign against the institution that began in 2021. Strike force detectives, working closely with Western Sydney University, the AFP Joint Policing Cyber Coordination Centre, JCP3 and cyber security experts, identified the alleged hacker was a former student of the university. The woman, identified by local media as Birdie Kingston, was arrested at her Kingswood home during a police raid where officers seized computer equipment and mobile devices. She was refused bail and appeared in Parramatta Local Court on Thursday.

Police allege she was behind a series of cyber attacks on Western Sydney University, beginning in 2021. They say it began with system exploits in an attempt to secure unauthorised discounts for parking on campus. But it allegedly escalated into alterations to her academic results and threats to sell other students' confidential data on the dark web. The attacks involved multiple security breaches including the compromise of one of the University's single sign-on (SSO) systems between January and February 2025, exposing approximately 10,000 students. Investigators allege the suspect exfiltrated over 100GB of confidential student data and threatened to sell the stolen information on dark web marketplaces.

The case highlights the evolving nature of insider threats in educational institutions, where what began as a relatively minor attempt to obtain discounted parking evolved into sophisticated attacks compromising thousands of students' personal information. By exploiting vulnerabilities in the university's single sign-on (SSO) systems between January and February 2025, the attacker gained unauthorized access to sensitive data repositories. This allowed her to alter academic records, exfiltrate over 100GB of confidential student data, and later threaten to distribute it through criminal networks.


NSW Public Hospitals Face Critical Cybersecurity Gaps Despite $40 Million Annual Investment

https://www.smh.com.au/national/nsw/sensitive-nsw-medical-records-at-risk-of-falling-into-hackers-hands-damning-leak-reveals-20250619-p5m8u4.html

A leaked NSW Audit Office report has revealed that the state's public hospitals are failing to meet basic cybersecurity standards, leaving sensitive medical records and essential healthcare systems vulnerable to hackers despite taxpayers spending $40 million annually on cybersecurity measures. The draft performance audit found that none of the four local health districts assessed met minimum requirements outlined in the NSW government's 2019 cybersecurity policy, with "systemic non-compliance" across the health system. The auditors discovered that districts lacked effective response and disaster recovery plans, potentially hampering incident responses and affecting patient service delivery during cyberattacks.

The audit report highlighted that NSW taxpayers spent $39 million on health system cybersecurity in the last financial year, with costs projected to rise to $59 million next year and $64 million by 2030. Despite this significant investment, the report concluded that local health districts were "ill-prepared to respond" to potential attacks and warned that "a preventable cybersecurity incident could disrupt access to healthcare services and compromise the security of sensitive patient information." The auditors recommended immediate action, including gathering compliance information by the end of June and developing enhanced cybersecurity risk management protocols by December.

The findings come amid a surge in healthcare cyberattacks across Australia, with the sector remaining the most targeted industry in 2024. Recent high-profile incidents include the MediSecure attack that exposed data from 12.9 million Australians, making it one of the largest breaches in Australian history, and attacks on Victoria's Epworth and Royal Melbourne hospitals, Genea fertility clinic, and major health insurers like Medibank. Cybersecurity experts warn that healthcare providers have become prime targets due to the sensitivity of their data and the genuine risk to life when health systems are disrupted, with criminals employing "harm maximisation" strategies to pressure victim organizations into paying ransoms.


APRA Warns Labor Government That Cyberattacks on Super Funds Could Threaten Banking System

https://www.afr.com/policy/economy/cyberattacks-on-super-funds-threaten-banking-system-labor-warned-20250630-p5mbfj

The Australian Prudential Regulation Authority has warned the Labor government that cyberattacks on superannuation funds pose a growing threat to the broader banking system, following a coordinated attack in April that targeted major industry funds including AustralianSuper, Australian Retirement Trust, Hostplus and Rest Super. The attack, which used a technique called "credential stuffing" with leaked passwords from the dark web, specifically targeted retirees aged 60 and above during early morning hours when victims were less likely to notice unauthorized account access. APRA emphasized that while the number of affected accounts was small, the incident highlighted critical cybersecurity vulnerabilities in a sector managing more than $4 trillion in retirement savings.

The regulator's briefing to government revealed that superannuation funds have become an increasingly significant source of funding for banks, with funds holding more than a quarter of all domestic bank stocks and almost a third of bank short-term debt securities. This growing interconnection between the superannuation and banking sectors creates potential systemic risks, particularly if multiple funds were forced to sell bank bills simultaneously to provide collateral during market stress events. APRA noted that recent market turmoil from tariff impositions had materially impacted super funds, which have increased their overseas exposures in recent years, highlighting the need for robust investment governance and accurate valuation of unlisted assets.

The warning comes amid broader concerns about Australia's financial system stability, with APRA identifying household debt as a critical vulnerability given that over 60 percent of Australian banks' loan books comprise housing loans. Australia maintains the third-highest level of household debt among OECD countries at 180 percent of incomes, with housing affordability requiring buyers to earn $161,247 nationally to avoid financial stress. Assistant Treasurer Daniel Mulino acknowledged the cyber resilience challenges facing the superannuation sector, emphasizing the importance of strengthening systems to protect members' retirement savings as the sector continues to grow and take on greater systemic significance within the Australian financial system.


Qantas Confirms Major Cyber Incident Exposing Six Million Customer Records

https://www.qantasnewsroom.com.au/media-releases/qantas-cyber-incident/

Qantas has disclosed a significant cyber incident that potentially exposed the personal data of up to six million customers after cybercriminals targeted one of the airline's call centres and gained unauthorized access to a third-party customer servicing platform. The breach occurred when a cybercriminal targeted a call centre and accessed a third-party customer servicing platform, with the airline detecting unusual activity on Monday before containing the incident. Names, email addresses, phone numbers, birth dates stolen in what the airline describes as a "significant" data theft affecting customer service records dating back several years.

According to Qantas, the breach has been contained and there is "no impact" on the airline's operations or safety, though the company acknowledges that a substantial amount of customer data may have been compromised during the attack. The incident represents one of the largest data breaches in Australian aviation history, affecting the personal information of millions of frequent flyers and customers who have interacted with Qantas customer service over recent years. The airline has begun notifying affected customers and is working with cybersecurity experts and law enforcement agencies to investigate the full scope of the breach.

The Qantas cyber incident adds to a growing list of major data breaches affecting Australian companies and highlights the vulnerability of third-party platforms used by large corporations for customer service operations. With the aviation industry increasingly reliant on digital platforms for customer interactions, the breach underscores the critical importance of robust cybersecurity measures across all service providers in the supply chain. Qantas has assured customers that flight operations and safety systems remain unaffected, but the incident raises serious concerns about the protection of personal data in an era where customer service platforms contain vast repositories of sensitive information spanning multiple years of customer interactions.

Discussion about this episode

User's avatar