High-Value Targets: String of Aussie Telco Breaches Continues

First it was Optus, followed by Telstra. Now, a third Australian telecom company has disclosed it was breached — this time it's Dialog, an information technology services provider with a sizable market share of Aussie customers in both the public and private sectors. 

Dialog, a subsidiary of SingTel, said its servers were compromised on Sept. 10, and although initial investigations showed no signs of exfiltrated data, on Oct. 7, a sample of the company's employee personal data was available on the Dark Web. 

Dialog said it is still investigating the incident further. 

Just days before, Australia's largest telecom carrier, Telstra, announced its own breach, of personal and sensitive employee information, going back to 2017. 

Telstra's major competitor, Optus, was also recently targeted in a massive cyberattack, which successfully stole the personal information of nearly 10 million customers across Australia. Optus, also a SingTel subsidiary, first announced the cyberattack on Sept. 21, which then drew the attention of the FBI. 

Days later, the cybercriminals withdrew their ransom demand of $1 million, explaining there were "too many eyes" on the data. But before the attackers had a change of heart, they leaked more than 10,000 customer records, reportedly as proof of what they had. 

The attackers later apologized for leaking the stolen info. 

Telcos Historically Draw Advanced Attacks

Telecommunications companies will always be an attractive target for cybercrime because of the vast amounts of data they gather, process, and store on their customers, Erfan Shadabi, a cybersecurity expert with Comforte AG tells Dark Reading. 

"However, they have an obligation to keep this sensitive customer data safe and out of the hands of the wrong people, obligations that are both ethical and regulatory in nature. The outcome of not doing this is exactly what these companies face now," he adds.

John Bambanek, principal threat hunter with Netenrich, agrees, adding that IT providers, managed service providers (MSPs), managed security service providers (MSSPs), and telcos have always been prime targets from advanced threat actors. 

"These companies have privileged access so its easy to go from point A to points B through Z immediately," Bambanek explains to Dark Reading. He adds that intelligence services like the National Security Agency (NSA) also regularly turn the focus of their operations to telecommunications service providers because of the wealth of sensitive data inside their systems. 

"Eventually, targeting priorities and techniques filter from the intelligence world into sophisticated cybercriminals such as ransomware groups," Bambenek says. "Ultimately, the math is the same. Why attack one target and have only one victim when you can attack one target and have many victims? More victims means more money."