The Australian Government has awarded a $6.4 million grant to CI-ISAC Australia, enabling the establishment of a new Health Cyber Sharing Network (HCSN). This initiative is designed to facilitate the rapid exchange of critical cyber threat information within Australia’s healthcare industry, which has become a target for cyberattacks.

The recent surge in cyberattacks on Australian healthcare organizations, including hospitals and health insurance providers, has highlighted the pressing need for enhanced cybersecurity measures. In response, the Australian Government has made healthcare the priority sector for its formal funding efforts.

This grant is part of a broader strategy to address the vulnerabilities in the nation’s health sector and ensure it is better equipped to handle the cyber threats faced by the industry.

A Growing Threat: The Cost of Cybersecurity Breaches

The healthcare industry globally has been facing increasing cybersecurity challenges, and Australia is no exception. According to reports from 2023, the global healthcare sector continues to experience the most expensive data breaches across industries for the 13th consecutive year. The average cost of a healthcare data breach was a staggering AUD$10.93 million, nearly double that of the financial industry, which recorded an average cost of $5.9 million.

Australia’s health sector, which encompasses a diverse range of organizations, from public and private hospitals to medical clinics and insurance providers, is increasingly vulnerable to cyber threats. This sector includes approximately 750 government hospitals, 650 private hospitals, and over 6,500 general practitioner clinics, along with numerous third-party suppliers and vendors.

The creation of the HCSN aims to address these risks by providing a secure, collaborative platform for information sharing. The network will enable health sector organizations to work together more effectively, breaking down silos and improving the speed and quality of cybersecurity threat information exchange.

The Role of CI-ISAC and the Health Cyber-Sharing Network

CI-ISAC Australia, the recipient of the $6.4 million Australian Government grant, will spearhead the creation and management of the Health Cyber Sharing Network. The HCSN will focus on fostering collaboration between Australian healthcare organizations, ensuring they can share relevant cyber threat information in a secure and confidential environment.

David Sandell, CEO of CI-ISAC Australia, emphasized the importance of this initiative: “The health and medical sector holds a large amount of incredibly private and personal medical and financial information. We have already seen several high-profile data breaches in the health sector, and the new network can help members reduce their cyber risks. Cyberattacks can also greatly disrupt important health services, and this industry cannot afford interruptions with patients’ wellbeing at stake.”

The Health Cyber Sharing Network will support the healthcare sector and bolster Australia’s broader critical infrastructure. Many critical infrastructure sectors, including healthcare, are interdependent. By participating in the network, healthcare organizations will contribute to improving the overall cyber resilience of Australia’s critical infrastructure.

Strengthening Cybersecurity Resilience

The new Health Cyber Sharing Network aims to better equip Australian healthcare organizations to manage and mitigate cyber threats. The platform will serve as a ‘neighborhood watch’ for the health sector, where organizations can exchange cybersecurity intelligence and collaborate to identify and respond to threats more efficiently.

Lieutenant General Michelle McGuinness CSC, the National Cyber Security Coordinator, expressed the strategic importance of this initiative: “We have seen in recent years the very real impact that healthcare-related cyberattacks can have on millions of Australians. Increasing threat information sharing contributes to the prevention of cyberattacks and builds resilience.”

The Australian Government’s funding is seen as an important step in achieving the nation’s goal of becoming a global leader in cybersecurity by 2030. McGuinness further noted, “Many in the healthcare sector would know well the philosophy that prevention is better than a cure. This also applies to cybersecurity and is the driving concept behind this grant.”

Invitation for Healthcare Organizations to Join the Network

To launch the Health Cyber Sharing Network, CI-ISAC is inviting eligible Australian healthcare organizations and their suppliers to join the network. As part of the initiative, new members will receive a complimentary 12-month CI-ISAC membership, which will provide them with access to a wealth of cybersecurity threat intelligence from across Australia’s critical infrastructure sectors.

By joining the network, healthcare organizations will benefit from closed-source, cross-sectoral cyber threat intelligence shared by other CI-ISAC members, which include organizations with high cyber maturity. This collaboration will improve the detection and response times to cyber threats, ultimately enhancing the security posture of Australian healthcare organizations.

A Trusted Platform for Collaboration

CI-ISAC, as a not-for-profit organization, facilitates collaboration between organizations within a trusted, industry-led environment. This includes the bi-directional sharing of cyber threat intelligence, which is essential for improving cybersecurity across Australia’s critical sectors. The new funding will allow CI-ISAC to expand its educational efforts, offering training on mitigating cyber threats, cyber and insider threat awareness, attack surface monitoring, and improving cyber incident response plans (CIRPs).

The broader cybersecurity ecosystem benefits as well, as CI-ISAC’s members span across 11 critical infrastructure sectors, including government, education, energy, water, telecommunications, and more. Existing members include major organizations such as Google Cloud AU, NBN, DXC Technology, and Transgrid. As the network grows, the value of cross-sector sharing will continue to increase, improving the ability of healthcare organizations to act swiftly and decisively when cyber threats are detected.

“The value for all sectors increases exponentially as more participants join the trusted network and share their own insights,” said Sandell. “Cross-sector sharing improves incident detection and response times, enabling health organizations and their suppliers to act more swiftly on threats observed in other industries.”

Conclusion

This initiative marks an important step forward in protecting the health sector’s sensitive data and ensuring the continued delivery of critical health services. The Australian Government’s $6.4 million grant to CI-ISAC Australia demonstrates the growing importance of cybersecurity within the healthcare sector. The Health Cyber Sharing Network is positioned to become a cornerstone in Australia’s broader strategy to strengthen its cybersecurity resilience and ensure the safety of its most sensitive data in the digital age.

The post Australia’s Health Sector Receives $6.4 Million Cybersecurity Boost with New Threat Information-Sharing Network appeared first on Cyble.

Blog – Cyble – ​Read More

Our cyber threat analysts detected and explored a number of malware campaigns this January. Here are the three most dangerous attacks dissected with the aid of ANY.RUN’s Interactive Sandbox and Threat Intelligence Lookup. 

Fake YouTube links redirect users to phishing pages 

Original post on X 

Using the Uniform Resource Identifier authority (URI), phishers obfuscate links and place a legitimate resource address, like http://youtube, at the beginning of URLs to deceive users and make the link appear authentic and safe.   

Not just YouTube is getting abused. We’ll keep monitoring and sharing the details with you, so your company can make effective decisions to address the threat. 

Watch how the attack unveils in our Interactive Sandbox and gather IOCs for setting up your security systems. 
 
View analysis

Use this search request in TI Lookup to find more sandbox sessions and enforce the protection of your business by fine-tuning malware detection in your network:  
 
commandLine:”youtube.com%” 

• Technically, the URI Scheme replaces the userinfo field (user:pass) with a domain name: foo:// <user:pass> @ domain . Zone. 

• Storm 1747 domain infrastructure — checkers, redirectors and main pages — has a standard template for Tycoon 2FA phishkit installed.  

• The technique of replacing user info is also employed by various other phishing kits, such as Mamba 2FA and EvilProxy. 

To study the behavior and indicators of all these malware samples, use ANY.RUN’s Interactive Sandbox.  

Phishers use fake online shops with surveys to steal credit card information 

Original post on X 

The new phishing scheme we named FoxWhoops targets American e-commerce customers with fake sites promising a reward for completing a survey 

The attack utilizes a system of checks. Users who fail them are sent to a Fox News RSS page or a page with a ‘Whoops!’ image. Those who pass the checks are offered to enter their bank card info to purchase the ‘reward’ at a discount.  

 
A number of examples of such attacks have been submitted in our sandbox:  

• Fake Market 

• FoxNews RSS 

• Whoops! 

Checks and redirects:  

1. A script detects scanning by Google, Bing, Baidu, DuckDuckGo, etc.
2. If the first check is passed, the script triggers a redirect 
3. If the second check is passed, the user is redirected to a phishing page with a fake online shop payment form 
4. If the first check fails, the user is redirected to a Fox News RSS feed  
5. If the second check fails, the ‘Whoops’ page is displayed.  

Possible attack scenarios based on these steps:

• Phishing scenario: 1 → 2 → 3. A phishing survey with a ‘reward’ after a small payment in a fake store. Credit card info stolen. 
• Evasion scenario: 1 → 4. If the victim fails the first check, they are redirected to what appears to be a Fox News RSS feed. The URL includes a ‘q’ parameter that specifies the reason for the redirect, such as:  “IP provider is blacklisted! ASN-CXA-ALL-CCI-22773-RDC“. 
• Placeholder scenario: 1 → 2 → 5. Users are shown a placeholder page.  

Examine the attack’s mechanics to facilitate employee security training in your organization and prevent social engineering attempts with ANY.RUN’s Sandbox! 

A SystemBC client is targeting Linux-based platforms

Original post on X 

The Linux version of SystemBC proxy implant is potentially designed for internal corporate services. It is commonly used to target corporate networks, cloud servers, and even IoT devices. 

This Remote Access Trojan is designed to maintain encrypted communication with C2 servers, using the same custom protocol, ensuring connection to a unified infrastructure of both Windows and Linux implants.   

A proxy implant within a victim’s infrastructure is a crucial tool for attackers, allowing for lateral movement and pivoting without deploying additional detectable tools, further evading detection on the host. 

This version is more stealthy and far more dangerous. Samples do not have clear family detection by security vendors. 

Take a look at the Linux version analysis in the sandbox:  

To respond effectively, use ANY.RUN’s Linux virtual machine and quickly detect malicious communication with in-depth network traffic insights, powered by advanced Suricata rules from our experts. 

Conclusion 

The cyber threat landscape this January was marked by sophisticated and varied attack strategies targeting individuals and organizations alike. From phishing schemes exploiting trusted platforms to deceptive fake online shops, hackers demonstrated increasing ingenuity and adaptability. 

Organizations must remain vigilant and proactive by leveraging tools such as ANY.RUN’s Interactive Sandbox and Threat Intelligence Lookup to identify and analyze threats in real time. Staying informed and prepared is the key to safeguarding critical assets in this ever-changing digital battlefield. 

About ANY.RUN

ANY.RUN helps more than 500,000 cybersecurity professionals worldwide. Our interactive sandbox simplifies malware analysis of threats that target both Windows and Linux systems. Our threat intelligence products, TI Lookup, YARA Search, and Feeds, help you find IOCs or files to learn more about the threats and respond to incidents faster.

Request free trial of ANY.RUN’s services → 

The post 3 Major Cyber Attacks in January 2025 appeared first on ANY.RUN’s Cybersecurity Blog.

ANY.RUN’s Cybersecurity Blog – ​Read More