The Australian Capital Territory government has fallen victim to a vulnerability in Barracuda’s email security gateway (ESG), according to a statement from the territory’s chief digital officer Bettina Konti. While Konti stated that there is a possibility of personal information having been impacted, a full harms assessment has yet to be undertaken. The issue was first detected on 19 May, when Barracuda identified the CVE-2023-2838 vulnerability and ultimately released two patches to address the issue. The vendor later noted that the earliest known exploitation of the bug was traced back to October 2022.
On 6 June, Barracuda warned that impacted devices needed to be replaced urgently due to the vulnerability found in a module that screens incoming email attachments. The same day, the ACT government revealed that it was dealing with a security breach. However, the administration has confirmed that it has resolved the issue by rebuilding the affected Barracuda system to ensure no ongoing vulnerabilities existed. The Australian Cyber Security Centre is collaborating with the ACT government and Barracuda Networks for the investigation.
The ACT government is confident that it has contained the cybersecurity breach, and it is now undertaking a harms assessment to assess the full extent of the impact on its systems and any data accessed. However, citizens have been instructed that they can continue to use ACT government online systems without problem. Updates on the incident are expected to be shared through a dedicated page on an ongoing basis.
The incident is the latest in a series of cybersecurity breaches to hit government departments. With high-value information and sensitive data stored within government agencies, the importance of ensuring that systems are secure and vulnerabilities are patched is paramount. The news comes as the Australian government launches a campaign to encourage companies to report data breaches, highlighting the importance of collaboration between government and business to thwart cybersecurity incidents. The government’s warning to businesses is aligned with broader efforts to tackle cybercrime in Australia, where concerns over state-sponsored actors and cyber espionage activities are growing.
Furthermore, as businesses continue to leverage technology to streamline their business activities, the sophistication and frequency of cyber attacks are also on the rise. As a result, organizations must prioritize cybersecurity measures to protect both data and the business’ reputation. Cybersecurity incidents can be immensely damaging to the bottom line and a business’ relationship with customers; therefore, early detection of suspicious activity and prompt action is vital to minimize any impact. The recent cybersecurity incident in the ACT highlights this fact, with the government keen to emphasize the action it took to rapidly contain and rectify the issue. Moving forward, organizations globally must remain vigilant against the threat of cyber attacks and ensure they have robust systems and processes in place to foil assaults.