Qilin ransomware hit Nissan’s Creative Box studio, stealing 4TB of data including vehicle designs, financial records, and VR tech. The breach threatens Nissan’s IP and global operations.
US-based pharmaceutical research organisation Inotiv has confirmed a significant ransomware attack by the Qilin group, disrupting operations and leading to the encryption of critical systems. The attack has impacted business continuity, with the data breach still under investigation.
Australian internet provider iiNet confirms major data breach affecting 280,000+ customers after hackers used stolen employee credentials to access order management system. TPG CEO apologises "unreservedly" as investigation continues.
Australia’s Big Four banks including Commonwealth Bank, ANZ, NAB and Westpac have been hit by a major cybercrime wave. Over 31,000 customer credentials were stolen using infostealer malware, prompting urgent upgrades in bank security, fraud detection and digital protection.
Australia's financial sector confronts a serious challenge from sophisticated cybercrime. Recent investigations expose a widespread campaign using infostealer malware to harvest banking credentials from thousands of Australians. This credential theft activity, targeting customers and staff of the nation's major banks, underscores the critical need for enhanced bank security Australia wide, for both institutions and individuals. The National Anti Scam Centre reported a significant rise in related financial losses, with phishing scams costing Australians $11.1 million in the first quarter of 2025 alone, a 200% increase year over year.
Since 2021, cybercriminals compromised over 31,000 customer passwords and nearly 100 staff logins across Australia's Big Four banks: Commonwealth Bank, Westpac, ANZ, and NAB. Security firm Dvuln reports specific credential exposures traded online, estimating figures near 14,000 for CommBank, 7,000 for ANZ, 5,000 for NAB, and 4,000 for Westpac. This stolen data enables fraud and creates pathways for severe cybersecurity threats.
Critically, investigations confirm this wave of credential theft originates not from direct bank system breaches, but from malware infections on users' personal devices. Infostealer malware, often spread via phishing or malicious links, silently extracts sensitive information like passwords, financial details, and browser data from compromised computers and increasingly, mobile devices. This method bypasses many traditional security layers focused solely on institutional networks, making endpoint security vital.
The Australian Banking Association (ABA) CEO Anna Bligh emphasized this point:
"Keeping customers secure online is the top priority for Australia's banks... [The issue] relates to data being accessed from personal devices... and not from any breach of bank security systems."
The compromise of staff credentials presents an acute risk, potentially allowing attackers initial access to bank networks.
Australian banks actively combat these cybersecurity threats through significant investment in security infrastructure and continuous monitoring. As CNC previously reported, Commonwealth Bank leverages artificial intelligence extensively, analyzing millions of daily payments to flag suspicious transactions and proactively issue thousands of alerts to customers, contributing to reported reductions in fraud incidents. Banks routinely implement multifactor authentication and advise customers on safe practices to bolster bank security Australia wide.
Innovation is central to the response. ANZ recently announced passwordless banking for its ANZ Plus platform, an Australian first reducing reliance on passwords vulnerable to theft.
"By introducing this change, we’re helping prevent customer log in details from the risk of data breaches or phishing attacks – providing an extra layer of protection,"
explained ANZ Group Executive Australia Retail, Maile Carnegie. This approach, using biometrics or device PINs, directly addresses risks from the infostealer malware campaign.
While banks invest heavily in security, the prevalence of infostealer malware targeting personal devices means individual vigilance is crucial. Here are key steps you can take to enhance your bank security
The ongoing Australian banking cybercrime situation requires a combined effort involving institutional defenses, technological innovation like AI fraud detection and passwordless banking, and heightened user awareness to protect financial information.
Cyber incidents in the Asia-Pacific have surged 29% in the past year, with Australia facing major breaches at the University of Western Australia and Qantas. Manufacturing is the top target, deepfakes are on the rise, and experts warn the region is in a digital arms race demanding urgent action.
ASIO’s $12.5 billion espionage warning is more than a tally of stolen secrets. It reveals a national digital crisis. With 24 major spy operations disrupted and identity systems exposed, Australia’s critical infrastructure and social services face a growing risk of collapse from unseen cyber threats.
Singapore is responding to a cyberattack by UNC3886, a China-linked espionage group targeting critical infrastructure. Minister K. Shanmugam confirmed the threat is serious and ongoing, as the CSA leads investigations to protect national services from long-term disruption.
Australia has become one of the first countries to mandate AS IEC 62443 standards by law, transforming healthcare cybersecurity into a legal obligation. The move marks a critical shift toward operational resilience and positions patient safety at the center of cyber strategy.
Where cybersecurity meets innovation, the CNC team delivers AI and tech breakthroughs for our digital future. We analyze incidents, data, and insights to keep you informed, secure, and ahead. Sign up for free!
