Australia has announced the creation of a Cyber Incident Review Board, a move aimed at strengthening the country’s ability to respond to and learn from major cyberattacks. The initiative places Australia among a small group of jurisdictions globally that have formalised independent review mechanisms to assess significant cyber incidents and improve long-term resilience. The Cyber Incident Review Board will conduct no-fault, post-incident reviews of major cybersecurity events affecting both government and private sector organisations. Rather than assigning blame, the board’s mandate is to identify systemic gaps and generate actionable recommendations to improve how Australia prevents, detects and responds to cyber threats. Established under the Cyber Security Act 2024, the board is a central element of the government’s 2023-2030 Australian Cyber Security Strategy. The broader goal is to position Australia as one of the most cyber secure nations by the end of the decade, supported by resilient infrastructure, prepared communities and stronger industry practices. Officials said the Cyber Incident Review Board will focus on extracting lessons from incidents and translating them into practical steps that can reduce the likelihood and impact of future attacks.

Cyber Incident Review Board Brings Leaders From Cross-Sector 

The government has appointed a panel of senior cybersecurity and industry leaders to the Cyber Incident Review Board. The board will be chaired by Narelle Devine, Global Chief Information Security Officer at Telstra. Other members include Debi Ashenden of the University of New South Wales, Valeska Bloch from Allens, Jessica Burleigh of Boeing Australia, Darren Kane from NBN Co, Berin Lautenbach of Toll Group and Nathan Morelli from SA Power Networks. The group brings experience across cybersecurity operations, legal frameworks, governance, national security and critical infrastructure. Authorities said this mix is designed to ensure independent, credible advice that reflects both technical and policy realities.

Government Emphasises Learning Over Blame

Australia’s Minister for Cyber Security Tony Burke said the Cyber Incident Review Board will play a key role in ensuring continuous improvement in national cyber defence. “We know that cyber attacks are constant. This guarantees we learn from every attack and keep increasing our resilience,” Burke said in a statement. He added that the board will examine major cybersecurity incidents, develop findings and provide recommendations that can be applied across sectors. The no-fault model is intended to encourage cooperation from affected organisations, while still producing insights that can benefit the wider ecosystem.

Response Shaped by Recent High-Profile Cyberattacks

The creation of the Cyber Incident Review Board follows a series of major cyber incidents in Australia, including breaches involving health insurer Medibank and telecom provider Optus. These events exposed sensitive customer data and triggered widespread public concern, increasing pressure on the government to strengthen cybersecurity oversight. By introducing structured post-incident reviews, authorities aim to ensure that lessons from such breaches are not lost and can inform future preparedness efforts.

How Australia’s Approach Compares Globally

Australia’s Cyber Incident Review Board aligns with similar efforts internationally but includes some distinct features. The European Union has established a comparable mechanism under its Cyber Solidarity Act, tasking the EU Agency for Cybersecurity with reviewing significant cross-border incidents. However, that framework has yet to be tested in practice. In the United States, a cyber safety review board has already examined several incidents, including a high-profile breach involving Microsoft. That report pointed to avoidable security failures and called for cultural and leadership changes within the company, prompting CEO Satya Nadella to prioritise security across operations. However, earlier U.S. reviews, such as those into the Log4j vulnerability and the Lapsus$ group, were criticised for lacking focus and impact. Analysts noted that broader, less targeted reviews made it harder to drive accountability or meaningful change.

Stronger Powers to Ensure Participation

One notable difference in Australia’s model is its ability to compel organisations to provide information if they decline to participate voluntarily. This marks a shift from the U.S. approach, which relied on cooperation from affected entities. Experts have argued that such powers could improve the depth and accuracy of findings, ensuring that the Cyber Incident Review Board has access to critical data when analysing incidents. At the same time, the framework stops short of allowing flexible expansion of board membership for specialised cases, an idea that has been suggested in international policy discussions.

Focus on Long-Term Cyber Preparedness

The Cyber Incident Review Board is expected to become a key mechanism in shaping Australia’s cybersecurity posture over the coming years. By systematically reviewing incidents and sharing lessons across sectors, the government hopes to build a more coordinated and resilient defence against evolving cyber threats. With cyberattacks continuing to target critical infrastructure, businesses and public services, the success of the Cyber Incident Review Board will likely depend on its ability to translate insights into measurable improvements across the national ecosystem.

The APRA AI risk warning has placed banks, insurers, and superannuation trustees on alert as Australia’s financial regulator calls for a significant uplift in how artificial intelligence is governed across the sector. The Australian Prudential Regulation Authority has stated that current governance, risk management, and operational resilience practices are not keeping pace with the rapid adoption of AI. In a letter to regulated entities, APRA said the APRA AI risk warning follows a targeted supervisory review conducted late last year across major financial institutions. The review assessed how AI is being deployed and governed across the industry and found widening gaps between technology adoption and risk control frameworks.

APRA AI Risk Warning on Governance and Operational Gaps

The APRA AI risk warning highlights that AI is increasingly being embedded into operational systems, customer services, and decision-making tools across regulated entities. While adoption is accelerating, APRA observed that governance structures have not matured at the same speed. According to the regulator, assurance practices remain fragmented, particularly in areas involving cyber security, data protection, procurement, and operational resilience. The APRA AI risk warning notes that many organisations are still relying on traditional risk management approaches that are not designed for AI-driven systems. Another key concern raised in the APRA AI risk warning is the limited visibility over how AI models are trained, updated, or modified when embedded within third-party platforms. This lack of transparency, APRA said, reduces the ability of institutions to fully assess risks linked to model behaviour and system dependencies.

Board Oversight Gaps Highlighted in APRA Warning

The APRA AI risk warning also draws attention to board-level oversight challenges. While boards show strong interest in AI-driven productivity and customer service improvements, many still lack sufficient technical understanding to effectively challenge management decisions. APRA observed that some boards are heavily reliant on vendor summaries and presentations rather than detailed internal assessments of AI risk exposure. The APRA AI risk warning stresses that this creates blind spots in governance, particularly when dealing with unpredictable model outputs and operational risks.

AI Risk Warning Flags Cyber and Concentration Risks

Cybersecurity is a major focus of the APRA AI risk warning, with APRA noting that advanced AI models could significantly increase the speed and scale of cyberattacks. The regulator specifically referenced frontier AI models that may assist malicious actors in identifying system vulnerabilities more efficiently. The APRA AI risk warning also highlights growing concentration risk, where institutions depend heavily on single AI providers across multiple use cases. APRA cautioned that insufficient contingency planning in such scenarios could create operational vulnerabilities if service disruptions occur.

Fragmented Risk Management Systems

A key theme in the APRA AI risk warning is the fragmented nature of current risk management frameworks. AI-related risks often cut across multiple domains, including cyber security, privacy, procurement, and operational risk. However, APRA found that existing systems are not always integrated enough to manage these overlaps effectively. The regulator said this fragmentation limits the ability of financial institutions to gain a complete view of AI-related exposure and weakens overall assurance mechanisms.

Expectations for Stronger Controls

APRA Member Therese McCarthy Hockey stated that financial institutions must adapt quickly to manage emerging risks while continuing to leverage AI for efficiency and service improvements. She noted that while AI presents significant opportunities, organisations must ensure their systems are capable of identifying and responding to vulnerabilities at a pace matching AI-driven threats. The APRA AI risk warning outlines expectations for boards to maintain sufficient understanding of AI systems, set clear risk appetite frameworks, and ensure stronger oversight of third-party dependencies. APRA also expects clearer triggers for intervention when systems do not operate as intended.

Ongoing Supervisory Focus

The APRA AI risk warning confirms that while no new regulatory requirements are being introduced at this stage, APRA expects immediate improvements in how institutions manage AI-related risks. The regulator has indicated that it will continue to monitor AI adoption closely and may consider further policy action if necessary. APRA also stated it will continue engaging with domestic and international regulators to assess emerging risks linked to AI technologies and their impact on financial system stability.

This blog is now closed

• Hundreds of petrol stations across Australia run out of fuel as Albanese inks supply deal with Singapore

• SA premier warns One Nation poses threat to federal Labor as Marles says party only ‘about stunts and the vibe’

• Get our breaking news email, free app or daily news podcast

The pollies have been asked this morning whether people should consider working from home to save fuel, as conflict escalates in the Middle East.

Tehran has said it will “irreversibly destroy” essential infrastructure across the Middle East, including vital water systems, if the US follows through on Donald Trump’s threat to “obliterate” Iran’s power plants unless the strait of Hormuz is fully opened within two days.

This is like Covid style restrictions I think that are potentially being floated. I would not support that in any way, and I don’t think businesses would do so either …

If people can work from home and they want to and it works for their employers, fine, I think that’s terrific, but it doesn’t help small businesses. It certainly doesn’t help the truckers and the fishers and the farmers and the manufacturers and the miners that are relying on fuel supply.

Continue reading...

© Photograph: Mick Tsikas/AAP

© Photograph: Mick Tsikas/AAP

© Photograph: Mick Tsikas/AAP

When Australia's cyber watchdog issued a fresh advisory on INC Ransom, security teams worldwide are bound to take note — not because INC is new, but because the group's business model has quietly made it one of 2025's most relentless forces targeting the very networks societies depend on to survive.

Australia's Cyber Security Centre (ACSC), part of the Australian Signals Directorate (ASD), published the advisory warning that INC Ransom's affiliate model now enables a broad range of threat actors to target critical infrastructure — from healthcare systems to government networks — with minimal technical skill of their own.

INC Ransom operates as a Ransomware-as-a-Service (RaaS) group. It is a criminal franchise model where core developers build and maintain the ransomware platform, then lease it to "affiliates" who carry out the actual attacks in exchange for a cut of the ransom. Think of it as a dark-web franchise. The brand, tools, and infrastructure belong to INC; the break-ins happen through hired hands.

As of mid-2025, more than 200 victims appeared on INC's data leak site, and in July 2025, INC ranked as the most deployed ransomware based on victim postings. That scale does not happen by accident. It reflects a deliberate expansion through affiliates who carry existing access and expertise from other groups.

Also read: Cyberattack on ControlNET: INC Ransom Group Claims Breach of Building Technology Provider

Prime Focus on Healthcare

Healthcare organizations bore the brunt of INC's activity between January and August 2025, with education, technology, and government entities also ranking among the top victim sectors.

"Since January 2025, the ACSC has observed INC Ransom affiliates target Australian Health Care sector entities using compromised accounts. Upon initial access, affiliates have conducted privilege escalation by creating admin level accounts and moving laterally within victim networks," the advisory said. In June, the Tongan Ministry of Health (MoH) ICT environment was attacked by a ransomware that impacted core services and disrupted the national health care network. ACSC said, this was also the work of INC ransomware group as was an attack on a healthcare sector entity further down south in New Zealand. "Many of the organisation’s servers and endpoint devices had been encrypted, and a large amount of data was stolen. INC Ransom claimed responsibility for this incident, and published the dataset on its DLS (data leak site)," ACSC confirmed.

Exploits Known Vulnerabilities

INC affiliates do not reinvent the wheel. They exploit known, unpatched vulnerabilities in widely deployed enterprise software. Documented entry points include CVE-2023-3519 in Citrix NetScaler — a remote code execution flaw patched in July 2023 — CVE-2023-48788, a SQL injection vulnerability in Fortinet Endpoint Management Server, and CVE-2024-57727, a SimpleHelp RMM path traversal flaw added to CISA's Known Exploited Vulnerabilities catalog in February 2025.

INC Ransom also used CitrixBleed (CVE-2023-4966), a vulnerability in Citrix NetScaler ADC and Gateway appliances that lets threat actors bypass multifactor authentication and hijack legitimate user sessions. In practical terms, an attacker does not need stolen credentials. They can walk through the front door using a session that already has authorization.

Once inside, INC affiliates follow a disciplined playbook. They archive data with 7-Zip before exfiltrating it via MegaSync, use AES encryption, and drop ransom notes printed directly to network printers. The group then applies double extortion — encrypting systems while threatening to publish stolen data publicly unless the victim pays.

In one high-profile case, INC Ransom claimed a breach of the Pennsylvania Office of the Attorney General in August 2025, stating it removed more than 5 terabytes of data and hinted at access to federal networks. The office refused to pay.

Also read: Ahold Delhaize USA Confirms Data Stolen in 2024 Cyberattack

The group's reach does not stop at U.S. borders. INC Ransom targeted Alder Hey Children's NHS Foundation Trust in the U.K., claiming to have obtained large-scale patient records, donor reports, and procurement data. This pattern of targeting public-sector healthcare — institutions with constrained security budgets and life-critical dependencies — reflects a calculated predatory strategy.

Microsoft Threat Intelligence tracks significant INC affiliate activity through a group it calls Vanilla Tempest, which adopted INC Ransom as its primary payload in August 2024 after previously using BlackCat, Quantum Locker, Zeppelin, and Rhysida. The fluidity between groups showcases a core feature of the RaaS model where affiliates shop for the most effective tools and swap them out when law enforcement pressure mounts.

Australia now mandates that organizations with annual turnover above $3 million, as well as critical infrastructure operators, report ransomware or extortion payments within 72 hours — a regulatory shift designed to erode the financial incentives that sustain groups like INC.

The ACSC advisory recommends network defenders prioritize patching of internet-facing systems, implement phishing-resistant multifactor authentication, segment networks to limit lateral movement, and monitor for unusual use of legitimate administrative tools such as PowerShell and Remote Desktop Protocol (RDP).

Given that INC ransomware elements have also been linked to the development of Lynx ransomware — a derivative group — the threat footprint extends well beyond INC's own branding. Defenders who neutralize INC today may face the same code under a different name tomorrow.

A youX breach exposed sensitive borrower data in Australia, including over 200,000 driver’s licence numbers, raising fraud and phishing risks.

The post Over 200K Australian Driver’s Licences Exposed in youX Cyber Breach appeared first on TechRepublic.

Cybersecurity budgets are rising across APAC, but CIOs and CISOs still face board scrutiny. Here’s why cybersecurity ROI remains hard to prove.

The post Why Rising Cybersecurity Spend Still Isn’t Convincing Boards on ROI in APAC appeared first on TechRepublic.

As governments consider mandatory CCTV in early education, one big provider with cameras already installed is yet to formalise guidelines for how the footage will be stored and used

• Get our breaking news email, free app or daily news podcast

In the wake of horrifying reports last week alleging that eight children had been sexually abused by a worker in a Melbourne childcare centre, politicians and providers have scrambled to offer a response.

One option emerged from the fray as something concrete and immediate: the installation of CCTV cameras in childcare centres.

Sign up for Guardian Australia’s breaking news email

Continue reading...

© Composite: Getty

© Composite: Getty

© Composite: Getty