O'Brien Group Australia Targeted by Lockbit3 Ransomware Group

O'Brien Group Australia, a leading hospitality, entertainment, and leisure company in Australia and New Zealand, has been targeted by the ransomware group Lockbit3. The attack was announced on the group's dark web leak site, and the victim's website is https://www.obriengroupaustralia.com.au/. The company operates in the Real Estate sector and has been a significant player in the industry for over 30 years, owning and operating many of Australasia's premier venues.

Company Overview

O'Brien Group is one of Australia and New Zealand's largest privately owned hospitality, entertainment, and leisure companies, with over 6,500 employees and serving 16 million customers annually. The company's venues include The Gabba in Brisbane, O'Brien Icehouse in Melbourne, GMHBA Stadium in Geelong, Eden Park in Auckland, Heritage Bank Stadium on the Gold Coast, Adelaide Showground in Adelaide, Cumberland Lorne in Lorne, Prince Alfred Hotel in Melbourne, The Imperial Bourke Street in Melbourne, and Grosvenor House in Brisbane.

Philanthropic Initiatives

O'Brien Group Australia is known for its philanthropic support and community events held at its venues. Some of the initiatives include partnerships with Hear and Say, a world-leading Paediatric Auditory-Verbal and cochlear implant centre, and the KIDS Foundation, which operates for 25 years and has a number of successful programs dedicated to injury prevention and recovery. The company also supports Homeless Connect, an event that brings together service providers from the government and community sector to provide homeless people with a day of entertainment, personal care, and access to support services.

Vulnerabilities and Threat Landscape

In 2022, 46 organizations operating in Australia were named on ransomware data leak sites, with Lockbit and ALPHV (aka BlackCat) ransomware groups targeting 20 Australian victims. The ransomware threat landscape in Australia saw the discovery of new ransomware families like Bianlian, BlogXX, and Royal, as well as the targeting of organizations by initial access brokers such as QakBot, IcedID, BazarLoader, and BumbleBee. Remote access to organizations due to employees and other individuals working remotely also opened more pathways for threat actors, leading to ransomware incidents.

Response and Mitigation

The Australian Cyber Security Center and the Victorian Police have formed a special team to investigate the ransomware attack on O'Brien Group Australia. The company has not yet released a public statement regarding the attack or its response.

O'Brien Group Australia's ransomware attack highlights the need for organizations to be vigilant against cyber threats, particularly in the hospitality, entertainment, and leisure sectors. The company's size, industry position, and philanthropic initiatives make it a valuable target for threat actors. Organizations should prioritize cybersecurity measures, such as implementing multi-factor authentication, session timeouts, and threat management functions, to mitigate the risk of ransomware attacks.

Sources

• O'Brien Group Australia
• NZ Herald
• That Intel Blog
• Worldwide Ransomware Activity, January 2021 - September 2022
• Stuff
• Cybersecurity Insiders