Major Cyber Incidents: Brydens Lawyers Breach, ASIC's Action Against FIIG Securities, and Ballista Botnet Threat

In recent developments, a prominent Sydney law firm, Brydens Lawyers, suffered a significant cyberattack resulting in the theft of over 600 gigabytes of sensitive data. Simultaneously, the Australian Securities and Investments Commission (ASIC) has initiated legal action against FIIG Securities for prolonged cybersecurity failures that led to a massive data breach affecting thousands of clients. Additionally, a new botnet named Ballista is exploiting vulnerabilities in TP-Link routers, posing risks to organizations worldwide. These incidents underscore the critical importance of robust cybersecurity measures across all sectors. Welcome to the Don’t Be A Sitting Duck Podcast, I’m Leigh Kefford—let’s dive in.

Brydens Lawyers, a leading law firm in Sydney, experienced a cyber incident in late February 2025, leading to unauthorised access to some data on its servers. The breach reportedly resulted in the theft of over 600 gigabytes of data related to the firm, its clients, and cases.

The attack involved unauthorised access to the firm’s servers, compromising sensitive client and case information. Such breaches in the legal sector can have severe implications, including exposure of confidential client data and potential legal ramifications for the firm.

TAKE ACTION:

Law firms should implement comprehensive cybersecurity strategies, including regular security assessments, employee training on data protection, and robust incident response plans to mitigate the impact of potential breaches.

ASIC Lawsuit against FIIG

The Australian Securities and Investments Commission (ASIC) has filed a lawsuit against FIIG Securities, alleging systemic and prolonged cybersecurity failures from March 2019 to June 2023. These failures allegedly enabled a hacker to infiltrate FIIG’s IT network, resulting in the theft of approximately 385 gigabytes of confidential data, affecting around 18,000 clients.

The hacker reportedly remained undetected within FIIG’s network for nearly three weeks, exfiltrating sensitive customer information, including personal identification and financial details. Such incidents highlight the necessity for financial institutions to maintain vigilant and robust cybersecurity measures to protect client data and maintain trust.

Financial institutions must regularly review and update their cybersecurity protocols, conduct thorough risk assessments, and ensure compliance with regulatory standards to safeguard against potential cyber threats.

TP-LINK Vulnerability

A new IoT botnet, dubbed Ballista, has emerged, exploiting a remote code execution vulnerability in TP-Link Archer routers. Active since January 2025, Ballista has targeted organisations across various sectors, including manufacturing, healthcare, services, and technology, with approximately 33% of the attacks directed at U.S. organizations.

The botnet leverages a command injection vulnerability (CVE-2023-1389) in TP-Link routers, allowing attackers to gain control over compromised devices. This exploitation underscores the risks associated with unpatched or outdated network devices within organisational infrastructures.

TAKE ACTION:

Organisations should ensure all network devices, including routers, are regularly updated with the latest firmware patches. Implementing network segmentation and continuous monitoring can further mitigate risks associated with such vulnerabilities.