21 HOURS AND YOUR TOAST!

THIS PAST WEEK:

Research Finding confirm that Phishing Campaigns, from First to Last victim take only 21 hours on average; Second Hand phone buyers at risk of compromise; Broken Link Hijacking explained; Major Ransomware attack at Cannon; 2019 Cyber Resilience Report reveals major data protection weaknesses worldwide; Ransomware hits everywhere from small towns to multinational corporations and tech giants; How to add protection against nation state actors and major breaches in JAPAN; FRANCE; UNITED KINGDOM; UNITED STATES; CANADA and AUSTRALIA.

Dark Web ID’s Top Threats

Top Source Hits: ID Theft Forum

Top Compromise Type: Domain

Top Industry: Education & Research

Top Employee Count: 501+

________________________________________________________________________

PHISHING CAMPAIGNS, FROM FIRST TO LAST VICTIM, TAKE AROUND 21 HOURS ON AVERAGE - RESEARCH FINDINGS.

A mixed team of security researchers from Google, PayPal, Samsung, and Arizona State University has spent an entire year analyzing the phishing landscape and how users interact with phishing pages. In a mammoth project that involved analyzing 22,553,707 user visits to 404,628 phishing pages, the research team has been able to gather some of the deepest insights into how phishing campaigns work. "We find that the average phishing attack spans 21 hours between the first and last victim visit, and that the detection of each attack by anti-phishing entities occurs on average nine hours after the first victim visit," the research team wrote in a report they are scheduled to present at the USENIX security conference this month. "Once detected, a further seven hours elapse prior to peak mitigation by browser-based warnings."The research team calls this interval between the start of the campaign and the deployment of phishing warnings inside browsers the "golden hours" of a phishing attack -- when attackers make most of their victims. But the research team says that once the golden hours end, the attacks continue to make victims, even after browser warnings are deployed via systems like Google's Safe Browsing API. "Alarmingly, 37.73% of all victim traffic within our dataset took place after attack detection," researchers said. Further, researchers also analyzed user interactions on the phishing pages. They said that 7.42% of the victims entered credentials in the phishing forms, and eventually suffered a breach or fraudulent transaction on their account. On average, crooks would attempt to breach user accounts and perform fraudulent transactions 5.19 days after the user visited the phishing site, on average, and victim credentials would end up in public dumps or criminal portals after 6.92 days after the user visited the phishing page. But while researchers analyzed more than 400,000 phishing sites, they said that the vast majority of phishing campaigns weren't really that effective, and that just a handful of phishing operators/campaigns accounted for most of the victims. "We found that the top 10% largest attacks in our dataset accounted for 89.13% of targeted victims and that these attacks proved capable of effectively defeating the ecosystem's mitigations in the long term," they wrote in the report. Researchers said that some campaign remained active as long as nine months, while making tens of thousands of victims, using nothing more than "off-the-shelf phishing kits on a single compromised domain name [phishing site]." The study's findings are conclusive with what Sherrod DeGrippo, Sr. Director, Threat Research and Detection at Proofpoint, told ZDNet in an interview this week. DeGrippo said that Proofpoint usually tracks around 12 million credential phishing attacks per month and that the best threat actors focus on evasion tactics to avoid getting detected, knowing this would keep their campaigns running for longer, and prolong the "golden hours." "In terms of evasion, this is something the credential phish threat actors absolutely work hard on," DeGrippo said. The academic team blamed the current state of affairs on the reactive nature of anti-phishing defenses, which are usually slow in detecting phishing attacks. However, researchers also blamed the lack of collaboration between industry partners, urging the different anti-phishing entities to work together more. "Cross-industry and cross-vendor collaboration certainly makes all entities stronger against phishing and other attacks," DeGrippo also added, echoing the study's conclusion. However, the Proofpoint exec also says that entities outside the anti-phishing and cyber-security world also need to pitch in, as well. "Additional effectiveness also involves domain registrars, encryption cert providers, and hosting companies to complete abuse takedowns, which can be a challenge as providers can be resource-restrained. "Stopping phishing attacks is vital to help protect organizations worldwide and industry collaboration, insight sharing, and action, such as blocking cred phish from reaching victims, is essential," DeGrippo said.

IN THE MARKET FOR A SECOND-HAND PHONE? CHECH IT’S STILL SUPPORTED BY THE MAKER - ALMOST 1/3 ARE NOT - THAT MEANS NO SECURITY UPDATES WHICH PUTS USERS AT RISK OF COMPROMISE.

An investigation by consumer watchdog Which? has found that nearly a third of all phones sold on second-hand sites are no longer supported by the vendor, leaving punters at risk of being hacked. The publication found that 31 per cent of all phones sold via CeX no longer receive security patches. For musicMagpie and SmartFoneStore, those numbers are 20 per cent and 17 per cent respectively. As a result of the findings, musicMagpie has withdrawn all unsupported units from sale. SmartFoneStore has pledged to warn customers about abandoned mobiles. So far, there's no word from high-street tech buyer CeX. It's not uncommon for smartphone manufacturers to cease providing software updates after just a year. This is most keenly observed in the Android sphere. To Apple's credit, it continues to support devices as old as the 2015 iPhone 6s. Google has tried to address this problem with the Android One program, which is described as the "gold standard" of the platform. It guarantees three years of updates and two operating system upgrades. However, it has a significant flaw insofar as it's entirely voluntary. Moreover, the decentralised nature of Android means that users are largely at the mercy of vendors, who are perversely incentivised to discontinue devices before their natural lifespan. The logic follows that the shorter the lifespan, the sooner the upgrade. Unfortunately, existing consumer law doesn't compel vendors to provide patches for a predetermined period of time, as Professor Alan Woodward, a computer science and security specialist at the University of Surrey, lamented. Woodward said he thinks it's necessary for governments to take regulatory action, and it's looking more likely that they will. Recent advances in "right to repair" law give credence to this. As an alternative, there could be a market solution that sees punters fork out for additional updates beyond the predetermined lifespan of a product, similar to how Microsoft sells extended support for old versions of Windows. Javvad Malik, security awareness advocate at KnowBe4, argued that the onus is on manufacturers and resellers to ensure punters are aware of the risks of using unsupported kit. "Manufacturers and retailers need to be transparent with consumers as to how long software updates will be available for. This should explain in clear terms what this means to the consumer in terms of security, and in terms of usability. "Another approach that is touted is for manufacturers to open-source old code or place code in escrow, so that when the software is no longer officially supported, or the manufacturer goes out of business, someone else can take the code and continue support." Regardless of the eventual approach taken, something needs to be done. Speaking to The Register, F-Secure's Fennel Aurora, a global partner product advocate, said the problem predominantly impacts those on lower incomes. "Most smartphones on the market are not the high-end all-inclusive models," he said. "Rather, most people are limited to cheaper models, which in general have a shorter time to programmed obsolescence, have a much shorter software support duration and are more likely to come pre-installed with privacy-invasive applications." Liviu Arsene, global cybersecurity researcher at BitDefender, added that those who buy second-hand devices are arguably more motivated by cost, and may lack the technical nous to identify and understand security threats. "It's likely that for users who opt for purchasing refurbished devices with end-of-life versions of Android, security might not be a priority," he said. "These could be affordable devices for less tech-savvy family members that only use basic functions, such as calling and texting, and not for power users looking for productivity features. "However, unpatched devices are a security and privacy risk for both the owner and other family members. Since Android devices are equipped with sensors like camera, microphone, GPS, and are even used for online shopping, successful compromise could lead to much more than financial data theft, but also potential extortion and surveillance."

WARNING: WHAT IS BROKEN LINK HIJACKING?

Broken link hijacking (BLH) is a type of web attack. It exploits external links that are no longer valid. If your website or web application uses resources loaded from external URLs or points to such resources and these resources are no longer there (for example due to an expired domain), attackers can exploit these links to perform defacement, impersonation, or even to launch cross-site scripting attacks. If your company uses an external link shortening service, for example, to include short links in tweets, it may be possible that the link shortener goes out of business after some time and is no longer valid. This means that all your old links are now broken.

If an attacker purchases the domain used by the link shortening service that went out of business, they can substitute your original content with their own malicious content. Twitter and other social media sites often automatically ‘parse’ (to divide into grammatical parts and identify the parts and their relations to each other.) such links and include any visual content such as a video. Therefore, the attacker could include offensive videos in all your old posts. Another danger associated with expired domains is impersonation. If you own a domain and do not extend the registration of that domain, all links that include this domain may be used by an attacker, for example, to launch attacks relying on your reputation or to take over social media accounts registered using this expired domain. Many websites and web applications use scripts loaded from external resources. These may be, for example, used to integrate with an external traffic analyzer similar to Google Analytics. If the traffic analyzer company goes out of business, this leaves a broken JavaScript link in your pages. If an attacker takes over the domain of the external traffic analyzer, they can now place malicious scripts that will be automatically loaded by your web pages with every visit. This becomes a stored cross-site scripting attack that may have serious consequences. Broken links are often overlooked by penetration testers. For example, when top HackerOne researchers were asked whether they look for broken links as part of bug bounty programs, a majority of them answered that they don’t. Most web vulnerability scanners also don’t check for broken links. Acunetix is one of the very few web vulnerability scanners that you can use to check for potential broken link hijacking as well as thousands of other web vulnerabilities and misconfigurations

CANNON SUFFERS RANSOMWARE ATTACK, MAZE CLAIMS RESPONSIBILITY

A reported ransomware attack suffered by Canon appears to have been confirmed by an internal memo, with Maze threat actors taking the credit.  As reported by Bleeping Computer, a six-day outage beginning July 30 on the image.canon website, a service for uploading and storing photos through Canon's mobile applications, led to suspicions that a cyberattack may have taken place.  While now service has resumed, in the website's last status update, Canon revealed that an issue "involving 10GB of data storage" was under investigation, leading to the temporary suspension of related mobile apps and the online platform.  Canon said that "some of the photo and image files" saved prior to June 16 were "lost," but in the same breath, insisted that there "was no leak of image data."  "Currently, the still image thumbnails of these lost image files can be viewed but not downloaded or transferred," the company said. "If a user tries to download or transfer a still image thumbnail file, an error may be received." This, in itself, may suggest nothing more than a technical issue with back-end servers. However, at the same time, an internal memo obtained by the publication warned employees of "company-wide" IT issues, including apps, Microsoft Teams, and email.  It is believed that Maze is to blame, after the threat group said they had stolen 10TB in data after launching a successful ransomware attack against the tech giant.  Maze, however, denied responsibility for the image.canon issues, and so the timing of the outage and the ransomware infection may simply be coincidental. Another memo sent internally suggested a "ransomware incident" had occurred, and a third-party cyberforensics company has been hired to investigate.  Maze operators use a form of ransomware that generally targets enterprise companies. The group's malware encrypts networks and a ransom note is then displayed, with exhortation attempts sometimes reaching thousands of dollars -- far more than could be asked for by targeting individuals or the general public. The group's operus morandi is to exfiltrate sensitive, corporate information and threaten to release it unless payment is made.  Canon said the company is "currently investigating the situation." Earlier this week, for example, Maze published gigabytes of data belonging to LG and Xerox after both companies refused to bow to blackmail.  Ransomware, however, was not deployed on LG's network. Speaking to ZDNet, the group said they simply infiltrated LG and stole information instead, deciding to withhold ransomware deployment as LG clients were "socially significant." Xerox has remained quiet when it comes to the incident. Back in May, delivery network Pitney Bowes suffered a ransomware attack caused by the same cybercriminals. At the time, Maze published a set of screenshots online as evidence of network intrusion, having encrypted the firm's IT systems in the quest for a ransom payment. 

IT GOVERNANCE’S 2019 CYBER RESILIENCE REPORT UNCOVERS MAJOR DATA PROTECTION WEAKNESSES WORLDWIDE.

Anti-malware technology is one of the most basic cyber security mechanisms that organisations should have in place, but according to IT Governance’s 2019 Cyber Resilience Report, 27% of respondents haven’t implemented such measures. This finding is even more surprising given that our customer base is naturally more knowledgeable about information security than the average organisation. Our results represent the most optimistic assessment of organisations’ cyber resilience, so the chances are things are even worse in the wider world. Anti-malware technology isn’t the only area where organisations are neglecting essential cyber security measures. The report also found that:

43% of organisations don’t have a formal information security management program.

An information security management plan provides a comprehensive assessment of the way an organisation addresses data protection risks. It ensures that preventative measures are appropriate to the scale of the risk and that every necessary precaution is being taken. Organisations that lack a formal plan will be tackling security measures piecemeal, if at all.

33% of organisations don’t have documents that state how they plan to protect their physical and information assets.

Without documented plans, it’s impossible to track whether they work and what adjustments are necessary. More to the point, it’s possible that the organisation has no plans in place at all, exposing them to myriad threats.

30% haven’t implemented identity and access controls.

Sensitive information should only be available to those who need it to perform their job, otherwise you run the risk of someone in the organisation using it for malicious purposes.

In some cases, an unauthorised person simply viewing the information is a serious privacy breach. You wouldn’t want everyone at an organisation being able to look at your medical information or political affiliations, for example. That’s why it’s essential to implement controls that ensure that only approved employees can access certain information. Where do these figures come from? The report has its origins in IT Governance’s Cyber Resilience Framework, which was developed last year to help organisations improve their ability to prevent security incidents and respond when disaster strikes. Alan Calder, the founder and executive chairman of IT Governance, said: “Attackers use cheap, freely available tools that are developed as soon as a new vulnerability is identified, producing ever more complex threats, so it is evident that, in the current landscape, total cyber security is unachievable. “An effective cyber resilience strategy is therefore the answer, helping organisations prevent, prepare for and respond to cyber attacks, and ensure they are not only managing their risks but also minimising the business impact.” As part of the framework, we offered a self-assessment questionnaire, which helped organisations see how their existing measures compared to the framework and how much work was necessary to achieve cyber resilience. We collated the results of the self-assessment to create this report, which provides a broader insight into how organisations are addressing cyber security risks and which threats are most commonly overlooked.

______________________________________________________________________________

THREAT FOCUS: Uber Eats - UNITED STATES

https://securityaffairs.co/wordpress/106770/deep-web/ubereats-data-leaked-dark-web.html?web_view=true

Exploit: Unauthorized Database Access

Uber Eats: App-Based Food Delivery Service

Risk to Small Business: 2.691 = Moderate - Security analysts doing routine Dark Web and Deep Web monitoring uncovered a data dump containing details about customers, delivery drivers, and delivery partners for UberEats. The 9 TXT files leaked by the threat actor include login credentials of 579 UberEATS customers and details of 100 delivery drivers. The data includes login credentials, full name, contact number, trip details, bank card details, and, account creation dates.

Individual Risk: 2.377 = Severe - No details about how affected customers and drivers will be informed or any remediation offered have been released. UberEats customers, drivers, and partners should reset their account credentials and be alert for credit card fraud, spear phishing, and identity theft dangers.

Customers Impacted: 679

How it Could Affect Your Business: This breach is especially troubling because it is unacknowledged and it was discovered by Dark Web analysts instead of internal IT, putting in question the company’s transparency about security and attention to small security issues.

Cybersecurity Breach Risk Levels

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.

Avantia Cyber Security & ID Agent to the Rescue: This breach was detected by experts doing Dark Web analysis. Put the power of Dark Web ID to work for your clients detecting and alerting when compromised credentials are discovered. Call 07 30109711 and we will show you in ‘real time’ if you or your staff have had their credentials compromised.

THREAT FOCUS: Summit Medical Associates - UNITED STATES

https://hotforsecurity.bitdefender.com/blog/summit-medical-associates-discloses-ransomware-attack-patient-and-affiliate-information-potentially-impacted-23874.html?web_view=true

Exploit: Ransomware

Summit Medical Associates: Healthcare Provider 

Risk to Small Business: 1.979 = Severe - A data breach has come to light at Summit Health after the Tennessee-based practice group reported that it had experienced an “inability to access certain records” in early June. A tired arty investigator determined that not only was it a ransomware incident, but the cybercriminals had also been able to access to their systems for nearly six months before the breach.

Individual Risk: 2.799 = Moderate - There has been no reported no evidence that patient information was compromised, the affected server did contain patient PII including names, medical information, and Social Security numbers.

Customers Impacted: Unknown

How it Could Affect Your Business:  Cybercriminals had access to this server for six months before anyone noticed. Security awareness, data handling, credential monitoring, and phishing resistance training keep eyes on the ball for cybersecurity, lowering the chance that something like this happens (or persists).

Cybersecurity Breach Risk Levels

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.

Avantia Cyber Security & ID Agent to the Rescue: ID Agent’s digital risk protection platform packs three essential components of an effective, dynamic defense of data and systems. Over 3,000 Cyber Security Companies in 30 countries around the world chose ID Agent to keep their Passwords compliant.   Put the power of ID Agent to work for you by Partnering with us today. Call Avantia on 07 30109711 to find out how we can help.

THREAT FOCUS: The Blacklist Alliance - UNITED STATES

https://krebsonsecurity.com/2020/08/robocall-legal-advocate-leaks-customer-data/?web_view=true

Exploit: Unauthorized Database Access

The Blacklist Alliance: Robocall Legal Advocate

Risk to Small Business: 1.717 = Severe - In an ironic turn of events, The Blacklist Alliance, a company that helps telemarketers dodge lawsuits from violations of the Telephone Consumer Protection Act, has experienced a data breach that leaked the phone numbers, email addresses and passwords of all its customers, as well as mobile phone numbers and data on people who have hired lawyers to go after telemarketers. Thousands of documents, emails, spreadsheets, images, and the names tied to a huge number of mobile phone numbers were freely accessible from the domain theblacklist.click. The directory also included all 388 Blacklist customer API keys, as well as each customer’s phone number, employer, username, and password ( hashed using the MD5 algorithm).

Individual Risk: 1.912 = Severe - Individuals and companies who have done business with The Blacklist Alliance should consider their information at risk for fraud, identity theft, blackmail, or spear phishing attempts.

Customers Impacted: 388+

How it Could Affect Your Business:  A failure to secure PII and other sensitive data in an industry that handles secretive personal matters like this can be disastrous. Not only does it open the company up to legal and reputational risk, but it also risks the company’s ability to keep doing business in an industry that prizes anonymity.

Cybersecurity Breach Risk Levels

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.

Avantia Cyber Security & ID Agent to the Rescue:  Secure access points to delicate information by adding Single Sign-on with Passly. By assigning each user an individual launchpad, you’re able to control access to sensitive data more carefully – and act faster if the wrong person gets access. Call Avantia on 07 3010 9711 for more information or Email info@avantiacorp.com.au

THREAT FOCUS: CWT Travel - UNITED STATES

https://uk.reuters.com/article/uk-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUKKCN24W26P?&web_view=true

Exploit: Ransomware

CWT: Travel Management 

Risk to Small Business: 1.882 = Severe - CWT reportedly paid an eye-popping $4.5 million to cybercriminals using Ragnar Locker ransomware to decrypt reams of sensitive corporate files and restore 30,000 company computers that were knocked offline. Reportedly, the hackers initially demanded $10 million. Reuters included details and screenshots of the negotiation in a story filed last week. The ransom note left by the hackers claimed to have stolen two terabytes of files, including financial reports, security documents, and employees’ personal data such as email addresses and salary information. 

Individual Risk: No personally identifiable information or financial information was reported as stolen. 

Customers Impacted: Unknown

How it Could Affect Your Business: The most common delivery system for ransomware is a phishing email – and 90% of incidents that end in a data breach start with a phishing email. Boosting phishing resistance is essential to lower the chance of a successful ransomware attack.

Cybersecurity Breach Risk Levels

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.

Avantia Cyber Security & ID Agent to the Rescue: BullPhish ID offers training in 8 languages to get staffers up to speed on today’s phishing threats fast, including video lessons and online testing. Find out more by calling Avantia on 07 30109711 or Email info@avantiacorp.com.au

THREAT FOCUS: Boyce Technologies - UNITED STATES

https://cointelegraph.com/news/ransomware-threatens-production-of-300-ventilators-per-day?web_view=true

Exploit: Ransomware

Boyce Technologies: Medical Equipment Manufacturer 

Risk to Small Business: 1.407 = Extreme - Essential medical equipment producer Boyce Technologies was attacked with DoppelPaymer ransomware. The company produces about 300 low-cost ventilators per day using human and robotic labor. Microsoft noted that this type of ransomware uses “brute force” against a target company’s systems management server. It has extensively targeted the healthcare sector since the start of the COVID-19 crisis.

Individual Risk: No personal or financial information was reported as compromised.

Customers Impacted: Unknown

How it Could Affect Your Business: Ransomware attacks have grown more sophisticated and more dangerous in 2020, and corporate-level espionage that impacts production has become more prevalent – meaning that companies have to be more cautious about closing security loopholes.

Cybersecurity Breach Risk Levels

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.

Avantia Cyber Security & Huntsman Digital Auditor to the Rescue: Helping SME’s to understand the importance of security is no easy task. With an ‘Essential8’ Digital Security Audit we offer a remote access, independent, ‘real time’ audit of our clients critical operational infrastructure systems to determine where the gaps are, with recommendations for remediation.

Its the first step to real cyber security. Call Avantia’s office on 07 30109711 or visit: https://www.avantiacybersecurity.com/cyber-security-audit

THREAT FOCUS: City of Lafayette, Colorado - UNITED STATES

https://www.securityweek.com/colorado-city-pays-45000-ransom-after-cyber-attack?&web_view=true

Exploit: Ransomware

City of Lafayette, CO: Municipal Government

Risk to Small Business: 2.101 = Severe - The City of Lafayette, CO paid $45k to cybercriminals to restore access to municipal computers after a successful ransomware attack shut municipal networks down including city emails, phones, online payments, and reservation systems. The cost of restoration and the impact of the shutdown on city services impacted the city’s calculations when choosing to pay the ransom or restore from backups.

Individual Risk: 2.801 = Moderate - City officials say that credit card information was not compromised, and there was no evidence that personal data was stolen either, residents should monitor their accounts for suspicious activity as a precaution.

Customers Impacted: Unknown

How it Could Affect Your Business: Ransomware can be so damaging that paying the ransom is less than the cost of recovery. Without adequate protections in place including updates security awareness training and access controls, organizations (and their budgets) can take a big hit from ransomware.

Cybersecurity Breach Risk Levels

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.

Avantia Cyber Security & Huntsman Digital Auditor to the Rescue: Helping SME’s to understand the importance of security is no easy task. With an ‘Essential8’ Digital Security Audit we offer a remote access, independent, ‘real time’ audit of our clients critical operational infrastructure systems to determine where the gaps are, with recommendations for remediation. Its the first step to real cyber security. Call Avantia’s office on 07 30109711 or visit: https://www.avantiacybersecurity.com/cyber-security-audit

THREAT FOCUS: Nova Scotia Health Authority - CANADA

https://www.canadiansecuritymag.com/two-security-breaches-affects-health-information-of-211-people-in-nova-scotia/

Exploit: Unauthorized Database Access

Nova Scotia Health Authority: Healthcare System 

Risk to Small Business: 2.662 = Moderate - Not one but two security breaches at the Nova Scotia Health Authority have been reported as patient data was accessed by unauthorized individuals. The information was reported as “viewed”, but no details were given on how or by whom. The Nova Scotia Health Authority said it had notified the province’s Office of the Information and Privacy Commissioner.

Individual Risk: 2.874 = Moderate - The Authority said that it has notified the small number of patients affected, and did nor report ant financial information as stolen in either incident.

Customers Impacted: 211

How it Could Affect Your Business: Sensitive information, especially medical data, requires an extra level of care for protection – or the company that mishandles it will find themselves paying large fines in addition to other remediation costs. Cybersecurity Breach Risk Levels

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.

Avantia Cyber Security & ID Agent to the Rescue:  Secure access points to delicate information by adding Single Sign-on with Passly. By assigning each user an individual launchpad, you’re able to control access to sensitive data more carefully – and act faster if the wrong person gets access. Call Avantia on 07 3010 9711 for more information or Email info@avantiacorp.com.au

THREAT FOCUS: British Dental Association - UNITED KINGDOM

https://www.bbc.com/news/technology-53652254?&web_view=true

Exploit: Unauthorized Database Access

British Dental Association: Trade Union for Dentists

Risk to Small Business: 1.866 = Severe - The British Dental Association informed its members that data on a “small fraction” of its membership was exfiltrated in late July. The statement was vague about the cause or impact, and the organization’s website has been down since the attack was reported on 7/30/20. The association is still working to restore its web, telephone, and internal networks following the security breach, and has notified the Information Commissioner’s Office.

Individual Risk: 2.219 = Severe - The organization does not store members’ card details but does hold account numbers and sort codes to collect direct debit payments. The BDA has urged its members to remain vigilant against identity theft or spear phishing attempts.

Customers Impacted: 22,000

How it Could Affect Your Business: When an organization stores the financial information of its members in any capacity, that information needs to be protected – and members need to have confidence in the security of their personal and financial data on file, especially in professional groups or trade unions.

Cybersecurity Breach Risk Levels

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.

Avantia Cyber Security & ID Agent to the Rescue:  Secure access points to delicate information by adding Single Sign-on with Passly. By assigning each user an individual launchpad, you’re able to control access to sensitive data more carefully – and act faster if the wrong person gets access. Call Avantia on 07 3010 9711 for more information or Email info@avantiacorp.com.au

THREAT FOCUS France – Forsee Power Batteries - FRANCE

https://securityaffairs.co/wordpress/106833/malware/forsee-power-netwalker-ransomware.html?web_view=true

Exploit: Ransomware

Forsee Power: Electromobility Battery Manufacturer  

Risk to Small Business: 1.113 = Severe - Netwalker ransomware is to blame for the leak of extensive business data at the Paris-based battery manufacturer, a world leader in electric mobility device power.  Cybercriminals exposed a directory containing folders such as Accounts Receivable, Finance, Collection Letters, Expenses, and Employees in an image posted to the Netwalker group blog.

Individual Risk: No personal or financial information was reported as stolen in this incident.

Customers Impacted: Unknown

How it Could Affect Your Business: Sensitive business data is valuable – and it sells for a pretty penny on the Dark Web. Smart companies use Dark Web monitoring to stay on guard against the exposure of sensitive credentials and information on the Dark Web.

Cybersecurity Breach Risk Levels

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.

Avantia Cyber Security & Huntsman Digital Auditor to the Rescue: Helping SME’s to understand the importance of security is no easy task. With an ‘Essential8’ Digital Security Audit we offer a remote access, independent, ‘real time’ audit of our clients critical operational infrastructure systems to determine where the gaps are, with recommendations for remediation. Its the first step to real cyber security. Call Avantia’s office on 07 30109711 or visit: https://www.avantiacybersecurity.com/cyber-security-audit

THREAT FOCUS: Canon - JAPAN

https://www.bleepingcomputer.com/news/security/canon-confirms-ransomware-attack-in-internal-memo/

Exploit: Ransomware

Canon: Optical and Imaging Products Manufacturer 

Risk to Small Business: 2.231 = Severe - International equipment behemoth Canon reported in a letter to staffers that it had been the victim of a ransomware attack that Canon impacted numerous services, including Canon’s internal email, Microsoft Teams, USA website, and other essential business applications. The Maze ransomware group has claimed credit for the successful attack and disruption of Canon’s business systems. Maze operators stated that they extracted 10 terabytes of data on private databases in the attack. Canon notes that some users’ still image and video image data stored in its image.canon cloud photo platform involving the 10GB long-term storage option was missing but offered no details as to the type of images that were taken.

Individual Risk: At this time, there is no available information about the nature or provenance of the stolen data.

Customers Impacted: Unknown

How it Could Affect Your Business: Maze ransomware attacks typically start with gaining access to an average employee account and using that to gain access to accounts with greater privilege – and the vast majority of ransomware attacks start off as phishing.

Cybersecurity Breach Risk Levels

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.

Avantia Cyber Security & ID Agent to the Rescue: BullPhish ID offers training in 8 languages to get staffers up to speed on today’s phishing threats fast, including video lessons and online testing. Find out more by calling Avantia on 07 30109711 or Email info@avantiacorp.com.au

THREAT FOCUS: Australia – ProctorU - AUSTRALIA

https://www.itnews.com.au/news/australian-universities-investigate-online-exam-tool-data-breach-551373?&web_view=true

Exploit: Unauthorized Database Access

ProctorU: Online Test Monitoring Service

Risk to Small Business: 1.667 = Severe - A number of Australian universities have been affected by a breach at testing services provider ProctorU. Hackers from the Shiny Hunters group published the stolen database from ProctorU online. The affected universities include the Group of Eight’s University of Sydney, University of NSW, University of Queensland, University of Melbourne, University of Western Australia, and the University of Adelaide, as well as Swinburne University, James Cook University, and Curtin University. The stolen data reportedly contains The data contains usernames, unencrypted passwords, legal names, and full residential addresses of students at the impacted schools.

Individual Risk: 2.871 = Moderate - No financial information was stolen, but student PII was impacted. Students should be cautious of spear phishing attempts using the stolen data

Customers Impacted: 444,267

How it Could Affect Your Business: Ransomware has become the bane of most cybersecurity planners’ existence. By increasing investment in essential security awareness training tools, companies can better protect their data ( and their budgets) from ransomware.

Cybersecurity Breach Risk Levels

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.

Avantia Cyber Security & ID Agent to the Rescue: This breach was detected by experts doing Dark Web analysis. Put the power of Dark Web ID to work for your clients detecting and alerting when compromised credentials are discovered. Call 07 30109711 and we will show you in ‘real time’ if you or your staff have had their credentials compromised.

______________________________________________________________________________

POSTSCRIPT:

QUICKLY STOP SOCIAL ENGINEERING ATTACKS (LIKE THE ONE THAT ‘BIT’ TWITTER) WITH THESE SOLUTIONS:

In the recent Twitter security nightmare, the company’s initial statement attributed the breach to a successful “social engineering attack”. That terminology is becoming fashionable for cybersecurity incidents as companies look for ways to deflect publicity and reputation damage from a breach. By calling an incident a social engineering attack, it makes it seem exotic and dangerous instead of something that can be prevented with improved security awareness – and our solutions can help stop social engineering attacks cold. How does social engineering work in relation to cybersecurity? Social engineering cyberattacks are attempts to breach a company’s security by causing its staffers to respond in a way that opens up a door for cybercriminals to slip inside. Here’s a quick rundown of the popular varieties of digital social engineering attacks:  That classic, 2020’s biggest threat, phishing and spear phishing. 

Water holing, infecting an entire website and subsequently all of its visitors with malware. This is a rare and advanced type.

Pretexting, in this case, a cybercriminal convinces a staffer to give them access to systems and data by masquerading as a trusted source, like a coworker from another department.   How could staffers get caught by a social engineering attempt? The vast majority of cyberattacks that can be classified as social engineering incidents are phishing attacks, just like the Twitter breach. In many cases, it’s a carefully crafted and precisely targeted phishing email that successfully convinces an employee to: 

Share a password with a fake coworker (“Hey, can I get your login for the database? I lost mine and they’re still fixing it.”)  

Grant access to a system to someone who shouldn’t have it (“Hi! This is Jane from Digital. Can I get your login for our content management system? I just need to fix this one thing before the Boss sees it…”) 

Falsely supply a record or credential (“The admin password for SalesForce is still 8675309, right?”) 

Whether it’s a malicious actor or a careless staffer, they’re both likely targets for social engineering attacks. The best way to reduce the chance of success for an attack like this is to use smart access management and security awareness training solutions that keep staffers and systems ready to repulse cybercriminals.  

Don’t let phishing attacks land.

By increasing phishing resistance training with BullPhish ID, you’re not only teaching your staff to be on the lookout for traditional phishing attack vectors like malicious attachments, you’re also increasing their wariness of suspicious messages including links, PDFs, meeting invitations and other potential spear phishing lures. The plug-and-play training kits that BullPhish ID provides are updated monthly.

Don’t fail to authenticate.

The fastest way to stop a cybercriminal from gaining access to your systems and data is to add multi-factor authentication for every account at every sign on. Adding a multifunctional secure identity and access management solution like Passly is the right move. It immediately gets to work, providing multiple options for authentication code or token delivery to ensure that the person logging in with a credential is actually the person who should be logging in with that credential. 

Don’t stop gathering intelligence.

One of the best ways to know if a company is at risk for a potential social engineering attack is Dark Web monitoring. By using Dark Web ID to keep an eye on today’s booming Dark Web markets for domains, email addresses, and other staff credentials, companies can see their risk level for an attack and plan accordingly. 

Throw a wrench in cybercriminals’ social engineering plans.

Today’s attacks are both more frequent and more expensive than ever before – a new cyberattack is launched every 39 seconds. Every company can become more prepared to deflect social engineering attacks by improving essential security awareness protocols, boosting phishing resistance, and adding an extra layer of security at its main access points – and ID Agent’s cost-effective digital risk protection platform is the perfect solution to use to bolster cybersecurity plans to effectively defend against social engineering attacks.  

BOOMING DARK WEB DATA MARKETS ARE DRIVING CRIME:

The pandemic has brought change to every corner of the world – including the Dark Web. Have you taken the time to learn what you need to know about today’s Dark Web to protect your business and your customers?

In order to guard systems and data against Dark Web dangers, you need to understand the way that business is done there – especially in the booming data markets of all kinds. Understanding the Dark Web economy will also help you better protect your customers (and yourself) against insider threats like malicious employees selling access, proprietary information, and specialty services in the hot “as a service” sector.

NATION STATE ACTORS THREATEN COMPANIES WORLDWIDE: Cybersecurity threats and attacks involving nation state actors have been all over the news. From a pattern of suspected state-sponsored cyberattacks in Australia to suspected cyberthreats targeting critical infrastructure in the United States, high-level hacking has become a worldwide concern. While this may not seem like a problem that could affect small to medium-sized businesses, it is. These hackers aren’t just going for the biggest kid on the block. Smarter, more sophisticated hackers are starting from the ground up in a concerted effort to capture credentials and access to providers of essential business services in their webs. By far, the most dangerous cybercrime environment right now is in medical research and development, as companies around the globe race to develop treatments and an eventual vaccine for COVID-19. Recent attempts to steal vaccine research from Moderna can be traced to known Chinese hacking groups. Additional attacks against pharmaceutical companies and researchers can be traced to Russian hacking groups, according to the U.S. National Security Agency. Your customers are reading about these attacks in major publications and seeing growing concern from governments around the world in the media. That’s why you should develop a plan now to increase your data protection – and using that plan to start conversations about increased security with other clients who you think might be at risk.

FBI WARNS AGAINST INCREASED DANGER FROM NETWALKER RANSOMWARE: Ransomware attacks are the monster in the closet that keeps IT teams up at night – and they’re only getting worse. Recently, the US Federal Bureau of Investigation released a new Flash Alert warning about the danger of Netwalker ransomware to businesses and infrastructure, as attacks with this tool ramp up. Companies of all sizes are at risk for ransomware attacks of this nature, especially in the healthcare, infrastructure, defense, or technology sectors. Netwalker ransomware has also been used to disrupt production lines, as unfortunately happened to a manufacturer of respirators urgently needed in the fight against COVID-19. To add to your defenses quickly, upgrade the protection on the access points to your data and systems by adding a secure identity and access management solution. Passly is an affordable and effective tool that combines multi-factor authentication and single sign-on to create a more secure gateway to the heart of your business.

Adding a dynamic tool like Passly strengthens your defense against cybercrime like ransomware and password hacking fast. Passly deploys in days, not weeks – because in today’s fast-evolving threat atmosphere, no business has time to wait and see what cybercriminals are up to next.

______________________________________________________________________________

AVANTIA CYBER SECURITY - PARTNER FOCUS

ID Agent provides a comprehensive set of threat intelligence and identity monitoring solutions to private and public sector organizations and to millions of individuals impacted by cyber incidents. The company's flagship product, Dark Web ID, combines human and sophisticated Dark Web intelligence with capabilities to identify, analyse and monitor for compromised or stolen employee and customer data, mitigating exposure to clients’ most valuable assets – their digital identity. 

FOR MORE INFORMATION ON IT GOVERNANCE PLEASE CONTACT AVANTIA CYBER SECURITY ON +61 7 30109711 / info@avantiacorp.com.a

______________________________________________________________________________

Disclaimer*:

Avantia Corporate Services Pty Ltd T/A Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, other members of the 5 Eyes Alliance, the Australian Cyber Security Centers, and other sources in 56 countries who provide cyber breach and cyber security information in real time. Given their international focus and experience in the cyberspace arena we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the contents accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.

*COPYRIGHT 2020* Avantia Corporate Services - All Rights Reserved.

(467,545)