Search
  • Avantia Threat Update

21 HOURS AND YOUR TOAST!

Updated: Aug 18, 2020



THIS PAST WEEK:

Research Finding confirm that Phishing Campaigns, from First to Last victim take only 21 hours on average; Second Hand phone buyers at risk of compromise; Broken Link Hijacking explained; Major Ransomware attack at Cannon; 2019 Cyber Resilience Report reveals major data protection weaknesses worldwide; Ransomware hits everywhere from small towns to multinational corporations and tech giants; How to add protection against nation state actors and major breaches in JAPAN; FRANCE; UNITED KINGDOM; UNITED STATES; CANADA and AUSTRALIA.


Dark Web ID’s Top Threats

Top Source Hits: ID Theft Forum

Top Compromise Type: Domain

Top Industry: Education & Research

Top Employee Count: 501+

________________________________________________________________________

PHISHING CAMPAIGNS, FROM FIRST TO LAST VICTIM, TAKE AROUND 21 HOURS ON AVERAGE - RESEARCH FINDINGS.

A mixed team of security researchers from Google, PayPal, Samsung, and Arizona State University has spent an entire year analyzing the phishing landscape and how users interact with phishing pages. In a mammoth project that involved analyzing 22,553,707 user visits to 404,628 phishing pages, the research team has been able to gather some of the deepest insights into how phishing campaigns work. "We find that the average phishing attack spans 21 hours between the first and last victim visit, and that the detection of each attack by anti-phishing entities occurs on average nine hours after the first victim visit," the research team wrote in a report they are scheduled to present at the USENIX security conference this month. "Once detected, a further seven hours elapse prior to peak mitigation by browser-based warnings."The research team calls this interval between the start of the campaign and the deployment of phishing warnings inside browsers the "golden hours" of a phishing attack -- when attackers make most of their victims. But the research team says that once the golden hours end, the attacks continue to make victims, even after browser warnings are deployed via systems like Google's Safe Browsing API. "Alarmingly, 37.73% of all victim traffic within our dataset took place after attack detection," researchers said. Further, researchers also analyzed user interactions on the phishing pages. They said that 7.42% of the victims entered credentials in the phishing forms, and eventually suffered a breach or fraudulent transaction on their account. On average, crooks would attempt to breach user accounts and perform fraudulent transactions 5.19 days after the user visited the phishing site, on average, and victim credentials would end up in public dumps or criminal portals after 6.92 days after the user visited the phishing page. But while researchers analyzed more than 400,000 phishing sites, they said that the vast majority of phishing campaigns weren't really that effective, and that just a handful of phishing operators/campaigns accounted for most of the victims. "We found that the top 10% largest attacks in our dataset accounted for 89.13% of targeted victims and that these attacks proved capable of effectively defeating the ecosystem's mitigations in the long term," they wrote in the report. Researchers said that some campaign remained active as long as nine months, while making tens of thousands of victims, using nothing more than "off-the-shelf phishing kits on a single compromised domain name [phishing site]." The study's findings are conclusive with what Sherrod DeGrippo, Sr. Director, Threat Research and Detection at Proofpoint, told ZDNet in an interview this week. DeGrippo said that Proofpoint usually tracks around 12 million credential phishing attacks per month and that the best threat actors focus on evasion tactics to avoid getting detected, knowing this would keep their campaigns running for longer, and prolong the "golden hours." "In terms of evasion, this is something the credential phish threat actors absolutely work hard on," DeGrippo said. The academic team blamed the current state of affairs on the reactive nature of anti-phishing defenses, which are usually slow in detecting phishing attacks. However, researchers also blamed the lack of collaboration between industry partners, urging the different anti-phishing entities to work together more. "Cross-industry and cross-vendor collaboration certainly makes all entities stronger against phishing and other attacks," DeGrippo also added, echoing the study's conclusion. However, the Proofpoint exec also says that entities outside the anti-phishing and cyber-security world also need to pitch in, as well. "Additional effectiveness also involves domain registrars, encryption cert providers, and hosting companies to complete abuse takedowns, which can be a challenge as providers can be resource-restrained. "Stopping phishing attacks is vital to help protect organizations worldwide and industry collaboration, insight sharing, and action, such as blocking cred phish from reaching victims, is essential," DeGrippo said.


IN THE MARKET FOR A SECOND-HAND PHONE? CHECH IT’S STILL SUPPORTED BY THE MAKER - ALMOST 1/3 ARE NOT - THAT MEANS NO SECURITY UPDATES WHICH PUTS USERS AT RISK OF COMPROMISE.

An investigation by consumer watchdog Which? has found that nearly a third of all phones sold on second-hand sites are no longer supported by the vendor, leaving punters at risk of being hacked. The publication found that 31 per cent of all phones sold via CeX no longer receive security patches. For musicMagpie and SmartFoneStore, those numbers are 20 per cent and 17 per cent respectively. As a result of the findings, musicMagpie has withdrawn all unsupported units from sale. SmartFoneStore has pledged to warn customers about abandoned mobiles. So far, there's no word from high-street tech buyer CeX. It's not uncommon for smartphone manufacturers to cease providing software updates after just a year. This is most keenly observed in the Android sphere. To Apple's credit, it continues to support devices as old as the 2015 iPhone 6s. Google has tried to address this problem with the Android One program, which is described as the "gold standard" of the platform. It guarantees three years of updates and two operating system upgrades. However, it has a significant flaw insofar as it's entirely voluntary. Moreover, the decentralised nature of Android means that users are largely at the mercy of vendors, who are perversely incentivised to discontinue devices before their natural lifespan. The logic follows that the shorter the lifespan, the sooner the upgrade. Unfortunately, existing consumer law doesn't compel vendors to provide patches for a predetermined period of time, as Professor Alan Woodward, a computer science and security specialist at the University of Surrey, lamented. Woodward said he thinks it's necessary for governments to take regulatory action, and it's looking more likely that they will. Recent advances in "right to repair" law give credence to this. As an alternative, there could be a market solution that sees punters fork out for additional updates beyond the predetermined lifespan of a product, similar to how Microsoft sells extended support for old versions of Windows. Javvad Malik, security awareness advocate at KnowBe4, argued that the onus is on manufacturers and resellers to ensure punters are aware of the risks of using unsupported kit. "Manufacturers and retailers need to be transparent with consumers as to how long software updates will be available for. This should explain in clear terms what this means to the consumer in terms of security, and in terms of usability. "Another approach that is touted is for manufacturers to open-source old code or place code in escrow, so that when the software is no longer officially supported, or the manufacturer goes out of business, someone else can take the code and continue support." Regardless of the eventual approach taken, something needs to be done. Speaking to The Register, F-Secure's Fennel Aurora, a global partner product advocate, said the problem predominantly impacts those on lower incomes. "Most smartphones on the market are not the high-end all-inclusive models," he said. "Rather, most people are limited to cheaper models, which in general have a shorter time to programmed obsolescence, have a much shorter software support duration and are more likely to come pre-installed with privacy-invasive applications." Liviu Arsene, global cybersecurity researcher at BitDefender, added that those who buy second-hand devices are arguably more motivated by cost, and may lack the technical nous to identify and understand security threats. "It's likely that for users who opt for purchasing refurbished devices with end-of-life versions of Android, security might not be a priority," he said. "These could be affordable devices for less tech-savvy family members that only use basic functions, such as calling and texting, and not for power users looking for productivity features. "However, unpatched devices are a security and privacy risk for both the owner and other family members. Since Android devices are equipped with sensors like camera, microphone, GPS, and are even used for online shopping, successful compromise could lead to much more than financial data theft, but also potential extortion and surveillance."


WARNING: WHAT IS BROKEN LINK HIJACKING?

Broken link hijacking (BLH) is a type of web attack. It exploits external links that are no longer valid. If your website or web application uses resources loaded from external URLs or points to such resources and these resources are no longer there (for example due to an expired domain), attackers can exploit these links to perform defacement, impersonation, or even to launch cross-site scripting attacks. If your company uses an external link shortening service, for example, to include short links in tweets, it may be possible that the link shortener goes out of business after some time and is no longer valid. This means that all your old links are now broken.

If an attacker purchases the domain used by the link shortening service that went out of business, they can substitute your original content with their own malicious content. Twitter and other social media sites often automatically ‘parse’ (to divide into grammatical parts and identify the parts and their relations to each other.) such links and include any visual content such as a video. Therefore, the attacker could include offensive videos in all your old posts. Another danger associated with expired domains is impersonation. If you own a domain and do not extend the registration of that domain, all links that include this domain may be used by an attacker, for example, to launch attacks relying on your reputation or to take over social media accounts registered using this expired domain. Many websites and web applications use scripts loaded from external resources. These may be, for example, used to integrate with an external traffic analyzer similar to Google Analytics. If the traffic analyzer company goes out of business, this leaves a broken JavaScript link in your pages. If an attacker takes over the domain of the external traffic analyzer, they can now place malicious scripts that will be automatically loaded by your web pages with every visit. This becomes a stored cross-site scripting attack that may have serious consequences. Broken links are often overlooked by penetration testers. For example, when top HackerOne researchers were asked whether they look for broken links as part of bug bounty programs, a majority of them answered that they don’t. Most web vulnerability scanners also don’t check for broken links. Acunetix is one of the very few web vulnerability scanners that you can use to check for potential broken link hijacking as well as thousands of other web vulnerabilities and misconfigurations


CANNON SUFFERS RANSOMWARE ATTACK, MAZE CLAIMS RESPONSIBILITY

A reported ransomware attack suffered by Canon appears to have been confirmed by an internal memo, with Maze threat actors taking the credit.  As reported by Bleeping Computer, a six-day outage beginning July 30 on the image.canon website, a service for uploading and storing photos through Canon's mobile applications, led to suspicions that a cyberattack may have taken place.  While now service has resumed, in the website's last status update, Canon revealed that an issue "involving 10GB of data storage" was under investigation, leading to the temporary suspension of related mobile apps and the online platform.  Canon said that "some of the photo and image files" saved prior to June 16 were "lost," but in the same breath, insisted that there "was no leak of image data."  "Currently, the still image thumbnails of these lost image files can be viewed but not downloaded or transferred," the company said. "If a user tries to download or transfer a still image thumbnail file, an error may be received." This, in itself, may suggest nothing more than a technical issue with back-end servers. However, at the same time, an internal memo obtained by the publication warned employees of "company-wide" IT issues, including apps, Microsoft Teams, and email.  It is believed that Maze is to blame, after the threat group said they had stolen 10TB in data after launching a successful ransomware attack against the tech giant.  Maze, however, denied responsibility for the image.canon issues, and so the timing of the outage and the ransomware infection may simply be coincidental. Another memo sent internally suggested a "ransomware incident" had occurred, and a third-party cyberforensics company has been hired to investigate.  Maze operators use a form of ransomware that generally targets enterprise companies. The group's malware encrypts networks and a ransom note is then displayed, with exhortation attempts sometimes reaching thousands of dollars -- far more than could be asked for by targeting individuals or the general public. The group's operus morandi is to exfiltrate sensitive, corporate information and threaten to release it unless payment is made.  Canon said the company is "currently investigating the situation." Earlier this week, for example, Maze published gigabytes of data belonging to LG and Xerox after both companies refused to bow to blackmail.  Ransomware, however, was not deployed on LG's network. Speaking to ZDNet, the group said they simply infiltrated LG and stole information instead, deciding to withhold ransomware deployment as LG clients were "socially significant." Xerox has remained quiet when it comes to the incident. Back in May, delivery network Pitney Bowes suffered a ransomware attack caused by the same cybercriminals. At the time, Maze published a set of screenshots online as evidence of network intrusion, having encrypted the firm's IT systems in the quest for a ransom payment. 

IT GOVERNANCE’S 2019 CYBER RESILIENCE REPORT UNCOVERS MAJOR DATA PROTECTION WEAKNESSES WORLDWIDE.

Anti-malware technology is one of the most basic cyber security mechanisms that organisations should have in place, but according to IT Governance’s 2019 Cyber Resilience Report, 27% of respondents haven’t implemented such measures. This finding is even more surprising given that our customer base is naturally more knowledgeable about information security than the average organisation. Our results represent the most optimistic assessment of organisations’ cyber resilience, so the chances are things are even worse in the wider world. Anti-malware technology isn’t the only area where organisations are neglecting essential cyber security measures. The report also found that:

43% of organisations don’t have a formal information security management program.

An information security management plan provides a comprehensive assessment of the way an organisation addresses data protection risks. It ensures that preventative measures are appropriate to the scale of the risk and that every necessary precaution is being taken. Organisations that lack a formal plan will be tackling security measures piecemeal, if at all.

33% of organisations don’t have documents that state how they plan to protect their physical and information assets.

Without documented plans, it’s impossible to track whether they work and what adjustments are necessary. More to the point, it’s possible that the organisation has no plans in place at all, exposing them to myriad threats.

30% haven’t implemented identity and access controls.

Sensitive information should only be available to those who need it to perform their job, otherwise you run the risk of someone in the organisation using it for malicious purposes.

In some cases, an unauthorised person simply viewing the information is a serious privacy breach. You wouldn’t want everyone at an organisation being able to look at your medical information or political affiliations, for example. That’s why it’s essential to implement controls that ensure that only approved employees can access certain information. Where do these figures come from? The report has its origins in IT Governance’s Cyber Resilience Framework, which was developed last year to help organisations improve their ability to prevent security incidents and respond when disaster strikes. Alan Calder, the founder and executive chairman of IT Governance, said: “Attackers use cheap, freely available tools that are developed as soon as a new vulnerability is identified, producing ever more complex threats, so it is evident that, in the current landscape, total cyber security is unachievable. “An effective cyber resilience strategy is therefore the answer, helping organisations prevent, prepare for and respond to cyber attacks, and ensure they are not only managing their risks but also minimising the business impact.” As part of the framework, we offered a self-assessment questionnaire, which helped organisations see how their existing measures compared to the framework and how much work was necessary to achieve cyber resilience. We collated the results of the self-assessment to create this report, which provides a broader insight into how organisations are addressing cyber security risks and which threats are most commonly overlooked.

______________________________________________________________________________


THREAT FOCUS: Uber Eats - UNITED STATES

https://securityaffairs.co/wordpress/106770/deep-web/ubereats-data-leaked-dark-web.html?web_view=true


Exploit: Unauthorized Database Access

Uber Eats: App-Based Food Delivery Service

Risk to Small Business: 2.691 = Moderate - Security analysts doing routine Dark Web and Deep Web monitoring uncovered a data dump containing details about customers, delivery drivers, and delivery partners for UberEats. The 9 TXT files leaked by the threat actor include login credentials of 579 UberEATS customers and details of 100 delivery drivers. The data includes login credentials, full name, contact number, trip details, bank card details, and, account creation dates.

Individual Risk: 2.377 = Severe - No details about how affected customers and drivers will be informed or any remediation offered have been released. UberEats customers, drivers, and partners should reset their account credentials and be alert for credit card fraud, spear phishing, and identity theft dangers.

Customers Impacted: 679

How it Could Affect Your Business: This breach is especially troubling because it is unacknowledged and it was discovered by Dark Web analysts instead of internal IT, putting in question the company’s transparency about security and attention to small security issues.

Cybersecurity Breach Risk Levels

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: This breach was detected by experts doing Dark Web analysis. Put the power of Dark Web ID to work for your clients detecting and alerting when compromised credentials are discovered. Call 07 30109711 and we will show you in ‘real time’ if you or your staff have had their credentials compromised.

THREAT FOCUS: Summit Medical Associates - UNITED STATES

https://hotforsecurity.bitdefender.com/blog/summit-medical-associates-discloses-ransomware-attack-patient-and-affiliate-information-potentially-impacted-23874.html?web_view=true


Exploit: Ransomware

Summit Medical Associates: Healthcare Provider 

Risk to Small Business: 1.979 = Severe - A data breach has come to light at Summit Health after the Tennessee-based practice group reported that it had experienced an “inability to access certain records” in early June. A tired arty investigator determined that not only was it a ransomware incident, but the cybercriminals had also been able to access to their systems for nearly six months before the breach.

Individual Risk: 2.799 = Moderate - There has been no reported no evidence that patient information was compromised, the affected server did contain patient PII including names, medical information, and Social Security numbers.

Customers Impacted: Unknown

How it Could Affect Your Business:  Cybercriminals had access to this server for six months before anyone noticed. Security awareness, data handling, credential monitoring, and phishing resistance training keep eyes on the ball for cybersecurity, lowering the chance that something like this happens (or persists).

Cybersecurity Breach Risk Levels

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: ID Agent’s digital risk protection platform packs three essential components of an effective, dynamic defense of data and systems. Over 3,000 Cyber Security Companies in 30 countries around the world chose ID Agent to keep their Passwords compliant.   Put the power of ID Agent to work for you by Partnering with us today. Call Avantia on 07 30109711 to find out how we can help.

THREAT FOCUS: The Blacklist Alliance - UNITED STATES

https://krebsonsecurity.com/2020/08/robocall-legal-advocate-leaks-customer-data/?web_view=true


Exploit: Unauthorized Database Access

The Blacklist Alliance: Robocall Legal Advocate

Risk to Small Business: 1.717 = Severe - In an ironic turn of events, The Blacklist Alliance, a company that helps telemarketers dodge lawsuits from violations of the Telephone Consumer Protection Act, has experienced a data breach that leaked the phone numbers, email addresses and passwords of all its customers, as well as mobile phone numbers and data on people who have hired lawyers to go after telemarketers. Thousands of documents, emails, spreadsheets, images, and the names tied to a huge number of mobile phone numbers were freely accessible from the domain theblacklist.click. The directory also included all 388 Blacklist customer API keys, as well as each customer’s phone number, employer, username, and password ( hashed using the MD5 algorithm).

Individual Risk: 1.912 = Severe - Individuals and companies who have done business with The Blacklist Alliance should consider their information at risk for fraud, identity theft, blackmail, or spear phishing attempts.

Customers Impacted: 388+

How it Could Affect Your Business:  A failure to secure PII and other sensitive data in an industry that handles secretive personal matters like this can be disastrous. Not only does it open the company up to legal and reputational risk, but it also risks the company’s ability to keep doing business in an industry that prizes anonymity.

Cybersecurity Breach Risk Levels

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue:  Secure access points to delicate information by adding Single Sign-on with Passly. By assigning each user an individual launchpad, you’re able to control access to sensitive data more carefully – and act faster if the wrong person gets access. Call Avantia on 07 3010 9711 for more information or Email info@avantiacorp.com.au

THREAT FOCUS: CWT Travel - UNITED STATES

https://uk.reuters.com/article/uk-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUKKCN24W26P?&web_view=true


Exploit: Ransomware

CWT: Travel Management 

Risk to Small Business: 1.882 = Severe - CWT reportedly paid an eye-popping $4.5 million to cybercriminals using Ragnar Locker ransomware to decrypt reams of sensitive corporate files and restore 30,000 company computers that were knocked offline. Reportedly, the hackers initially demanded $10 million. Reuters included details and screenshots of the negotiation in a story filed last week. The ransom note left by the hackers claimed to have stolen two terabytes of files, including financial reports, security documents, and employees’ personal data such as email addresses and salary information. 

Individual Risk: No personally identifiable information or financial information was reported as stolen. 

Customers Impacted: Unknown

How it Could Affect Your Business: The most common delivery system for ransomware is a phishing email – and 90% of incidents that end in a data breach start with a phishing email. Boosting phishing resistance is essential to lower the chance of a successful ransomware attack.

Cybersecurity Breach Risk Levels

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: BullPhish ID offers training in 8 languages to get staffers up to speed on today’s phishing threats fast, including video lessons and online testing. Find out more by calling Avantia on 07 30109711 or Email info@avantiacorp.com.au

THREAT FOCUS: Boyce Technologies - UNITED STATES

https://cointelegraph.com/news/ransomware-threatens-production-of-300-ventilators-per-day?web_view=true


Exploit: Ransomware

Boyce Technologies: Medical Equipment Manufacturer 

Risk to Small Business: 1.407 = Extreme - Essential medical equipment producer Boyce Technologies was attacked with DoppelPaymer ransomware. The company produces about 300 low-cost ventilators per day using human and robotic labor. Microsoft noted that this type of ransomware uses “brute force” against a target company’s systems management server. It has extensively targeted the healthcare sector since the start of the COVID-19 crisis.

Individual Risk: No personal or financial information was reported as compromised.

Customers Impacted: Unknown

How it Could Affect Your Business: Ransomware attacks have grown more sophisticated and more dangerous in 2020, and corporate-level espionage that impacts production has become more prevalent – meaning that companies have to be more cautious about closing security loopholes.

Cybersecurity Breach Risk Levels

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & Huntsman Digital Auditor to the Rescue: Helping SME’s to understand the importance of security is no easy task. With an ‘Essential8’ Digital Security Audit we offer a remote access, independent, ‘real time’ audit of our clients critical operational infrastructure systems to determine where the gaps are, with recommendations for remediation.

Its the first step to real cyber security. Call Avantia’s office on 07 30109711 or visit: https://www.avantiacybersecurity.com/cyber-security-audit

THREAT FOCUS: City of Lafayette, Colorado - UNITED STATES

https://www.securityweek.com/colorado-city-pays-45000-ransom-after-cyber-attack?&web_view=true


Exploit: Ransomware

City of Lafayette, CO: Municipal Government

Risk to Small Business: 2.101 = Severe - The City of Lafayette, CO paid $45k to cybercriminals to restore access to municipal computers after a successful ransomware attack shut municipal networks down including city emails, phones, online payments, and reservation systems. The cost of restoration and the impact of the shutdown on city services impacted the city’s calculations when choosing to pay the ransom or restore from backups.

Individual Risk: 2.801 = Moderate - City officials say that credit card information was not compromised, and there was no evidence that personal data was stolen either, residents should monitor their accounts for suspicious activity as a precaution.

Customers Impacted: Unknown

How it Could Affect Your Business: Ransomware can be so damaging that paying the ransom is less than the cost of recovery. Without adequate protections in place including updates security awareness training and access controls, organizations (and their budgets) can take a big hit from ransomware.

Cybersecurity Breach Risk Levels

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & Huntsman Digital Auditor to the Rescue: Helping SME’s to understand the importance of security is no easy task. With an ‘Essential8’ Digital Security Audit we offer a remote access, independent, ‘real time’ audit of our clients critical operational infrastructure systems to determine where the gaps are, with recommendations for remediation. Its the first step to real cyber security. Call Avantia’s office on 07 30109711 or visit: https://www.avantiacybersecurity.com/cyber-security-audit

THREAT FOCUS: Nova Scotia Health Authority - CANADA

https://www.canadiansecuritymag.com/two-security-breaches-affects-health-information-of-211-people-in-nova-scotia/


Exploit: Unauthorized Database Access

Nova Scotia Health Authority: Healthcare System 

Risk to Small Business: 2.662 = Moderate - Not one but two security breaches at the Nova Scotia Health Authority have been reported as patient data was accessed by unauthorized individuals. The information was reported as “viewed”, but no details were given on how or by whom. The Nova Scotia Health Authority said it had notified the province’s Office of the Information and Privacy Commissioner.

Individual Risk: 2.874 = Moderate - The Authority said that it has notified the small number of patients affected, and did nor report ant financial information as stolen in either incident.

Customers Impacted: 211

How it Could Affect Your Business: Sensitive information, especially medical data, requires an extra level of care for protection – or the company that mishandles it will find themselves paying large fines in addition to other remediation costs. Cybersecurity Breach Risk Levels

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue:  Secure access points to delicate information by adding Single Sign-on with Passly. By assigning each user an individual launchpad, you’re able to control access to sensitive data more carefully – and act faster if the wrong person gets access. Call Avantia on 07 3010 9711 for more information or Email info@avantiacorp.com.au

THREAT FOCUS: British Dental Association - UNITED KINGDOM

https://www.bbc.com/news/technology-53652254?&web_view=true


Exploit: Unauthorized Database Access

British Dental Association: Trade Union for Dentists

Risk to Small Business: 1.866 = Severe - The British Dental Association informed its members that data on a “small fraction” of its membership was exfiltrated in late July. The statement was vague about the cause or impact, and the organization’s website has been down since the attack was reported on 7/30/20. The association is still working to restore its web, telephone, and internal networks following the security breach, and has notified the Information Commissioner’s Office.

Individual Risk: 2.219 = Severe - The organization does not store members’ card details but does hold account numbers and sort codes to collect direct debit payments. The BDA has urged its members to remain vigilant against identity theft or spear phishing attempts.

Customers Impacted: 22,000

How it Could Affect Your Business: When an organization stores the financial information of its members in any capacity, that information needs to be protected – and members need to have confidence in the security of their personal and financial data on file, especially in professional groups or trade unions.

Cybersecurity Breach Risk Levels

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue:  Secure access points to delicate information by adding Single Sign-on with Passly. By assigning each user an individual launchpad, you’re able to control access to sensitive data more carefully – and act faster if the wrong person gets access. Call Avantia on 07 3010 9711 for more information or Email info@avantiacorp.com.au

THREAT FOCUS France – Forsee Power Batteries - FRANCE

https://securityaffairs.co/wordpress/106833/malware/forsee-power-netwalker-ransomware.html?web_view=true


Exploit: Ransomware

Forsee Power: Electromobility Battery Manufacturer  

Risk to Small Business: 1.113 = Severe - Netwalker ransomware is to blame for the leak of extensive business data at the Paris-based battery manufacturer, a world leader in electric mobility device power.  Cybercriminals exposed a directory containing folders such as Accounts Receivable, Finance, Collection Letters, Expenses, and Employees in an image posted to the Netwalker group blog.

Individual Risk: No personal or financial information was reported as stolen in this incident.

Customers Impacted: Unknown

How it Could