Search
  • Avantia Threat Update

The world - A hacker's playground

Updated: Aug 10, 2018

This week there was a lot of attention in the media about dark web markets and what’s bought and sold in these shady marketplaces. You, and your IT people can't stop it and can't ignore it - its here to stay.




This week a social media nostalgia app was breached exposing the PII (personally identifiable information) of at least 21 million individuals, due to lack of 2FA (two factor authentication), while Macy’s Department Store was hit with a breach where credit card data was accessed.


Highlights:

1. Pedal to the metal! Petrol stolen in broad daylight hack.

2. Tracking military workouts worldwide!

3. Major Department store falls victim to a breach.

4. Social Media Agregator wishes it could turn back time for more security!


Dead Men Do Tell Tales

Hackers on the Dark Web have always sold medical records, as they are valued much higher than credit card info or PII (personally identifiable information). Researchers found this week that Cyber Criminals in these dark corners of the deep web are also selling medical records of deceased patients, with one ‘seller’ claiming to have 60,000 available for purchase. The records for sale include name, SSN, Address, zip code, phone number, birthday, sex, insurance and even date of death. What ever happened to respecting the dead?


Classified Documents sold for $200


The U.S. military can’t escape the Dark Web either! A lot of military documents have turned up on dark web markets after a hacker, with only a moderate level of technical skill, was able to access a captain’s computer through a previously-disclosed FTP vulnerability (File Transfer Protocol - a piece of software that lets you download files from the server, as well as upload files to it.) Some of the documents were classified, and all of them contain sensitive data about military tactics or hardware. One of the documents is a maintenance book for the MQ-9 Reaper drone which is regarded as one of the deadliest drones used by the United States military. How much money will classified U.S. military documents fetch on the Dark Web? $200. That says a lot about how much information is available for criminals to buy.


A $10 Key into Your Network

Remote access to IT systems is a competitive market on the Dark Web, with some running an interest to criminals for as low as $10! Some of these forums have tens of thousands of compromised systems available for Cyber Criminals to choose from, across all versions of Windows and at places such as international airports, hospitals and governments.


Fueled Up


This week in Detroit, two suspects managed to steal over 600 gallons of petrol after hacking the petrol pump. The fuel was worth about $1,800 and was taken in broad daylight over the course of 90 minutes. At least 10 cars benefited from the hack and the police are at a complete loss on who conducted the hack.


Fitness App Turned Finder App


A fitness tracking app hailing from Finland has disabled their global activity map after it was revealed it could be used to track the geolocation of military personnel. The map showed the biking and running routes of its users, but also included the usernames of each person, allowing one to cross-reference the username with other websites and possibly identify the person’s name.


Sex Appall 


A twist on a classic email scam has appeared this week, with the classic ‘sextortion’ scam getting an upgrade. Now rather than just an intimidation email where targeted parties pay up out of fear of friends and family finding out what they do privately, the email also includes a password.


THREAT FOCUS – Macy’s Department Store USA

Business Type: Large department store chain.

Exploit: Supply chain exploit.

Risk to Small Business: High: A cyber criminal accessing names and card information can severely damage consumer trust in a brand.


Individual Risk: High: Individuals affected by this breach are at high risk of their credit card details being sold on the Dark Web.


Date Occurred/Discovered: April 26 – June, 2018
 Date Disclosed: July, 2018


Data Compromised:

• Full name

• Address

• Phone number

• Email address

• Date of birth

• Debit/ credit card numbers

• Expiration dates

Customers Impacted: Unclear but the hacker operated undetected for almost 2 months.


THREAT FOCUS – Timehop USA

Business Type: Social media aggregation site that allows users to see posts made in the past.

Exploit: Lack of 2 Factor Aauthentication on cloud infrastructure.

Risk to Small Business: High: All of Timehop’s customers were a part of this breach, which discredits the organization and could have long-lasting effects on the business.

Individual Risk: Moderate: The credentials stolen could be used to compromise other accounts.

Date Occurred/Discovered: July 4, 2018 Date Disclosed: July 8, 2018

Data Compromised:

• Names

• Email addresses

• Phone numbers

• Date of birth

• Gender

Customers Impacted: 21 Million.



THREAT FOCUS – Cass Regional Medical Centre USA

Business Type: Missouri based medical center.


Exploit: Ransomware.


Risk to Small Business: High: A ransomware attack on any business in any sector would greatly diminish the organization’s ability to operate as needed. In some ransomware cases the data encrypted is lost entirely.


Individual Risk: Moderate: At this point in time there is no evidence that the data affected was also exfiltrated.


Date Occurred/Discovered: July 9, 2018 Date Disclosed: July 9, 2018


Data Compromised: The internal communications system and access to their electronic health record system were affected by the hack, but there is no public indication that patient data has been accessed.


Customers Impacted: Many details surrounding the attack are being withheld from the public at this time, but restoration of the affected systems were at 50% as of July 10, 2018.


THREAT FOCUS – Domain Factory GERMANY


Business Type: Web hosting service based in Ismaning.


Exploit: Dirty cow vulnerability. (this is a nine-year-old critical vulnerability has been discovered in virtually all versions of the Linux operating system and is actively being exploited in the wild)


Risk to Small Business: High: A breach including banking account numbers would heavily damage the reputation of a small business.


Individual Risk: High: A wealth of PII was accessed during this breach and could leave individuals vulnerable to account takeover or identity theft.


Domain Factory: Web hosting service based in Ismaning.


Date Occurred/Discovered: July 6, 2018 Date Disclosed: July 9, 2018


Data Compromised:

• Names

• Addresses

• Phone numbers

• DomainFactory passwords

• Dates of birth

• Bank names/ account numbers

• Schufa scores

Customers Impacted: The amount of customers impacted has not been made publicly available.



POSTSCRIPT - The cost of a breach

A recent study conducted by IBM provides some context to the news of big breaches and how threatening they are for your business.



The Cost of a Data Breach Study by Ponemon* puts numbers to these stories and provides a wealth of analysis so even someone who has never used a computer before can quantify the seriousness of a breach.

The average cost of a breach increased this year by 6.4%, with the per capita cost rising less, but only barely, by 4.8% (page 3).

The cost of a data breach varies greatly by country, with the United States average breach price coming in at $7.91 Million and per capita costing $233. Canada’s per capita cost is the second highest out of the nations surveyed at $202 per record, and their average price of a breach is $4.74 million. Australia’s cost of a breach is less than the US and Canada. The average cost of a breach in Australia is $1.99 million and the per capita cost averages at $108 (page 13).


The study also explored the main factors that were found to affect the cost of a breach, stating 5 major contributing factors that could make the difference between a manageable breach vs a mega breach. The loss of customers following a breach, the size of the data breach, the time it takes to identify and contain a breach, management of detection costs and management of the costs following a breach are the factors that most contribute to the cost of a breach (page 7).

The time it takes to identify a breach being a major contributing factor to the cost of a breach is particularly important due to the fact that organizations saw an increased time to identify a breach this year. This can be contributed to the ever-increasing severity of malicious attacks companies face and highlight the need for proactive monitoring for breaches, as well as a serious focus on cybersecurity on a management level. That’s why monitoring Emails/Passwords that dredge the Dark Web for personal information and credentials can contribute greatly to decreasing the cost of a breach.

Organizations that identified breaches within 100 days saved more than $1 Million (page 9) compared to companies who did not. That says a lot because after all… money talks.

*Source: Ponemon Cost of Breach Study 2018



Consider this: When you think about Cyber Security think about the ones you care the most about – your family. If you have children or young adults using Smartphones, Tablets or Laptops consider their vulnerability. Do you want to put their digital selves in the hands of pedophiles, scammers and cyber criminals. The purchase of children’s digital credentials (username/password) is big business on the Dark Web. Check out our inexpensive Individual or Family monitoring service – it’s a ‘no brainer’ for your peace of mind. CLICK HERE FOR PRICING


Disclaimer: Avantia Corporate Services Pty Ltd provides the content in this publication for general information only and has compiled the content from number of sources believed to be reliable. No warranty, implied or otherwise, is given as to its accuracy or fitness for use, no validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.


Want The Information  Cyber Criminal's  Don't Want You To Know?

Subscribe below to receive our weekly Threat Updates straight to your inbox.

Call (07) 3010 9711 

info@avantiacorp.com.au

 

Avantia Corporate Services Pty Ltd,                    Level 7, 320 Adelaide Street

Brisbane, Queensland 4000

AUSTRALIA.

  • LinkedIn Social Icon
  • Facebook Social Icon

DISCLAIMER*: Avantia Corporate Services Pty Ltd and Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, and up to 56 other countries who provide cyber breach and cybersecurity information to us in real-time. Given their international focus and experience in the cyberspace arena, we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the content's accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.

*COPYRIGHT 2020* Avantia Corporate Services  PTY LTD - All Rights Reserved.