A CRITICAL WARNING FOR ALL SME BUSINESSES
This Past Week*: A Critical WARNING for all businesses: Toll Transport Hack; Pakistan’s Cabinet orders replacement of all Senior Govt & Military Cell Phones; Lenovo Touch Pads, HP Cameras & Dell WiFi flaws Research reveals how Smart Lightbulbs can be hacked to attack; Researchers reveal how Ransomware could kill Windows 10 Apps & disable Security software; Ransomware disrupts productivity, as well as Critical System Breaches in USA; CANADA; HOLLAND; IRELAND; UNITED KINGDOM; IRELAND; NEW ZEALAND and AUSTRALIA.
Top Dark Web ID Trends*: Top Source Hits: ID Theft Forums
Top Compromise Type: Domain
Top Industry: High-Tech & IT
Top Employee Count: 501+ Employees
________________________________________________________________________
TOLL HACK A CRITICAL WARNING FOR EVERY BUSINESS*
The recent cyber attack on Toll Holdings has been described as "crippling" and the "most significant in Australian corporate history". The lesson for anyone who operates a business reliant on connectivity is that cyber resilience must be treated like the key business risk it is. Toll Group is still working to get its systems back up online after identifying the malware infecting their systems. All executives and boards should ask: How can my business recover if it loses access to valuable systems and data, or if the integrity of its systems and data is compromised? This used to be called business continuity management, but that term sounds almost quaint in today's connected world. What can it mean to a business and the customers (and their customers) Consider this: In Queensland, Australia General Practice Medical centres received a letter from the Queensland State Government dated 4th February stating:
“Queensland Health’s vaccine distributor (Toll Global Logistics) has advised of a suspected cyber security incident affecting their system worldwide. This has affected the delivery of vaccine orders placed since 30th January 2020. A paper based contingency plan is in place to continue dispatch of vaccines. However, there may be a short delay in delivery times. We thank you for your patience and understanding. Queensland Government.”
In 2020, data breaches and cyber attacks are entirely foreseeable events. Recent history is replete with examples of stolen data or systems taken offline. The cyber attack on Toll may have been spectacular, but it is not the first and certainly won’t be the last. For systems to run safely and efficiently, information security management must respect the principles of confidentiality, integrity and availability: known to the cyber security sector by the acronym CIA. Until now most focus has been on confidentiality, or keeping valuable data safe. This made sense given the amount of sensitive and valuable data generated, stored, sliced and transported. Yet even this emphasis on safeguarding confidentiality has not prevented high-profile data breaches on seemingly a weekly basis. The test of integrity is whether you can trust the data in a system to be accurate and also, crucially, uncorrupted. Perhaps the most damning example was the 2017 Equifax data breach, which compromised the personal information of nearly 150 million Americans, in circumstances described as “entirely preventable” in a US congressional report. While we know that breaches mainly tend to involve data theft, in recent times we have witnessed even more disruptive instances where not only has data been stolen but entire systems have been frozen, with a crippling effect on the profitability and reputation of firms. Understandably, Toll is facing fallout following the ransomware attack. The targeting of Toll has been preceded by a variety of other cases, such as the hospital whose scanning machines would not operate, or the global law firm that went offline for three weeks while dealing with the impact of ransomware. As our society and economy become increasingly interconnected, the consequences of cyber breaches become ever more critical. That means more emphasis must be placed on the integrity and availability of systems. In the context of online systems, the test of integrity is whether you can trust the data in a system to be accurate and also, crucially, uncorrupted. Increasingly, cyber adversaries not only wish to gain access to systems but also to corrupt it in ways that undermine trust or commercial value. What would happen if, for instance, data about blood types or water samples was hacked and corrupted?
What would happen if the infections from Coronavirus became more widespread and the death rate escalated even if there was a viable vaccine available? How would it get to infected patients. Health care providers could not cope - the resulting chaos is barely imaginable.
As with integrity, the availability of data is key – as Toll has discovered the hard way. Once its systems were put out of reach, in this case because of ransomware and the unavailability of backups, its data was completely unavailable and the company could barely transact business. While many organisations still struggle to get the cyber security basics right, the simplest question to answer is whether, in the event that key systems are unavailable, data can still be made available to the extent required to carry on business. This is the fundamental test of business resilience – one that Toll failed, to its considerable detriment. Of course resilience is about much more than just having backups. It is also about investing in basic cyber security hygiene, understanding the entire spread of your organisation’s IT systems and assets, testing your suppliers’ systems and security postures, ensuring your people are educated about cyber threats and supported by skilled incident response professionals who can be on hand immediately as well as having an up to date ‘fit for purpose’ Cyber Insurance Policy to cover costs when an incident occurs. Only when all of these challenges are addressed can a business have confidence that it is beginning to prepare for the reality of operating in a connected world. The experience of Toll suggests that perhaps, in addition to confidentiality, availability and integrity, all well-run businesses should be adding a fourth principle of cyber preparedness: resilience.
Publishers Note*: All companies need to assess their ‘Recovery Risk’ as a pathway to cyber resilience as a priority in light of the Toll experience. Size does not matter and ignorance is no excuse. Independent Cyber Security Audits should be mandatory for all organisations in their supply chain.
PAKISTAN’S CABINET ORDERS SENIOR GOVERNMENT & MILITARY OFFICIALS TO REPLACE ALL CELL PHONES*
The Cabinet Division has reportedly directed the senior government and military officials to immediately replace their cell phones purchased before May 10, 2019, due to fears of data being stolen by foreign spy companies. These instructions have been issued by the Secretary Cabinet to all concerned Ministries and Departments for strict compliance.According to the letter sent by Secretary Cabinet, it has been reported that hostile intelligence agencies have developed technical capabilities and means to gain access to sensitive information stored in mobile phones of officials of government departments/ institutions and Ministries. These spyware companies are using hacking software/applications such as “chat line” and “Pegasus” malware on WhatsApp of target mobile phones (iOS and Android) to gain access to sensitive information stored on them. The malware is capable to infect any mobile phone (iOS and Android) by generating missed calls on target WhatsApp numbers. This “Pegasus” malware (Reported on 3rd Dec 2019 Avantia Threat Update) has infected approximately 1400 senior government and military officials in 20 countries including Pakistan. Hostile spyware companies such as Israel based NSO Group have been sued by WhatsApp/ Facebook in the US court of San Francisco for “violating both US and California law as well as WhatsApp terms of service,” Although advisory on this issue has also been issued to all government departments/ Ministries by NTISB, Cabinet Division, in order to minimize the possibility of any infection by Pegasus malware, senior government officials holding sensitive portfolios/dealing with national security matters have been advised to consider following: No official/classified information be shared on WhatsApp or similar applications. WhatsApp should be updated to the latest version (version 2.19.112 for iOS and 2.19.308 for Android as of November 4, 2019). All mobile phones purchased prior to May 10, 2019, be immediately replaced.
A couple of months ago, the National Telecom & Information Technology Board (NTITB), Ministry of Information Technology had revealed that potential and intended threats to cybersecurity exist which pose a concern for national security. The Ministry had proposed that smartphones are strictly forbidden in official meetings especially involving discussions on sensitive matters affecting security and no classified information be shared on WhatsApp or similar application is highly insecure. The Ministry had further stated that the passage of sensitive/classified information via insecure email, plain fax, and any other insecure means should be discouraged. CCTV networks installed at the sensitive locations should not be connected either on the internet or on cloud-based service. Their networks must remain standalone and isolated. Any ICT equipment/solution, especially of foreign origin/OEM for potential use in offices must be cleared from NITB. Special care is exercised with respect to communication on smartphones near foreign missions compounds (cellular network be used), use of wifi hotspot, small TV devices, FTTH/ smart cable TV, NW printers/scanners and vehicles equipped with data communication devices/onboard smart devices. It was also directed that regular electronic sweeping of offices, residences, meeting/conference rooms against possible bugs should be ensured. Screening of gifts/souvenirs presented by visiting dignitaries be undertaken to rule out the presence of any bug. No official gift be placed in sensitive places without due clearance of the screening process.
WHAT DO LENOVO TOUCH PAD, AN HP CAMERA AND DELL WI-FI HAVE IN COMMON?*
Some of the biggest names in the technology world still ship hardware that can be possibly hijacked by well-placed miscreants, thanks to poor or non-existent checks for firmware updates. Eclypsium said on Monday that, despite years of warnings from experts – and examples of rare in-the-wild attacks, such as the NSA's hard drive implant – devices continue to accept unsigned firmware. The team highlighted the TouchPad and TrackPoint components in Lenovo laptops, HP Wide Vision FHD computer cameras, and the Wi-Fi adapter in Dell XPS notebooks. The infosec biz said a miscreant able to alter the firmware on a system – such as by intercepting or vandalizing firmware downloads, or meddling with a device using malware or as a rogue user – can do so to insert backdoors and spyware undetected, due to the lack of cryptographic checks and validations of the low-level software. And, while the vulnerable devices themselves may not be particularly valuable to a hacker, they can serve as a foothold for getting into other systems on the network. That's a lot of caveats, we know. And while exploitation of these weaknesses is few and far between, limited to highly targeted attacks, it's still annoying to see these holes in this day and age. "Eclypsium found unsigned firmware in Wi-Fi adapters, USB hubs, trackpads, and cameras used in computers from Lenovo, Dell, HP and other major manufacturers," the firm explained. "We then demonstrated a successful attack on a server via a network interface card with unsigned firmware used by each of the big three server manufacturers." Perhaps most frustrating is that these sort of shortcomings have been known of for years, and have yet to be cleaned up. The Eclypsium team contacted Qualcomm and Microsoft regarding the Dell adapter – Qualcomm makes the chipset, Microsoft's operating system provides signature checks – and encountered a certain amount of buck-passing. "Qualcomm responded that their chipset is subordinate to the processor, and that the software running on the CPU is expected to take responsibility for validating firmware," Eclypsium reports "They [Qualcomm] stated that there was no plan to add signature verification for these chips. However, Microsoft responded that it was up to the device vendor to verify firmware that is loaded into the device." Meanwhile, manufacturers complain doing signature verification of firmware code is tricky in embedded systems and other low-end or resource-constrained gadgets. While PCs and servers have plenty of room to check updates, fitting that cryptographic tech onto normal gear is not so simple, it is claimed. "The report addresses a well-known, industry-wide challenge stemming from most peripheral devices having limited storage and/or computational capabilities," Lenovo said. "Lenovo devices perform on-peripheral device firmware signature validation where technically possible. Lenovo is actively encouraging its suppliers to implement the same approach and is working closely with them to help address the issue." Dell says it was aware of the report and was "working with our suppliers to understand impact and will communicate any necessary security updates or mitigations as they become available." HP added: "HP constantly monitors the security landscape and we value the work of Eclypsium and others to help identify new potential threats. We have published recommended mitigations for their latest report here. We advise customers to only install firmware updates from hp.com and the Microsoft Windows Update service, and to always avoid untrusted sources."
Publishers Note*: Lead Technician at MSD Technology, Troy Graham, commented “This was standard for drivers back in the XP days. Most weren't signed. Natural progression was to firmware. Where you source your firmware and drivers makes all the difference. Lenovo HP and Dell all have support software that will download firmware and drivers from their own servers. Lenovo's version is call Vantage. While there are protections in place to deny unsigned drivers, there isn’t for firmware. Having said that, if you know what you're doing its not a problem. It would come back to commercial v consumer as well. Consumer could be using cheaper hardware with questionable firmware sources.” This illustrates how important it is to have an experienced independent Cyber Security Audit of your system. Firmware updates obtained directly from the supplier/manufacturer are clean with very few exceptions so if this process is managed by your Cyber Security Service Provider the risk is very minimal whereas if not managed, deceptive interference could occur.
RESEARCHERS REVEAL HOW SMART LIGHTBULBS CAN BE HACKED TO ATTACK*.
This new exploit builds on previous research involving Philips Hue Smart Bulbs. Most people installing smart lightbulbs in their homes or offices are unlikely to see the devices as providing a potential entry point for cybercriminals into their networks. But new research from Check Point has uncovered precisely that possibility. In a report released recently, researchers described how attackers could break into a home-or office network and install malware, by exploiting a security flaw in a communication protocol used in Philips Hue Smart Bulbs on the network.
"From our perspective, the main takeaway from this research is emphasizing that IoT devices, even the most simple and mundane ones, could be attacked and taken over by attackers," says Eyal Itkin, security researcher at Check Point. Check Point's exploit builds on previous work from 2017 where researchers showed how they could take complete control of a large number of Philips Hue smart bulbs—such as those that might be deployed in a modern city—by infecting just one of them. Philips since has addressed the vulnerability that allowed malware to propagate from one infected smart bulb to the next. But another implementation issue that allows attackers to take control of a Philips Hue smart bulb and install malware on it via an over-the-air firmware update, has not been fixed. Check Point researchers found that by exploiting that issue—and another security vulnerability they discovered in the Zigbee implementation of the Philips Hue smart-bulb control-bridge (CVE-2020-6007)—they could launch attacks on the network to which the bridge is connected. Zigbee is a widely used smart-home protocol. Multiple other smart home products use the protocol including Amazon Echo, Samsung SmartThings, and Belkin WeMo. With Philips Hue smart bulbs, the bridge uses Zigbee to communicate with and control the bulb. But there are other smart bulbs that don't require a bridge at all and instead operate over Bluetooth or WiFi and are managed through a Zigbee-capable digital assistant. "The attack grants the attacker access to the computer network to which the bridge is connected," Itkin says. In a home scenario, an attacker could use the exploit to spread malware or to spy on home computers and other connected devices. "In an office environment, it would probably be the first step in an attempt to attack the organization, steal documents from it, or prepare a dedicated ransomware attack on sensitive servers inside the network," he says. In Check Point's attack, the researchers first took control of a Philips Hue lightbulb, using the previously discovered vulnerability from 2017, and installed malicious firmware on it. They then demonstrated how an attacker could control the lightbulb—by constantly changing its colors, and its brightness for instance—to get users to delete the errant bulb from their app and reset it. When the control bridge rediscovers the bulb and the user adds it back to their network, the malicious firmware exploits the Zigbee protocol vulnerability on it to install malware on the bridge. The malware then connects back to the attacker and using a known exploit—like EternalBlue—the attackers can then infiltrate the target network from the bridge, Check Point said. The exploit only works if a user deletes a compromised bulb and instructs the control bridge to re-discover it: "Without the user issuing a command to search for new lightbulbs, the bridge won't be accessible to our now-owned lightbulb, and we won't be able to launch the attack," Itkin says. Specifically, the vulnerability Check Point discovered is only accessible when the bridge is adding or commissioning a new lightbulb to the network, he says. The vulnerability that Check Point discovered is rated as "complex" to exploit because of the tight constraints in the Zigbee protocol around message sizes and timing. An attacker must be relatively close to the target network in order to take initial control of a bulb. The 2017 research showed how attackers could take control of a user's Philips Smart Hue lightbulb from over 1,300 feet (400m). If launched from a distance, the attack requires a directed antenna and sensitive receiving equipment to intercept Zigbee messages between the bulb and control bridge, Itkin says. "In a classic scenario, the attack could be performed from a van that parks down the street." Check Point n November 2019 notified Philips and Signify, which owns the Hue brand, about the threat it found. Signify has issued a patch for the flaw, which is now available on their site. "The Philips Hue Bridge has automatic updates by default and the firmware should be downloaded and installed automatically," Itkin notes. They should also check the mobile app and verify that the firmware version has been updated to 1935144040, he says. Pavel Novikov, head of the telecom security research team at Positive Technologies, says security in the Zigbee protocol is implemented via mandatory encryption. But when a device is connected to the Zigbee hub for the first time, there is a moment when encryption is not used, and the device and network are vulnerable to interception. "Unfortunately, this architectural vulnerability cannot be fixed," he says. All users can do is be aware of it and take pay attention when devices are paired. "If your device has dropped out of the network, don't rush to bind it again, because this could be the start of a hacker attack." For enterprise organizations, Check Point's research is another example of how IoT is continuing to expand the attack surface, said Mike Riemer, global chief security architect at Pulse Secure. "Many IoT devices have open default settings and require configuration and patch hygiene," he said. Organizations need to implement a Zero Trust approach to security and ensure that all connected devices are visible, verified, properly monitored, and segregated, he said.
RANSOMWARE COULD KILL YOUR WINDOWS 10 APPS AND DISABLE YOUR ORGANISATION’S SECURITY SOFTWARE*.
In a public service announcement made in 2019, the Federal Bureau of Investigation (FBI) issued a warning against a high-impact cyberattack that could target U.S. businesses and organizations. That attack was ransomware. While some Americans dismissed the warning as old news, recent events proved that the threat actors behind these attacks aren’t done wreaking havoc on computers and systems. Just two months after the FBI notice was issued, the city of New Orleans suffered a serious cyber attack, which prompted Mayor LaToya Cantrell to declare a state of emergency. In Dec. 23, 2019, another attack was recorded at the Maastricht University in the Netherlands. This time, the ransomware malware succeeded in encrypting not just Windows’ security software, but almost all Windows systems. When that FBI warning was issued last year, the Clop malware was deemed as just another variant of the CryptoMix ransomware family. According to experts, however, the recent evolution of the ransomware could now terminate a total of 663 Windows processes before the file encryption could even begin. But that was what the investigative agency’s warning was initially about. FBI wanted to warn the public about cybercriminals’ alarming efforts to “upgrade and change their techniques to make their attacks more effective and to prevent detection.” In a November post by Bleeping Computer writer Lawrence Abrams, he reported that the Clop CryptoMix Ransomware is now attempting not just to disable Windows Defender but to remove the Microsoft Security Essentials and Malwarebytes Anti-Ransomware programs as well. Aside from Windows Defender, among the systems and processes terminated by the ransomware are Acrobat, Calculator, Edge, OneDrive, PowerPoint, SecureCRT, Skype, Snagit, Word, and the Your Phone app. How to Protect Your Windows 10 From Ransomware Windows 10 has always been on the top of the target lists of threat actors. Remember when the advanced persistent attack group Thallium operated an extensive criminal network to steal data? Or when cybercriminals tried to bypass Windows 10 security by implementing ransomware called Snatch? Given these facts, it should go without saying that you must be proactive in protecting your files and data from potential Windows 10 malware. Here are some good practices to live by: > Always download the latest security updates. Make it a habit to check for new updates.
>Back up your data. Whether we’re talking about individuals or organizations, it’s best practice to back up your files not just in cloud storage but also in another offsite location.
>Limit the access to your file folders. This doesn’t prevent cybercriminals from accessing your data, but you can at least make their job easier for them.
>Never open unknown links on your browser. Threat actors take advantage of browser vulnerabilities to install ransomware.
>Be cyber-aware. There’s no harm in educating yourself with cybersecurity tips and tricks. As with any situation, remember that it’s always better to be safe than sorry. Following these steps will help keep your data safe from Clop ransomware and other cyberattacks.
THREAT FOCUS: Altice Internet - UNITED STATES*
https://www.newsday.com/business/altice-data-breach-employees-customers-1.41718432
Exploit: Phishing Attack
Altice USA: Cable and internet provider
Risk to Small Business: 2 = Severe: A phishing scam tricked an employee into providing hackers with email credentials that were used to access and download inbox content remotely. Although the breach was announced on February 5th, the phishing scam was executed in November 2019. It wasn’t discovered until December 2019, which raises questions about the company’s data security capabilities and notification strategy. As a result, Altice USA will have a difficult time restoring customer confidence, which will be critical to recovering from this preventable data breach.
Individual Risk: 2.285 = Severe: Customers’ personal information was compromised in the breach. This includes Social Security numbers, birth dates, and other personal details. The company claims that financial information was untouched by the breach and is offering free identity and credit monitoring services for affected victims to protect compromised data.
Customers Impacted: 12,000 Effect On Customers: Phishing attacks are easy to deploy, and they are devastating to companies compromised by malicious messages. Although security processes are unlikely to keep all phishing emails out of their employees’ inboxes, they can render the attacks useless by providing comprehensive awareness training that teaches and trains employees to identify phishing scams. Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
Avantia Cyber Security & ID Agent to the Rescue: BullPhish ID™ simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime. Call 07 30109711 (Office Hours) for more information.
THREAT FOCUS: St. Louis Community College - UNITED STATES*
https://edscoop.com/phishing-attack-exposes-personal-information-of-5000-at-community-college/
Exploit: Phishing Attack
St. Louis Community College: Public academic institution
Risk to Small Business: 2.111 = Severe: Several employees fell for a phishing scam that compromised students’ personal information. The phishing scam, which took place on January 13th, happened just weeks before the school implemented two-factor authentication on January 31st. If this effective defensive measure was in place sooner, hackers would not have been able to access employee accounts, even after they provided their credentials on a phishing form. In response, the college is retraining employees who clicked on a phishing email, and they are updating their procedures to prevent a similar event in the future.
Individual Risk: 2.428 = Severe: Students’ personal data was compromised in the breach, including names, ID numbers, dates of birth, addresses, phone numbers, and email addresses. In addition, 71 students had their Social Security numbers stolen. This information can be used to execute identity fraud or to target victims with spear phishing campaigns that could provide hackers with even more damaging personal data. Those impacted by the breach should enroll in credit and identity monitoring services to oversee the responsibility of identifying misuse, and they should carefully evaluate online communications for signs of a phishing scam.
Customers Impacted: 5,000 Effect On Customers: This incident is a tragic reminder that, when it comes to data security, timing is everything. Phishing scam awareness training and two-factor authentication can go a long way toward protecting company and customer data, but they need to be in place before an attack occurs. Therefore, installing proactive measures should be a top priority in the days and weeks ahead. Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
Avantia Cyber Security & ID Agent to the Rescue: Designed to protect against human error, BullPhish ID simulates phishing attacks and manages security awareness training campaigns to educate employees, making them the best defense against cybercrime. Call 07 30109711 (Business Hours) to learn more.
THREAT FOCUS: eHealth Insurance - CANADA*
https://www.cbc.ca/news/canada/saskatchewan/ransomware-ehealth-update-suspicious-ip-1.5455764
Exploit: Ransomware
eHealth: Private online health insurance marketplace
Risk to Small Business: 2 = Severe: An IT forensic investigation of a ransomware attack targeting eHealth found that patients’ personal health data could have been compromised in the event. The ransomware attack, which we reported in early January, was originally thought to be limited to traditional data encryption. However, investigators discovered that some files were sent to an IP address unaffiliated with the company. Initially, the company announced that patient data was secure, making their latest announcement a troubling addendum to an already disastrous situation.
Individual Risk: 2 = Severe: eHealth declined to specify the types of personal data that could have been compromised in the breach, but PHI typically contains the most sensitive information. Therefore, those impacted by the breach should update their account credentials, monitor their accounts for unusual activity, and evaluate digital communications for signs of a phishing attack, which often follow a data breach.
Customers Impacted: Unknown Effect On Customers: Increasingly, cybercriminals are elevating the already-steep consequences of a ransomware attack by stealing company data before encrypting it. Not only does this provide bad actors with an insurance policy in case companies don’t pay the ransom, but it leaves businesses with even less options in the wake of an attack. When it comes to ransomware, the only real solution is to prevent these attacks before they occur. Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
Avantia Cyber Security & Huntsman Digital Auditor to the Rescue: Helping SME’s to understand the importance of security is no easy task. With an ‘Essential8’ Digital Security Audit we offer a remote access independent ‘real time’ audit of our clients critical operational infrastructure systems to determine where the gaps are with recommendations for remediation. Its the first step to real cyber security. Call Avantia’s office on 07 30109711 or visit https://www.avantiacybersecurity.com/cyber-security-audit
THREAT FOCUS: University of Maastricht - HOLLAND*
Exploit: Ransomware
University of Maastricht: Public academic institution
Risk to Small Business: 2.333 = Severe: The University of Maastricht paid a $220,000 ransom to unlock their email and network servers that had been encrypted since December 24th. Ultimately, university officials decided that paying the ransom would be more affordable than other alternatives, which included replacing the school’s entire IT system from scratch. Noting the deep damages to the school’s academic records, scientific work, and other data, authorities concluded that paying the significant sum was the only viable recovery option.
Individual Risk: At this time, no personal information was compromised in the breach.
Customers Impacted: Unknown Effect On Customers: Cybercriminals are searching for soft targets, organizations with weak or outdated cybersecurity standards, to target with ransomware. As this incident reveals, when successful, ransomware attacks have costly implications. Simply put, every company has hundreds of thousands of reasons to prepare their defensive posture and address this increasingly potent threat. Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
Avantia Cyber Security & Huntsman Digital Auditor to the Rescue: Helping SME’s to understand the importance of security is no easy task. With an ‘Essential8’ Digital Security Audit we offer a remote access independent ‘real time’ audit of our clients critical operational infrastructure systems to determine where the gaps are with recommendations for remediation. Its the first step to real cyber security. Call Avantia’s office on 07 30109711 or visit https://www.avantiacybersecurity.com/cyber-security-audit
THREAT FOCUS: Translink Transport - IRELAND*
Exploit: Ransomware
Translink: Transportation network
Risk to Small Business: 2 = Severe: A ransomware attack has disabled the company’s internal computer systems, causing communication and productivity loss throughout the organization. The network has been offline for more than a week as cybersecurity experts look for solutions that could enable the company to sidestep paying the ransom. However, even if the company can avoid paying cybercriminals to decrypt their network, productivity loss, reputational damage, and other IT expenses will ensure that this is a costly incident for the company.
Individual Risk: No personal information was compromised in the breach,
Customers Impacted: Unknown Effect On Customers: Ransomware attacks are a common occurrence in today’s digital environment. Cybercriminals can easily purchase malware strains on the Dark Web and deploy their attacks with little impunity at a low cost. However, companies are not powerless in this regard. Closing off accessing points like outdated software and securing company accounts with two-factor authentication are both meaningful steps that any organization can take to avoid a costly ransomware attack. Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
Avantia Cyber Security & Huntsman Digital Auditor to the Rescue: Helping SME’s to understand the importance of security is no easy task. With an ‘Essential8’ Digital Security Audit we offer a remote access independent ‘real time’ audit of our clients critical operational infrastructure systems to determine where the gaps are with recommendations for remediation. Its the first step to real cyber security. Call Avantia’s office on 07 30109711 or visit https://www.avantiacybersecurity.com/cyber-security-audit
THREAT FOCUS: London & Surrey Cycling Partnership - UNITED KINGDOM*
https://www.bbc.com/news/uk-england-london-51456778
Exploit: Accidental data exposure
London & Surrey Cycling Partnership: Joint venture partnership
Risk to Small Business: 2 = Severe: Some participants in the Ride London cycling event had their personal data compromised when their ballot results were sent to other participants. The popular event is typically oversubscribed, and the organization uses the ballots to select the participants. Unfortunately, this data breach brought considerable confusion to the event, leaving riders unsure if they were able to participate. In response, victims are speaking out in interviews with media outlets and across social media channels. While the company worked to minimize the fallout, this incident is an irrefutable black eye on an otherwise well-regarded event.
Individual Risk: 2.285 = Severe: The ballot information contained riders personally identifiable information, including their names, addresses, and dates of birth. This information can be used for a variety of nefarious purposes, and those impacted by the breach should consider enrolling in identity monitoring services while also carefully evaluating their online accounts and communications for evidence of fraud.
Customers Impacted: 2,100 Effect On Customers: In today’s regulatory environment, even accidental data breaches can have serious consequences for any organization. With the possibility of financial penalties and other repercussions looming, every company needs to prioritize compliance by ensuring that they are taking every step to secure their users’ personal data. Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
Avantia Cyber Security & Unitrends Endpoint Cloud Backup to the Rescue: Helping SME’s to protect their data by endpoint device backup direct to the cloud to store and protect their data for seamless recovery in the event of an unintended events. Call Avantia’s office on 07 30109711 for a low cost quote on 07 30109711 (Office Hours).
THREAT FOCUS: Generate - NEW ZEALAND*
https://www.nzherald.co.nz/business/news/article.cfm?c_id=3&objectid=12308117
Exploit: Unauthorized database access
Generate: Voluntary, work-based savings initiative
Risk to Small Business: 1.888 = Severe: Hackers accessed and downloaded customers’ personal data in a holiday heist that wasn’t identified until January 27th. The data breach, which did not include investor funds, is a serious privacy violation for its users, and the company’s slow identification and delayed response will only make matters worse. Now, the company faces an uphill battle to restore customer trust, which will be crucial to maintaining a competitive edge in an already crowded marketplace.
Individual Risk: 2 = Severe: Customers’ personal data was compromised in the breach. This includes photographic ID images, tax document numbers, names, and addresses. This information puts victims at risk of identity theft or financial fraud, and victims should enroll in credit and identity monitoring services to protect their credentials’ long-term integrity. Moreover, Generate is asking all users to reset their account passwords.
Customers Impacted: 26,000 Effect On Customers: Customers are growing weary of working with companies that can’t protect their personal data. Since they often have many options to choose from, a data security incident could be the differentiator that encourages customers to take their business elsewhere. In today’s digital landscape, data security is a bottom line issue that companies can’t take seriously enough. Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
Avantia Cyber Security & ID Agent to the Rescue: Dark Web ID monitors the Dark Web to find out if your employee or customer data has been compromised. We work with our Clients to strengthen their security suite by offering industry-leading detection. Discover more by calling Avantia on 07 30109711 (Business Hours).
THREAT FOCUS: Ashley Madison - AUSTRALIA*
https://www.dailymaverick.co.za/article/2020-02-13-nedbank-client-records-stolen-in-online-heist/
Exploit: Unauthorized database access
Ashley Madison: Adult romance website
Risk to Small Business: 2 = Severe: Cybercriminals are redeploying data from Ashley Madison’s 2016 data breach to target Australian users with sextortion emails. These messages contain intimate and highly personal information gleaned from the breach, and cybercriminals are threatening to publicly release the information if victims don’t pay a Bitcoin ransom. The emails are highly personalized, and include sensitive personal details derived from the initial data breach. While it’s easy to write-off a data breach at an adult website, it reflects the IT environment experienced by any company that collects personal data, and the many ways that hackers exploit that information to make money.
Individual Risk: 2.142= Severe: The personalized emails include users’ names, bank account numbers, phone numbers, addresses, and dates of birth. It also contains private content and communications conducted on the website.
Customers Impacted: Unknown Effect On Customers: Data breaches impact more than just a company’s bottom-line. They often have tangible consequences for each individual compromised in a breach, and even years after a breach, they can continually reappear, causing personal, psychological, and financial trouble for victims. It should encourage every company to take every step possible to protect personal data. Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
Avantia Cyber Security & ID Agent to the Rescue: We go into the Dark Web to keep you out of it. Dark Web ID is the leading Dark Web monitoring platform. The award-winning platform combines human and sophisticated Dark Web intelligence with search capabilities to identify, analyse and proactively monitor for an organization’s compromised or stolen employee and customer data. Schedule a demo today by phoning 07 30109711 (Office Hours)
POSTSCRIPT* IBM Threat Report Presents Risks for 2020* The latest IBM threat report examines the most prescient threats facing business in 2020, and its findings should alarm business leaders. Notably, the report found that hackers are not turning to overly sophisticated techniques to access company IT. Rather, they are relying on the deluge of personal data already available to access an organization’s infrastructure. When those methods fail, many are deploying phishing scams as a cheap, relatively safe way to compromise employee credentials. According to IBM, phishing attacks and unauthorised credential use were two of the most prominent attack methodologies, with the exploitation of vulnerabilities completing a risk triumvirate for companies to address in the year ahead. The report’s silver lining is that companies are not powerless against these threats. Employee awareness training can render these attacks useless, and integrated two-factor authentication can prevent unauthorized account access even when credentials are compromised. Together, they present a meaningful way for every company to protect itself against the most likely threats in the year ahead.
Ransomware Attacks Are Driving Up Cyber Insurance Rates*
Ransomware attacks were one of the defining cybersecurity threats of 2019, and just one month into 2020, it’s clear that bad actors will continue to deploy this malware to capitalise on their criminality. As companies grapple with the implications of this new reality, many are turning to cybersecurity insurance as a way to offset the cost and consequences of an attack. Unfortunately, ransomware attacks have become so common that cyber insurance rates have soared in response. According to some reports, cybersecurity insurance has increased by as much as 25% in the past year. At the same time, insurance companies are expanding their offerings, adapting their business model for a shifting data security and regulatory landscape. However, companies relying on cyber insurance will likely be disappointed as payouts rarely cover the cost of an attack, and increasingly high premiums make it an affordable option to begin with. Instead, many organisations would be better off investing in a robust defense strategy that can defend against a ransomware attack before it happens. It’s the only way to truly avoid the escalating costs and consequences of a ransomware attack.
AVANTIA CYBER SECURITY PARTNERS
Disclaimer*:
Avantia Corporate Services Pty Ltd T/A Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, and up to 56 other countries who provide cyber breach and cyber security information to us in real time. Given their international focus and experience in the cyberspace arena we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the contents accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.
*COPYRIGHT 2020* Avantia Corporate Services - All Rights Reserved.
32,100