Search
  • Avantia Threat Update

ARE YOUR BACKUPS RANSOMWARE SAFE?


This Past Week ‘data backups’ become the focus for cyber crime; insider trading by executives after data breach called out; PATID data breach puts Banks on notice; Cyber Risk Perception Report published; Australian study confirms 1 in 3 victims won’t change passwords when compromised; Data Breaches threaten future government contracts, PII (Personal Identifiable Information) is exposed online, and cybersecurity incidents are projected to reach an all-time high with major data breaches in: AUSTRALIA; NEW ZEALAND; UNITED KINGDOM; CANADA & USA.


Dark Web ID Trends:

Top Source Hits: ID Theft Forums

Top Compromise Type: Domain 

Top Industry: Education & Research

Top Employee Count: 501+ Employees 


Known Customers Effected by Data Breaches reported in this Newsletter: 49,300,000* (*6/8 Breaches in this Newsletter were unable to quantify the number of Customers effected.)


BACKUP PROTECTION FROM RANSOMWARE:

Backups are an essential part of any Ransomware Disaster Recovery Plan. In the event that an organization is hit with ransomware, it can simply use its backups to recover the system without paying a cent to the bad guys. There’s just one problem: backups are not immune to ransomware. Increasingly advanced ransomware strains contain mechanisms that are designed to seek out and encrypt backups that are stored both locally and in the cloud. And, if a company’s backups get encrypted, it may have no other choice but to pay the ransom. How does ransomware encrypt backups? There are many ways ransomware can infect a system, including email attachments, malicious links, drive-by downloads, RDP attacks, MSP tools and other third-party software. Once it has infected an endpoint, it can potentially spread to any backups held on devices that are write-accessible via standard protocols, such as NAS devices, locally installed cloud services and USB-connected devices. There are a few ways it can do this: Spreading through the network Many small business owners understand the value of backups, yet may not have the resources or expertise to create and maintain a fully-fledged continuity strategy. Instead, they may take an ad-hoc approach, which might involve manually copying critical files to an external hard drive, or automating regular backups to a network-connected file-server. Local backups are important, but they are not an effective solution when used alone. Many ransomware variants are capable of spreading laterally to other computers on the network and mapped network drives. If the system gets infected, there’s a good chance the ransomware will propagate across the network and encrypt the drive that holds the organization’s backups. Syncing to cloud storage: Cloud storage is a convenient way to store files, but it’s not an effective way of maintaining backups – particularly when it comes to ransomware. Many cloud storage services such as Dropbox, OneDrive and Google Drive automatically synchronize local files with files stored in the cloud. If your business gets hit with ransomware and the files on your network are encrypted, the files will also be encrypted in the cloud. Some cloud storage service providers offer file versioning, which means it keeps multiple versions of files. If your company’s files are encrypted, you can simply roll back the files to a previous, unencrypted version. However, this feature is not supported by all cloud storage providers and may not be enabled by default. Deleting System Restore points: System Restore, Windows’ built-in recovery tool, allows an administrator to reverse recent changes to the operating system, and can be useful for rolling back drivers and system files to previous versions. Unfortunately, System Restore does not save copies of personal files, including documents, photos and videos, which means it can’t be used to reverse encryption. Even if System Restore could help restore personal files, many ransomware strains – including WannaCry, Crypto-locker and Locky – are designed to deliberately sniff out and delete volume shadow copies (the snapshots System Restore uses for recovery) using command-line commands. Ransomware-proof your backups: A multilayered approach is the best way to protect backups against ransomware. Local backups are fast, efficient and can be easily accessed whenever required. However, as mentioned above, local backups are vulnerable to ransomware, which can potentially spread across the network. While offsite storage solutions are generally slower and less convenient, they are more isolated from the company network, and are therefore considered more reliable. Using a blend of local and offsite backups provides the best of both worlds. With this in mind, the easiest way to ransomware-proof backups is to apply the 3-2-1 rule, which stipulates that a business should: Keep at least three copies of its files. Store the copies on at least two different types of storage media. Store at least one copy offsite. Remember to always use unique logins and passwords for all backup systems (and everything else for that matter!). Keep at least 3 copies The more backups a business has, the less risk there is of losing data. Companies should aim to maintain at least three copies of their data. Should one copy be lost due to ransomware, theft, technical error or natural disaster, business leaders can rest assured that there will be other copies to fall back on. Store at least two copies on different devices. All devices fail sooner or later. Diversifying storage media minimizes the risk of backups failing at the same time. When storing backups locally, use at least two different types of storage media, such as a local drive, file server, NAS device or tape drive. Store at least one copy offsite. For maximum protection, at least one copy of the backups should be completely isolated from the network and preferably stored offline, where it will be safe from ransomware. There are a few different options for storing company backups offsite. Tape backup systems might seem like a somewhat outdated solution, but they remain a popular option thanks to their cost-effectiveness, scalability and archival stability. Tape backup systems are usually not connected to any network and can therefore not be affected by ransomware. Cloud backup services offer a more modern solution for creating and maintaining offsite backups. Cloud backup servers are housed in secure, purpose-made facilities that usually include environmental controls, backup power supplies, fire suppression systems and more. If ransomware or a local disaster natural wipes out your company’s local backups, you can use cloud backups to get back up and running. Cloud storage vs cloud backups. It’s important to note that cloud storage services and cloud backup services are not the same thing. Cloud storage services are designed to do just that – store files. They may not offer file versioning, which leaves backups vulnerable to ransomware, and they usually don’t allow you to retain your file system structure, which means if you ever need to recover your system, you’ll have to organize all your data by hand. Cloud backup services, on the other hand, are made with disaster recovery and business continuity in mind. They allow you to retain your file system structure and usually include useful features such as file versioning, status reports, scheduling options and better encryption methods for transferring data. When it comes to ransomware-proofing your backups, cloud backup services are the superior option. Access management. Regardless of the storage media your company chooses to use, it’s important to restrict access to only those with a legitimate business need. This involves being very selective of who has the login credentials to file servers and backup services, as well as limiting physical access to onsite backups via secure storage and access management. Limiting access to backups helps reduce the attack surface for ransomware and minimizes the chances of sensitive company information falling into the wrong hands. Mitigating the effects of ransomware. A robust backup strategy is a critical ingredient for mitigating the effects of ransomware. However, as with any data, backups can also be affected by ransomware. Using a combination of local and offsite backups will help reduce the risk of ransomware affecting your company’s backups and put your business in a stronger position to minimize downtime in the event of an infection.


FEDEX EXECUTIVES CALLED OUT FOR PROFITEERING BY SELLING SHARES BEFORE BREACH REVEALED:

FedEx execs not only hid the impact of the NotPetya ransomware on their business but personally profited by selling off tens of millions of dollars of their own shares before the truth came out, a lawsuit filed by the delivery business’ own shareholders claims. The legal complaint, filed in Delware, USA, this week, accuses the shipping giant and its top brass of giving "materially false and misleading statements" about the impact of the malware infection on its European subsidiary TNT Express in June 2017. And, the paperwork notes, several top execs off-loaded their shares before the damage caused by the cyber-attack became known and the share price plummeted. FedEx founder Frederick Smith sold $31m worth of stock at $256 per share in April 2018, and its chief operating officer David Bronczek did the same in January 2018, netting $12m by selling at $225 a share. Other execs are listed as selling roughly $1m a piece in shares around the same time. The share price currently stands at $152 after a massive drop in December 2018, primarily due to its uncertain outlook in Europe for 2019. Despite FedEx going to some lengths to highlight the impact of the file-scrambling malware on its business – including suspending its shares back in June 2017, and announcing a $300m loss thanks to the code a few months later that September – the shareholders argue that the exec team downplayed the depth of the problem. At the time, FedEx stressed that no information had been stolen by the cyber-nasty, and only some offices of TNT Express had been disrupted. "Remediation steps and contingency plans are being implemented as quickly as possible," it said in a statement. But, at the same time, it also refused to answer questions from the press. The lawsuit, led by shareholder Jason Flaker, claims that FedEx did not flag that growth of its European TNT subsidiary was slowing down as a result of clients that “permanently took their business to competitors." It also claims that FedEx was less than fully honest about the cost and effort required to get the TNT systems back up and running. As for the share-dumping execs, the lawsuit accuses them of being “unjustly enriched at the expense of and to the detriment of FedEx” while “breaching fiduciary duties” and engaging in insider selling because there were “in possession of material, nonpublic information that artificially inflated the price of FedEx stock.” You may think that this is just a case of sore investors losing money, but back in July this year, FedEx was hit with another similar lawsuit claiming execs has downplayed the impact of the cyberattack: law firms are queuing up to get a piece of that action. In fact, lawyers are going to be dining out on the enormous impact of NotPetya: one of the most notable cases being when US snack food giant Mondelez sued  its own insurance company in January this year for $100m after the insurers claimed the malware was “an act of war” and therefore it wouldn’t pay out. That case is still ongoing.


IN THE WAKE OF PAYID DATA BREACHES, AUSTRALIA’S BANKS NEED TO TAKE CYBER SECURITY SERIOUSLY.

When we think of a bank robbery, we might imagine a safe with the door blown open. But nowadays it might be more accurate to picture criminals accessing our bank account online from another country. Bank robbers don’t need balaclavas and shotguns anymore. Australian banks have long provided convenient ways for customers to transfer funds. But the process of remembering and entering BSB and account numbers is prone to human error. Enter PayID. PayID allows customers to attach their mobile phone number or email address to their bank account. They can then simply provide these details to other people, providing a convenient way to receive payments. It can only be used for incoming payments, rather than outgoing ones. So you might think that makes it less of a tempting target for hackers. But that’s not necessarily the case. Launched in February 2018 by New Payments Platform (NPP) Australia, an alliance of 13 banks, PayID is reportedly available to more than 52 million account holders across almost all major financial institutions. By February 2019, some 2.5 million PayID identifiers had been created, and 90 million transactions totaling more than $75 billion had been processed. When entering a PayID mobile phone number to make a payment, the full name of the account holder is displayed, so the person making the payment can ensure they are sending it to the right PayID account. Shortly after the service launched, Twitter users began pointing out that this means you can enter random phone numbers and, if that number has been linked to a PayID account, the account holder’s name will show up — rather like a phone book in reverse. The following day, on February 17, 2018, NPP Australia acknowledged this issue in a media release, but effectively dismissed users’ concerns: “While unfortunate for the individuals involved, the discussion highlights the choice and benefits to be considered by users when they opt in to create a PayID.” This is not exactly reassuring for bank customers whose details were publicly posted. And developments this year suggest that the underlying problems persist. Better luck next time? In June 2019, about 98,000 PayID details were obtained after hackers used several online bank accounts to carry out more than 600,000 PayID lookups over the course of six weeks, reportedly by simply entering phone numbers in sequential order. It is not clear who was to blame, although there are allegations of a leaked memo pointing the finger at US - Based fraudsters. The exact motive is unclear, but any personal data has value in the underground economy. In this case, the data could potentially be used as part of a more complex phishing scam designed to steal further information from account holders. Although this is clearly a very simple attack involving nothing more sophisticated than simple trial and error, it appears the PayID system did not detect the large number of lookups — an average of 14,000 per account — or the speed with which they were undertaken. To give a real-world example, it would be like going into your bank 14,000 times and handing over a different piece of identification each time. This high volume of lookups should have raised significant security concerns. While legitimate users could be forgiven for needing a couple of tries to punch in the right number, no one should need thousands of attempts. It should have been a simple security step to add lookup limits and to identify this as highly abnormal behavior. Yet neither the bank concerned nor NPP Australia had implemented mechanisms to detect or prevent this form of misuse. After a security breach this size, the banks might reasonably be expected to take urgent steps to prevent it from happening again. But it did happen again, two months later. In August 2019, a further 92,000 PayID’s were exposed. In this case, it was reported the breach happened within the systems of a financial institution connected to the NPP Australia systems. Worryingly, this breach reportedly revealed users’ full name, BSB and account number. Banks were quick to reassure customers this does not allow transactions to be undertaken. However, it did deliver yet more valuable information into the hands of cyber criminals — further enabling phishing opportunities. While affected customers have been contacted, the only option to remove this risk is to stop using PayID. This is easily done but removes the convenience factor for most bank customers. What’s the real risk? Because the system enables payments into accounts, rather than authorising withdrawals from them, the risk may seem minor. Indeed, many in the banking sector have dismissed it as so. But there is a deeper risk. Phishing is a major form of cyber crime in which victims are tricked into revealing confidential information through convincing-looking emails or SMS messages. Unfortunately, there are already examples of The approach depicted above is not particularly sophisticated. But imagine a more tailored email message quoting examples of identifiable information (PayID, full name) or, as with the most recent breach, BSB and account number. Coupled with the correct branding and reassuring words of your bank, it would be easy to convince an unsuspecting user of the need to ‘log in to change your PayID for security reasons’. Just a few minutes of creativity on a computer can produce convincing results. The image shown below was created to show how easy this process is. It uses genuine branding, but the ‘log in’ button could easily be set to direct users to a website designed to steal login credentials. With the ME Household Financial Comfort Report indicating that almost 50% of households have at least $10,000 in savings, there is a clear incentive for cyber criminals to target our bank accounts. As with any phishing attack, it only takes a few people to succumb to make the enterprise worthwhile. Although bank customers can do little more than think twice before responding to messages, the real power is with the banks. Simply being alert to unusual patterns of behavior would have prevented these security breaches. This is not new territory for financial institutions, which routinely look for unusual patterns in credit card transactions. Perhaps it is time to apply these same concepts in other scenarios and better protect Australia’s banking customers.


SURVEY CONFIRMS THAT SUPPLY CHAIN PERCEPTION IS THE REALITY:

Security surveys tend to confirm what we already knew a few months ago and the 2019 Global Cyber Risk Perception Survey from Marsh and Microsoft does not disappoint. This roller-coaster ride through the deepest thoughts of 1,500+ business leaders during February and March covers topics such as organisational confidence, approaches to adopting new technology and cyber security resilience. Inevitably, much of it reads like a masterclass in stating the bleeding obvious. Cyber risk had heightened since 2017, said 56 per cent of respondents. While 9 per cent expected to be done in by terrorists and 12 per cent were getting flustered over industrial espionage, 79 per cent felt cyber attacks should be their top business concern at the moment. Who'd have guessed? In other questions, respondents said their governments should do more about the cyber threat, but that they had no confidence in government's ability to do it right. Again, yessum!. Much more fun was watching those in various supply chains point the finger at each other. A significant 39 per cent were concerned by the level of cyber risk posed to their organisations by their supply chain vendors. But when asked whether they themselves could be a risk to everyone else, only 19 per cent admitted they might. Either way, a worrying 43 per cent said they probably wouldn't be able to protect themselves from cyber threats if they came from their third-party partners. If nothing else, the survey lays bare the fragility of the supply chain and that while participants are all too aware of it, they don't know what they can do about it. The survey concluded that supply chain risks should be managed as a collective issue, sharing security standards across the entire network, each organisation honestly evaluating its own cyber impact on its partners. A bit of joined-up thinking is what's called for. At the same time as Microsoft was reminding business leaders how scary cyber threats can be, its president Brad Smith was telling the US to stop blacklisting Huawei so that it can start supplying Microsoft with Windows software again. This must be some of that joined-up thinking in action. Go team.....

ONE IN THREE EMPLOYEES WHO KNOW THEIR PASSWORD IS COMPROMISED STILL WON”T CHANGE IT - AUSTRALIAN STUDY CONFIRMS.

One-in-three Australian workers who admit to having enabled data breaches are still unwilling to change their already compromised passwords, a new study reveals. Human error has always been a security risk, but according to cyber security firm Webroot’s latest report office culture might present a larger issue when it comes to maintaining cyber health. Over half of the 4000 surveyed workers have compromised personal and financial data by clicking on links from unknown senders. The report shows this behavior isn’t a one-off either — these employees clicked on risky links multiple times. Of this group, over a third were so apathetic, and didn’t bother to change their passwords after the breach. And although 90% of employees consider themselves able to distinguish real emails from their phishing counterparts, 60% will click on links from unknown senders anyway. The study also shows employees find identifying phishing in non-email communications (phone calls, notifications, snail mail and post) even more difficult. They would actually have a better chance of correctly identifying phishing if they flipped a coin. The report comes in the wake of high-profile data breaches, involving PayID, TGI Fridays, Sephora & NAB workers. And that’s just in the last three months. Apart from the obvious financial risks, poor cyber security can also lead to larger reputational issues with suppliers and customers, among others. Educate yourself - Cyber security might seem like a time-consuming issue to resolve, but some experts say regular and incremental checks can prove more effective in the long run. Andy Jamieson of Smart Company advises businesses to regularly test their own systems and update passwords whilst Susie Jones of Cynch Security recommends breaking down the most pressing issues — anything that holds sensitive and confidential information — into “simple steps”. Change your office culture - The biggest takeaway from the study is the need to reform office culture from apathy to vigilance. Ilone Vass from HR firm Dancing with the Dragons encourages business owners to build competence and foster office traditions. These traditions can easily include cyber security checks and updates. “Your employee may have problem-solving skills, which are outside of their everyday role, to help you move past any issues. “Build their competence and confidence by allowing them to implement skills to assist with problem-solving,” she wrote.



THREAT FOCUS: Seek Online Recruitment - AUSTRALIA

Exploit: Phishing attack

Seek: Online employment marketplace

Risk to Small Business: 2 = Severe: A phishing campaign is impersonating the company’s head of digital marketing. The email contains the subject line “files have been sent to you via Hightail,” and users who open the attachment are redirected to a phony Office365 page that prompts users to input their credentials. The campaign was likely instigated when the employee’s credentials were compromised in a previous breach, and while they are prioritizing communication, the phishing campaign could quickly lead to additional more invasive and harmful data loss events.

Individual Risk: 2.285 = Severe: The credentials of anyone who opened this email and followed the prompts are undoubtedly compromised. These users should immediately contact their company’s IT department to notify them of the situation, and they should update their passwords to secure their account going forward. At the same time, they should be aware that this information can be leveraged to perpetuate additional attacks, and they should closely monitor their accounts for unusual activity.

Customers Impacted: Unknown

Effect On Customers:Phishing scams are a persistent problem for every organization, and despite the best efforts of many organizations, some will inevitably make their way to your employees’ inboxes. Fortunately, these attacks are entirely defensible, as comprehensive awareness training can render phishing scams useless. However, these measures are only effective when implemented before an account is compromised, meaning every company should prioritize these programs as part of a holistic data security initiative.

Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


THREAT FOCUS: Lumin PDF - NEW ZEALAND

Exploit: Unauthorized database access

Lumin PDF: Cloud-based service PDF service provider

Risk to Small Business: 2.111 = Severe: Hackers obtained and published a spreadsheet containing the personal information of every Lumin PDF user. The information was acquired from a database in April 2019, and it was published after repeated attempts to contact the company. Since then, the data was accessed by an additional hacking group, which left a ransom note for the company before deleting the data. The company’s slow response, given that they did not acknowledge the breach until September 17, reflects a general malaise about data security that most consumers would find completely unacceptable in 2019.

Individual Risk: 2 = Severe: The compromised database was comprised of personal information for users until April 2019. This includes names, email addresses, gender, location data. Most entries also included a Google access token, but nearly 119,000 included hashed passwords. This information is accessible on the internet, and those impacted by the breach should assume that it will be deployed by bad actors to enact more damaging cybercrimes. Therefore, they should enroll in identity monitoring services to ensure the long-term veracity of their information and should be especially vigilant of any unusual account activity or communications.

Customers Impacted: 24,300,000

Effect OnCustomers: A seemingly endless series of high-profile data beaches has eroded customers’ patience with companies that can’t protect their information. Therefore, every business should consider cybersecurity both a practical responsibility and an operational necessity. Companies that don’t embrace this priority will likely face significant financial repercussions as customers and employees bring the business and expertise elsewhere.

Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


THREAT FOCUS: Tesco App - UNITED KINGDOM

Exploit: Unsecure database

Tesco App: Parking validation web application

Risk to Small Business: 2 = Severe: A data migration exercise left millions of time stamped images of customers license plates exposed to the internet. In response, Tesco has disabled the app, reducing their ability to efficiently validate parking and degrading the overall customer experience. In addition, the company will face regulatory scrutiny as the exposure of personal data falls under the purview of Europe’s GDPR standards.

Individual Risk: 2.285 = Severe Risk: The data breach includes low resolution photos of vehicles entering 19 Tesco car parks. These photos capture license plate numbers but do not include images of the drivers. While no other personal information was exposed in the breach, one reader was able to compile a chart detailing the parking frequency for three vehicles included in the breach.

Customers Impacted: Unknown

Effect on Customers:Technological convenience and capability can’t be a substitute for data security. Even accidental sharing can have significant financial and reputational consequences. Therefore, innovation must always be paired with intentionally to ensure that all risks are accounted for and that customer data is secure.

Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


THREAT FOCUS: Swindon College - UNITED KINGDOM

Exploit: Unauthorized database access

Swindon College: Academic institution providing hands-on job training for students and adults

Risk to Small Business: 2.111 = Severe: Hackers gained access to the college’s database, compromising the personal information of current and former staff, along with students. The breach includes information stored since 2011. As a result, Swindon College will bear the immediate financial burden of the recovery. Moreover, the incident could have less quantifiable long-term implications for their ability to attract or retain students and faculty.

Individual Risk: 2.428 = Severe: Although the college hasn’t released specific details on the breach, it’s evident that personally identifiable information was included in the breach. In response, Swindon College has opened a contact center for those affected by the breach. In addition, the institution recommends that those impacted by the breach contact their financial institutions to identify potential financial misuse.

Customers Impacted: Unknown

Effect on Customers: A data breach will have long-lasting consequences for businesses of any size, but SMBs need to be especially aware of the financial implications of data compromises. Small vulnerabilities can have large repercussions if they are exploited by cybercriminals. Understanding and addressing your cybersecurity weaknesses is a key component of any successful business plan in 2019.

Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


THREAT FOCUS: Scotiabank - CANADA

Exploit: Unprotected database

Scotiabank: Canadian multinational bank

Risk to Small Business: 2 = Severe: The financial institution accidentally left open its GitHub repositories, exposing software blueprints, access keys to foreign exchange rate systems, mobile application codes, and login credentials for company databases. The company was notified of the breach by The Register, which makes it highly likely that bad actors already exploited these oversights. This incredible technological oversight will continue to create headaches for the company as it deals with the exposure of intellectual property that will certainly erode its competitive advantage. Moreover, the long-term reputational damage to the bank could negatively impact its standing among consumers and industry collaborators.

Individual Risk: 2.571 = Moderate: In the near term, no personal information was impacted by the breach. However, the exposed login credentials could allow hackers to access to personal data, and the bank’s customers should be especially careful to monitor their accounts, both financial and personal, for unusual activity or misuse.

Customers Impacted: 25,000,000

Effect On Customers: This cybersecurity incident was entirely avoidable, and Scotiabank is receiving significant criticism for accidentally sharing such sensitive information online. While much attention is pointed towards the risk of bad actors, businesses need a holistic plan to protect their data that includes a plan for preventing accidental sharing or inadvertent data misuse.

Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk


THREAT FOCUS: Restaurant Depot - UNITED STATES

Exploit: Spear phishing attack

Restaurant Depot: Commercial food service wholesaler

Risk to Small Business: 1.666 = Severe: Restaurant Depot’s customers are receiving phishing emails requesting payment for invoices, purportedly from the company. In response, customers began lashing out on social media, and the company was forced to issue a statement on its website discrediting the email content. The emails are personalized so cybercriminals likely purchased company data from a Dark Web marketplace, which could suggest the possibility of an even more expansive data breach at Restaurant Depot.

Individual Risk: 2.142 = Severe:  Any recipient who paid a fraudulent invoice has compromised their personally identifiable information and their payment data. However, even for those that delete the message, it’s likely that their information was obtained through a different data breach, and they should closely examine their credentials for other potential misuses. In some cases, credit or identity monitoring services might be required to ensure their data’s long-term integrity.

Customers Impacted: Unknown

Effect On Customers: Having your company co-opted as a tool for cybercriminals is bad for business, and companies that are victimized in this way face an expensive, up-hill battle to restore their customer’s confidence. Preemptively knowing if your employee or customer data is compromised can help prevent this scenario by giving your business an opportunity to respond before hackers wreak havoc on your system.

Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk


THREAT FOCUS: Miracle Systems - UNITED STATES

Exploit: Malware attack

Miracle Systems: IT services provider for government contracts

Risk to Small Business: 1.555 = Severe: Using stolen credentials, hackers gained access to several databases that store company data related to the US military. The breach, which occurred on three separate occasions between November 2018 and July 2019, was enabled by a malware attack that was distributed via a malicious email attachment. Although the stolen data was years old, the company was closely scrutinized by the Secret Service, and company leaders estimate that they’ve lost as much as $1 million because of the breach. Of course, this doesn’t include the opportunity costs associated with a loss in trust and business with the government.

Individual Risk: 2.428 = Severe: Several email account credentials were stolen during the breach, and their accessibility was broadly advertised on the Dark Web. Although the company believes that this information is outdated, all employees should reset their password and follow best practices for creating unique credentials.

Customers Impacted: Unknown

Effect On Customers: For many companies, protecting their data should be an extension of protecting their bottom line. The Miracle Systems breach is a reminder of the steep price that many companies pay in lost revenue and reputational damage that can have far-reaching consequences for their financial viability and future business model.

Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk


THREAT FOCUS: Carle Foundation Hospital - UNITED STATES

Exploit: Phishing attack

Carle Foundation Hospital: Regional, not-for-profit healthcare provider

Risk to Small Business: 2.111 = Severe: Three company employees fell victim to a phishing scam that gave hackers access to their email accounts containing patient data. Although the hospital immediately secured the accounts, the easily preventable incident will expose Carle Foundation Hospital to intense regulatory scrutiny and cascading costs related to the breach.

Individual Risk: 2.428 = Severe: The compromised email accounts belonged to three physicians, and they included data from patients that received cardiology or surgery services at Carle. The data includes patient names, medical record numbers, dates of birth, and clinical information. Fortunately, patients’ Social Security numbers and financial data were not included in the breach. However, personal data is a widely accepted currency on the Dark Web, since personally identifiable information(PII) can be used to facilitate additional cybercrimes. Therefore, those impacted by the breach need to closely monitor their accounts for usual activity while being mindful of other malicious uses of that information.

Customers Impacted: Unknown

Effect On Customers: Data breaches bring a host of complications to any company, including reputational damage and ancillary recovery costs. Altogether, it can cause significant financial distress to any organization. Neutralizing defensible threats, like phishing scams, is a simple and affordable solution that can play a prominent role in protecting your company's reputation and bottom line.

Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk



POSTSCRIPT:


2019 on Pace to Set Data Breach Record 

Anecdotally, many people realize that data breaches are increasingly prevalent and problematic. 

Those presumptions are being confirmed by hard data as a new data breach report reveals that 2019 is poised to be the most destructive year yet when it comes to data integrity.

The 2019 Midyear Quickview Data Breach Report found that the number of data breaches that exposed records increased by 54% in the first half of the year. Concurrently, the number of records exposed in these breaches increased 52%. The business sector is responsible for the vast majority of these compromised records, with nearly 85% originating with companies that collect and store user data. This reality underscores the challenge of doing business in the digital age. On one hand, big data is the lifeblood of the internet economy, and companies can lose a significant competitive edge if they decline to collect customer information. However, when that data is compromised, it costs companies significant sums that can offset many of the advantages generated by this type of data collection. Ultimately, it underscores the importance of developing and executing a holistic approach to cybersecurity that adequately accounts for risks and shortcomings to ensure that your business is positioned to flourish, not flounder.


Data Breaches Threaten Companies' Financial Viability 

Throughout 2019, new research is illuminating the extensive financial consequences of a data breach. Not only are direct costs increasing, but consumers are making sure that business feel financial pain for failing to protect their information.  According to a report by PCI Pal, consumers are prioritizing data security by spending money at companies with demonstrated track records of data security and integrity and declining to shop at companies that have comprised consumer data. Specifically, 44% of UK customers, 83% of US consumers, 43% of Australian shoppers, and 58% Canadian users claimed that they will stop or reduce spending at companies that experience a data breach. Moreover, such patterns can inflict future consequences, as consumers will search the competitive landscape for new products and services, making it increasingly difficult for compromised companies to win back old customers. Since keeping your existing customer base is significantly more affordable than finding new clients, prioritizing data security should be at the top of every company’s to-do list. When internal resources can’t cover the entire responsibility, seek assistance from qualified collaborators (like us!) that can assess your cybersecurity posture while partnering with you to provide the resources necessary to keep customer data safe.



Disclaimer*: Avantia Corporate Services Pty Ltd and Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, and up to 56 other countries who provide cyber breach and cyber security information to us in real time. Given their international focus and experience in the cyberspace arena we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the contents accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.

Want The Information  Cyber Criminal's  Don't Want You To Know?

Subscribe below to receive our weekly Threat Updates straight to your inbox.

Call (07) 3010 9711 

info@avantiacorp.com.au

 

Avantia Corporate Services Pty Ltd,                    Level 7, 320 Adelaide Street

Brisbane, Queensland 4000

AUSTRALIA.

  • LinkedIn Social Icon
  • Facebook Social Icon

DISCLAIMER*: Avantia Corporate Services Pty Ltd and Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, and up to 56 other countries who provide cyber breach and cybersecurity information to us in real-time. Given their international focus and experience in the cyberspace arena, we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the content's accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.

*COPYRIGHT 2020* Avantia Corporate Services  PTY LTD - All Rights Reserved.