top of page
  • Avantia Threat Update


Your Personal Information is "Out There".

This week, US healthcare provider gets breached 3X, third-party ransomware parks Canadian agency for days, hackers steal French gas, and last year’s Facebook breach in Australia nearly doubles in size – Aussies hit hard!

This Past Week’s Top Dark Web Compromises:

Top Source Hits: ID Theft Forums (99%) Top Compromise Type: Domain (99%) Top Industry: Medical & Healthcare Top Employee Count: 11 - 50 Employees

This Past Week’s Top Targeted Industries:

Manufacturing Hits: 120 | Targets: Bayer, ThyssenKrupp, Toyota Motor Corp., Huawei Technologies, Sony Corp

Telecommunications Hits: 101 | Targets: Xiaomi, Verizon, ASUS, Verizon Wireless, Huawei Technologies

Computer Hardware Hits: 93 | Targets: Xiaomi, Microsoft, ASUS, Apple, Check Point Software Technologies Ltd

Software Hits: 89 | Targets: Cambridge Analytica, Microsoft, Google, GitHub, Facebook

Consumer Electronics Hits: 85 | Targets: Xiaomi, Microsoft, ASUS, Nokia, Nintendo

This Past Week’s Top Threat Actors:

Axiom Hacking Group Hits: 66 | Targets: Google, China, Fortune 500, South Korea, Anthem

APT28 Fancy Bear Hits: 62 | Targets: Democratic National Committee, United States, Democratic National Convention, Germany, United States Senate

APT29 The Dukes Hits: 56 | Targets: United States, White House, U.S. Department of State, Democratic National Committee, Democratic National Convention

APT32 OceanLotus Hits: 15 | Targets: Vietnam, Mac OS, Association of Southeast Asian Nations, China, Australia

Lazarus Group Hits: 11 | Targets: Sony Corp, Cryptocurrency, South Korea, United States, Bitcoin.

This Week’s Top Malware Exploits:

Winnti Hits: 71 | Targets: Germany, China, Aerospace Corp, Japan, United States

Wcry Hits: 24 | Targets: Boeing, Microsoft Windows, United Kingdom, Bitcoin, North Korea

Necurs Hits: 23 | Targets: Italy, Microsoft Windows, Bambenek Consulting, Check Point Software Technologies Ltd, Banking

Dridex Hits: 20 | Targets: United Kingdom, United States, Banking, France, Microsoft Office Word

GandCrab Hits: 18 | Targets: Microsoft Office Word, Italy, Syria, Microsoft Windows Xp, Microsoft Window


In Other News:

Over 111,000 Australian Facebook users exposed to extortion & identity fraud:

The detailed personal information of more than 60,000 Australians was exposed in a massive cyber-attack on Facebook last year, giving hackers the ability to access their movements, hometown, search history, email and phone number. Internal documents reveal the attack on Facebook in September last year affected an estimated 111,813 Australians, among roughly 29 million worldwide. About 47,912 had only basic personal information – their name, email and phone number – compromised. But other Australians were more exposed. Hackers were able to access information on 62,306 users’ hometown, most recent check-ins, birthday, education, work history, Facebook search history, name, email, phone number, gender, relationship status and religion. These users also had their most recent Facebook location check-ins exposed. In another 1,595 cases, the names in private Facebook messenger conversations could be accessed, as could details of a person’s membership of Facebook groups. The revelations are contained in confidential correspondence between Facebook and Australia’s privacy watchdog, the Office of the Australian Information Commissioner. The documents were released under freedom of information laws on Tuesday. The correspondence shows Facebook took almost two weeks to discover the cyber-attack, which began on 14 September last year. It discovered the breach on 25 September, and did not notify the OAIC for another four days, at the same time it told other international agencies. When it did tell Australian authorities, it asked them to keep early estimates of the number of affected Australians confidential. “We would be happy to continue to update you with more information as it becomes available, but we need to set expectations that obtaining clarity on what data was accessed is a considerably time-consuming process to ensure accuracy and complete analysis,” Facebook told OAIC’s principal director, Amie Grierson, in early October. “We appreciate you will keep this information confidential as we continue to work on this analysis.” Facebook said it did not believe the attack met the requirements of Australia’s notifiable data breach scheme, which legally compels companies to alert individuals and the OAIC if there is a possibility of “serious harm” from privacy breaches. Facebook, in a subsequent “incident update” to the OAIC, revealed the extent of the impact on Australian users, but said it did not believe passwords or payment card information were at risk. “Based upon what we’ve learned so far in our investigation, the attackers did not gain access to other personal information such as password information, identity documentation, financial information or payment card information,” the incident update said. Facebook has now contacted all affected individuals in Australia to advise them of the breach. The cyber-attack was allowed by what Facebook said was “a vulnerability caused by the complex interaction of three bugs” in its system. It allowed hackers to obtain access tokens, a kind of security key that allows users to stay logged into Facebook over multiple browsing sessions without entering their password every time. Facebook said it quickly moved to secure its system and invalidated access tokens for almost 90 million accounts across the world. Initially, Facebook believed the attack had affected 50 million people worldwide. The breach was thought to be the largest in the social media giant’s history. “For 15 million people, attackers accessed two sets of information – name and contact details (phone number, email, or both, depending on what people had on their profiles),” Facebook said in October. “For 14 million people, the attackers accessed the same two sets of information, as well as other details people had on their profiles. This included username, gender, locale/language, relationship status, religion, hometown, self-reported current city, birthdate, device types used to access Facebook, education, work, the last 10 places they checked into or were tagged in, website, people or Pages they follow, and the 15 most recent searches.”

The growing threat of business email compromise (BEC).

BEC is a scam in which hackers target companies that pay their bills through wire transfers. Typically, scammers will impersonate employees and leverage social engineering techniques to route funds to themselves, resulting in hundreds of thousands in losses. In 2016, the global average for costs faced by a single company was $140,000.

Below are the 5 most common forms of BEC fraud:

· The Bogus Invoice- Fraudsters pose as vendors requesting payments to accounts that are owned by them. Such an incident is most common among companies who deal with foreign suppliers.

· CEO Fraud- As the name implies, Cyber Criminals will assume the role of an executive and request fund transfers from their finance teams.

· Account Compromise- In this scenario, employee accounts are hacked (frequently by the use of stolen Usernames/Passwords) and leveraged to request invoice payments from vendors.

· Lawyer Impersonation- Attackers pretend to be lawyers in charge of confidential information and will ask for unusual requests via phone or email. This form of BEC tends to occur toward the end of a business day.

· Data Theft- Hackers will go after HR and finance employees to gain PII (Personally Identifiable Information) and tax statements of employees, which can be used for future attacks.


What makes BEC so dangerous is that such scams can circumvent traditional security solutions, since they do not contain any malicious links or attachments that can be identified. Some immediate security flags for such tactics are words like ‘request, payment, transfer, or urgent’ in an email subject line, but employee cybersecurity training and awareness remains the most effective solution to preventing BEC.

Threat Group Employs Amazon-Style Fulfillment Model to Distribute Malware

The operators of the Necurs botnet (computer network) are using a collection of US-based servers to send out banking Trojans, ransomware, and other malware on behalf of other cybercriminals. A threat group with possible connections to the operators of the notorious Necurs botnet has employed what security vendor Bromium this week described as an Amazon-style fulfillment model to host and distribute malware on behalf of other cybercriminals. The group is using a collection of more than one dozen US-based servers to help attackers distribute a variety of ransomware, banking Trojans, and other malware to targets located mostly within the country. The IP addresses of the hosting servers belong to a single autonomous system — or range of IP addresses — registered with a so-called "bulletproof" hosting company in the US. Eleven of the servers hosting malware are located in a single data center in Nevada belonging to the company. Typically, malware hosting servers are located in jurisdictions known to be uncooperative with law enforcement. The fact that this particular group is operating from within the US using a highly consolidated set of servers is significant, says a malware researcher at Bromium, who did not wish to be identified. "One benefit of the infrastructure being in the US is that the connections to download the malware are more likely to succeed inside organizations that block traffic to and from countries outside of their typical profile of network traffic." Bromium has been tracking the group's operation for close to a year and says it has observed the US-based servers being used to host at least five families of banking Trojans, two ransomware families, and three information stealers. The malware includes the Dridex banking Trojan, GandCrab ransomware, and the Neutrino exploit kit. Evidence suggests that a single group is hosting the malware and also distributing it via mass phishing campaigns on behalf of other threat actors. In each case, there is also no evidence that the servers were ever used for legitimate purposes, meaning they were provisioned purely to host and distribute malware. The phishing emails that are being used to distribute the malware are also strikingly similar, indicating that the same threat group is sending them out. Many of the emails, for instance, have Microsoft Word documents with malicious macros and contain links pointing back to the same set of servers. All of the macros also use a hard-coded IP address rather than a domain name for the server hosting the second-stage malware. "Our research suggests that these campaigns are part of a highly organized 'Amazon-style' fulfilment operation," the Bromium researcher says. A distinct threat actor is responsible for email and hosting, while others are charge of operating the malware, he notes. "The entity that controls the hosting infrastructure represents a 'choke point' in the operations of the groups behind these malware families." The separation of command and control from hosting and distribution suggests that any data stolen from victims is likely being stored elsewhere, the researcher says. According to Bromium, the fact that Dridex was hosted on one of the web servers and similarities in the manner in which the malware is being distributed suggest the operators of the Necurs botnet are behind the latest operation as well. The operators of Dridex have been using Necurs to distribute the malware since 2016. So, it is possible that the collection of web servers being used to host and push out the 10 different malware families is part of the infrastructure used by the operators of Necurs, Bromium said.

Bromium has notified relevant authorities about the US-based company that is hosting the rogue servers. The company and its affiliates have legitimate customers, many of whom are likely attracted by the cheap web hosting rates offered. There are close to 53,000 IP addresses registered to the company, of which only a fraction were found to be hosting malicious content, the Bromium researcher says.

Is ‘Stalkware’ on your Android device stalking you?

Over 58,000 Android users had "stalkerware" installed on their phones last year, researchers from Kaspersky Lab have revealed today. Of these, more than 35,000 had no idea about stalkerware being present on their Android devices until they installed Kasperksy's mobile antivirus, which flagged the infection. Kaspersky's findings come to confirm a growing trend in the information security industry, where security researchers are seeing an increase in the use of stalkerware-like products, from both normal users and companies alike. Stalkerware, also known as spouseware or "legal spyware," is a term used to describe a particular class of spyware. These are applications sold by legally-registered companies under various pretenses, such as child monitoring or employee tracking solutions. Some of these apps are used for legitimate purposes, but in the vast majority of times, they are not. Legitimate apps are those who display visible markers to users letting them know they are being watched. The bad apps, and the ones detected by antivirus companies and normally banned from the official app stores, are the ones that hide themselves from view. Having stalkerware on your phone is a sign that a close friend, lover, family member, or employer is trying to keep an eye on you without your knowledge --a fact that most people will find very disturbing and a reason to file criminal complaints. Just the presence of stalkerware on your phone also suggests that someone has tampered with your device without your permission. Installing these types of apps on someone's phone usually requires the attacker's physical access. In some cases, the person knows and agrees to have stalkerware apps installed on their devices, for contractual reasons, but in the vast majority of cases, this installation process takes place without a person's knowledge, and these commercial "legal spyware" products are used by attackers to stalk their victims --hence the origin of the stalkerware term. While the Kaspersky report detailed only stalkerware infections on Android devices, most commercial stalkerware products today also offer monitoring clients for iOs, Windows, macOS, and even Linux. These questionable apps, despite not being outlawed, are becoming more and more popular with each day, since they cater to the darker side of human nature --feeding on ab abuser's insecurities and need to know. Cases of rampant abuse have come to light over the past few years, when stalkerware companies have been hacked or have left servers exposed online, leaking customer data. Twelve such leaks have been recorded so far, as documented by Motherboard in its When Spies Come Home series. These leaks exposed cases of abusive men or women spying on current or former partners, bosses secretly keeping an eye on employee's private conversations, parents spying on kids' internet browsing habits and photos, and more. Such leaks have shown that besides the abuser, a victim's data is also hosted and accessible to the stalkerware's companies' employees, and in some cases, to the entire internet, when these companies fail to secure their servers. Furthermore, these leaks also show that the arguments that some of these stalkerware firms have been making are also blatant lies, with the leaks showing that abuse happens more often than not.

Cyber Attacks target AMEX & NETFLIX users with phishing emails.

The Office 365 research teams discovered the attacks, which reportedly emerged over the past weekend, hitting unsuspecting customers with well-crafted phishing campaigns that attempt to steal credit card information. According to a tweet from Windows Defender Security, “Machine learning and detonation-based protections in Office 365 ATP protect customers in both campaigns.” Additional tweets warned, "The Netflix campaign lures recipients into giving away credit card and SSN info using a 'Your account is on hold' email and a well-crafted payment form attached to the email." Phishing emails such as these are not only easy to craft but also easy to deploy. When aimed at unsuspecting users, they are highly successful. “They are designed to make us afraid that if we don’t click on that link or open that attachment something bad will happen,” said Colin Little, senior threat analyst, Centripetal Networks. Cyber-Criminals continue to employ the social engineering tactics of brevity and urgency, understanding that threatening user accounts or suggesting something may be amiss will evoke action. In addition to the many places in the phishing kill chain that can keep these malicious emails away from users, Little said, “a security awareness program that trains users on how and why to identify phishing emails is both essential and fundamental. If our users are the broadest attack surface, their preparation for this attack is our best defense.” When in doubt about whether an email is legitimate or not, an additional safety precaution is to address the potential issue in a separate dialogue. “Start a new email chain (such as to the Netflix help desk, in this example) using an address you obtain from the site,” Little said. “Address the inquiry in a different media, such as calling their vendor support line. Or the recipient can open the applicable app (if one's available) on their smartphones and check their credit or account status.”

Major Law firm DLA Piper are set to sue Insurer over Cyber Breach Claim:

DLA Piper has become the latest big name to be denied a multimillion-dollar insurance claim following major losses caused by the NotPetya ‘ransomware’ campaign of 2017. The multi-national law firm is said to be launching a legal case against its insurer Hiscox for failing to pay out. However, a spokesperson from the insurer confirmed to Infosecurity that the case, currently in arbitration, is not related to a specific cybersecurity policy and does not involve an "act of war" exclusion, as has been reported. The latter is the reason that insurance giant Zurich is said to be refusing to pay out a multimillion dollar claim from confectionary giant Mondelez. The Cadbury owner is said to be suing the insurer for over $100m to cover permanent damage to 1700 of its servers and 24,000 laptops as well as unfulfilled orders and other operational disruption. Russia was directly blamed for the June 2017 attacks, which started in Ukraine but quickly spread around the world via the VPNs of multi-nationals with offices in the country. However, the Five Eyes governments that issued these statements, led by the UK, failed to provide hard evidence to back up their claims, which won’t make it easy for the insurers to make their case in court. DLA Piper was hit hard by the destructive ransomware strain, after becoming infected via a supplier. The company’s flat networks structure is said to have allowed the malware to spread fast across the globe. The legal giant was forced to pay 15,000 hours of overtime to IT workers to help recover from the incident, which forced it to start afresh with its entire Windows environment, according to reports. It’s unclear what kind of insurance policy DLA Piper had but the issues may come down to whether it covered cyber incidents like this. However, such disputes are becoming more common, warned Anjola Adeniyi, EMEA technical leader at Securonix. “The increasing difficulties facing companies who try and claim insurance following a cyber attack is highlighting the growing need to implement preventative strategies,” he added. “Whilst many companies will fall victim to a ransomware attack, one of the first steps they need to take is to ensure it doesn’t happen again. Computer systems need to be up-to-date on security patches, networks monitored for infections and employees educated on cyber hygiene.”


THREAT FOCUS: Verity Medical Foundation – USA

Exploit: Employee phishing scam Verity Medical Foundation: Healthcare provider based in San Jose, CA Risk to Small Business: 2.333 = Severe: VMF recently notified its patients of another security breach it suffered on January 16th of this year, immediately following two similar phishing incidents. A hacker was able to compromise an employee’s Office 365 account for several hours and send phishing emails internally and externally to gather usernames and passwords. Although the organization maintains that there is no evidence of patient information being accessed, they will now face scrutiny by the media and patients, along with being forced to deploy mandatory training for employees.

Individual Risk: 2.571 = Severe: Aside from account usernames and passwords, protected health information including DOBs, patient identification numbers, phone numbers, addresses, health plans, treatments received, SSNs, and even insurance details may have been exposed. While the company believes that it was unlikely that the attacker was after the data, affected patients should enlist in identity monitoring and additional security measures.

Customers Impacted: 14,894 patients

Effect on Customers: The compounding effects of back-to-back breaches can amount to serious losses for organizations. Even worse, employee phishing attacks are entirely preventable through the implementation of security training and education. If breach occurs, businesses are forced to enroll their employees in such programs anyway, and likely at a higher cost. By then, however, the damage will have already been done.

Risk Levels: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

THREAT FOCUS: Earl Enterprises – USA

Exploit: Malware installation on point-of-sale (POS) systems Earl Enterprises: Hospitality industry giant

Risk to Small Business: 2 = Severe: In a press release published last Friday, the company announced that hackers had planted malware on POS systems, affecting over 100 restaurants between May 23, 2018, and March 18, 2019. After noticing a mysteriously large card dump in February, cybersecurity researchers realized that this incident is related to a database that is already available for sale on the Dark Web. In addition to dealing with customer churn and brand degradation, the company will now have to do its best to protect the users whose card information is up for grabs on the Dark Web.

Individual Risk: 2.428 = Severe Credit and debit card numbers, expiration dates, and cardholder names were exposed in the incident and will eventually be sold to the highest bidder on the Dark Web. Anyone who dined at Buca di Beppo, Earl of Sandwich, Planet Hollywood, Chicken Guy!, Mixology, or Tequila Taqueria should consider cancelling their cards, monitoring their financial reports, and changing their passwords.

Customers Impacted: 2.15 million cardholders

Effect On Customers: In the wake of a breach, understanding how fraudsters plan on using stolen data is crucial to risk mitigation. If Earl Enterprises had worked with security providers capable of monitoring the Dark Web, the company would have been able to identify the threat earlier and act accordingly.

Risk Levels: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

THREAT FOCUS: Canadian Internet Registration Authority – CANADA

Exploit: Ransomware infection via third-party system Canadian Internet Registration Authority: Canada's not-for-profit agency that manages domain name registry Risk to Small Business: 2 = Severe: On March 26th, the CIRA’s parking garage suffered from a ransomware attack, allowing anyone to enter without a security check and park for free. The compromise persisted for two days, resulting in systems being locked with a ransom note displayed by the attackers. Since the parking garage company Precise Link did not have a backup of the files, restoring the systems will come at an incredibly high cost.

Individual Risk: 2.482 = Severe It is unclear if the hackers gained access to employee data, but the risk for citizens should be little to none.

Customers Impacted: To be determined

Effect On Customers: Vendors that serve as third-party service providers for large firms should be wary of upcoming attacks. As hackers shift their focus towards the smallest vulnerabilities within an organization, they will certainly consider targeting the third-party companies that manage their data. To avoid future compromises, companies should work with a security solution that employs a Dark Web monitoring tool which can be crucial in determining if stolen information is trading hands between cybercriminals.

1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

THREAT FOCUS: Royal Bank Of Scotland – United Kingdom

Exploit: Faulty security product Royal Bank of Scotland: Retail banking company in Scotland

Risk to Small Business: 2 = Severe: After RBS group provided its business banking customers with free software, it was discovered that the product had a major security flaw. Attackers could have exploited the glitch to access and gain complete control of user computers, allowing them to view emails, internet history, and bank details. The patch was fixed, and the company explained that it should only affect Natwest customers, but such an incident could easily spook any clientele.

Individual Risk: 2.428 = Severe: It is unlikely that attackers were able to take advantage of the compromise since the company was able to immediately patch the flaw once it was discovered. Nevertheless, patrons of the bank should monitor their financial statements for suspicious activity.

Customers Impacted: Around 50,000 customers

Effect On Customers: This incident serves as a great example of why rapid detection is so important to preventing breach. Since the compromise was uncovered by security researchers, the company was able to make changes in the nick of time. By leveraging advanced monitoring tools that can proactively search the Dark Web for customer and employee data, security providers and businesses can be more confident in their solutions.

Risk Levels: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


Exploit: Remote unlock Total: Oil and gas company that operates gas stations

Risk to Small Business: 2 = Severe: French authorities arrested five men connected to a scheme in which they stole over 120,000 liters in fuel from gas stations around Paris. Knowing that managers often do not change the default lock code on the gas pump, the hackers used a special remote to reset fuel prices and remove fill-up limits. The fraud was discovered back in April 2018 and one suspect was arrested, but last Monday all known members were apprehended. Along with losing over $168,000 in fuel, the company was forced to change protocols to avoid a similar incident from occurring in the future.

Individual Risk: 2.598 = Moderate: No individuals are at risk.

Customers Impacted: N/A

Effect On Customers: As we’ve come to learn, employees hold the keys to many valuable and potentially vulnerable pieces of most businesses. To prevent such attacks from occurring in the first place, employees must be trained to spot vulnerabilities and take proper action in the event of breach.

Risk Levels: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


Exploit: Password spraying Taalem Education Group: Organization that runs the Dubai British School of Jumeirah Park Risk to Small Business: 2 = Severe: A British school in Dubai is warning parents of a cyberattack on its network, which employed password spraying to take advantage of weak passwords and compromise employee email accounts. After recognizing and dealing with the incident within a few hours, their IT team reset compromised accounts and blocked attackers from the system. Since the breach, however, hackers did send phishing emails to employees and parents of students attempting to defraud them. Although the school has done their due diligence by securing their networks and warning parents and employees, it will be important to avoid similar incidents going forward.

Individual Risk: 2.428 = Severe: If parents and employees tread carefully and do not open up fraudulent phishing links, they should be able to avoid the scam. Yet, there is some risk since such a scheme can result in financial losses or identity theft.

Customers Impacted: Unknown

Effect On Customers: It’s no secret that hackers are targeting employee accounts to enter organizational ecosystems. Employee email accounts generally contain a level of trust or authority, and cybercriminals understand that they can leverage this to trick other employees and parents. By partnering with a solution that brings employee training to the fore and simulates phishing campaigns, you can always be prepared when fraudsters come knocking at your door.

Risk Levels: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

THREAT FOCUS: Toyota Automotive Manufacturing – JAPAN

Exploit: IT system breach Toyota: Japanese car maker Risk to Small Business: 2.333 = Severe: Toyota announced another data breach last week, making it the second incident within the past few months. After breaching the Australian arm of the company, this time hackers targeted main offices in Japan to access sales information for up to 3.1M customers. The company has yet to determine if details were extracted vs. just accessed but explained that customer financial information was not stored on the compromised servers. Additionally, they are uncertain if the hacks were perpetrated by the same group, yet security experts believe that APT32 cyber criminals are the likely culprits. Furthermore, it is being speculated that the hacker scheme involved leveraging the data gained in the Australian breach to execute the latest attack on the company’s Japan office headquarters.

Individual Risk: 2.571 = Moderate: Details regarding what information was exposed are still being determined, but Toyota customers should watch out for suspicious activities on their personal and payment accounts. Also, looking back to see what information was provided to the car maker can help determine the level of risk that may be involved.

Customers Impacted: 3.1 million users

Effect On Customers: Just because a company has been hacked before does not mean that it won’t be targeted again. In this case, it is quite possible that the fraudsters intended to extract valuable information from the Australian breach of Toyota in order to access their main offices. To keep systems airtight, companies must re-evaluate what data is shared across working groups, departments, and offices, along with emphasizing the importance of adhering to cybersecurity best practices when it comes to their employees.

Risk Levels: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.



USA: Robocall Scam is back, to the tune of $40M

Ever dropped everything you were doing to take a call, only to receive an automated message in a foreign language? You certainly are not alone. Most of us likely hung up without thinking twice (and without understanding a word that was said). However, a recent slew of Mandarin-based calls has been targeting Chinese Americans, attempting to trick them into thinking that they are in legal trouble with the Chinese government. On Thursday, the FBI revealed it had received more than 350 complaints from victims of the scam, with aggregated losses reaching over $40 million. Dubbed the “Chinese Embassy Scam,” it has amounted to average losses upwards of $164,000 per victim. Some of us may be wondering how such a scam could be so effective, but it all comes back to the concept of relevance, originality, and impact. By speaking in a familiar language and using phone spoofing to change caller ID tags, cyber criminals can defraud virtually anyone.

What makes BEC so dangerous is that such scams can circumvent traditional security solutions, since they do not contain any malicious links or attachments that can be identified. Some immediate security flags for such tactics are words like ‘request, payment, transfer, or urgent’ in an email subject line, but employee cybersecurity training and awareness remains the most effective solution to preventing BEC.

*Disclaimer: Avantia Corporate Services Pty Ltd and Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, and up to 56 other countries who provide cyber breach information to us in real time. Given their international focus and experience in the cyberspace arena we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the contents accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions

bottom of page