Search
  • Avantia Threat Update

AUSSIE SHEEP FARMERS "RAMED" BY RANSOMWARE.


This Past Week: Ransomware strikes Australian Sheep Farmers; ACSC Critical Update; Google blocks 126 Million ‘suss’ Emails; San Francisco Airport nailed; Danish Pump Maker Breached; Stolen Information ‘Best Sellers‘ on the Dark Web; Compromised Email accounts expose customer data; Ransomware disrupts remote work; FBI releases a new warning about COVID-19 related healthcare cybercrime and major breaches in DENMARK; UNITED KINGDOM; CANADA; AUSTRALIA & UNITED STATES.  

Dark Web ID Trends:

Top Source Hits: ID Theft Forums

Top Compromise Type: Domain

Top Industry: High-Tech & IT

Top Employee Count: 11-50

________________________________________________________________________


RANSOMWARE ATTACKS ON AUSTRALIAN SHEEP FARMERS

While many Australians have been preoccupied with the Corona Pandemic, another iconic Australian commodity is encountering a very different sort of crisis. Wool sales were severely disrupted last week by a ransomware attack on IT company Talman Software, a major software supplier to the industry, which processes more than 75% of sheep sales in Australia and New Zealand. In this case, cyber criminals then demanded A$8 million to unlock the files. Talman has refused to pay and has instead built a replacement version of the software. Wool sales were halted for several days and hastily rescheduled, with an estimated 70,000 bales of wool held in escrow. The industry’s turnover in a typical week is up to A$80 million, but prices may now drop as the postponed sales cause a glut in the market. A ransomware attack on such an important sector of Australia’s economy shows how vital it is for authorities to defend markets against cyber threats. It is a matter of when, not if, these attacks will happen. There is a ransomware attack on a business every 14 seconds and by 2021 it will be every 11 seconds. How do we improve our resilience? One way is to avoid being too dependent on particular technologies. The wool industry already knew Talman Software’s dominant role represented a significant vulnerability. Having a wider choice of software providers, not to mention an offline alternative, would have reduced or avoided the disruption. Previous ransomware attacks on vital infrastructure, including attacks against the Toll Transport Group, have shown the need for companies to keep their operations and IT systems separate. We can define ‘operations’ as the software and hardware that allow a company to keep its assets and processes working. IT systems, meanwhile, are the software and hardware that handles the company’s information and data. Separating the two would make it harder for hackers to disrupt a company’s operations by invading its IT system. However, this would make it impossible to use IT systems to control operations remotely, which would bring its own pros and cons. Imagine a nuclear power plant — do you fit it with a remote shutdown option that could be crucial in an emergency but might also become a tempting target for hackers? This issue is bigger than simply a threat to companies’ profits. Although the latest attack targeted a commercial company, it damaged the economic welfare of farmers in two countries. Fending off future attacks shouldn’t be a job just for companies seeking to safeguard their own profits — governments need to help too. Governments need to defend public and economic infrastructure such as transport networks, power grids and important commercial markets.


AVANTIA CORPORATE SERVICES IS A REGISTERED PARTNER OF THE AUSTRALIAN CYBER SECURITY CENTRE.


The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) continues to receive reports from individuals, businesses and government departments about a range of COVID-19 themed scams, online fraud and phishing campaigns. This threat update seeks to raise awareness of the evolving nature of COVID-19 related malicious cyber activity impacting Australians. The Australian Competition and Consumer Commission’s (ACCC) Scamwatch page also has helpful information about the different types of COVID-19 scams and how to prevent yourself becoming a victim.Cybercrime actors are pivoting their online criminal methods to take advantage of the COVID-19 pandemic. On average each month, the ACSC receives about 4,400 cybercrime reports through ReportCyber, and responds to 168 cyber security incidents. Since 10 March 2020, the ACSC has:


♣ Received more than 95 cybercrime reports (approx. two per day) about Australians losing money or personal information to COVID-19 themed scams and online frauds;

♣ Responded to 20 cyber security incidents affecting COVID-19 response services and/or major national suppliers in the current climate; and

♣ Disrupted over 150 malicious COVID-19 themed websites, with assistance from Australia’s major telecommunications providers, Google and Microsoft.


Cybercrime actors are registering COVID-19 themed websites to conduct widespread phishing campaigns that distribute malicious software (malware) or harvest personal information from unsuspecting Australians. The Australian Signals Directorate is committed to protecting Australians from malicious cyber activity during this difficult time, including by striking back at these cyber criminals operating offshore. Malicious cyber adversaries will continue to use COVID-19 themed phishing campaigns to obtain user credentials, allowing them to bypass security controls in order to gain access to accounts and networks belonging to individuals and businesses. This could include targeting employees working from home and the remote systems they are relying upon. Sophisticated adversaries will also be focused on covertly obtaining COVID-19 information such as details of Australia’s pandemic responses and research on vaccines and treatments, broadening the types of information they typically target. Those engaged in cybercrime activities continue to rapidly adapt their techniques in response to changes in the current environment. The ACSC is observing new phishing campaigns that align with breaking developments, such as government relief payments or public health guidance, within days, even hours, of these announcements occurring. Cyber criminals are also amending previously used methodologies or widespread scam campaigns with a COVID-19 theme. The ACSC strongly encourages all organisations and individuals to remain vigilant against the threat of COVID-19 themed cybercrime activity, including sophisticated scams, phishing emails and malicious websites. Since March 2020, cybercriminals and other malicious actors are distributing widespread COVID-19 themed SMS and email campaigns, together with a variety of scams. The ACCC’s Scamwatch has received over 1,100 reports about COVID-19 scams, with almost $130,000 in reported losses reported. The ACSC has received over 115 cybercrime and cyber security incident reports from individuals and businesses. The true extent of this malicious activity is likely to be much higher, as these numbers only represent cases reported to the ACSC and the ACCC. The ACSC is working closely together with our industry, government and law enforcement partners, including the ACCC, Services Australia, Australian Federal Police and Australian Criminal Intelligence Commission to share information and disrupt this COVID-19 themed scam and other malicious cyber activity. The ACSC is tracking a number of different SMS phishing campaigns that seek to trick recipients into clicking on a malicious web link contained in the message. While the links appear to come from legitimate organisations, such as the Australian government or a financial institutions, they actually direct the recipient to a malicious website that is hosting malware. For example, in one campaign, the malicious actor is directing people to a website hosting the Cerberus banking Trojan, a form of malware that has been carefully crafted to steal your financial information.


Case Study 1: Banking themed SMS phishing campaign

On Monday 30 March 2020, the ACCC received sixteen reports of a Westpac themed phishing text. The link in the SMS directed recipients to a website that attempts to harvest personal information. The ACSC formally lodged a take-down request with the domain registrar. The ACSC also reached out to Australia’s major telecommunications providers, as well as Google and Microsoft, to block this website from being accessed and flag it as malicious at the browser-level. COVID-19 payment phishing campaigns using Australian Government branding

The ACSC is aware of a range of payment themed scams targeting Australians that use official Australian Government branding. The fraudulent emails come from addresses that very closely resemble or spoof official Australian Government email accounts. The emails aim to trick the recipient into installing malware onto their device and/or to harvest their personally identifiable information (PII).


Case Study 2: Australian Government official spoofed in email phishing campaign On 7 April 2020, the ACSC received a report from an Australian Government department that a senior staff member’s email was being spoofed as part of a COVID-19 themed phishing campaign. The email contained an attachment with embedded malware that was designed to steal sensitive information such as banking usernames and passwords. The ACSC formally lodged a take-down request with the domain registrar located in South Africa. The ACSC also reached out to Australia’s major telecommunications providers as well as Google and Microsoft, to block this website from being accessed and flagged it as malicious at the browser-level.


Case Study 3: Phishing campaign pretending to come from Australian Government Cybercriminals are impersonating official Australian Government correspondence about COVID-19 assistance payments in order to steal PII. In this example, the phishing email invites the recipient to provide all of their PII, including tax file number and copies of their identity documents (driver license or passport and Medicare card) in order to access a benefit payment. Individuals who provide their personal information are at significant risk of identity theft. With this information, criminals could open bank accounts or take out loans in your name.


Case Study 4: Economic stimulus payment phishing email Cyber criminals are preying on people who are out of work and seeking to access financial assistance from the government or their employer. On 3 April 2020, this phishing email was sent to hundreds of employees within a large Australian company. Recipients were asked to click on the link in order to receive a $1,000 benefit payment to be delivered in the March payroll. The link re-directs users to a website designed to install malicious software onto the company’s corporate network.

SMS phishing scams about COVID-19 testing and restrictions

The ACSC has received reports about a number of malicious emails and text messages from cyber criminals that claim to provide information on how to get tested for, or stay protected from, COVID-19. These malicious messages claim to be from Australian Government agencies or other trusted sources such as the World Health Organisation (WHO). They try to convince the recipient to click on a link or open an attachment that will then install malware and steal sensitive information such as bank account details.


Case Study 5: COVID-19 testing themed SMS phishing campaign On 31 March 2020, the ACSC received a report from an Australian Government agency about an SMS phishing campaign. The message was designed to appear as though it came from ‘Gov’ and requested that recipients click on a malicious web link that spoofed an official government domain. This website was hosting malware. After the domain used in this initial campaign was taken down, the cybercriminals quickly switched tactics. A new domain was created to host the malware and messages were redesigned to spoof ‘MyGov’. By replacing the alpha tags in the SMS header with ‘MyGov’, the malicious actor was able to deliver these messages within the existing legitimate SMS chain between individuals and Services Australia.

Remote access scams targeting people working from home

The ACSC is receiving an increasing number of reports from businesses and members of the public about remote access scams. Most of these reports indicate that the scammers are pretending to be from IT companies, telecommunications companies, banks, and even from the ACSC. Cybercriminals often attempt to persuade you to give them remote access to ‘fix an issue’, and will provide a range of scenarios to convince you that they need immediate access to your device. Allowing anyone access to your devices can, and usually does, result in devastating consequences, including financial loss or the compromise of your personal accounts. The ACSC will never ask you for remote access to your computer. If you are unsure about the identity of a caller, just hang up and check their official website for the legitimate contact details and then call them back.


Case study 6: Microsoft themed remote access scam

Scammers are impersonating a legitimate United States Microsoft support number - (1) (800) 642 7676. However when dialing a 1800 number in Australia, only the next six numbers after 1800 will be accepted. When Australians dial the legitimate United States support number, they dial 1800 642 767 which has been registered by cybercriminals. On calling the number registered by cybercriminals, victims are asked to provide their name and date of birth for verification and are informed someone will call back shortly. The cybercriminal calls back and directs people to download a remote access program that gives the criminals access to their computer. Once access has been gained, the cybercriminal convinces the victim that their computer is compromised and that they need to pay a large sum of money for it to be fixed. The scammers are insistent that due to the COVID-19 conditions in Australia they are required to pay in untraceable crypto-currency. The scammers will also try to extract banking details while they have remote access and drain people’s bank accounts and access any other sensitive information.


Case study 7: IT Helpdesk scam

Cybercriminals are aware that increased numbers of Australians are working from home at the moment, and are crafting their scams accordingly. This phishing email below pretends to come from your employer’s IT Helpdesk, requesting that staff log into a new portal in order to access the latest information about tasks. Recipients who click on the link are directed to a malicious website that seeks to collect their username and password, which the cybercriminals then use to gain unauthorised access to the company’s corporate networks.

Fraudulent payments over the internet and business email compromise

Cybercriminals continue to adapt previously successful methodologies to leverage the COVID-19 pandemic, and one such approach is known as business email compromise, or fraudulent payments over the internet. This method attempts to convince businesses and/or clients to redirect payments, such as payroll or supplier and invoice payments, to a bank account run by the criminals. Cybercriminals attempting to obtain fraudulent payments over the internet will often use a compromised email account, or a spoofed/fake email address of the business, supplier, or client. Scams like this commonly target businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments.


Case study 8: COVID-19 themed wire-fraud email

On 26 March 2020, a business notified the ACSC that one of their clients had received a COVID-19 themed fraud email. The business email account of their manager was compromised, which was then used to send the invoice-themed email. The email was identified as suspicious by the person who received the email.

Mitigation strategies for combatting COVID-19 scams and phishing emails

How to spot if an email or text message is phishing?

There are some key details to look out for to help determine if a text message or email is phishing:


♣ Read the message very carefully, look for anything that isn’t quite right, such as spelling, tracking numbers, names, attachment names, sender, message subject and URLs.

♣ On a PC or laptop, hover your mouse over links to see if the embedded URL is legitimate, but don’t click.

♣ Google information such as sender address or subject line, to see if others have reported it as malicious.

♣ Call the organisation on their official number as it appears on their website (separate to any contact details in the received message) and double check the details or confirm the request is legitimate. Do not contact the phone number or email address contained in the message, as this most likely belongs to the scammer.

♣ Use sources such as the organisation's mobile phone app, web site or social media page to verify the message.


Protect yourself against phishing emails

As shown in the examples above, cybercriminals and scammers produce phishing emails that look legitimate. By following these simple steps, you can assist in protecting yourself against phishing emails:


♣ Before opening an email, consider who is sending it to you and what they’re asking you to do. If you are unsure, call the organisation you suspect the suspicious message is from, using contact details from a verified website or other trusted source.

♣ Do not open attachments or click on links in unsolicited emails or messages.

♣ Do not provide personal information to unverified sources and never provide remote access to your computer.

♣ Remember that reputable organisations locally and overseas including banks, government departments, Amazon, PayPal, Google, Apple, and Facebook, will not call or email to verify or update your personal information.

♣ Use email, SMS or social media providers that offer spam and message scanning.

♣ Use two-factor authentication (2FA) on all essential services such as email, bank and social media accounts, as this way of 'double checking' identity is stronger than a simple password. 2FA requires you to provide two things, your password and something else (e.g. a code sent to your mobile device or your fingerprint) before you, or anyone pretending to be you, can access your account.

GOOGLE BLOCK 126 MILLION COVID-19 PHISHING EMAILS IN THE PAST WEEK.

240 million daily virus themed spams as 'bad actors' feed on people's fear In the past week, an average of 18 million COVID-19 phishing emails were sent per day via Gmail to unsuspecting marks, according to Google. "No matter the size of your business, IT teams are facing increased pressure to navigate the challenges of COVID-19," said Neil Kumaran, products manager for Gmail, and Sam Lugani, lead security PMM, G Suite and CP platform, today. The pair said phishing is still the "most effective method" that scammers deploy to compromise accounts and grab data and resources from businesses. They added that "bad actors" have leapt upon the "uncertainty surrounding the pandemic". Google said its malware scanner uses deep-learning tech to detect malware on 300 billion attachments each week, and 63 per cent of dodgy docs blocked by Gmail are different from day to day. Kumaran and Lugani said Google prevents 100 million phishing mails daily from reaching their targets and "during the last week, we saw 18 million daily malware and phishing emails related to COVID-19". "This is in addition to more than 240 million COVID-related daily span messages. Our machine learning models have evolved to understand and filter these threats, and we continue to block more than 99.9 per cent of spam, phishing and malware from reaching our end users," they said. That still means that 258,000 COVID-19 themed spams and phishing emails did in fact land in people's inboxes each day – so while Google has caught the vast majority there is more work to do to minimise risks further. The spate of COVID-19 scams was flagged by the UK's National Cyber Security Centre and the US Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) on 8 April. In a joint advisory [PDF], NCSC said it has spotted more UK government branded scams related to the disease "than any other subject" and the shift to home working had upped the use of "potentially vulnerable services". The advisory said criminals were trying to use weaknesses in VPNs, remote-working tools and software to hit the mark: NCSC and CISA "observed actors scanning" for publicly known vulnerabilities in Citrix (CVE-2019-19781). One in five public-facing Citrix boxes remained unpatched in February and open to attack. Similar vulnerabilities from Pulse Secure, Fortinet and Palo Alto "continue to be exploited", NCSC said. "Malicious cyber actors are also seeking to exploit the increased use of popular communications platforms (such as Zoom or Microsoft Teams) by sending phishing emails that includes malicious files with names such as 'zoom-us-zoom_##########.exe' and 'microsoft-teams_V#mu#D_##########.exe'." (It said the # represents the various digits reported online.) Zoom has itself come under scrutiny for failings in its security and privacy – the latter policy has been rewritten – following a surge in users of its video-conferencing service. The German foreign ministry has banned its use, as have the Taiwanese government and the New York school system. The company also misled users with claims about providing end-to-end encryption belied by its ability to access data in transit along the conference call's connection. Router brand Linksys recently reset all of its customers Smart Wi-Fi account passwords when it became apparent that attackers had managed to get hold of a load and were redirecting unsuspecting users to COVID-19-related malware. The guidance dished out by Google today includes basic common-sense hygiene: run a security checkup; don't download stuff you don't recognise; check the integrity of URLs before providing login credentials or clicking a link; avoid and report phishing emails; and, unsurprisingly, consider signing up to the Choc Factory's Advanced Protection Program. 


SAN FRANCISCO AIRPORT WEBSITES HACKED REVEALING PERSONAL DEVICE CREDENTIALS.

Two websites affiliated with San Francisco International Airport (SFO) were compromised with code last March, allowing attackers to steal device login credentials from users who visited these sites, airport officials have disclosed. The breach affected the websites SFOConnect.com, which appears to deliver informational content to the SFO workforce, and SFOConstruction.com, which includes details on airport construction projects, bids and contracts. In an online notification posted this week, SFO says the incident may have affected individuals who specifically accessed the two websites using an Internet Explorer browser installed on either a personal Windows device or a device not maintained by SFO. The attack is somewhat unusual because users don’t typically type in their personal device credentials when visiting a website. A more common scenario when a website breach like this occurs would be for the malicious code to steal web account credentials when registered users log in to the affected site, or steal payment card information if a user makes a purchase. But the breach notification indicates that the attackers stole device credentials: “At this time, it appears the attackers may have accessed the impacted users’ usernames and passwords used to log on to those personal devices [that accessed the compromised websites.] SC Media contacted SFO to confirm if it was actually device credentials and not website credentials that were stolen. Strategic Communication Advisor Francis Tsang replied, “Our statement is accurate.” The notification also says that the malware was removed and both sites were taken offline after the breach was discovered. SFOConnect.com appears to up and running again today, offering its visitors COVID-19 support resources. SFOConstruction.com is still under maintenance. SFO also says that on March 23 it forced a reset for any SFO-related email and network passwords, presumably in case any victims use the same stolen credentials for email and network connectivity as well. Colin Bastable, CEO Lucy Security, told SC Media that while recently surveilling the dark web he found “around 8,000 compromised credentials from late February featuring a couple of flysfo.com email addresses. Perhaps one of these opened the door, allowing the malicious code to be dropped in the SFO websites.” SC Media asked Bastable to speculate how the attackers might have been able to steal user device credentials when they visited the compromised site — a scenario that he thought was “unlikely” before SFO ultimately went on to confirm it. He theorized that the attack code could have generated a form field specifically asking site visitors to enter their device credentials. Alternatively, perhaps the malware embedded into the websites was able to load additional code onto the devices themselves, he added.


DANISH PUMP MAKER ‘DESMI’ REVEALS CYBER BREACH.

DESMI, a global company specialised in the development and manufacture of pump solutions, discloses a cyber attack and breach. Global pump maker DESMI said on Friday it was hit by cyber attack and it was restoring its IT systems after the security incident. The attack took place on the night to Thursday, during Coronavirus pandemic employees at the company are working from home. All the systems at the company have been shut down following the cyber attack.DESMI is a global company specialised in the development and manufacture of pump solutions for marine, industry, oil spill combating, defense & fuel and utility (District Heating, District Cooling, Water & Waste Water a.o.). “On the night between Wednesday and Thursday DESMI IT systems and operations were attacked by cyber crime. Since the attack, DESMI has been supported by external experts and has a full focus on restoring systems to normal operations and assessing the full scope of impact.” reads the warning published by the company on its website. The company hired external experts to investigate the incident and restore normal operations. “All systems have been shut down and systems are being restored. First part of our systems will be up and running within a couple of days and the rest within a couple of weeks” says Group CEO Henrik Sørensen and continues: “Everything is progressing according to plan. We are recovering systems and together with external experts we are working intensively to minimize customer impact and impact on operations. Everyone is doing a fantastic job to get the systems operational again”.   The investigation is still ongoing, at the time it is not clear the extent of the attack, DESMI already reported the incident to the authorities and Danish Police. DESMI announced it will provide updates to all customers and business partners as soon as possible.


BAD NEWS: LESSON MANUALS ON HOW TO USE STOLEN INFORMATION ARE BEST SELLERS ON THE DARK WEB.

With more people looking to get into the online crime racket and huge caches of personal information cheap and easy to come by, documents describing the process of committing (and getting away with) online fraud are becoming hot commodities. This according to a study from security biz Terbium Labs, which analyzed three massive darknet markets, and found that fraud guides were by far the most popular item being sold. The study was based on observations of Empire Market, White House Market, and Canadian HeadQuarters, three underground souks the researchers likened to Amazon and eBay in their massive footprints and use of ratings to rank merchants. The Terbium team reckons that these guides, which help newbie crooks through the process of things like setting up bank fronts, crafting phishing emails and stealing money out of victim accounts, make up just under half (49 per cent) of all data transactions on the store (not including drugs or for-hire services like DDoS attacks). "What they have in common is detailed information on how to export an organization's current policies," Terbium Labs said of the guides. "Oftentimes, the content in fraud guides doesn't require any prior knowledge from the reader (criminal) and can realistically lead to successful execution of the outlined steps." By comparison, financial data records were a distant second, only accounting for 15.6 per cent of all transactions, followed by non-financial account details, which made up 12.2 per cent of what people were buying. The merchants are not only selling more of the guides, they are also getting a better price for them than stolen financial records generally fetch. A single fraud guide will typically run you about $7.80, while account details will vary widely in prices and low-value credentials could only for for about $1 each. "We routinely see stolen data for sale on these markets for surprisingly low prices, considering how expensive the consequences of stolen data can be to an organization," said Terbium chief strategy officer Tyler Carbone. "The missing piece here is the way criminals buy that data and make use of available knowledge and tools to exploit it." This despite what Terbium says is a skeptical attitude toward the guides and their accuracy of information. Despite not expecting many of the schemes in the guides to actually work (criminals can't be trusted - go figure), would-be hackers are so desperate for material that they buy up the how-to manuals in droves. Interestingly, what Terbium advises its customers to do is learn about what is in these guides and guides and take countermeasures. In addition to protecting companies from the specific schemes mentioned, this will also play against the greatest weakness of these markets: the common belief among criminals that guides are often unreliable and inaccurate. "This is a good thing for businesses – if a business purchases a fraud guide early, they can change the affected internal policies immediately and thereby, render that fraud guide useless," Terbium explains. "As a result, the seller of that fraud guide will be discredited and likely deemed untrustworthy by other criminals." 

______________________________________________________________________________


THREAT FOCUS: AST LLC.- UNITED STATES 

https://www.technadu.com/ast-llc-announces-data-breach-circulates-notices-employees/99052/


Exploit: Employee payroll breach 

AST LLC.: Cloud & digital transformation service provider  

Risk to Small Business: 1.871 = Severe Using a previously compromised email account, hackers accessed employee payroll information. Hackers used their access to set up rules that diverted received messages, making it more difficult for the company to detect the breach. The incident, which occurred on March 9, 2020, has prompted the company to update its cybersecurity standards to include two-factor authentication on company email accounts. Unfortunately, this change is too-little-too-late and is unlikely to assuage the concerns of the company’s enterprise clients. 

Individual Risk: 1.690 = Severe Hackers accessed employees’ payroll information and 2019 W-2 forms, which included their names, addresses, salary details, Social Security numbers, employer identification numbers, and other work-related information. AST has warned employees that this information will likely be transferred to the Dark Web, where it could be used to create convincing spear phishing emails. The company is offering affected personnel a year of identity theft prevention services, and victims should enroll in this service as an extra defense against additional cybercrimes related to this incident.  

Customers Impacted: Unknown

Effect On Customers: Employee email accounts are often compromised, and this can have significant repercussions for both employee and company data. Simple steps, like enabling multi-factor authentication, can help keep these accounts secure while protecting ROI.

Risk Levels: 1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: With Passly, we can protect your employees’ digital identities, your data, and your clients. Our remote-ready solution packs multi-factor authentication, single sign-on, and password management tools in one affordable, easy-to-deploy package. Find out more by phoning Paul at 07 3010 9711


THREAT FOCUS: San Francisco International Airport - UNITED STATES

https://www.bleepingcomputer.com/news/security/san-francisco-intl-airport-discloses-data-breach-after-hack/


Exploit: Malware attack

San Francisco International Airport: Airport authority

Risk to Small Business: 2.505 = Moderate A malware attack on two websites related to the San Francisco International Airport, SFOConnect.com and SFOConstruction.com, compromised users’ login credentials. The breach applies specifically to users accessing the sites using Internet Explorer or a Windows-based personal device. In response, the airport has reset all account passwords, and they are encouraging everyone with an account on these platforms to update their login information for other websites that use the same information. 

Individual Risk: 2.775 = Moderate - Hackers obtained peoples’ usernames and passwords. Although the company was quick to reset these credentials, victims should be mindful that this information could be used to access other accounts that rely on the same username and password combination. Therefore, they should carefully monitor their accounts for suspicious or unusual activity.    

Customers Impacted: Unknown

Effect On Customers: Stolen login credentials are often available for sale on the Dark Web, making an awareness of this nefarious marketplace an integral part of any company’s cybersecurity strategy. By having your eyes and ears attuned to this information’s availability, companies can prevent its use before it enables a more devastating data breach.

Risk Levels:

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: We go into the Dark Web to keep you out of it. Dark Web ID is the leading Dark Web monitoring platform in the channel. The award-winning platform combines human and sophisticated Dark Web intelligence with search capabilities to identify, analyze and proactively monitor for an organization’s compromised or stolen employee and customer data. Schedule a demo by calling Avantia on 07 30109711 today


THREAT FOCUS: The Law Society of Manitoba - CANADA

https://www.cbc.ca/amp/1.5530825


Exploit: Ransomware

The Law Society is Manitoba: Law firm collective 

Risk to Small Business: 1.475 = Extreme Two Manitoba law firms experienced a ransomware attack that crippled their operations. The encryption left employees unable to access computer systems, digital files, email, or data backups. As a result, firms are left without their client lists, accounting and financial information, photos, and other mission-critical information. The ransomware infected the firms’ systems after employees opened a malicious email attachment. According to the company, cybercriminals are demanding an “enormous” ransom that the companies are unable and unwilling to pay.  Individual Risk: At this time, no personal information was compromised in the breach.  

Customers Impacted: Unknown

Effect On Customers: The challenging business environment created by the COVID-19 pandemic leaves little room for additional setbacks. Since ransomware attacks carry multifaceted expenses, including productivity loss, opportunity cost, and technology recovery, every company needs to be confident that it has its bases covered when it comes to this increasingly prominent threat.

Risk Levels:

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & Huntsman Digital Auditor to the Rescue: Helping SME’s to understand the importance of security is no easy task. With an ‘Essential8’ Digital Security Audit we offer a remote access, independent, ‘real time’ audit of our clients critical operational infrastructure systems to determine where the gaps are with recommendations for remediation.

Its the first step to real cyber security. Call Avantia’s office on 07 30109711 or visit: https://www.avantiacybersecurity.com/cyber-security-audit


THREAT FOCUS: Holland America Line, Inc. - CANADA

https://hotforsecurity.bitdefender.com/blog/canadian-authorities-email-private-details-of-247-ms-zaandam-cruise-passengers-23010.html


Exploit: Accidental data sharing 

Holland America Line, Inc.: Cruise company 

Risk to Small Business: 1.833 = Severe When communicating with COVID-19 patients from a recently-docked cruise ship, authorities accidentally emailed an attachment that included the personal details to all cruise line passengers impacted by the virus. Compounding the problem, many recipients forwarded the email, expanding the scope of the data exposure. Impacting COVID-19 patients, this data breach is an awful event occurring at a terrible time.

Individual Risk: 1.905 = Severe - The breach includes patients’ personally identifiable information, including their names, addresses, dates of birth, email addresses, phone numbers, and passport numbers. The 247 passengers are also being asked to change their passport numbers. Victims should enroll in a credit and identity monitoring service to ensure the long-term integrity of this critical data.  

Customers Impacted: 247

Effect On Customers: This incident is a reminder that companies need a 360-degree approach to data security that accounts for all types of data loss opportunities. In this way, holistic cybersecurity training can equip employees to rightly prioritize company data and to take appropriate steps to mitigate the risk of a data breach.

Risk Levels: 1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & Huntsman Digital Auditor to the Rescue: Helping SME’s to understand the importance of security is no easy task. With an ‘Essential8’ Digital Security Audit we offer a remote access, independent, ‘real time’ audit of our clients critical operational infrastructure systems to determine where the gaps are with recommendations for remediation.

Its the first step to real cyber security. Call Avantia’s office on 07 30109711 or visit: https://www.avantiacybersecurity.com/cyber-security-audit


THREAT FOCUS: Travelex - UNITED KINGDOM

https://www.ciodive.com/news/travelex-ransom-breach-investigation/575842/


Exploit: Ransomware

Travelex: Foreign exchange company  

Risk to Small Business: 1.703 = Severe - Hackers stole and encrypted company data, and they are threatening to publish the information if Travelex doesn’t pay a significant ransom. The attack was first reported by hackers in January when they indicated to media sources that they copied and encrypted 5GB of personal data. Ultimately, the attack has cost Travelex more than $2 million. Hackers exploited a flaw in VPN software to gain access to the network, and cybersecurity researchers believe that hackers had access to the company’s network well before they encrypted its data.

Individual Risk: 2.711 = Moderate - While it’s unclear what specific data categories were accessible to hackers, stealing and publishing personal data is one of the latest threats to accompany a ransomware attack. Travelex customers should be vigilant to monitor their accounts for unusual activity and their incoming messages for signs of phishing scams.

Customers Impacted: Unknown

Effect On Customers: Ransomware attacks are incredibly costly, and their repercussions can reverberate through companies for years. Protecting against potential vulnerabilities that give hackers a foothold must be a top priority for companies looking to succeed in a digital environment where a ransomware attack is always a possibility.

Risk Levels:

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & Huntsman Digital Auditor to the Rescue: Helping SME’s to understand the importance of security is no easy task. With an ‘Essential8’ Digital Security Audit we offer a remote access, independent, ‘real time’ audit of our clients critical operational infrastructure systems to determine where the gaps are with recommendations for remediation.

Its the first step to real cyber security. Call Avantia’s office on 07 30109711 or visit: https://www.avantiacybersecurity.com/cyber-security-audit


THREAT FOCUS: DESMI Pumps - DENMARK 

https://securityaffairs.co/wordpress/101495/hacking/desmi-discloses-cyber-attack.html


Exploit: Ransomware

DESMI: Pump manufacturer and developer

Risk to Small Business: 2.617 = Severe - A ransomware attack has encrypted company IT, prohibiting remote workers from accessing company systems. Although the DESMI is confident in its ability to restore services, this outage constitutes a veritable shutdown as employees can neither utilize in-office tools nor communicate via virtual meetings.    

Individual Risk: At this time, no personal information was compromised in the breach.  

Customers Impacted: Unknown

Effect On Customers: COVID-19 has made remote work a necessity at companies around the world. This workflow is contingent on employees having access to company systems. During this time, a ransomware attack can erode the limited productivity and sales opportunities that companies have now, which increases the impetus to protect your company’s digital environment.

Risk Levels:

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: Helping our SME customers understand the importance of security is no easy task. With Passly we offer the worlds first Integrated Password Management program setting them up for the win by providing the resources necessary to make remote management of lockdown employees working from home easy and stress free. For more information please call Avantia on 07 30109711 and ask for Paul.


THREAT FOCUS: Ingram Distribution - AUSTRALIA  

https://portswigger.net/daily-swig/ingram-data-breach-digital-content-platform-hack-resulted-in-theft-of-publishers-titles


Exploit: Unauthorized account access 

Ingram: Book distributor   

Risk to Small Business: 2.335 = Severe - Hackers accessed a customer account and downloaded numerous book titles from the company’s repository. The bookseller, which operates in the US, UK, France, and Australia, immediately revoked the account credentials and hired a third-party cybersecurity team to investigate the breach. As an on-demand printing business, Ingram relies on its reputation, as authors select platforms that can securely and reliably deliver their content to readers.

Individual Risk: At this time, no personal information was compromised in the breach.

Customers Impacted: Unknown

Effect On Customers: In today’s digital environment, where billions of login credentials are readily on sale on the Dark Web, every company should expect that hackers could gain front door access to its IT infrastructure. Therefore, it’s critical that they deploy security solutions, like two-factor authentication, that can prevent hackers from accessing user accounts even when they are armed with login information.

Risk Levels:

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: Passly protects employees’ digital identities, data, and business continuity through an integrated multi-factor authentication, single sign-on, and password management solution. Learn more by calling Paul at 07 30109711


THREAT FOCUS:  Wappalyzer Data Services - AUSTRALIA      

https://www.zdnet.com/article/wappalyzer-discloses-security-breach-after-hacker-starts-emailing-users/


Exploit: Unsecured database 

Wappalyzer: Technographics data provider

Risk to Small Business: 2.417 = Severe - On January 20, 2020, hackers copied data from an exposed database containing customers’ personal details. Now, Wappalyzer customers are receiving emails from hackers offering to sell the database for $2,000 in Bitcoin. The company downplayed the incident, claiming that the information was from an old database from its previous website. However, the details were valid enough that hackers were able to communicate with customers directly. As a best-case scenario, this incident is a PR disaster for the company, but the consequences could become more onerous.   Individual Risk: 2.883 = Moderate - Wappalyzer contends that the exposed database doesn’t include customers’ personal data. Even so, because hackers have access to users’ email addresses, those impacted by the breach should be especially vigilant about assessing incoming messages for potential spear phishing messages that could compromise even more sensitive personal data. 

Customers Impacted: Unknown

Effect On Customers: Data breaches do serious damage to a company’s reputation. Customers and business partners are increasingly unwilling to work with companies that are stained by a data security incident. When coupled with expanding privacy regulations and soaring costs, today’s companies have millions of reasons to secure their customers’ data.

Risk Levels:

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk: Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & Huntsman Digital Auditor to the Rescue: Helping SME’s to understand the importance of security is no easy task. With an ‘Essential8’ Digital Security Audit we offer a remote access, independent, ‘real time’ audit of our clients critical operational infrastructure systems to determine where the gaps are with recommendations for remediation.

Its the first step to real cyber security. Call Avantia’s office on 07 30109711 or visit: https://www.avantiacybersecurity.com/cyber-security-audit

______________________________________________________________________________


POSTSCRIPT:


Thousands of Zoom Credentials Available on Dark Web   

Zoom and other video conferencing services have soared in popularity, but their convenience can come at a steep cost to cybersecurity. Unfortunately, these services have been subject to a litany of cyber threats. Terms like “Zoom bombing” are now part of our vernacular as Zoom takes the most heat for cybersecurity weaknesses, but other services have faced privacy concerns of their own.  This reality was underscored this week when cybersecurity researchers discovered more than 2,300 Zoom credentials for sale on the Dark Web. In addition to potentially embarrassing drop-ins, this information could allow hackers to execute a number of cybercrimes, including phishing scams, that could cause real problems for Zoom users. Ultimately, it’s a reminder that this new remote reality is fraught with cybersecurity concerns that companies need to address. Being aware of potential threats through ongoing Dark Web monitoring is one way to stay ahead of the game during this critical time.


COVID-19 Treatment Centers Targeted by Cybercrime    

This week, the Federal Bureau of Investigation (FBI) issued a warning that hackers are increasingly targeting companies pursuing treatments for the novel Coronavirus. As a result, the FBI warned, “Now is the time to protect critical research you’re conducting.”   Of course, it’s not just researchers experiencing a surge in COVID-19-related cyberattacks. Other healthcare facilities, including hospitals, testing facilities, and specialty care units have experienced a barrage of phishing scams, ransomware attacks, and other cyberattacks. This activity is part of a concerted effort by cybercriminals to take advantage of this scary and destabilizing moment to steal valuable company and customer data. 

Consequently, now is the time for every company to reassess its cyber preparedness in light of the new realities posed by COVID-19. If we can support these efforts in any way, please don’t hesitate to contact our team!

________________________________________________________________________________



Disclaimer*:

Avantia Corporate Services Pty Ltd T/A Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, and up to 56 other countries who provide cyber breach and cyber security information to us in real time. Given their international focus and experience in the cyberspace arena we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the contents accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.

*COPYRIGHT 2020* Avantia Corporate Services - All Rights Reserved.

(247)

Want The Information  Cyber Criminal's  Don't Want You To Know?

Subscribe below to receive our weekly Threat Updates straight to your inbox.

Call (07) 3010 9711 

info@avantiacorp.com.au

 

Avantia Corporate Services Pty Ltd,                    Level 7, 320 Adelaide Street

Brisbane, Queensland 4000

AUSTRALIA.

  • LinkedIn Social Icon
  • Facebook Social Icon

DISCLAIMER*: Avantia Corporate Services Pty Ltd and Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, and up to 56 other countries who provide cyber breach and cybersecurity information to us in real-time. Given their international focus and experience in the cyberspace arena, we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the content's accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.

*COPYRIGHT 2020* Avantia Corporate Services  PTY LTD - All Rights Reserved.