Avantia Threat Update
AUSTRALIAN DEFENSE FORCE MEMBERS COMPROMISED IN DATABASE HACK.
Updated: Mar 18, 2020

This Past Week: Defense force member compromise, 'Defense Grade' Online Cyber Security Audits now available for SME's; Criminals target Coronavirus Stimulus payments online; Siri & Google Assistant hack; Tips to secure insecure smart phone gadgets; Airline security; Android Malware can steal Google Authenticator 2FA codes; Ransomware puts contracts at risk; Startups struggle to secure customer data; Big security errors lead to big fines; The rise of Coronavirus-related phishing scams and major breaches in UNITED STATES; CANADA; UNITED KINGDOM and AUSTRALIA.
Top Dark Web ID Trends:
Top Source Hits: ID Theft Forums
Top Compromise Type: Domain
Top Industry: Media & Entertainment
Top Employee Count: 251-500
________________________________________________________________________
AUSTRALIAN DEFENSE FORCE MEMBERS COMPROMISED IN DATABASE HACK
A highly sensitive military database containing the personal details of tens of thousands of Australian Defense Force (ADF) members was shut down for 10 days due to fears it had been hacked. Key points:
Defense Force recruitment records are maintained by an outsourced company
Its network was shut down in February amid fears the information had been compromised
Former soldiers turned politicians have demanded more answers about the incident
The ABC can reveal Defense Force Recruiting's outsourced electronic records system was taken offline and quarantined from other military networks in February, while IT specialists worked to contain an apparent security breach. Since 2003, the Powerforce database has stored sensitive information about ADF recruits, under a contract awarded to the ManpowerGroup company. Details stored on the online system include medical exams, psychological records and summaries of initial interviews with potential recruits. The Defense Department acknowledged a "potential security concern" but suggested an investigation found there was no evidence of data being stolen. "The security of information systems and personnel data is of paramount importance to Defense," a spokesman said in a statement. "Due to a potential security concern, some elements of the Defense Force Recruiting Network (DFRN) were proactively taken offline on February 2, 2020. Normal operation resumed on February 12, 2020. "An investigation did not identify any evidence to suggest a compromise of information had occurred." A source familiar with the investigation said the "security concern" was detected before Christmas and sparked fears within Defense that hackers may have accessed the DFRN. "Over the summer holidays, crisis meetings were held twice a day to deal with the situation," a Defense insider told the ABC, speaking on the condition of anonymity. "During this period, email contact between Defense Force Recruiting and computers connected to the Defense Department's protected network was suspended." Liberal MP Andrew Hastie is among tens of thousands of serving ADF members and veterans whose personal details are stored in the Powerforce database. The former SAS captain and chairman of Parliament's Intelligence Committee described the potential database breach as a "very concerning development". "Our government and defense networks should be fortresses — no breach can be considered small," the Liberal MP said. "For Defense to take this offline for 10 days suggests a fairly sophisticated actor." His concerns are shared by Labor backbencher and former commando Luke Gosling, who is demanding more answers about the possible hack. "A whole range of information that we wouldn't want to go into the wrong hands — the Federal Government needs to let us know what's happened," he said. "There needs to be a thorough investigation into this." ManpowerGroup Australia said it was "aware of a potential issue identified with the Defense Force Recruiting Network (DFRN), requiring Defense to proactively take elements of this network offline". "All elements of the DFRN have since been restored to full operations," a spokesperson told the ABC. Last year, Minister for Defense Personnel Darren Chester announced a two-year extension to the recruiting services contract with ManpowerGroup. Defense a regular target for foreign hackers Revelations of a possible breach of the Defense Force Recruiting Network follows confirmation that a "sophisticated actor" had accessed student data from the Australian National University in 2018. Defense insiders have blamed China for the massive hacking operation, which included records of numerous military personnel who had studied at the ANU's National Security College. In 2017, cyber thieves hacked into the computer system of a national security contractor, stealing large amounts of the defense suppliers' data. Details of the multi-billion-dollar Joint-Strike Fighter and P-8 Surveillance plane programs were among information stolen from an Adelaide-based defense subcontractor by hackers. Intelligence gathering by the Australian Signals Directorate was involved in forensic analysis of the attack and it was alerted a hacker had been inside the subcontractor's computer system for five months. The ASD investigators codenamed the hacker "Alf" after the Alf Stewart character from the Australian TV program Home and Away. It was not hard to crack the password in that case, the system's username was "admin admin" and the password was "guest guest". In 2016, Four Corners revealed the Defense research division had been breached by hackers. Intelligence sources said they suspected the hackers in the cases were sponsored by Beijing. At the time, the Prime Minister's then cyber security adviser Alistair MacGibbon said the Australian Government was "attacked on a daily basis".
CRIMINALS TARGET CORONAVIRUS STIMULUS PAYMENTS ONLINE
Offshore crime syndicates have mobilised to pilfer coronavirus stimulus payments set aside by the Australian Federal Government for pensioners and welfare recipients, sparking an urgent warning from the Morrison Government. Just hours after Scott Morrison unveiled $4.8 billion in one-off cash ‘sugar hit’, scammers sent out bulk emails to Australians, asking them to provide their name, date of birth, address, tax file number, plus copies of driver’s licenses, passports and Medicare Card number. Sources say the fraud is part of a wider plot to steal Australians’ identities to potentially set up fake accounts in their name or on sell the personal information on the Dark Web to other criminal networks. Just as people smugglers watch Australian Senate estimates for the latest information about refugee policy, the revelation shows Australian remains vulnerable to transnational crime, Government Services Minister Stuart Robert said Services Australia would automatically process the payments after March 31. “To help prevent fraudulent behavior, Services Australia will not be pro-actively contacting anyone asking for personal details – if you need to update your details, you can do this online through your myGov account, or by calling Services Australia” he said. “If you receive an email purporting to be from Services Australia or Centrelink about the stimulus payment, it is most likely to be a scam. “Services Australia will not communicate via email about their payments.” It is understood the Government is determined not to make the same mistakes as the Rudd Labour Government made when it unleashed cash payments into the economy during the Global Financial Crisis. About 16,000 deceased recipients and 27,000 Australians living overseas received A$40 million in payments. The Australian Tax Office said at least A$14 million went to deceased estates. Its insulation package was also rorted by criminals. The Government advised scam victims to call Services Australia’s Scam and identity Theft hotline on 1800 941 126.
DEFENSE GRADE CYBER AUDIT SERVICES NOW AVAILABLE FOR SME'S
The Essential 8 Auditor program is a ‘defense grade’ digital online auditing system that provides an objective, quantitative measure of an organisation’s cybersecurity maturity level to determine and highlight any gaps in their key cyber defense strategies. It is a system used by many Federal Government Departments and Large Private Companies as part of their compliance protocol. By partnering with Huntsman Security to address the needs of the SME marketplace, Avantia Cyber Security are now able to utilise the Essential 8 Auditor software program to remotely measure an organisations cyber security risk in real time and generate a detailed cyber audit report for SME's to document their cyber 'maturity' measured against the 'Essential8' framework with guidance of what needs to be fixed to be compliant without disruption to operations. All reports are Certified and ‘Confidential’ for the client only and require access to their server’s (physical or cloud based) active directory running on Windows platform.
The Essential8 (E8) Framework was developed by the Australian Signals Directorate (ASD). It is a prioritised list of practical security controls that organisations can implement to make their organisation’s information more secure. They have been found to mitigate up to 85% of cyber attacks.

Avantia Cyber Security partners with Huntsman Security to address the needs of Australian Small to Medium Enterprises (SME). Developers of the Essential8 Auditor program, Huntsman Security , is the trading name of Tier-3 Pty Ltd whose technology heritage lies in delivering a key foundation stone of the cyber security risk management, monitoring and response capability in some of the most secure and sensitive environments within the intelligence, defense and criminal justice networks across the world, where Huntsman Security solutions are deployed and accredited to the highest security levels.
SIRI AND GOOGLE ASSISTANT HACKED IN NEW ULTRASONIC ATTACK.
Unsettling news for anyone who relies on smartphone voice assistants: researchers have demonstrated how these can be secretly activated to make phone calls, take photos, and even read back text messages without ever physically touching the device. Dubbed SurfingAttack by a US-Chinese university team, this is no parlor trick and is based on the ability to remotely control voice assistants using inaudible ultrasonic waves. Voice assistants – the demo targeted Siri, Google Assistant, and Bixby – are designed to respond when they detect the owner’s voice after noticing a trigger phrase such as ‘Ok, Google’. Ultimately, commands are just sound waves, which other researchers have already shown can be emulated using ultrasonic waves which humans can’t hear, providing an attacker has a line of sight on the device and the distance is short. What SurfingAttack adds to this is the ability to send the ultrasonic commands through a solid glass or wood table on which the smartphone was sitting using a circular piezoelectric disc connected to its underside. Although the distance was only 43cm (17 inches), hiding the disc under a surface represents a more plausible, easier-to-conceal attack method than previous techniques. As explained in a video showcasing the method, a remote laptop generates voice commands using text-to-speech (TTS) Module to produce simulated voice commands which are then transmitted to the disc using Wi-Fi or Bluetooth. The researchers tested the method on 17 different smartphones models from Apple, Google, Samsung, Motorola, Xiaomi, and Huawei, successfully deploying SurfingAttack against 15 of them. The researchers were able to activate the voice assistants, commanding them to unlock devices, take repeated selfies, make fraudulent calls and even get the phone to read out a user’s text messages, including SMS verification codes. Responses were recorded using a concealed microphone after turning down the device’s volume so this communication would not be heard by a nearby user in an office setting.
BRITISH GCHQ's INFO SEC ARM HAS 3 SIMPLE TIPS TO SECURE INSECURE SMART PHONE GADGETS
Britain's National Cyber Security Centre (NCSC) wants owners of baby monitors and smart CCTV cameras to take some basic security precautions. The GCHQ-owned info sec arm of government today published what it hopes is simple guidance that can be followed by ordinary people who haven't got time to immerse themselves in the technobabble-laden doom and gloom of the cybersecurity world. Dr Ian Levy, the NCSC's technical director, said in a canned statement: "Smart technology such as cameras and baby monitors are fantastic innovations with real benefits for people, but without the right security measures in place they can be vulnerable to cyber attackers."Those security measures boil down to three steps in GCHQ's own words, which we reproduce here in full:
If your camera comes with a default password, change it to a secure one – connecting three random words which you'll remember is a good way to do this. You can usually change your password using the app you use to manage the device.
Keep your camera secure by regularly updating security software. Not only does this keep your devices secure, but often adds new features and other improvements.
If you do not use the feature that lets you remotely access the camera from the internet, it is recommended you disable it.
Caroline Normand, director of advocacy at consumer group ‘Which?’, chipped in to add: "Which? has repeatedly exposed serious security flaws with devices including wireless cameras and children's toys, so mandatory security requirements and strong enforcement that ensures manufacturers, retailers and online marketplaces are held accountable for selling insecure products is essential." Jake Moore, cybersecurity specialist at ESET, said of the efforts: "Password managers should not be feared; many people think that putting all their passwords in one place on the cloud will make them somewhat vulnerable to attack. However, it's the opposite that is true. The clever use of two factor authentication, 2FA, and robust encryption are a far stronger mix than having to remember hundreds of accounts each with three random words." The advice comes on the heels of proposed new laws that would force manufacturers to stop baking default passwords into new devices, provide a public point of contact for reporting security vulnerabilities and to state the product's useful lifespan, i.e., for how long security updates will be published. Even those laws might not be enough to truly secure Joe and Josephine Bloggs, however. Insecure smart home devices have long been known to techies as a rich source of vulnerabilities for criminals to exploit. In lawsuit-happy America, companies such as Amazon have had sue balls flung at them for perceived problems with security – and tried to fend these off with a "privacy dashboard" that largely fell flat among techies.
HACKING AIRLINER SYSTEMS DOESN”T MAKE THEM MAGICALLY FALL OUT OF THE SKY.
Study finds most A320 pilots shrug, ignore dodgy systems and land safely. An Airbus A321, one of the types flown daily by pilots in the Oxford University study faced with hacked or spoofed safety systems tend to ignore them – but could cost their airlines big sums of money, an info sec study has found. An Oxford University research team put 30 Airbus A320-rated pilots in front of a desktop flight simulator before manipulating three safety systems: the Instrument Landing System (ILS), the Ground Proximity Warning System (GPWS) and the Traffic Collision Avoidance System (TCAS). The team, who presented their paper at the NDSS info sec symposium, found that while their attacks against these systems "created significant control impact and disruption through missed approaches", all pilots in the study were able to cope and land their simulated aircraft safely. Pilots in the study were exposed to false warnings from each of the systems to see what their reactions were. Most of them carried out missed approaches at first and tended to ignore or distrust the "hacked" system while going around to carry out a safe landing. A go-around is expensive, with airlines racking up bills for extra landings, fuel and delay penalties. Commenting on their findings, the researchers said in their paper: "Pilots are extensively trained to deal with the many faults which can emerge when flying an aircraft, and this was reflected in the results. However, the attacks generated situations which shared some features with faults but largely were different; they lacked indication of failure." They added: Whilst alarms force action they are quickly turned off or ignored if considered spurious. Lead researcher Matt Smith, explaining the reasoning behind the study, told The Register: "We know these attacks exist but we don't know what would happen if they occurred," adding that there is existing research demonstrating attacks against airplanes but little analysing their potential effects in this way. Terrain ahead. Pull up! Each of the 30 pilots in the study was put in front of a desktop simulation of an Airbus A330, which Smith explained was because there weren't any good enough representations of the A320 available for the X-Plane simulator used in the experiments. After a familiarisation flight, helped by the fact the A330 is very similar to its short-haul sister aircraft, the experiments began with three simulated flights onto runway 33 at the UK's Birmingham Airport. For the GPWS phase, Smith's team simulated a false aural alarm, where the system plays the message "Terrain, pull up!" over the cockpit loudspeakers. Pilots are trained to react to the warning so they don't fly into the ground. On the first approach, two-thirds of pilots went around, while on the second try just over half of those who didn't land the first time round disabled GPWS before trying again, successfully. Those who went around largely did so between 20 and 30 seconds after the false alarm. Traffic, traffic! Climb now! Next was the TCAS attack. TCAS works by sensing the location of nearby aircraft fitted with TCAS gear and ordering pilots to climb or descend if algorithms calculate that the two airplanes will come too close for safety. Critically, TCAS can cause pilots to ignore air traffic control (ATC) instructions: pilots can bust an ATC-imposed altitude restriction (for example, "maintain 3,000ft") if their TCAS equipment orders them to do so. On the A320, TCAS has three pilot-selected modes: TA/RA, meaning it gives a visual and audio warning before telling the pilot to "climb now" or "descend now", TA only (audio warnings only without the RA, Resolution Advisory, part – meaning the system does not order pilots to climb or descend) and standby (off). Due to limitations of the simulator, Smith's team were not able to simulate the visual warning on the airliner's cockpit screens. By triggering a false TCAS RA, the researchers looked to see what the pilots would do, with the experiment including a "descend" RA shortly after takeoff among other activations, which Smith said was not unheard of in some crowded airspace such as the departure routes from Heathrow. All but one of the pilots obeyed the false TCAS orders at first. On average, pilots "complied with over four RAs before reducing sensitivity", something Smith's team said "shows that there is no straightforward response." Most of the pilots switched from TA/RA to TA only after false activations, with some turning it off altogether over worries about the "additional workload" and distraction caused by false alarms. Two also diverted their flights back to the origin airport. Glideslope. Pull up! For the ILS scenario, Smith's research team moved the position of the glideslope, the radio beam that guides airplanes down to safe landings. An ILS system consists of a glideslope, an angled beam that controls how far along the runway the aircraft touches down, and a localiser, which tells it where the middle of the runway is. All experiments were carried out in simulated good weather so pilots could use other visual references to double-check the ILS. Four of the 30 pilots in the study chose to continue with their landing anyway despite the simulated glideslope having been moved to a point several thousand meters down the runway. A landing too far along the runway would risk the airliner running off the far end into the grass, potentially causing the runway to be closed. Of the rest, 30 per cent fell back to using the airplane's internal GPS system to carry out an area navigation (RNAV) approach, using onboard systems to calculate a glideslope and localiser path without needing the external radio beams. A fifth of the pilots went for a visual approach; landing by looking out of the window and flying accordingly, while a quarter used the localiser beam but judged the touchdown point visually. Two pilots asked for a Surveillance Radar Approach, where ATC does all the hard work of lining the airplane up with the runway by looking at the radar screen and giving the pilot course corrections. This depends solely on the airport's own radar and radio equipment being available. The pilots in the study ranged from captains with more than two decades' flying experience to newly qualified first officers with two or fewer years in their logbooks, giving a reasonably wide cross-section of aviation experience. Smith mused to El Reg: "If industry engaged with penetration testing on these systems and tried to fully map out what the attacks might be, what they presented to the pilots as, they should at least be able to give a list of situations that might come about as a result of an attack." He added that this could be used to develop situation-specific checklists, much as pilots already have standardised checklist responses for instrument failures.
ANDROID MALWARE CAN STEAL GOOGLE AUTHENTICATOR 2FA CODES.
Security researchers say that an Android malware strain can now extract and steal one-time pass-codes (OTP) generated through Google Authenticator, a mobile app that's used as a two-factor authentication (2FA) layer for many online accounts. Google launched the Authenticator mobile app in 2010. The app works by generating six to eight-digits-long unique codes that users must enter in login forms while trying to access online accounts. Google launched Authenticator as an alternative to SMS-based one-time pass-codes. Because Google Authenticator codes are generated on a user's smartphone and never travel through insecure mobile networks, online accounts who use Authenticator codes as 2FA layers are considered more secure than those protected by SMS-based codes. In a report published this week, security researchers from Dutch mobile security firm ThreatFabric say they've spotted an Authenticator OTP-stealing capability in recent samples of Cerberus, a relatively new Android banking trojan that launched in June 2019. "Abusing the Accessibility privileges, the Trojan can now also steal 2FA codes from Google Authenticator application," the ThreatFabric team said. "When the [Authenticator] app is running, the Trojan can get the content of the interface and can send it to the [command-and-control] server," they added. The cloud is a mature market, but there’s rapidly accelerating demand. Organisations are increasingly looking to the cloud as a highly strategic resource. "We believe that this variant of Cerberus is still in the test phase but might be released soon," researchers said. All in all, the ThreadFabric team points out that current versions of the Cerberus banking trojan are very advanced. They say Cerberus now includes the same breadth of features usually found in remote access trojans (RATs), a superior class of malware. These RAT features allow Cerberus operators to remotely connect to an infected device, use the owner's banking credentials to access an online banking account, and then use the Authenticator OTP-stealing feature to bypass 2FA protections on the account -- if present. ThreatFabric researchers believe the Cerberus trojan will most likely use this feature to bypass Authenticator-based 2FA protections on online banking accounts, however, there's nothing stopping hackers from bypassing Authenticator-based 2FA on other types of accounts. This includes email inboxes, coding repositories, social media accounts, intranets, and others. Historically, very few hacker groups and even fewer malware strains have ever had the ability to bypass multi-factor (MFA) authentication solutions. If this feature will work as intended and will ship with Cerberus, this will put the banking trojan in an elite category of malware strains. The new Cerberus capabilities are detailed in a ThreatFabric report that summarizes all the recent remote access-related upgrades detected in Android malware strains.
THREAT FOCUS: Visser Precision - UNITED STATES
https://techcrunch.com/2020/03/01/visser-breach/
Exploit: Ransomware. Visser Precision: Parts manufacturer for space and defense contractors. Risk to Small Business: 2.111 = Severe: Visser Precision was infected with data exfiltrating ransomware that stole proprietary information before encrypting IT systems. Based on documents published online, it appears that hackers obtained company data, including a list of clients, nondisclosure agreements, and some development plans. This incident reflects a growing trend in ransomware attacks – cybercriminals are increasingly stealing company data before encrypting critical IT systems, and organizations don’t detect it until it’s too late.
Individual Risk: No personal information was compromised in this breach.
Customers Impacted: Unknown.
Effect On Customers: Ransomware attacks not only negatively impact productivity and manufacturing, they also negatively impact growth. Companies like Visser Precision have many high-profile and mission-critical clients. Cybersecurity incidents can put those organizations at risk, making them less likely to do business with companies that have data security issues. Risk Levels: 1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
Avantia Cyber Security & Huntsman Digital Auditor to the Rescue: Helping SME’s to understand the importance of security is no easy task. With an ‘Essential8’ Digital Security Audit we offer a remote access independent ‘real time’ audit of our clients critical operational infrastructure systems to determine where the gaps are with recommendations for remediation. Its the first step to real cyber security. Call Avantia’s office on 07 30109711 or visit: https://www.avantiacybersecurity.com/cyber-security-audit
THREAT FOCUS: Riverview Health - UNITED STATES
Exploit: Accidental data sharing.
Riverview Health: Healthcare provider.
Risk to Small Business: 2.333 = Severe: On January 14, 2020, an employee inadvertently sent notification letters that intermixed patients’ names and addresses. The messages were delivered to the appropriate addresses, but they included the incorrect patient name. In today’s digital landscape, even small clerical errors can have significant consequences as both customers and regulators look to punish companies that fail to secure personal information.
Individual Risk: 2.714 = Moderate: Patients’ names and addresses were compromised in the breach. Riverview Health maintains that the risk of data misuse is very low, but victims should still be aware that this information can be used for nefarious purposes and take precautions to ensure that their information is secure.
Customers Impacted: 2,610
Effect On Customers: The biggest threat to your data isn’t cybercriminals, its human error. With customer blowback and regulatory penalties increasing, every organization needs to take steps to mitigate the risk posed by staff mistakes. Implementing protocols and increasing training about the pitfalls presented by phishing attacks and data sharing errors can significantly reduce your organization’s exposure to a data breach.
Risk Levels: 1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach
Avantia Cyber Security and ID Agent to the Rescue: With BullPhish IDTM, we can provide a more complete picture of a company’s security posture and potential risk, transforming the weakest links of an organization into their strongest points of protection. Find out how you can get started with us here: Phone 07 30109711 today.
THREAT FOCUS J Crew Clothing - UNITED STATES
https://www.retaildive.com/news/j-crew-reports-data-breach-of-customer-accounts/573543/
Exploit: Unauthorized database access.
J Crew: Clothing retailer.
Risk to Small Business: 2.111 = Severe: J Crew identified a data breach that took place in April 2019. In response, the company has disabled all impacted accounts, and advised all customers to reset their account credentials. The incident follows cybersecurity lapses at other prominent retailers at a time in which many consumers are shunning companies that don’t secure their information. The lengthy identification and reporting time will likely open the organization up to additional regulatory scrutiny that could further erode its brand reputation and bottom line.
Individual Risk: 2.428 = Severe: Hackers accessed customers’ account login credentials, email addresses, and passwords. Partial payment card data and order information was also compromised. The company has closed the impacted accounts, but all J Crew customers should take steps to protect their personal information.
Customers Impacted: Unknown
Effect On Customers: With threats coming from multiple directions, every organization must enact strong cybersecurity defenses to ensure that they are ready to address potential threats and keep their clients’ data safe – and avoid the brand-eroding fallout that comes from a cybersecurity disaster. In doing so, they can minimize the consequences of a breach, keep customer data off the Dark Web, and promote a rapid recovery.
Risk Levels: 1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
Avantia Cyber Security & ID Agent to the Rescue: Avantia’s Partners (ID AGENT) go into the Dark Web to keep you out of it. Dark Web IDTM is the leading Dark Web monitoring platform in the world. Their award-winning platform combines human and sophisticated Dark Web intelligence with search capabilities to identify, analyse, and proactively monitor for an organization’s compromised or stolen employee and customer data. Schedule a demo today: Call 07 30109711 during business hours.
THREAT FOCUS: Charlottetown, Provincial Government - CANADA
https://www.thetelegram.com/news/canada/data-breach-follows-pei-ransomware-attack-418350/
Exploit: Ransomeware.
Charlottetown, P.E.I: Provincial government.
Risk to Small Business: 1.666 = Severe: One week after this provincial government experienced a ransomware attack, internal government documents began appearing online. Specifically, financial reports, bank statements, and payment details related to its Agriculture Stability Program. Unfortunately, hackers noted that the released information represents just a portion of a 200 GB cache stolen from the government. This tactic is increasingly common with a ransomware attack and multiplies the damage done by the incident.
Individual Risk: 2.285 = Severe: Hackers released program documents that included sensitive data like names, SIN numbers, contact information, and business details. This information can be used to execute spear phishing scams, sold on the Dark Web or tapped to perpetuate other malicious activities. Those impacted should carefully scrutinize digital communications and monitor accounts for unusual or suspicious activity.
Customers Impacted: Unknown
Effect On Customers: Ransomware attacks were already one of the most costly and devastating cyberattacks. Hackers are upping the stakes by stealing data before encrypting critical digital infrastructure. Now the cost and impact of lost data is part of the equation when considering the recovery expenses, productivity decline, and reputational damage that already accompanies a ransomware attack.
Risk Levels: 1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach
Avantia Cyber Security & ID Agent to the Rescue: All of that stolen data can end up on the Dark Web, leading to even more serious consequences. Dark Web ID monitors the Dark Web to find out if your employee or customer data has been compromised. ID Agent works with our partners to strengthen their security suite by offering industry-leading detection. Call us now for a free “Real Time” Dark Web search yo see if your Critical Credentials are compromised. Phone 07 30109711 Office Hours.
THREAT FOCUS: Simon Fraser University - CANADA
http://globalnews.ca/news/6620351/sfu-data-breach/
Exploit: Ransomware.
Simon Fraser University: Public academic institution.
Risk to Small Business: 1.555 = Severe: A ransomware attack provided hackers access to personal data that they then exfiltrated from the university’s network before encrypting certain IT elements. The breach effects some faculty, staff, students, alumni, and retirees who had a relationship with Simon Fraser University before June 20, 2019. Although the breach was limited in scope, the school recommends that users reset their account passwords. The incident was discovered on February 27, 2020 and contained within 24 hours, but the university will still face regulatory scrutiny and possible public backlash due to the sensitive nature of the event
Individual Risk: 2.142 = Severe: Before encrypting the school’s network, hackers accessed student and employee names, numbers, birth dates, email addresses, mail list memberships, course enrollments, and encrypted passwords. This information can be used to craft convincing phishing scams that, if acted upon, can compromise even more personal data. Those impacted should carefully evaluate incoming messages requesting confirmation of personal data and take steps to ensure that their information isn’t being misused.
Customers Impacted: Unknown.
Effect On Customers: Already a major menace, hackers have upped their game when executing ransomware attacks, making incidents even more costly, invasive, and destructive. Every company needs to review its defensive posture to ensure that it is taking the basic steps necessary to mitigate the risk of ransomware. Since this malware always requires a foothold, every company can actively take steps to prevent it from being the next victim.
Risk Levels: 1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach
Avantia Cyber Security & Huntsman Digital Auditor to the Rescue: Helping SME’s to understand the importance of security is no easy task. With an ‘Essential8’ Digital Security Audit we offer a remote access independent ‘real time’ audit of our clients critical operational infrastructure systems to determine where the gaps are with recommendations for remediation. Its the first step to real cyber security. Call Avantia’s office on 07 30109711 or visit https://www.avantiacybersecurity.com/cyber-security-audit
THREAT FOCUS: Loqbox Credit Store - UNITED KINGDOM
https://www.infosecurity-magazine.com/news/hackers-steal-customer-data-uk/
Exploit: Data compromise.
Loqbox: Credit score builder.
Risk to Small Business: 1.777 = Severe: A cyberattack on February 20, 2020 compromised customers’ personal data and payment information but didn’t impact customer funds. The company admitted that the breach occurred because of a known vulnerability, raising questions about the priority of data security at the fin-tech startup. Now Loqbox is poised to experience significant customer blowback and regulatory scrutiny as it falls under the purview of Europe’s GDPR.
Individual Risk: 2 = Severe: The breach included personal information that could be used to target customers with highly convincing spear phishing emails. In addition to customer names, hackers acquired their dates of birth, addresses and phone numbers, plus financial data like partial credit card numbers, expiration dates, and bank account numbers. Those impacted by the breach should immediately notify their financial institutions and strongly consider enrolling in credit and identity monitoring services.
Customers Impacted: Unknown
Effect On Customers: Over the past several years, data breaches have compromised billions of login credentials, giving hackers front-door access to your data and systems. Every company should add improved security to its login process by enabling simple, efficacious measures like two-factor authentication to keep accounts secure.
Risk Levels: 1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach
Avantia Cyber Security & Huntsman Digital Auditor to the Rescue: Helping SME’s to understand the importance of security is no easy task. With an ‘Essential8’ Digital Security Audit we offer a remote access independent ‘real time’ defense grade audit of our clients critical operational infrastructure systems to determine where the gaps are within their system with recommendations for remediation. Its the first step to real cyber security. Call Avantia’s office on 07 30109711 or visit https://www.avantiacybersecurity.com/cyber-security-audit
THREAT FOCUS: Cathay Pacific Airline - UNITED KINGDOM
Exploit: Unauthorized database access.
Cathay Pacific: International airline.
Risk to Small Business: 2 = Severe: Cathay Pacific was recently hammered with a fine totaling £500,000 as a result of its failure to identify and address a data breach that lasted for more than four years. While the ruling offers a 20% discount if Cathay Pacific pays the penalty by March 12, the penalty is still a significant financial hit to the international airline. The company was cited for multiple “security inadequacies” including failing to encrypt databases containing customers’ personal data, a slow response to a known security vulnerability, and lengthy communication delays that further jeopardized customer information.
Risk to Individuals: 2.428 = Severe: The data breach included a treasure trove of Cathay Pacific customers’ personal data, including names, nationalities, birthdates, phone numbers, email addresses, mailing addresses, passport information, and other company-specific information. Those impacted by the breach should be sure to reset their airline account credentials and any other accounts using similar information. In addition, they should be aware that this kind of data is often used to develop sophisticated, personalized spear phishing attacks that further compromise personal information.
Customers Impacted: 9,400,000
Effect On Customers: Regulatory penalties are on the rise as regulators and legislators seek to punish companies that incur a data breach without having adequate data security protocols or incident response plans in place. In this case GDPR’s governing body issued the fine, but governments around the world are imposing substantial fines on companies that fail to protect their customer data – and those fines are climbing every day.
Risk Levels: 1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach
Avantia Cyber Security & Huntsman Digital Auditor to the Rescue: Helping SME’s to understand the importance of security is no easy task. With an ‘Essential8’ Digital Security Audit we offer a remote access independent ‘real time’ defense grade audit of our clients critical operational infrastructure systems to determine where the gaps are within their system with recommendations for remediation. Its the first step to real cyber security. Call Avantia’s office on 07 30109711 or visit https://www.avantiacybersecurity.com/cyber-security-audit
THREAT FOCUS: Alinta Energy - AUSTRALIA
Exploit: Unauthorized data sharing.
Alinta Energy: Private energy and gas company.
Risk to Small Business: 1.777 = Severe: Alinta Energy is under intense scrutiny after a whistleblower exposed the company’s improper storage of customers’ personal information in overseas storage. This possible violation of Australia’s privacy laws could have a significant impact on its bottom line. At the same time, the brand erosion and degradation of customer trust engendered by this situation could magnify the consequences for Alinta Energy.
Individual Risk: 2.428 = Severe: According to the whistleblower, customer information including addresses, credit card information, and phone numbers are being stored overseas. Customers should be aware of this compliance oversight, taking special care to review their accounts and to advocate for their personal information to be adequately protected and managed.
Customers Impacted: 1,100,000
Effect On Customers: Today’s global data privacy landscape is expansive and convoluted, making it challenging for any company to adhere to the many new laws hitting the books. But this challenging landscape isn’t an excuse for companies to fail at compliance. Instead, they need to attain the resources and support necessary to ensure that they have the infrastructure in place to adhere to the flurry of emerging data privacy regulations.
Risk Levels: 1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach
Avantia Cyber Security & Huntsman Digital Auditor to the Rescue: Helping SME’s to understand the importance of security is no easy task. With an ‘Essential8’ Digital Security Audit we offer a remote access independent ‘real time’ defense grade audit of our clients critical operational infrastructure systems to determine where the gaps are within their system with recommendations for remediation. Its the first step to real cyber security. Call Avantia’s office on 07 30109711 or visit https://www.avantiacybersecurity.com/cyber-security-audit
______________________________________________________________________________
POSTSCRIPT:
60% of UK Consumers Impacted By a Data Breach in 2019
As expected, 2019 was a devastating year for data breach victims. As more year-end studies are completed and released, we’re learning more about who was effected the most. According to a recent report, nearly 60% of UK consumers were impacted by a data breach last year, a staggering total that underscores the personal implications of the more than 7,000 data breaches that affected UK companies in 2019. The report noted the potential consequences of such an extensive breach environment, including cybercriminals using the sensitive personal and financial information that they collected from users as a gateway to deploy other cyberattack tactics like spear phishing that can compromise sensitive information, data, and systems even more severely. Although the number of breaches hasn’t increased significantly, the amount of compromised records has escalated. The number of records that have been compromised has tripled since 2018, surpassing 15 billion this year. This 300% year-over-year increase should encourage companies to seek solutions that can monitor the Dark Web for their data to preempt further hacking attempts. At the same time, training employees to identify and neutralize increasingly sophisticated spear phishing campaigns is an absolute prerequisite for a capable defensive posture in 2020.
https://securityboulevard.com/2020/02/almost-60-of-uk-consumers-affected-by-data-breaches-in-2019/
Coronavirus Phishing Scams Capitalizing on Fear & Urgency
As concern over the Coronavirus (COVID-19) spreads around the globe, hackers are exploiting the atmosphere of panic and fear created by the pandemic to steal peoples’ personal information. According to a recent report, more than 4,000 Coronavirus-related domains have been registered since the beginning of the year. Experts consider 3% to be outright malicious, and 5% are categorized as suspicious – more than double the usual number. Hackers are likely to target organizations with phishing attacks in an attempt to steer employees toward these malicious sites where they can steal critical data. The World Health Organization has already issued a warning about Coronavirus-related phishing attacks that purport to be from to their organization, and CISA has released several warnings about the emerging threat of COVID-19 related phishing scams. Taken together, it’s a reminder that while phishing scam awareness training is an effective defense against cybercrime, security education isn’t a static endeavor. It must always adapt to address today’s shifting threats in order to keep your organization a step ahead of tomorrow’s bad actors.
https://www.vox.com/recode/2020/3/5/21164745/coronavirus-phishing-email-scams
______________________________________________________________________________
The Essential8 (E8) Framework was developed by the Australian Signals Directorate (ASD). It is a prioritised list of practical security controls that organisations can implement to make their organisation’s information more secure. They have been found to mitigate up to 85% of cyber attacks.


Call AVANTIA CORPORATE SERVICES ON +61 7 30109711
( 9am - 5pm Mon-Fri ADET) for a QUOTE or Email info@avantiacorp.com.au
______________________________________________________________________________
Disclaimer*:
Avantia Corporate Services Pty Ltd T/A Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, and up to 56 other countries who provide cyber breach and cyber security information to us in real time. Given their international focus and experience in the cyberspace arena we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the contents accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.
*COPYRIGHT 2020* Avantia Corporate Services - All Rights Reserved.
(10,502,610)