AUSTRALIAN PARLIAMENT HOUSE HACKED........AGAIN
Updated: Nov 24, 2019
This Past Week, Australian Parliament House hacked again - critical credentials stolen; Cyber criminals target Office 365; Trend Micro employee steals Customers details; 5 Emails you don’t want to find in your In Box; a new Trojan Virus is launched; Disney + Streaming accounts stolen and sold on the Dark Web, Healthcare data is targeted by yber criminals, lax account security compromises PII, and Australian cybersecurity specialists are on the verge of burnout and major breaches impact on organisations in USA; CANADA; UNITED KINGDOM; AUSTRALIA and SPAIN.
Known Customers Effected by Data Breaches reported in this Briefing
this past 4 weeks: 222,096,402 *
Dark Web ID Trends: Top Source Hits: ID Theft Forums
Top Compromise Type: Domain
Top Industry: Finance & Insurance
Top Employee Count: 1 - 10 Employees
AUSTRALIAN PARLIAMENT HOUSE HACK REPORT REVEALS POOR PASSWORD PRACTICES (with Publishers Comment)
https://www.zdnet.com/article/parliament-house-hack-report-reveals-poor-password-practices/
Interesting facts are starting to emerge concerning the hack of the Australian Parliamentary Network and Political Party Network revealed in February 2019. It took eight days to remove the bad guys from the parliamentary network, according to evidence given to the Senate Finance and Public Administration last Thursday. The Department of Parliamentary Services (DPS) became aware of the breach on January 31, and called in the Australian Signals Directorate (ASD) for help. The attackers were removed on February 8. What happened in the intervening eight days? "At this point I have to say that, given this forum, I am unable to go into any further detail," said the President of the Senate, Senator Scott Ryan. Ryan tabled a report on the incident. The report itself has not yet been published, but his verbal evidence reveals disturbing gaps in DPS defenses and procedures. "While I do not propose to discuss operational security matters in detail, I can state that a small number of users visited a legitimate external website that had been compromised," Ryan said. "This caused malware to be injected into the Parliamentary Computing Network." This is Classic ‘spearphishing’. Ryan said he released this information as a "salient warning" for users to be "cautious and vigilant when clicking on any documents, attachments or links that are outside of our environment". While two affected senators had been contacted by phone, the rest of the "several thousand people who access the network" were sent a notice to reset their passwords -- via the very network that they'd just been locked out of. As Senator Kimberley Kitching quite rightly noted: "If the department knew that the system was down, why send out an email to a system that wasn't accessible? That's a little problematic." "No, we were fully aware," said Ryan. "That would not make sense," said Kitching. "It was done in full consultation with the Speaker [of the House of Representatives] and myself," Ryan said. "There was no other alternative given the advice that we received required the wholesale network password reset." Extra tech support staff had to be brought in to handle the calls. "We really can't go into, in a public forum, more details of the stages of what happened or explanation for various reasons," Ryan said. Kitching then noted: "At the time there was a suggestion made to DPS that DPS might acquire our mobile numbers and contact people that way." Ryan's response: "There has been work with whips, I think, looking into that. That's currently, at least in my experience, still under discussion with whips." That's right, nine months after the breach there doesn't seem to be a list of all users' phone numbers. That makes this next revelation even more worrying. Or amusing, depending on your personal philosophy. Ryan also noted that "our computer asks us to change our password for good security reasons quite often", despite that now being contrary to best practice. One of the documents tabled was a form titled "Authority to reset parliamentarians' passwords", a form not issued until February 15, a full fortnight after the breach was discovered. "From memory, the purpose of that authorisation was to enable parliamentarians to provide formal authority for passwords to be changed on parliamentarians' behalf by their staff," said DPS secretary Robert Stefanic. "In the past, there had been ad hoc approaches by email and phone. This was an attempt to formalise that process." In other words, staff could call or email to reset a parliamentarian's password, and be told that password. Obviously anyone pretending to be staff could do the same. "The exact process we use to verify the identity I will take on notice and provide more information on," said Ian McKenzie, the DPS chief information security officer. In general terms, there are "number of ways that security is verified", he said. "If we see a phone call come from that office, for example, then it verifies at least that that is the extension and the call is coming from the verified senator or member's office -- and the same with electorate offices." DPS had reassured us in March that the attack was detected early, although it admitted that it still had work to do on fighting external threats. On Thursday's evidence that would certainly seem to be the case. Avantia Cyber Security is looking forward to reading the full incident report, but fears it won't be anywhere near as transparent as the report issued by the Australia National University after their massive breach. The Parliament House attacker or attackers have never been named , although the working consensus among cyber pundits is that it was China.
PUBLISHERS COMMENT: In MAY 2018 Avantia Cyber Security Managing Director Paul Nielsen, after consultation and referral from the Prime Ministers Senior Cyber Security Advisor, met with the head of Parliamentary Services (who Manage the running of Australia’s Parliament House) and presented to them a list of some 100 Usernames & Clear text Passwords (of some 2,000+ individuals on the APH database) listed on the Dark Web for sale for US$3 ea. at that time. Malcolm Turnbull (Prime Minister) and Josh Friedenberg (current Treasurer) were amongst them. This information came from ID AGENT in the USA who Avantia Cyber Security Partner with. ID Agent monitor the Dark Web 24/7/365 in real time for stolen Usernames & Passwords. They monitor the US Govt Departments (incl Dept Of Human Resources) , Major Law Firms, Not for Profit Associations and Corp[orate entities in the USA and worldwide. Mr Nielsen was informed that the APH database was secure and our offer of monitoring services was not required. In part the reply said: “Generally speaking though - further investigations have indicated this is as we discussed - people have signed up to third party sites (eg Linkedin, dropbox, yahoo etc) using their APH email address and these external sites have been subsequently breached. The passwords being published are the passwords being used on these external services.We do not have any evidence that the information points to any breach of APH systems or accounts” Later in 2018 the APH database was hacked (by unknown actors - but they said it was probably China) and told all parliamentary users to change their Passwords. in February 2019 the APH database was breached again by unknown actors (and, surprisingly, they said it was probably China). There are currently (as the date of this Threat Alert) 2,956 Australian Parliament House User Names & Passwords on the DARK WEB for Sale. The latest compromised credentials belong to Senator Feeney and was listed on the Dark Web on 13th November 2019. “When someone buys the stolen keys to your house the can come and go at will and you will never know they have been there” said Mr Nielsen. These breaches will continue to occur until the APH accepts and takes mitigating action action to limit compromises from 3rd parties by monitoring their ‘clients’ Critical Credentials on the Dark Web and executing a ‘password change’ immediately the entry appears on the Dark Web blocking intrusions from their poor password practices. Until then, Australia is at risk.
CRIMINALS ARE TARGETING OFFICE 365
Hardly a day goes by without a phishing campaign doing the rounds. The motivation for the bad guys is typically money, but their methods are varied. Usually they will latch onto trends and recent events to lure in people, or they will use some old favorites – TV License renewal, or Bank/Tax refunds. The latest trend is targeting Office 365 or OneDrive. It is pretty important for organisations to fully communicate how users authenticate to these, as it can be easy for users to get confused. So let’s look at an attack. Typically you will receive a spoofed email it suggests that the users account has not been fully compromised, though that said if they had applied SPF half the problems would not be there. The bad guys clearly have done their homework - targeted attacks focus on people that are connected to the sender – others are entirely random. The phish email itself can be the usually unconvincing email of bad grammar or highly unconvincing sender names. However the phishing link is not flagging as a phish by checking mechanisms as it is served by Microsoft. Ironic that it says “Never give out your password” underneath the password box. The crafted form has no password obscuration at all. You can click Report Abuse to get these flagged, and Microsoft will take them down quickly. So how are they able to get these forms in the first place. Well it all starts with a phishing email. For someone tricked into entering their details the bad guys can authenticate to create their own forms. They then have the option of sending the email link as that person in a spoofed email, or use the form via other campaigns. The one saving grace is if a person has 2FA or their Office 365 is federated. 2FA to stop them getting into Webmail, and Federated to authenticate login so the bad guys can’t get in, but they could still have given their password away. For organisations still using Webmail via the Internet without 2FA – this for obvious reasons is bad news. With the increase of Office365, sharing of files and OneDrive, it is important for organisations to brief staff on how to use these features and so they are aware and don’t inadvertently type their login details on the wrong page. "What's that, you want to share a file with me, and I have to put my password in on a third party site? Erm.... okay". "Why did you do that?" "It was a Microsoft site?" What would be useful would be if Microsoft required federated and 2FA to produce forms instead of simple logins and a form of validation before publication, as currently this is being abused all too readily.
INSIDE JOB: TREND MICRO ANTIVIRUS SOFTWARE EMPLOYEE SOLD CUSTOMER DETAILS TO TECH SUPPORT SCAMMERS
If you use Trend Micro consumer anti-virus and you've been getting scam tech support calls, now you know why.Anti-virus vendor Trend Micro has revealed a major data breach carried out by an employee who stole a chunk of its consumer customer support database and sold it to scammers who then impersonated Trend Micro support in a tech support scam. The company revealed the breach on Wednesday, which it says affected “less than one per cent” of its 12 million consumer customers, predominantly from English-speaking countries. “The suspect was a Trend Micro employee who improperly accessed the data with a clear criminal intent,” Trend Micro said in a statement. “We immediately began taking the actions necessary to ensure that no additional data could be improperly accessed, and have involved law enforcement." The employee, who has since been terminated, “used fraudulent means to gain access to a customer support database that contained names, email addresses, Trend Micro support ticket numbers, and in some instances telephone numbers.” Trend Micro has not revealed the employee's former position or where the employee of the global firm was based. A Trend Micro spokesperson said in an emailed statement that the company could not divulge these details because it was an open investigation. It did however reveal the employee sold the information to a currently unknown third-party. The details were then used by scammers to impersonate Trend Micro support and contact customers who use its home security products. Trend Micro doesn’t state when the breach occurred, but it launched an investigation after becoming aware of an uptick in scammers posing as Trend Micro support in early August. It was not until October that it confirmed the information had been stolen and sold by an employee. In September the company issued a general advisory warning customers about technical support scams posing as Trend Micro support. It warned that “scammers impersonate legitimate technology vendors, including Trend Micro, in order to extract payment or other sensitive information from victims.” Trend Micro said there was no indication the employee accessed financial or credit payment information. It also claims data from its business and government customers was not improperly accessed. The theft however could have caused serious problems for Trend Micro customers given the level of detail the scammers had access to, which would have increased the chances that victims would pay the scammer, install unwanted software or malware suggested by the scammer, or hand over a password to them.
Also, while the employee has been terminated, it doesn't mean the users whose details were stolen will stop receiving the scam calls or emails. Trend Micro said that "every impacted consumer customer has been or will be contacted by Trend Micro by email with information on what to do and where to get support." The breach is an embarrassing incident for the cybersecurity company, which should have systems in place to prevent insider threats like this. Trend Micro has also warned consumers about the risks of tech support scammers for years, yet now is the source of new tech support scam risks that affect its own consumers. The company has not detailed how the employee stole the customer database but it said the person "engaged in a premeditated infiltration scheme to bypass our sophisticated controls." Trend Micro declined to say how the employee was able to steal the data, but noted that it has "increased our internal security features and processes with regards to accessing the consumer database including continuous monitoring and alerting of suspicious activities." It also stressed that it does not call customers without scheduling a support call in advance, so customers should not expect calls from its legitimate staff out of the blue. “If you receive an unexpected phone call claiming to be from Trend Micro, hang up and report the incident to Trend Micro support," the company said.
FIVE EMAILS YOU DON’T WANT TO FIND IN YOUR INBOX
Phishing attacks are the most common form of cyber attack. Why? The simplicity of email gives cyber criminals an easy route in, allowing them to reach users directly with no defensive barriers, to mislead, harvest credentials and spread malicious elements. All organisations think it won’t happen to them, but phishing isn’t a trap that only ensnares the gullible or those unacquainted with technology. Far from it. Gone are the days of poorly-worded, patently obvious attempts at scamming users out of their hard-earned cash. Some of today’s most sophisticated phishing attacks are almost indistinguishable from legitimate business communications – they’re well-written, thoroughly researched and establish a thread of communication with the victim before attempting to steal their credentials or bank balance. Email is the single biggest attack vector used by adversaries who employ a plethora of advanced social engineering techniques to achieve their goal. Andy Pearch, Head of IA Services at CORVID, describes five common types of social engineering attack that no employee – from CISO to HR assistant – wants to see in their inbox.
1. Payment diversion fraud Cyber criminals often masquerade as a supplier, requesting invoices are paid to alternative bank details. They can also pretend to be an employee, asking the HR department to pay their salary into a different account. Payment diversion fraud targets both businesses and individuals and the results can understandably be devastating. There’s little point requesting someone to make a bank transfer or change payment details who isn’t authorised to do so – threat actors target finance and HR teams, who would expect to process payments and deal with changes to personal account details, so are more likely to comply with the fraudulent request.
2. CEO fraud Impersonating a VIP – often the CEO – is big business for adversaries, knowing the recipient will often action the request straightaway. Threat actors research their executive target thoroughly to make sure their spoofed email is as convincing as possible, so it stands more chance of succeeding. They prey on users’ implicit trust of their seniors to coerce them into providing commercially sensitive information, personal information, or bank account details. These deceitful requests often convey a sense of urgency, and imply the interaction can only be carried out via email – the victim therefore has no time to question the validity of the request, and is unable to call the CEO to confirm if it’s genuine.
3. Whaling The opposite of CEO fraud, whaling targets senior executives rather than impersonating them. These targets are often the decision-makers in a business who have the authority to give the go-ahead on financial transactions and business decisions, without further levels of approval. These phishing attacks are thoroughly researched, containing personalised information about the company or individual, and are written in the company’s tone, adopting fluent business terminology that’s well-known to the VIP target.
4. Spear phishing Perhaps the most widespread form of email-based cyber attack, spear phishing targets individuals and specific companies with links to credential harvesting sites or requests for confidential information, such as bank details and personal data. Attackers study their victim’s online presence to include specific information which adds credibility to their request, such as purporting to be from a streaming service the victim is subscribed to, or a supplier that is known to the target company.
5. Sextortion Not all phishing attacks are subtle. A form of cyber blackmail, sextortion is when cyber criminals email their target claiming to have evidence of them committing X-rated acts or offenses, and demanding payment to stop the criminals from sharing the evidence with their victim’s family or employer. Attackers count on their victim being too embarrassed to tell anyone about the email (although they haven’t done anything wrong), because it’s a taboo subject most wouldn’t feel comfortable talking about with others. They often make the email sound like they’re doing their victim a favor in keeping the details to themselves. The victim may decide to pay up to stop embarrassing details about their private lives being made public, regardless of whether they’re true or not. Payments are usually demanded in Bitcoin so the transaction is untraceable, meaning the adversary cannot be identified. But if the victim knows they’re innocent, why do these attacks still work? It’s all about credibility – attackers harvest email addresses and passwords from previous cyber attacks, which are available for purchase on the Dark Web for little money and include them in their email to add credibility. If an attacker emails you claiming to know one of your passwords and includes it for proof, you’re more likely to believe the rest of the email is genuine.
CONCLUSION These common types of social engineering attack cannot be ignored by any organisation – these threats are very real and won’t disappear anytime soon. Email security and threat protection can be transformed by the use of multiple sophisticated detection engines and threat intelligence sources; employees shouldn’t have to carry the weight of identifying these threats, essentially plugging the gaps in flawed cyber security strategies. Organisations need to treat email as the serious security risk that it is and begin to put appropriate measures in place. Fraud detection and content checking in real time automatically highlight phishing and social engineering techniques, which removes the burden from users and instead leaves technology to do its job. Furthermore, technology enables potentially concerning emails – such as those attempting to harvest credentials, mislead users or spread malicious elements – to be automatically flagged, meaning employees can make quick, informed and confident decisions as to whether the email should be trusted. With such sophisticated technology available and a growing threat landscape that shows no sign of slowing, it’s time for organisations to make a change and adequately protect themselves from incoming attacks.
WORLDS MOST NOTORIOUS HACKING GROUP LAUNCHES A NEW TROJAN VIRUS:
Platinum, the infamous Advanced Persistent Threat (APT) group, has launched a new backdoor trojan named ‘Titanium’ that has advanced capabilities of taking complete control over the target’s PC. Platinum, tracked as ‘TwoForOne’ by the researchers, has been active for the past ten years infiltrating government institutes, defense institutes, telecommunication companies, and intelligence agencies, specifically in South and Southeast Asia. According to researchers, Titanium includes, “a complex sequence of dropping, downloading and installing stages, with the deployment of a Trojan-backdoor as the final step. To evade security software, Titanium uses clever tricks like encryption, camouflaging as essential drivers, and delivering data stenographically in PNG images. Once the trojan has infected a system, it drops its final payload by downloading the required files using the Windows Background Intelligent Transfer Service (BITS) service. The Titanium trojan communicates with the C2 server and to commence the server command stream, Titanium sends “a base64-encoded request that contains a unique SystemID, computer name, and hard disk serial number.” Once the connection is established, it starts receiving commands. Kaspersky researchers say that it has not detected any activity related to Titanium trojan, however, there is a real possibility that the virus could already ‘in play’ since it is tough to detect the backdoor owing to its fileless technology and encryption techniques.
DISNEY + STREAMING SERVICE HACKED FROM LAUNCH AND CUSTOMER CREDENTIALS SOLD ON THE DARK WEB FOR US$1.
Disney's new video-on-demand streaming service has been compromised within a week of its being launched, with hacked Disney+ accounts offered for sale online for just $1. According to The Daily Dot, the hugely popular Disney+ service, which amassed over 10 million subscribers on its first day alone, was targeted by threat actors from the get-go. Within hours of the service going live on November 12, Disney+ users began posting messages on Twitter and Reddit stating that their accounts had been compromised. Some users complained of being locked out of pre-paid accounts after receiving alerts that account information, including their password and contact details, had been changed. Other service users reported finding strange names and profiles linked to their account after logging in. The mystery account users appeared next to avatars of users' family members. Exacerbating the problem is the fact that the Disney+ service has been set up in just the manner you'd expect from a company that pedals the idea of "happily ever after." For each account, connection to a maximum of ten devices is permitted, and there is currently no way to remove any devices that have been connected. Disney+ accounts were on sale for as little as US$1 a month on hacking websites, including ‘cracked.to’, within a few hours of the streaming service going live. Annual subscriptions were being touted for just US$3. The new video-on-demand streaming service is not alone in this whole new world of hackers and thieves. Other services, including Netflix, Hulu, HBO Now, and CBS All Access, have been targeted by hackers. A common ruse used by threat actors is to send a fake email to a streaming service subscriber warning them that their account has been locked. The subscriber is then asked to supply their account information and credit card details. After successfully phishing this information from the subscriber, the threat actor can then log in to the account and change the password, blocking the legitimate user from accessing the hacked account. To prevent their account from being hacked, subscribers to any video streaming service are advised never to answer suspicious emails relating to their account and never to share their login information over email.
THREAT FOCUS: InterMed - UNITED STATES
Exploit: Compromised email account
InterMed: Maine-based physician group
Risk to Small Business: 1.777 = Severe: Hackers gained access to four employee email accounts that contained patients’ protected health information. The first employee account was accessed on September 6th, and the subsequent accounts were available between September 7th and September 10th. Although InterMed did not report the specific vulnerability that led to the breach, credential stuffing and phishing attacks were likely the culprit. The company’s slow response time and the sensitive nature of the compromised data will result in regulatory scrutiny that will amplify the post-breach impact. Individual Risk: 2.428 = Severe: Patients’ protected health data was compromised in the breach. This includes names, dates of birth, health insurance information, and clinical data. In addition, some Social Security numbers were exposed to hackers. This information has a ready market on the Dark Web, and those impacted by the breach should take every precaution to protect their identity.
Customers Impacted: 30,000 Effect On Customers: Data breaches are becoming increasingly costly, so sufficiently addressing defensible threats should be a top priority for every organization. Employee email accounts are often a top target for hackers who use phishing campaigns and credential stuffing attacks to gain access to their account data. Comprehensive awareness training and Dark Web services that provide advanced notification when credentials are compromised can position companies to protect this easy access point from bad actors.
Risk Levels: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
Avantia Cyber Security & ID Agent to the Rescue: BullPhish ID™ simulates phishing attacks and conducts security awareness training campaigns to educate employees, making them the best defense against cybercrime. Phone 07 30109711 to see how easily BullPhish ID can be deployed in your organisation.
THREAT FOCUS: Brooklyn Hospital Center - UNITED STATES
Exploit: Ransomware
Brooklyn Hospital Center: Full-service community teaching hospital
Risk to Small Business: 2.111 = Severe: A ransomware attack struck Brooklyn Hospital Center, making some patient data inaccessible while deleting other information entirely. The ransomware originated with unusual network activity in July, but it wasn’t until September that the hospital determined that certain data would never be recoverable. However, it’s unclear why it took another month to notify the public of the disabled or missing data. As healthcare providers both big and small face the threat of ransomware attack, this lengthy reporting delay can compound the problem as it ushers in the opportunity for more hostile consumer blowback.
Individual Risk: 2.285 = Severe: Brooklyn Hospital Center declined to identify the specific data compromised in the breach, but healthcare providers are often a target for cybercriminals because of the sensitive nature of this information. Therefore, anyone impacted by the breach should take the necessary steps to ensure their data’s security, including enrolling in identity monitoring services and closely evaluating their accounts for unusual or suspicious activity.
Customers Impacted: Unknown Effect On Customers: This incident is a reminder that ransomware attacks can have ominous outcomes for any organization. While some are cut and dry transactions, others can be more damaging, resulting in permanent data loss or information exposure. Once your company’s data is in the hands of bad actors, there is no script for determining what happens next. With that in mind, preventing ransomware attacks proactively with proper cybersecurity measures must be a top priority for businesses of every shape, size, and sector.
Risk Levels: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach. Avantia Cyber Security & ID Agent to the Rescue: Monitoring the Dark Web for stolen credentials is critical for organisations. BullPhish ID compliments that data with simulated phishing attacks and security awareness training campaigns to educate employees, making them the best defense against cybercrime. Phone 07 30109711 to see how easily our low cost Cyber Security Services can be deployed in your organisation.
THREAT FOCUS: Utah Valley Eye Clinic
https://threatpost.com/eye-clinic-breach-reveals-data-of-20000-patients/149878/
Exploit: Unauthorized database access
Utah Valley Eye Clinic: Utah-based eye clinic
Risk to Small Business: 2.333 = Severe: A cybersecurity vulnerability at a third-party affiliate compromised personal data for thousands of the clinic’s customers. The incident resulted in patients receiving fraudulent emails indicating that they received a payment from PayPal. The breach was only recently discovered, originally occurring on June 18, 2018, so patient data has been exposed for a significant duration. As a result, the company will likely face legal penalties and lost revenue due to exposed protected health information (PHI)
Individual Risk: 2.142 = Severe: The clinic confirmed that patient email addresses were compromised in the breach, but it also conceded that other personally identifiable information, including names, addresses, dates of birth, and phone numbers, may have been exposed. The prolonged time to detection means that this information has been available for misuse, and they should be especially vigilant to evaluate online communications and credentials for suspicious or unusual activity.
Customers Impacted: 20,000 Effect On Customers: Third-party partnerships are becoming increasingly important in today’s business environment, yet also capable of inviting potential cybersecurity vulnerabilities. It’s estimated that more than 60% of data breaches involve a third-party exposure. Consequently, cybersecurity should be a top priority when considering partnerships, information sharing, or other collaborative opportunities.
Risk Levels: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach. Avantia Cyber Security & ID Agent to the Rescue: We go into the Dark Web to keep you out of it. Dark Web ID™ is the leading Dark Web monitoring platform in the world. The award-winning platform combines human and sophisticated Dark Web intelligence with search capabilities to identify, analyze and proactively monitor for an organization’s compromised or stolen employee and customer data. Schedule a demo today: Call 07 30109711 (Office Hours) to make a time.
THREAT FOCUS: TD Canada Trust - CANADA
Exploit: Unauthorized database access
TD Canada Trust: Financial services provider
Risk to Small Business: 2 = Severe TD Canada Trust believes that weak security questions provided hackers with an easy way to access user accounts and redirect online money transfers. Although the complaints are currently limited to two accounts within the same family, compromised user credentials can be a serious problem for both companies and consumers. In this case, frustrated clients took to the media to complain about their experience, harming TD Canada Trust’s customer relationships and brand reputation.
Individual Risk: 2.142 = Severe: Although it is unclear what personal information is compromised, it’s certain that hackers had access to users’ login credentials and security questions. Therefore, other personal information including names, addresses, and financial data could be compromised. In that case, disrupted payment transfers could be the least of the company's problems. Those impacted by the event should notify their financial institutions about the compromise, and should update credentials with strong, unique passwords and better security questions.
Customers Impacted: Unknown Effect On Customers: TD Canada Trust views this cyber incident as an avoidable intrusion since hackers relied on weak login credentials to access a user’s account. Faced with an already complex threat landscape, ensuring that employees and customers do their part to secure data should be an obvious priority for every business. At the same time, having the ability to identify compromised credentials before they are used maliciously allows for preemptive action to prevent a data breach. Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach. Avantia Cyber Security & ID Agent to the Rescue: Monitoring the Dark Web for stolen credentials is critical for organisations. BullPhish ID compliments that data with simulated phishing attacks and security awareness training campaigns to educate employees, making them the best defence against cybercrime. Phone 07 30109711 to see how easily our low cost Cyber Security Services can be deployed in your organisation.
THREAT FOCUS: Pipestone Kin-Ability Centre - CANADA
https://www.cbc.ca/news/canada/saskatchewan/kin-ability-cyber-attack-sask-1.5349230
Exploit: Unauthorized network access
Pipestone Kin-Ability Centre: Non-profit serving adults with mental and physical disabilities
Risk to Small Business: 1.666 = Severe: A flaw in the non-profit’s network security allowed hackers to access the company’s financial system, eventually siphoning off more than $400,000. The funds were earmarked for general operations and wages. Administrators immediately identified the unauthorized activity, but their reactive security measures will cause significant losses. The organization is working to identify the culprit, but their efforts are unlikely to fully restore the company’s resources.
Individual Risk: No personal information was compromised in the breach.
Customers Impacted: Unknown Effect on Customers: This incident underscores the importance of a forward-thinking readiness posture when addressing today’s cybersecurity risks. Any company relying exclusively on reactive measures will lose time, money, credibility, and customers. However, by preparing for the most prescient threats before they occur, companies can help ensure that their IT infrastructure remains secure.
Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach. Avantia Cyber Security & ID Agent to the Rescue: With BullPhish ID, MSPs can provide a more complete picture of a company’s security posture and potential risk, transforming the weakest links of an organization into their strongest points of protection. Find out how you can get started towards strengthening your Cyber Security posture. Call 07 30109711 (Office Hours) to find out more.
THREAT FOCUS: Lending Crowd - UNITED KINGDOM
https://www.p2pfinancenews.co.uk/2019/11/04/lendingcrowd-reports-data-breach/
Exploit: Unauthorized database access
LendingCrowd: Online peer-to-peer lending company
Risk to Small Business: 1.888 = Severe: LendingCrowd notified users of a data breach that impacted a subset of the company’s investors. Company officials noted that their platform hasn’t been breached, which could indicate successful credential stuffing attacks or other account-specific vulnerabilities. The company has contacted those impacted by the breach and regulatory bodies, but LendingCrowd will now deal with the litany of negative consequences that accompany a breach of any size.
Individual Risk: 2.428 = Severe: LendingCrowd failed to disclose the specific data involved in the breach, but since it impacted P2P lenders, it’s likely to include personally identifiable information such as names, addresses, and certain financial data. This information has incredible value on the Dark Web where it can quickly spread, putting users at risk for additional cybercrimes. Therefore, anyone impacted by the breach should enroll in credit and identity monitoring services to oversee and ensure their data’s long-term integrity.
Customers Impacted: Unknown Effect On Customers: Every business faces numerous cybersecurity threats, but many can be avoided by following cybersecurity best practices. In this case, LendingCrowd is asking all users to enable two-factor authentication to protect their account integrity. These simple steps can make a profound difference in your cybersecurity readiness posture.
Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach. Avantia Cyber Security & ID Agent to the Rescue: Monitoring the Dark Web for stolen credentials is critical for organisations. BullPhish ID compliments that data with simulated phishing attacks and security awareness training campaigns to educate employees, making them the best defense against cybercrime. Phone 07 30109711 to see how easily our low cost Cyber Security Services can be deployed in your organisation.
THREAT FOCUS: LendingCrowd - UNITED KINGDOM
https://www.p2pfinancenews.co.uk/2019/11/04/lendingcrowd-reports-data-breach/
Exploit: Unauthorized database access
LendingCrowd: Online peer-to-peer lending company
Risk to Small Business: 1.888 = Severe: LendingCrowd notified users of a data breach that impacted a subset of the company’s investors. Company officials noted that their platform hasn’t been breached, which could indicate successful credential stuffing attacks or other account-specific vulnerabilities. The company has contacted those impacted by the breach and regulatory bodies, but LendingCrowd will now deal with the litany of negative consequences that accompany a breach of any size.
Individual Risk: 2.428 = Severe: LendingCrowd failed to disclose the specific data involved in the breach, but since it impacted P2P lenders, it’s likely to include personally identifiable information such as names, addresses, and certain financial data. This information has incredible value on the Dark Web where it can quickly spread, putting users at risk for additional cybercrimes. Therefore, anyone impacted by the breach should enroll in credit and identity monitoring services to oversee and ensure their data’s long-term integrity.
Customers Impacted: Unknown Effect On Customers: Every business faces numerous cybersecurity threats, but many can be avoided by following cybersecurity best practices. In this case, LendingCrowd is asking all users to enable two-factor authentication to protect their account integrity. These simple steps can make a profound difference in your cybersecurity readiness posture. Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach. Avantia Cyber Security & ID Agent to the Rescue: Monitoring the Dark Web for stolen credentials is critical for organisations. BullPhish ID compliments that data with simulated phishing attacks and security awareness training campaigns to educate employees, making them the best defense against cybercrime. Phone 07 30109711 to see how easily our low cost Cyber Security Services can be deployed in your organisation.
THREAT FOCUS: James Fisher and Sons PLC - UNITED KINGDOM
Exploit: Unauthorized database access
James Fisher and Sons PLC: Marine services provider
Risk to Small Business: 3 = Moderate: An unauthorized third-party gained access to the company’s computer system, forcing JFS to bring their systems offline to prevent intruders from further infiltrating their network. In some sense, the company was lucky. Personal information wasn’t compromised in the breach, but cybersecurity events of any kind can still have serious repercussions for any company. In this case, the company’s shares dropped by nearly 6% after the breach, and JFS will incur the cost of cybersecurity specialists who are working to secure their network retroactively.
Individual Risk: No personal information was compromised in the breach.
Customers Impacted: Unknown Effect On Customers: Shareholders recognize that a data breach will inevitably impact a company’s bottom line and sell offs have become a common response to many cybersecurity incidents. This only accelerates and amplifies brand erosion. When coupled with consumers’ wariness surrounding cybersecurity breaches, it’s clear that the financial impact of a data breach can be extensive and long-lasting. Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach. Avantia Cyber Security & ID Agent to the Rescue: Monitoring the Dark Web for stolen credentials is critical for organisations. BullPhish ID compliments that data with simulated phishing attacks and security awareness training campaigns to educate employees, making them the best defense against cybercrime. Phone 07 30109711 to see how easily our low cost Cyber Security Services can be deployed in your organisation.
THREAT FOCUS: Everis Managed Services - SPAIN
Exploit: Ransomware
Everis: Managed service provider
Risk to Small Business: 2.666 = Severe: A ransomware attack forced Everis to disconnect their network, cutting off services to employees and customers alike. The attack encrypted many of the company’s files, and it caused a frantic response from IT administrators who warned employees to keep their computers turned off to avoid infection. The hackers left a ransom note that includes a contact address, and they demanded $835,923 to provide a decryption key. In the meantime, the company’s services are entirely inaccessible, and employees are unable to complete work, signaling impending financial implications for the company.
Individual Risk: No personal information was compromised in the breach.
Customers Impacted: Unknown Effect On Customers Business: Ransomware attacks are incredibly costly. Not only are companies tasked with either paying a pricey ransom or acquiring IT support to restore their information, but the brand erosion, opportunity cost, and reduction in productivity all compound the costs. Since there is no cheap way to recover from such an attack, establishing a robust defensive posture is the only advantageous way forward.
Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
Avantia Cyber Security & ID Agent to the Rescue: With BullPhish ID, MSPs can provide a more complete picture of a company’s security posture and potential risk, transforming the weakest links of an organization into their strongest points of protection. Find out how you can get started towards strengthening your Cyber Security posture. Call 07 30109711 (Office Hours) to find out more.
POSTSCRIPT: Italian Precision Engineering Companies Hit with Spear Phishing Campaign
Italian precision engineering companies are the latest victims of spear phishing attacks that trick employees into compromising personally identifiable information, login credentials, or other sensitive data. The attacks are arriving in employees’ inboxes disguised as authentic-looking inquiries from potential customers. The emails appear with a seemingly innocuous Microsoft Excel spreadsheet that actually contains a fileless trojan capable of capturing users’ credentials. The Excel spreadsheet is filled with lists of spare parts, real catalog codes, and other ordering information, making the attacks especially difficult to identify. In addition, the emails are being sent under the guise of international textile producers, a viable client for precision engineering companies. Currently, only a fraction of antivirus software detects credential stealing malware, which underscores the importance of cybersecurity best practices for protecting company data. Holistic employee awareness training equips employees to spot phishing scams and trains them to follow cybersecurity best practices with a simple, streamlined solution.
Google Has Access to Personal Health Information of Millions of US Patients
Recently Google partnered with Ascension - one of the largest health systems in America - but did so quietly. This partnership allows Google access to all of Ascension's patients' data. Ascension operates 150 hospital 21 states. The effort was code named "Project Nightingale," and has allowed some Google employees access to data including names, birth dates, addresses, family members, allergies, immunisations, radiology scans, hospitalisation records, lab tests, medications, medical conditions, and even some billing records. The current agreement does not appear to be a violation of HIPAA (Health Insurance Portability and Accountability Act). Google has been looking to expand their health information efforts, including plans to acquire Fitbit. However, Google has responded to the news of the partnership to say the data will not be used other than to assist Ascension medical providers.
Australian Cybersecurity Personnel Are On the Verge of Burnout
For companies around the world, the threat of a data breach is becoming ever-present. This reality is especially pronounced in Australia, where cybersecurity professionals are reporting fatigue and burnout as they battle the litany of threats facing their companies. According to the 2019 Asia Pacific CISO Benchmark Study, the burnout rate among Australian organisations is more than double the global average of 30%. In total, 69% of Australian organizations are receiving more than 100,000 cybersecurity alerts every day, significantly higher than the global average. At the same time, the survey, which polled 2,000 information-security professionals, found that Australian organisations were slower to respond to data breaches than companies in other countries. Such behavior compounds costs, as 84% of Australian businesses that experienced a data breach admitted that the expenses exceeded $1 million, a significantly higher sum than other countries in the region. SMEs are already struggling to hire sufficient cybersecurity personnel, so supporting IT professionals is a critical component of any company’s cybersecurity initiatives. Fortunately, they don't have to do it alone. The supportive services like Avanti Cyber Security with their CS Partners can augment capabilities lightening the load on in house cybersecurity professionals.
Disclaimer*: Avantia Corporate Services Pty Ltd and Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, and up to 56 other countries who provide cyber breach and cyber security information to us in real time. Given their international focus and experience in the cyberspace arena we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the contents accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.
*COPYRIGHT 2019 Avantia Corporate Services - All Rights Reserved.
3,000,000