top of page
  • Avantia Threat Update



This past week it was revealed that US Institutions are investing in AI development of Chinese Spyware to spy on their Citizens; medical information continues to be an easy target for hackers; Microsoft fesses up to the futility of expiring password rules and phishing scams become increasingly difficult to defend*

This Past Week’s Top Dark Web Compromises:

Top Source Hits: ID Theft Forums Top Compromise Type: Domain Top Industry: Construction & Engineering Top Employee Count: 11 - 50 Employees

This Past Week’s Top Targeted Industries:*

Software Hits: 178 | Targets: McAfee, Symantec, Evite, Upbit, Google

Information Technology Hits: 114 | Targets: Symantec, Twitter, Google, Apple, Microsoft

Cybersecurity Hits: 92 | Targets: McAfee, Symantec, Trend Micro, Verizon, Lockheed Martin

Finance Hits: 89 | Targets: PayPal, Upbit, Equifax Inc, Western Union, HSBC Bank

Software Hits: 81 | Targets: McAfee, Upbit, Trend Micro, Citrix Systems, Epic Games

This Past Week’s Top Threat Actors:*

Hezbollah Hits: 41 | Targets: Israel, Syria, Lebanon, Iran, United States

Outlaw Hits: 28 | Targets: SSH

FIN8 Hits: 24 | Targets: POS devices, US Hotel, United States, InfoSec, MorphiSec

Lizard Squad Hits: 18 | Targets: Xbox Live, Sony Corp, PlayStation Network, Malaysia Airlines Flight 370, Facebook

Equation Group Hits: 14 | Targets: Microsoft Windows, Iran, Microsoft Windows Xp, Microsoft Windows 7, Russia

This Past Week’s Top Malware Exploits:*

Wcry Hits: 24 | Targets: Boeing, Microsoft Windows, United Kingdom, Bitcoin, National Health Service

PyLocky Hits: 17 | Targets: Python, France, Microsoft Windows, Europe, Germany

Mirai Hits: 16 | Targets: Internet of Things, Deutsche Telekom, Germany, United States, Home Routers

WinPot Hits: 14 | Targets: Malware, ATM, Teller

Cutlet Maker Hits: 14 | Targets: Russia, Cutlet, Dark Web, Microsoft, ATM



US Universities And Retirees Funds Are Fuelling The Technology Behind China’s Surveillance State*

Millions of dollars from US university endowments, foundations, and retirement plans have helped fund two billion-dollar Chinese facial recognition startups: SenseTime and Megvii. The Chinese government is using their technologies to surveil and profile its own citizens. Princeton University and the US’s largest public pension plan are among a number of US organizations funding technology behind the Chinese Government’s unprecedented surveillance of some 11 million people of Muslim ethnic minorities. Since 2017, Chinese authorities have detained more than a million Uighur Muslims and other ethnic minorities in political re-education camps in the country’s northwest region of Xinjiang, identifying them, in part, with facial recognition software created by two companies: SenseTime, based in Hong Kong, and Beijing’s Megvii. A BuzzFeed News investigation has found that US universities, private foundations, and retirement funds entrusted their money to investors that, in turn, plowed hundreds of millions of dollars into these two startups over the last three years. Using that capital, SenseTime and Megvii have grown into billion-dollar industry leaders, partnering with government agencies and other private companies to develop tools for the Communist Party’s social control of its citizens. Also among the diverse group of institutions helping to finance China’s surveillance state: the Alaska Retirement Management Board, the Massachusetts Institute of Technology, and the Rockefeller Foundation all of which are “limited partners” in private equity funds that invested in SenseTime or Megvii. And even as congressional leaders, such as Sen. Marco Rubio of Florida, have championed a bill to condemn human rights abuses in Xinjiang, their own states’ public employee pension funds are invested in companies building out the Chinese government’s system for tracking Uighurs. “The story here is why private equity firms and venture capitalists are aiding the government of China, which has a history of surveilling and curtailing behavior deemed inappropriate to the goals of the Communist Party,” said one US-based technology investor, who declined to be named for fear of ruining business relationships. Being a limited partner is “not an excuse” for ignorance, he added, noting that any organization deploying millions of dollars should bear some of that responsibility. In statements to BuzzFeed News, SenseTime and Megvii distanced their technologies from what’s happening in the region and downplayed the significance of US funding. “SenseTime’s success in original AI research and commercialization has attracted top-tier investors from around the world,” the company said in a statement, which also noted that it welcomed regulation of facial recognition tools. “We have always been committed to fair and responsible applications of AI technology and we take this duty of care seriously.” Megvii told BuzzFeed News its “solutions are not designed or customized to target or label ethnic groups. We are concerned about the well-being and safety of individuals, not about monitoring any particular demographic groups. ”Recently, the US has been ramping up its trade war against China. In the last few weeks, the Trump administration has increased tariffs on certain Chinese goods by $200 billion, kneecapped telecoms giant Huawei with an executive order, and considered banning several Chinese technology manufacturers from working with US companies, according to reports. US institutional investors, however, remain financially entangled with China’s facial recognition leaders. An analysis by BuzzFeed News of known private equity and venture capital investors in the two largest Chinese facial recognition companies shows that US dollars are facilitating the Communist Party’s surveillance of ethnic minorities. BuzzFeed News used PitchBook, a private equity research outfit, and combed through public financial disclosures to understand which institutions committed capital to firms that ended up backing SenseTime and Megvii. While the data is incomplete — not all limited partners are required to publicly disclose their investments in venture or private equity firms — it paints a stark picture of the US organizations that stand to benefit financially as these startups grow and expand their government work. BuzzFeed News identified six prominent universities and at least 19 public pension plans or retirement systems that have an indirect interest in at least one of the two companies. When asked if they were aware their money was indirectly funding the surveillance of Uighurs, most institutional investors did not respond to BuzzFeed News’ requests for comment. Some declined to comment. Only one, the Los Angeles County Employees Retirement Association (LACERA), responded on the record saying it would evaluate its investment. That Chinese authorities have deployed SenseTime and Megvii technologies in Xinjiang is hardly a secret. A recent study found code from Megvii's Face++ platform in a mobile app that tracked the personal details and whereabouts of citizens of Turkic Muslim descent. That code was never actively used in that instance of the app, but Megvii has been unable to explain why it is there. Media reports have described SenseTime’s joint security ventures in Xinjiang, while BuzzFeed News also found the company partnered with Infinova, a New Jersey–based security camera manufacturer that provides surveillance systems to Xinjiang officials. Authorities have used software and devices from those firms to effectively create a police state in the region, which is home to more than 11 million Uighurs. Experts and US government officials estimate that at least a million Muslim and religious minorities are currently detained in internment camps, while those who’ve escaped have reported being subjected to torture, abuse, and political indoctrination. Sen. Mark Warner of Virginia, a long-standing critic of the Chinese government, called the oppression in Xinjiang “a wake-up call” to companies on how advanced technologies can be used for nefarious purposes. “It is disturbing that American companies, researchers, and investors are helping facilitate grave human rights abuses in Xinjiang,” he told BuzzFeed News. One Silicon Valley venture capitalist, who also requested anonymity for fear of jeopardizing business relationships, told BuzzFeed News human rights issues like those in Xinjiang may not be a consideration for institutional investors in private equity funds. “As long as [limited partners] are making money, no one will care about human rights violations,” he said. “Do you think CalPERS cares as long as they’re making money?” CalPERS or the California Public Employees’ Retirement System, the US’s largest public pension fund with more than $350 billion in assets, declined to comment for this story

Microsoft admits expiring-password rules are useless*

Microsoft has admitted that one of the great scourges of our time, the password reset rule, is bunk. "When humans are assigned or forced to create passwords that are hard to remember, too often they'll write them down where others can see them," Microsoft's Aaron Margosis said in a blog post Wednesday. Worse, Margosis wrote, when people are forced to change their passwords, too often they make a "small and predictable alteration to their existing password" so they won't forget it. Microsoft isn't the first to ring this alarm. Security experts and normal thinking people have complained for years that mandatory password changes aren't worth the trouble. Two years ago, the Federal Trade Commission (FTC) said it was time to rethink this practice. "It is important to assess the risks and benefits for your organization, as well as alternative ways of increasing security," the FTC said in a blog post. And that was after the National Institute of Standards and Technology (NIST) criticized the practice a decade ago. Microsoft's blog post introduced a broader set of "baseline" security settings that Microsoft may decide to recommend to companies that use its computer management software. Think of them as defaults of a sort. Unfortunately, Microsoft isn't simply yanking the password reset feature, which would be the humane thing to do. In the end, it'll still be up to your company's tech team whether to listen to reason or continue living in the security Stone Age. It's worth noting that Microsoft isn't changing recommendations around the way we create passwords. In fact, tech giant recommends companies increasingly ban typical bad passwords, and force employees to use multifactor authentication. But make no mistake, Microsoft, whose Windows software powers nearly 80% of the world's computers, has finally seen the light. "Periodic password expiration is an ancient and obsolete mitigation of very low value," Margosis said.

Apple Unveils Privacy-Focused Authentication System*

Apple announced at its 2019 Worldwide Developers Conference a new authentication system that should provide better privacy protections compared to similar products from Facebook and Google. The new Sign in with Apple system is advertised as fast, secure and privacy friendly. It allows users to sign in to a third-party application with their Apple ID, while making it more difficult for apps to track them. Developers can add the Sign in with Apple button to their applications and users only need to tap it in order to authenticate via FaceID with a new account. The apps can request the user’s name and email address, but the new sign-in system allows them to hide the real email address and instead provide a randomly-generated address from where emails are forwarded to the user. According to Apple, the new authentication mechanism works on iOS, macOS, tvOS and watchOS, and it can also be added to websites and apps running on other platforms. Sign in with Apple is expected to become available for beta testing during the US summer. Once it becomes generally available later this year, developers will be required to add it to apps that support third-party logins. "After witnessing Netflix customers and Amazon partners having their account hacked, this new feature from Apple is a much needed step in the right direction toward safer web commerce,” commented Shlomi Gian, CEO at CybeReady, a provider of autonomous cyber security awareness. “One area that would still remain vulnerable has to do with consumer behavor toward phishing as there are still too many instances where consumers literally give away their credentials to hackers unintentionally. Increased awareness might be the only way to reduce risk in the foreseeable future.” However, some security experts are skeptical of Apple’s privacy-related claims. “This feels like the exact same thing we already have, but with a promise from Apple that they will be nice,” Chris Morales, head of security analytics at threat detection and response firm Vectra, told SecurityWeek. “Google once had the slogan ‘don’t be evil’. It is all big companies trying to be the central point of authentication. I’m sure it works great, however, I think the privacy angle is more geared towards marketing than anything else.” Apple also announced on Monday that its upcoming iOS 13, which should be launched this year, will also include some privacy-focused enhancements, such as making it easier for users to prevent apps from tracking their location.



Exploit: Enumeration attack PayID: Digital payment platform Risk to Small Business: 2.111 = Severe: PayID offers its users a simple way to send and receive money, allowing them to register their phone number or email address as a payment mechanism. Unfortunately, this also allowed hackers to perpetrate an enumeration attack, which involves changing letters or numbers at random until the account is identified, revealing personal information that could be used to commit fraud. In this case, a security vulnerability will slow the proliferation of a highly-touted and convenient technology, and it underscores the importance of understanding the unique threat landscape manifesting around emerging technologies.

Individual Risk: 2.857 = Moderate: Users’ bank account numbers were not compromised in this attack, but hackers did gain access to user nicknames, email addresses, or phone numbers. PayID users should closely monitor their accounts for suspicious activity, and they need to be aware that this information can quickly spread on the Dark Web where it is fodder for fraudsters who deploy the information in a variety of ways.

Customers Impacted: 100,000

Effect On Customers: Savvy setups and swift functionality can be a big boon for any company, but security can’t be compromised in the name of user experience. However, both concepts don’t have to be mutually exclusive. Partnering with a Cyber Security Expert can provide the insights necessary to protect your digital infrastructure. Perhaps more importantly, having a game plan for helping customers navigate the difficult waters after a data breach can help all parties recover as quickly as possible.

Risk Levels: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

THREAT FOCUS: Australian National University – AUSTRALIA*

Exploit: Unauthorized network access Australian National University: National research university located in Canberra, Australia Risk to Small Business: 1.444 = Extreme Risk: Hackers gained access to the university’s network, compromising the personal information of current and former staff and students. Security researchers concluded that the breach was conducted by unsophisticated hackers, meaning that this breach was likely preventable or at least containable. Instead, the university will now have to spend to upgrade its security standards while also providing support services to hundreds of thousands of victims. Collectively, it’s a reminder that the costs of a strong defence far outweigh the consequences of a data breach.

Individual Risk: 2.286 = Severe: Hackers gained access to 19 years of student and staff records, providing them with names, addresses, dates of birth, phone numbers, personal email addresses, emergency contact details, tax file numbers, payroll information, bank account details, passport details, and academic records. While more detailed financial information, like credit card numbers, were not impacted, the extensive amount of personal information collected on such a sizable number of people will make this information valuable on the Dark Web. Those impacted need to attain identity and credit monitoring services while also examining their accounts for suspicious activity.

Customers Impacted: 200,000

Effect On Customers: Any data breach can be devastating for a company and its customers, but the scope of this compromise signals an immediate need to quickly and effectively contain the breach and to make reparations. When valuable personal information is compromised, this response needs to include providing credit, identity, and Dark Web monitoring services to ensure that any negative repercussions are mitigated.

Risk Levels: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

THREAT FOCUS: The Football Association Of Ireland – IRELAND*

Exploit: Unauthorized server breach The Football Association of Ireland: The governing body for the association of football in Ireland. Risk to Small Business: 2.555 = Moderate Risk: Hackers gained access to the association’s servers, disabling their email and causing them to pour money into new cybersecurity initiatives. Fortunately, the organization’s ticket sales are conducted through a third-party merchant, and personal data is stored off-site, preventing the breach from being more extensive. However, because of the organization’s lax cybersecurity standards, they will now have to allocate more money to making repairs and positioning themselves for the future.

Individual Risk: 3 = Moderate Risk: While personal and financial information related to ticket sales were spared from this breach, hackers did have access to the organization’s email server, which could compromise personal information. Therefore, those impacted by the breach should monitor their accounts for unusual activity and create new, stronger passwords across logins.

Customers Impacted: Unknown

Effect on Customers: A strong cyber defence is critical for organizations of any size and industry. However, their response to a data breach is a close second. In this case, understanding what happens to the information accessed in the data breach can provide employees or customers to have confidence in the integrity of their personal information or credentials. Additionally, implementing cybersecurity training and awareness programs can stop potential compromises in their tracks by empowering your company’s front line: the staff.

Risk Levels: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

THREAT FOCUS: Eurofins Scientific – GERMANY*

Exploit: Ransomware Eurofins Scientific: Laboratory that provides testing for pharmaceutical, food, environmental, agriscience, and other industries

Risk to Small Business: 2.555 = Moderate Risk: Eurofins Scientific was forced to take several of its IT systems offline when malware gained access to the system. Although personal data wasn’t compromised in the breach, business processes have been interrupted, and IT teams are now tasked with upgrading protections and restoring affected systems from backups.

Individual Risk: No personal information was compromised in the breach.

Effect On Customers: Today’s cybersecurity landscape contains ever-evolving threats, and every company needs to take a dynamic approach to their security initiatives. When it comes to protecting your digital infrastructure, today’s defences might not be adequate tomorrow. Small and mid-size businesses should consider collaborating with third-party Cyber Security providers to ensure that their standards are sufficient before they endure the financial and reputational cost of a data breach.

Risk Levels: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

THREAT FOCUS: Opko Health – USA*

Exploit: Unauthorized network access Opko Health: Medical testing company focused on diagnostics and pharmaceuticals Risk to Small Business: 1.666 = Severe:: A data breach at the company’s former collections vendor has compromised personal information for hundreds of thousands of the company’s customers. The lab recently switched its collections services to another provider and requested that the compromised collections agency stop pursuing requests on its customers. Despite the fact that the breach originated with a third-party provider, Opko Health is now responsible for restoring order and supporting their customers in the aftermath of the breach.

Individual Risk: 2.288 = Severe: This particular incident is incredible in its scope and duration. Unauthorized activity occurred between August 1, 2018 and March 30, 2019, and hackers gained access to customers’ names, credit card numbers, bank account information, email addresses, addresses, phone numbers, and account information.

Customers Impacted: 422,600

Effect On Customers: Even when data breaches don’t originate on-site, a holistic response plan is critical. Not only do companies need to re evaluate the cybersecurity priorities of their 3rd party partners, they must train their employees to avoid such an incident from ever occurring. Working with a qualified Cyber Security Expert that leverages identity monitoring solutions can help mitigate the damage of a data breach.

Risk Levels: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

THREAT FOCUS: Quest Diagnostics – USA*

Risk to Small Business: 1.556 = Severe: A collection firm partnering with Quest Diagnostics encountered a data breach that directly impacted nearly 12 million of the lab’s patients. In response, Quest is partnering with a third-party cybersecurity organization to ensure proper breach notification standards are followed. Even though the event precipitated at a separate organization, Quest Diagnostics will bear the financial and reputational burden of a data breach that has compromised the most sensitive information in people’s lives: the type that is related to their health.

Individual Risk: 2.286 = Severe: The scope of this incident is astounding, and it includes patient information, financial data, social security numbers, along with other medical data. While test results were not included in the breach, this extensive trove of valuable information can quickly make its way to the Dark Web, and those impacted by the breach should attain the services necessary to know what happens to their information after it’s compromised.

Customers Impacted: 11.9 million

Effect On Customers: Caring for customers in the wake of a data breach should be any company’s top priority. Although Quest Diagnostics is working diligently to notify those impacted by the breach, much more is required to adequately make reparations. Since sensitive personal information has a significant market on the Dark Web, providing services to help customers understand what happens to their data is an excellent place to start.

1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

THREAT FOCUS: Lewes Board Of Public Works – USA*

Exploit: Software vulnerability Lewes Board of Public Works: Public works department in Lewes, Delaware Risk to Small Business: 1.666 = Severe: The Department of Homeland Security notified the Lewes Board of Public Works that a software vulnerability allowed hackers to copy customer information from their network. The board responded by isolating their customer information system and developing improvements to prevent a similar attack in the future. It’s unclear why the board’s own cybersecurity apparatus didn’t identify the threat, requiring a federal agency to intervene and communicate knowledge of the breach. Now, the board is faced with repairing its reputation while ensuring that their customers can successfully protect their personal data and financial information.

Individual Risk: 2.429 = Severe: Hackers gained access to customers’ personal information including their names, email addresses, payment card information, bank account details, account numbers, and more. Those impacted by the breach are encouraged to monitor their credit card and banking statements for possible misuse and to reset their account passwords.

Customers Impacted: Unknown

Effect On Customers: Customers shouldn’t be expected to navigate a data breach on their own. Despite their public communication, the Lewes Board of Public Works hasn’t offered any services to support customers impacted by the breach. By providing adequate assistance or showing initiative through awareness and training, companies can ensure that their customers can recover from a breach. In a world that is becoming increasingly cyber-vigilant, this can have the dual benefit of restoring brand reputation and trust in the wake of a cybersecurity incident.

Risk Levels: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

THREAT FOCUS: Broome County – USA*

Exploit: Credential harvesting phishing email Broome County: Local government in the Binghamton, New York metropolitan area Risk to Small Business: 2 = Severe: A phishing email compromised the email and PeopleSoft accounts of several county employees, ultimately exposing sensitive personal information and impacting the county’s payroll system. The county became aware of the breach on January 2nd, when hackers attempted to change an employee’s direct deposit information. In this case, a simple security vulnerability now requires the county to absorb the costs of post-breach management, a fee that is considerably higher than proactively training employees and implementing safeguards. Such a recommendation seems like a no-brainer, especially when analysing the modest budgets of many local government systems.

Individual Risk: 2.571 = Moderate: The breach compromised data from 13 different agencies and third-party affiliates, including names, dates of birth, contact details, social security numbers, financial information, credit card information, medical record numbers, patient identification numbers, diagnosis and treatment, and health insurance credentials. Anyone affiliated with the impacted departments should immediately seek identity and credit monitoring services. Moreover, since the hackers attempted to alter an employee’s direct deposit information, those impacted should monitor their records for abnormalities.

Customers Impacted: Unknown

Effect On Customers: Phishing scams are quickly becoming normative for local governments and SMBs. In this case, a single phishing scam had cascading consequences for a local government, which is now tasked with repairing its technological infrastructure while undergoing the arduous process of restoring the constituents’ confidence in their data stewardship. Since phishing scams are entirely preventable, partnering with a third-party training solution is a veritable must-have in today’s digital environment.

Risk Levels: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.



Phishing Scams Are Getting More Sophisticated*

Phishing scams, already a significant headache for companies of all sizes, are becoming more complicated. A recent study found that nearly half of all phishing attacks are polymorphic, meaning that they can implement slight but significant changes to multichannel formats and become more difficult to detect or prevent.

For instance, polymorphic phishing scams will use different email addresses, content, subject lines, sender names, or other features. Therefore, recipients are forced to fend off various versions of the same attack.

Phishing scams, which are frequently used to deliver malicious malware and ransomware, rely on users’ ambivalence to be successful, and they are defendable with proper training and preparation (like Avantia’s) from qualified Cyber Security experts. With polymorphic phishing scams on the rise, yesterday’s technical safeguards are being bypassed through sophistication, and the importance of cybersecurity awareness continues to grow in magnitude.

Unpatched Vulnerabilities Are a Top Threat*

Today’s cybersecurity landscape is incredibly daunting, and SME Owners and IT administrators have a tough job on their hands. One of their most significant tasks, according to a recent study, is patching security vulnerabilities and getting their employees to update their software.

Different organizations take unique approaches to this problem, including scanning for vulnerabilities, running simulations, and collaborating with Cyber Security Experts to identify and solve possible pain points, but the challenge is ubiquitous throughout all sectors and among companies of all sizes.

Taken together, more than 1/4 of organizations endured a data breach because of an unpatched vulnerability, highlighting their need for technical support in this area.

To put it simply, it’s challenging enough to account for the multifaceted cybersecurity challenges facing organizations every day; don’t let solved problems be the reason for failure. Get the support you need from your Cyber Security Expert to ensure that your defensive posture is as strong as possible.


*Disclaimer: Avantia Corporate Services Pty Ltd and Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, and up to 56 other countries who provide cyber breach information to us in real time. Given their international focus and experience in the cyberspace arena we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the contents accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.

bottom of page