Search
  • Avantia Threat Update

Cyber threat to Climate Change...

Updated: Nov 9, 2018


Is this what we want to leave future generations?

This week, medical data is on the menu for hackers; The link between Cryptomining Malware and Climate Change; The best of Ransomware and Facebook - at it again……..


Dark Web Data Trends this past week*

Total Compromises: 2,368

Top PIIs compromised: Domains (2,366)Hashed/Cleartext Passwords (36,617)

Top Company Size: 11-50

Top Industry: High-Tech & IT


Top Targeted Industries: this past week*

· Finance: Hits: 684 | Targets: HSBC Bank, HSBC Holdings PLC, PayPal, Equifax Inc, JPMorgan Chase & Co.

· Banking: Hits: 630 | Targets: HSBC Bank, HSBC Holdings PLC, JPMorgan Chase & Co., State Bank of Pakistan, Silkbank

· Software: Hits: 297 | Targets: Yahoo, Electronic Arts Inc, GitHub, Google, JPMorgan Chase & Co.

· Mortgage Sellers: Hits: 272 | Targets: HSBC Holdings PLC, JPMorgan Chase & Co., Regions Financial Corp., SunTrust Banks

· Mortgage Companies: Hits: 272 | Targets: HSBC Holdings PLC, JPMorgan Chase & Co., Regions Financial Corp., SunTrust Banks


Top Threat Actors this past week:

· Inj3ct0r Team: Hits: 51 | Targets: WordPress, Joomla, Twitter, Apache HTTP Server, Symantec

· APT28 Fancy Bear: Hits: 11 | Targets: Democratic National Convention, Democratic National Committee, United States, Germany, United States Senate

· Anonymous Italy: Hits: 7 | Targets: Italian Home Office, Italy, Vatican City, Forza Nuova, Best Union

· Anonymous Venezuela: Hits: 5 | Targets: Venezuela, United States, GNB, Caracas, Rosario

· Al Qassam Cyber Fighters: Hits: 5 | Targets: United States, American Express, Bank of America, JPMorgan Chase & Co., SunTrust Banks


Top Malware Discoveries this past week:

· FlyAgent: Hits: 39

· Zegost: Hits: 24 | Targets: Microsoft Windows, Adobe, Microsoft Internet Explorer, Government of Nepal, Honeypot

· Iot Botnet: Hits: 18 | Targets: Huawei Routers, Huawei Technologies, Peer To Peer, D-Link, Internet of Things

· Stuxnet: Hits: 18 | Targets: Iran, North Korea, Industrial Control Systems, SCADA and ICS Products and Technologies, United States

· Pegasus: Hits: 10 | Targets: Apple Mac Os X, Android, Mexico, Apple iPhone, iOS


In Other News:


The Link between Cryptomining Malware and Climate change*

Cryptomining Malware is a new form of malware that uses the resources of compromised (infected) computers, servers and hosting accounts to generate cryptocurrencies like Bitcoin and Litecoin. Before a coin can be created, miners have to demonstrate “proof of work,” which involves computationally intensive mathematical operations which suck enormous amounts of power off the grid.


Ransomware and Cryptomining malware are the biggest trends in malware and it is shows little signs of slowing down. After new cryptomining malware samples grew 629% to more than 2.9 million samples in the first quarter of 2018, their growth continued; in the second quarter total samples grew by 86% with more than 2.5 million new samples.


When Katie Taladay, (author of the report published in Nature Climate Change recently) first proposed analysing Bitcoin’s carbon emissions from the energy used to mine Cryptocurrency, many thought she was kidding. What came from the analysis floored the research team. From the paper: “Reducing emissions to keep warming below 2ºC is already regarded as a very difficult challenge given the increasing human population and consumption as well as a lack of political will. Then came Bitcoin. Bitcoin alone could push global temperatures over the 2ºC catastrophic threshold by 2034 if the cryptocurrency gets adopted at the same pace as other broadly used technologies” she said,


Crypto mining malware is on the rise and the explosive growth of cryptomining activity is accelerating climate change through electricity consumption.


The continuous cryptocurrency block chain mining cycle incentivises people all over the world to mine Bitcoin. As mining can provide a solid stream of revenue, people are very willing to run power-hungry machines to get a piece of it. Over the years this has caused the total energy consumption of the Bitcoin network to grow to epic proportions, as the price of the currency reached new highs.


The entire Bitcoin network now consumes more energy than a number of countries, based on a report publishedby the International Energy Agency.


As regions and nations run short of water due to Climate Change, World Bank economist Richard Damania says, economic growth will decline and food prices will spike, raising the risk of violent conflict and waves of large migrations.

Read the full article here: https://www.linkedin.com/pulse/what-legacy-technology-leave-future-generations-paul-nielsen/


Hackers are Bundling. Well, it’s nearing the end of the year. You know what that means: it’s time for the ‘best of 2018’ collections to start coming out. One category is Best of Ransomware. Yes, there is a ‘best of the year’ collection for cybercriminals. To the surprise of no one, the ransomware collection is being sold on the Dark Web, but there are many surprising elements to the bundle.

First off, the fact that the year’s most dangerous ransomware variants are being sold as a package deal at a reduced price should show the... professionalism… of the Dark Web marketplaces, as strange as it is to use that word to describe cybercriminals. This crime-as-a-service model is nothing new, but this bundle is undoubtedly a step above the norm. There are 23 ransomware variants included in the bundle, including SamSam. Yes, the notorious SamSam ransomware virus is included in the bundle. If you don’t know what SamSam is, it is a variant of ransomware that is infamous because of the high-profile targets it has been used against and because until now, it was under lock and key deployed only by a highly specialised group. This bundle is not for an inexperienced hacker. An unskilled hacker would find difficulty putting most of the bundle to use. The bundle will be removed from the marketplace after sold 25 times, according to the seller, although it is unclear why this is the case. Don’t let one of the hackers who buys this bundle use it against your business!


Facebook’s Folly Private messages between Facebook users are for sale, and there’s no shortage. 81,000 users’ private messages were accessed by a hacker who is now attempting to sell them on the Dark Web, some for as low as 10 cents per account. Facebook has been ravaged by hacks over the last year, and the social media juggernaut appears to still be having issues with securing its platform.


Threat Focus: NorthBay Healthcare Corporation USA Exploit: Supply chain vulnerability. NorthBay Healthcare Corporation: A healthcare organization based in Portland, Oregon. Risk to Small Business:1.666 = Severe: An organization that is unable to secure the data of those applying for a job could scare away potential applicants as well as customers. Individual Risk: 2.285 = Severe: Those affected by this breach are at an increased risk of identity theft. Customers Impacted: Those who applied to the organization between 2012 and May 2018. Effect on Customers: A supply chain breach can damage customer trust in an organization, and while NorthBay Healthcare is offering identity monitoring services for those affected, it will not undo what has already happened. Risk Levels: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


Girl Scouts of America – USA

Exploit: Compromised email account. Girl Scouts of America: The preeminent leadership development organization for young girls in the United States. Risk to Small Business:1.667 = Severe: A breach that exposes medical history can foster distrust between a customer and an organization. Individual Risk: 2 = Severe: Those affected by this breach are at an increased risk for identity theft and fraud. Customers Impacted: 2,800 members. Effect On Customers: This breach could damage the reputation of any business or organization, and in this case could push away current members of the organization and scare away new potential members. Risk Levels: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


POSTSCRIPT:

Like dog bites, the negative impact of cyber incidents can go from bad to worse quickly—and the first 48 hours are critical. Here are four areas to consider when attacks occur:


Assess the scope and scale of the impact: Discovering a cyber incident can be a challenging time for any company but calling on an incident response (IR) team can help. Typically, an IR team would begin an engagement with a scoping or triage call to get a better understanding of what’s happened. They would need to know what activity has been identified, what technology is used in the environment, and whether any external parties have been involved, for example, solution vendors or law enforcement organisations.


Plan and act to limit damage: Following an initial assessment, the IR team would meet with a system administrator, IT manager, or a member of Senior Management he to define objectives for the first 24, 48, 72 hours, and the longer term.

The IR team’s efforts generally focus on the basics—getting critical systems up and running, restoring normal operations, expelling the attacker. Dependent on the type of incident, these workstreams could include data collection, acquisition of memory and hard drive images, and log and triage-level analysis. Of course, incidents are highly stressful, meaning they are rarely , straightforward or issue-free. For example, a company may have never looked at the data that the IR team is requesting or, worse, does not know where the data exists within the environment, in which case the team may need to spend precious hours working with the company to identify the location.

Be aware of the big picture: A common mistake many organizations make is trying to respond to an incident without first understanding its full scope. Too often, initial steps to block an attacker or “contain” an incident can backfire and give attackers the advantage. For example, if an attacker senses an intervention, he could easily embed deeper into the environment and become harder to track and stop.

Adversaries who make the effort to get into an organization will make even more effort to maintain their foothold. To improve cyber resilience, it’s imperative for organizations to gather as much intelligence about an incident as possible, and to feed that intelligence back into an overall security program.


Expect the unexpected: Every company, environment, and incident is different. Some companies will have a more mature cybersecurity model and better understanding of their environment, making the IR team’s job easier, while others will need a lot of help to navigate the crisis.

Like seasoned emergency room doctors, IR professionals have “seen it all”; they are calm in a crisis and can apply their knowledge and skills to put things right. So, although many of us like to think that cyber incidents can resolve themselves, the truth is that seeking professional help from the outset is more likely to deliver the best outcomes—not to mention the peace of mind that comes from acting fast.




If you don’t have an Incident Response Strategy or a Disaster Recovery Plan or require a complete Certified Cyber Security Risk Assessment call Paul Nielsen, Certified Cyber Security Advisor, on 07 3010 9711 for assistance.




Consider this: When you think about Cyber Security think about the ones you care the most about – your family. If you have children or young adults using Smartphones, Tablets or Laptops consider their vulnerability. Do you want to put their digital selves in the hands of pedophiles, scammers and cyber criminals. The purchase of children’s digital credentials (username/password) is big business on the Dark Web. Check out our inexpensive Individual or Family monitoring service – it’s a ‘no brainer’ for your peace of mind. CLICK HERE FOR PRICING



* Disclaimer: Avantia Corporate Services Pty Ltd provides the content in this publication to the reader for general information only and has compiled the content from a number of sources in the USA and up to 56 other countries who provide cyber breach information to us in real time. Given their international focus and experience in the cyberspace arena we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the contents accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.

Subscribe below to receive our weekly Threat Updates straight to your inbox.

Call (07) 3010 9711 

info@avantiacorp.com.au

 

Avantia Corporate Services Pty Ltd,                    Level 7, 320 Adelaide Street

Brisbane, Queensland 4000

AUSTRALIA.

  • LinkedIn Social Icon
  • Facebook Social Icon

DISCLAIMER*: Avantia Corporate Services Pty Ltd and Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, and up to 56 other countries who provide cyber breach and cybersecurity information to us in real-time. Given their international focus and experience in the cyberspace arena, we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the content's accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.

*COPYRIGHT 2020* Avantia Corporate Services  PTY LTD - All Rights Reserved.

© 2020 by Avantia CORPORATE SERVICES . All Rights Reserved.