CYBER VULNERABILITIES MANAGEMENT - WHAT IS IT AND DO YOU NEED IT?
THIS PAST WEEK:
What Is Cyber Vulnerability Management?; Ransomware attacks on businesses are on the increase; the Australian Government wants the power to run Cyber-Response for businesses under attack; The EMOJET BOTNET malware upgrade has added an Email attachment stealer; 1,050 Data Breaches reported to the Australian Privacy Commissioner in the past 12 months; Carnival can’t sail out of a ransomware attack; Instacart has a second security stumble Rising breach penalties include legal troubles for a former Uber executive; Meet Graphus: a fresh automated phishing defense solution that’s the perfect addition to our digital risk protection platform as well as Major Breaches in UNITED STATES; CANADA; UNITED KINGDOM; INDIA; SOUTH AFRICA; AUSTRALIA.
The Dark Web’s Top Threats this past week:
Top Source Hits: ID Theft Forum
Top Compromise Type: Domain
Top Industry: Education & Research
Top Employee Count: 500+
________________________________________________________________________
WHAT IS CYBER VULNERABILITY MANAGEMENT AND DO YOU NEED IT?
Some people still believe their IT infrastructure is unflawed simply because they’ve never experienced a cybersecurity incident – until something goes wrong and the company becomes the victim of a malware attack or a serious data leak. This is why proactively finding security flaws and minimizing loopholes is an utter necessity for organisations large and small, which is where vulnerability management comes into play. Vulnerability Management aims to simplify your overall cybersecurity. However, for some security specialists, it still turns out to be an exercise in frustration. First, for context, we will take a look at some basic concepts related to Vulnerability Management. The International Organization for Standardization defines vulnerabilities as follows: “In the contexts of information technology and cybersecurity, a vulnerability is a behavior or set of conditions present in a system, product, component, or service that violates an implicit or explicit security policy. A vulnerability can be thought of as a weakness or exposure that allows a security impact or consequence.” Exploited vulnerabilities may lead to the disturbance of IT systems, potentially resulting in expensive data breaches and service disruptions.This brings us to the definition of vulnerability management: Vulnerability Management refers to the security practices that proactively identify, prevent, mitigate, and classify vulnerabilities within an IT system, being an important part of any cybersecurity strategy.
Vulnerability Management 2019-2020 Statistics - In recent years, the number of documented vulnerabilities has skyrocketed. With businesses utilising more and more devices and tools and due to the accelerated growth of the Internet of Things, it’s no surprise that security vulnerabilities have also followed in their footsteps. Below are some eye-opening vulnerability management stats, that will hopefully paint a quick picture of today’s security landscape. There have been 10363 security vulnerabilities (CVEs) published so far in 2020. In 2019 there were 16033. SkyBox Security stated that: The number of new vulnerabilities found in Windows increased by 66% between 2018 and 2019, which made Microsoft’s operating system the most vulnerable in the industry. The top ten vulnerabilities by the number of associated malware programs are each used by around 50 types of malware. The most used one, CVE-2018-8174 (dubbed DoubleKill), is currently being leveraged by 62 such malicious programs.
The Service ‘Now 2019’ Security study found that:
60% of breaches were related to unpatched vulnerabilities.
There was a 34% increase in weekly costs spent on patching compared to 2018.
There was 30% more downtime in 2019 due to delays in patching vulnerabilities.
On a more positive note, it’s reassuring to see that companies are starting to recognize the importance of having a vulnerability management process in place. Based on the 2019 SANS Vulnerability Management Survey:
84% of respondents have created a vulnerability management program.
25% perform weekly or more frequent vulnerability scanning.
82% of those who patch do it on a monthly or more frequent basis.
Why Vulnerability Management is crucial : As you can probably already tell by now, vulnerability management should not be missing from any organization, as it enables you to efficiently manage the dangers posed by unaddressed flaws found in IT environments. In cybersecurity, exploits represent a serious aspect that should not be ignored. In short, exploits are malicious programs that capitalise on vulnerabilities in applications or operating systems. These vulnerabilities threaten both enterprises and consumers, which is why vendors frequently release updates to address them. What’s more, exploits often open the way for malware (such as Trojans, spyware that can steal sensitive information, ransomware that will lock up your systems, etc.) allowing it to further spread on vulnerable endpoints. In the cybercriminal world, exploit kits are commonly sold in underground marketplaces, which makes it easy for malicious actors to conduct attacks. Exploits generally target software such as Microsoft Office, Adobe Flash, Java, etc., which are oftentimes left unpatched. Cyber-crime development and related threats are pushing companies to spend more on cybersecurity. As part of an organization’s attempt to monitor threats, a vulnerability detection mechanism must be included, which would allow an enterprise to have access to an ongoing analysis of its IT systems’ weaknesses. Apart from instilling basic security hygiene measures in your company (such as training your employees to be vigilant when downloading and opening email attachments from unknown senders), reducing the dangers of exploit-based attacks always starts with regular patching. For regulatory and compliance reasons, most companies do periodically upgrade their software/operating systems. However, all those who fail to apply their patches in a timely manner not only become uncompliant and are likely to face high fines, but also subject themselves to serious cybersecurity risks. Along with all newly-released security updates, vendors also typically issue details on how each addressed vulnerability could be leveraged in the real-world. Using this knowledge, cybercriminals may create subsequent exploits and initiate attacks on vulnerable devices that have not been updated yet. The new patches will protect machines against threats based on documented vulnerabilities. However, there is also the risk of zero-day vulnerabilities – which are flaws only known by the attackers who abuse them and yet unknown and unpatched by the vendor. As mentioned above, patching is the first recommended step that prevents exploits. The second one is traffic filtering and scanning that prevents communication with command & control servers. How are vulnerabilities discovered? In all organisations, vulnerabilities can be both known and unknown. A good vulnerability management process should cover all potential vulnerabilities and their impact on a company. Vendors and 3rd parties (independent security researches/pentesters/users/etc.) must always disclose vulnerabilities in a proper manner to avoid the risk of cyber attackers taking advantage of them. Developers do their utmost to develop stable software, but might not always be able to detect all vulnerabilities in a product before the go-to-market date. Postponing the release is not always an option, so businesses will oftentimes launch the software and then push the security updates (also known as patches) later on, as bugs are discovered. For instance, Microsoft releases a batch of security updates on a monthly basis (commonly referred to as Patch Tuesday, as the security fixes are published on the second Tuesday of each month). We cover the topic in this section of our blog – make sure to check it out if you are a Microsoft user!In any case, it’s crucial that those who discover vulnerabilities cooperate, come up with solutions, and release the patches – and if applicable, also publish a temporary workaround for companies unable to install the updates as soon as possible (even though this practice is highly not recommended).
According to the International Organization for Standardisation (ISO/IEC 29147:2018), the main objectives of vulnerability disclosure should include the following:
Reducing risk by solving vulnerabilities and communicating the potential impact on users.
Minimizing disclosure-related risks and costs.
Offering the appropriate information to users so they can evaluate risks caused by vulnerabilities.
Defining standards to promote collaboration and communication between stakeholders.
Nevertheless, please keep in mind that the procedures described above are aimed at reducing threats, expenses, and impact on everyone involved and that they should not be treated as a fixed process. Each vendor should adapt them on a case by case basis, in accordance with their needs. What should Vulnerability Management include? Vulnerability Management is an ongoing, proactive prevention mechanism that should include steps like:
Vulnerability scanning – network scanning, firewall logging, penetration testing, or using an automated tool like a vulnerability scanner.
Finding vulnerabilities – analyzing the results of your vulnerability scans and firewall logs and searching for anomalies that may prove an attack has taken place in your environment.
Checking vulnerabilities – determining how the bugs found may potentially be abused on computers, software, networks, etc. It often requires the assessment of a vulnerability’s magnitude and the danger it poses to the company.
Mitigating vulnerabilities – deciding how to prevent the vulnerabilities’ exploitation prior to patches being released.
Patching vulnerabilities – the most important part of a vulnerability management process is actually remediating vulnerabilities through patching.
Now that you’ve grasped the importance of managing your organization’s vulnerabilities, here are some steps that you will hopefully benefit from when setting up your vulnerability management process.
#1. Define your objectives - The main objective of any vulnerability management exercise will be finding and mitigating vulnerabilities as quickly as possible. Then, you should establish secondary objectives, such as determining the frequency of your vulnerability scanning. One of the mistakes encountered in vulnerability scanning is not conducting this process regularly, which leaves your company exposed if any vulnerabilities linger too long without being detected. Thus, if scanning is performed in a timely fashion, the risks will be highly reduced.
#2. Define the roles within your organisation - Another important aspect you should take care of is assigning roles and responsibilities and clearly defining all stakeholders’ roles in the vulnerability management process. Everyone involved must comprehend the need for such a process. For an effective vulnerability management process, CISA proposes the following types of roles to be assigned in an organization:
Monitoring roles – the people responsible should analyze the severity of vulnerabilities, log the vulnerability information into a repository, and alert the remediation team.
Remediation roles – employees in charge should perform actions such as analyzing the impact of patches on the organization and developing in-house workarounds to the vulnerability (if none are available).
Authorization roles – they are part of the change management process personnel and should undertake corrective actions to determine if there may be any adverse effects.
#3. Choose a reliable Vulnerability Management tool - The vulnerability management procedure, from vulnerability discovery to remediation, should become as automated as possible. This way, operations will be more effective and repetitive tasks and processes will be reduced, allowing staff to focus on other essential tasks. Thanks to an automated approach, businesses will be able to efficiently mitigate vulnerabilities that pose threats, while avoiding unnecessary damage to business operations. Automated vulnerability management tools allow you to monitor your infrastructure continuously and assess the status of your environment in real-time.
#4. Assess the effectiveness of your vulnerability management program - Maintaining and supporting a continuous vulnerability management program allows an organization to assess the effectiveness of its vulnerability discovery, analysis, and mitigation, and provides guidance in future decision-making. You should always make the necessary adjustments in your processes along the way, ensuring that your company maintains an exhaustive understanding of its critical assets and keeps its infrastructure secured.
Conclusion - One legacy of implementing a vulnerability management process will be less stress for IT teams and enhanced security for your organization. Join us in the race to patch all newly-discovered vulnerabilities and avoid unnecessary interruptions caused by cyber-attacks, which never seem to be slowing down, not even during the current global crisis. It’s up to you whether your vulnerability management journey will be a tale of failure or success – it only depends on how you approach it.
RANSOMWARE ATTACKS ON BUSINESSES ARE RISING
Ransomware, one of the biggest security problems on the Internet today, is a type of malware that encrypts data, on anything from your PC to entire networks and servers, and then holds that data for ransom until specified demands are met, usually some form of financial payment. Those financial payments can range from hundreds to thousands to even millions of dollars. For anyone, including businesses, the effects of a ransomware attack can be devastating and the road to recovery long and costly. The July 2020 ransomware attack on multinational tech company, Garmin, provides a pertinent example of the type of devastation just such an attack can cause. The tech giant reportedly paid a $10 million ransom fee in order to get the decryption key that would give it back its data. Not surprisingly, however, the depth of the attack’s impact is still unclear, as the damage caused by a ransomware attack goes beyond the cost of the ransom fee. For Garmin, the attack also crippled its website and disrupted its online services for millions of users, including the Garmin Connect service, which syncs user activity and data to the cloud. In addition, the cyber attack also downed Garmin’s communication, aviation navigation, and route-planning services. Of course, Garmin is by no means the only large business to suffer such a serious ransomware attack. There have been scores of them. For example, Cognizant, another multinational tech company, suffered a ransomware attack just a few months prior. Although the company claims that only their internal network and not its customer systems were impacted by the attack, its recovery and mitigation costs are still estimated to be as high as $50 to $70 million. Ransomware might be big business, but small businesses are big targets Yet, it’s not just large businesses that are under attack. While ransomware attacks on big corporations like these are headline grabbers, owners of small businesses should not let those types of headlines lull them into thinking that criminals will not target them. In fact, quite the opposite is true: industry experts report that 71% of ransomware attacks target small businesses. Indeed, some hackers prefer to target small businesses because they have the valuable data, but rarely the resources or know-how to withstand an attack. Furthermore, ransomware is big business now: ransomware-as-a-service can even be purchased on the dark web making it easier and easier for cyber criminals to target any business they want, large and small alike. And the attacks keep coming The fact is, neither large businesses nor small businesses can afford to be complacent about their cybersecurity especially now. Ransomware attacks are on the rise and so are the ransom fees. According to nytimes.com, in 2019 there was a 41% increase in ransomware attacks over the previous year and the average payment for regaining access to the encrypted files more than doubled. The FBI also reported that ransomware attacks have become ‘more targeted, sophisticated, and costly’. In addition, recovery costs, which rise in relation to the sophistication and duration of an attack, have gotten higher too. According to forbes.com, the average cost of recovery from a ransomware attack more than doubled in the last quarter of 2019 alone. Recovery costs include such things as hardware repair and replacement, lost revenues, damage to reputation, notification and reporting costs etc. Of course, recovering from a ransomware attack also means removing the ransomware. But the question is can ransomware be removed? Fortunately, it can; an advanced cybersecurity product can detect and remove ransomware and disinfect your devices, although removal doesn’t guarantee that you’ll get all of your files back. The better approach is to establish a strong security posture before you’re attacked. This means following password best practices, creating a strong security work culture through employee training and awareness programs, and installing an advanced endpoint security solution that, among other features, has an anti-ransomware shield. No time for complacency Ransomware has been around for a long time, even long enough to have developed a history. And over the course of that history, the world has come to hear about many large-scale ransomware attacks with far-reaching and devastating consequences. The success of these attacks has only served to invigorate and motivate hackers to launch more of them. When it comes to cybersecurity, therefore, this is no time for complacency. Businesses must take a strong security posture, or risk the consequences.
AUSTRALIAN GOVERNMENT WANTS THE POWER TO RUN CYBER-RESPONSE FOR BUSINESSES UNDER ATTACK:
Australia’s Government has proposed giving itself the power to take over private enterprises’ response to cyber-attacks on critical infrastructure. A new Consultation Paper titled Protecting Critical Infrastructure and Systems of National Significance [PDF] notes that critical infrastructure is vulnerable to cyber attack, that such attacks are already happening and that the nation needs a plan so that if something nasty happens – like a hack taking out energy suppliers - other industries don;t go down like dominoes. The government’s plan is mostly to define more industries as critical infrastructure and make them “legally obliged to manage risks that may impact business continuity and Australia’s economy, security and sovereignty”. The government proposes to develop baselines that critical industries can use to help them meet their obligations. But a few recommendations are rather more spicy, among them the suggestion that when an attack is detected “ …. Government be able to provide reasonable, proportionate and time-sensitive directions to entities to ensure action is taken to minimise its impact.” Or the government could just kick the infrastructure operator out of the driver’s seat and take control. “In an emergency, we see a role for Government to use its enhanced threat picture and unique capabilities to take direct action to protect a critical infrastructure entity or system in the national interest,” the paper suggests. “These powers would be exercised with appropriate immunities and limited by robust checks and balances. The primary purpose of these powers would be to allow Government to assist entities take technical action to defend and protect their networks and systems, and provide advice on mitigating damage, restoring services and remediation.” Another says that critical infrastructure operators must not be allowed to hack back, but should “be empowered to take necessary, preventative and mitigating action against significant threats.” Under such circumstances, critical infrastructure operators should be given “appropriate immunities to ensure they are not limited by concerns of legal redress for simply protecting their business and the community.” The document is a consultation paper and therefore exists to generate debate. Justin Warren, an Australian IT consultant who serves global clients and is a keen observer of Australian Government IT policy, believes the document over-reaches. “Most of the document is vague platitudes,” he said. But he thinks it is also worrisome because the definition of an “emergency” that would allow government intervention is broad. “It requires you make guesses about the likely future behavior of this and future governments,” he said. Noting recent flimsy government oversight of other sectors in Australia, and harm that followed, he also raised the point that if infrastructure is sufficiently critical that it must be forced to comply with government regulations and permit government intervention, it should perhaps be run by the government. “The document foresees a situation so bad that you need to qumsi-nationalise a piece of infrastructure,” he said
THE EMOJET BOTNET MALWARE UPGRADE HAS ADDED AN EMAIL ATTACHMENT STEALER
Emotet's massive botnet was dormant for several months, but on July 17th, 2020, it suddenly rumbled back to life. It started spewing out massive numbers of phishing emails aimed at installing Trickbot payloads on anyone unfortunate enough to open one of their poisoned emails. The emails are often described as invoices, manifests, and the like. In recent days, security researchers have noted that Emotet has begun swapping Trickbot payloads out with QakBot payloads, which include the use of the ProLock ransomware strain. Whichever payload is deployed, however, security researchers have noticed something else. Emotet got another upgrade. The upgrade takes the form of an email attachment stealer. Once installed on a target system, it will scan that target's inbox and sent folders looking for email attachments. The malware isn't picky, and will take anything, copying whatever files it finds and sending them to the command and control server so it can recycle and reuse the attachments on future phishing emails. This may not sound like it, but is actually a devastatingly effective strategy. By using live files, the phishing emails gain a further air of authenticity. The data those files contain looks legitimate because it is legitimate in that the file was generated by someone working for a corporation and sent around to others for review. Worse, Emotet doesn't show any signs of slowing down. This week, based on statistics compiled by the interactive malware analysis platform AnyRun, Emotet was ranked as the malware threat of the week. It was measured by uploads, with nearly ten times the total uploads as njRAT, which claimed the #2 spot. Given the size of the Emotet botnet, this is definitely a threat to be mindful of. Make sure your IT staff are aware of the large scale, ongoing phishing campaign by the botnet and be sure to remind all employees not to open any email attachments unless they're absolutely certain where they're coming from.
1,050 DATA BREACHES REPORTED TO AUSTRALIAN PRIVACY COMMISSIONER IN THE PAST 12 MONTHS.
The total number of reported data breaches in Australia for the 2019-20 financial year totaled 1,050, the first of two half-year reports from the Office of the Australian Information Commissioner (OAIC) has shown. For the six months spanning January to June 2020, 518 breaches were notified under the Notifiable Data Breaches (NDB) scheme, down 3% from the 532 reported in July to December 2019. 124 of those breaches occurred during May, the most reported in any calendar month since the scheme began in February 2018. Most of these were attributed to human error, but OAIC said it has yet to identify a specific cause for the increase, explaining in its report [PDF] it was not aware of any evidence that suggested the increase was related to changed business practices resulting from COVID-19, given that notifications across the period were otherwise broadly consistent with longer term trends. Malicious or criminal activity accounted for 317 notifications during the reported period. Attacks included cyber incidents such as phishing and malware, data breaches caused by social engineering or impersonation, theft of paperwork or storage devices, and actions taken by a rogue employee or insider threat, the OAIC said. The majority of cyber incidents during the reporting period were linked to malicious actors gaining access to accounts either through phishing attacks or by using compromised account details. Compromised credentials were the case for 133 notifications, ransomware attack for 33 notifications, and "hacking" for 29. With ransomware this year taking out beverage company Lion and logistics giant Toll, twice, the OAIC report highlighted they weren't alone, with 33 cases of ransomware reported from January to June 2020. Data breaches resulting from human error was the case for 176 breaches from January through June, with personal information sent to the wrong recipient via email accounting for 68 of those cases. In two cases, a fax with personal information was sent to the wrong recipient. There was a loss of paperwork or storage device on 14 of the reported occasions. System faults accounted for 5% of data breaches during this reporting period. The health sector is again the highest reporting sector, notifying 115 breaches, and finance is next down the line, notifying 75 breaches had occurred during the six-month period. Education reported 44, insurance 35, and legal, accounting, and management services reported 26 breaches. Most NDBs in the period involved the personal information of 100 individuals or fewer. In one instance, the number of individuals affected was over 10 million. The OAIC noted that in counting individuals affected, it also took into consideration the global presence of the reporting entity. In 84% of reported instances, contact information such as an individual's home address, phone number, or email address was breached, while over a third of all breaches notified during the period involved identity information such as passport number, driver license number, or other government identifiers. Data breaches notified in the six-month period also involved tax file numbers; financial details, such as bank account or credit card numbers; and health information. The OAIC said there have been multiple instances of incomplete notifications of data breaches where entities may not have fully met their obligations with regard to the content of the notification to individuals affected by a data breach.
______________________________________________________________________________
THREAT FOCUS: Cooke County, Texas - UNITED STATES
Exploit: Ransomware
Cooke County, TX: Municipal Government
Risk to Business: 1.972 = Severe - Attackers claimed to have used REvil ransomware on July 4 in a ransomware attack on the Cooke County Sheriff’s Office (CCSO). In the resulting in a data breach, cybercriminals snatching personal identification information from an internal database. The compromised data came from either CCSO reports or cases going back several years. The gang posted their typical announcement about the hack showing data folders with filenames that appeared to reflect archived case files as well as current cases, including a threat that the files would be uploaded in seven days. Individual Risk: 2.201 = Severe - While no financial information was reported as stolen, PII was involved in the breach – not to mention potentially damaging or embarrassing legal records.
Customers Impacted: 2,000+
How it Could Affect Your Business: Ransomware is most commonly delivered via a phishing email, although cybercriminals are expanding their use of phishing through messaging and SMS text.
Breach Risk Levels
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.
Avantia Cyber Security & ID Agent to the Rescue: Teach staffers to spot phishing attempts fast with BullPhish ID. We continually update our plug-and-play phishing kits so that you can continually update your training against today’s biggest threat. Find out more by phoning Avantia on 07 30109711 or Email info@avantiacorp.com.au
THREAT FOCUS: University of Utah - UNITED STATES
https://www.zdnet.com/article/university-of-utah-pays-457000-to-ransomware-gang/?&web_view=true
Exploit: Ransomware
University of Utah: Institution of Higher Learning
Risk to Business: 2.077 = Severe - Netwalker ransomware appears to be the culprit in a data breach at the University of Utah. The school reportedly paid a ransomware gang $457,059 in order to avoid having student information released online. The hack occurred on July 19, and the cybercriminals gained access to the network of the university’s College of Social and Behavioral Science [CSBS].
Individual Risk: 2.224 = Severe - Even when a ransom is paid, there’s never proof that the gang really did destroy the stolen data, instead of copying it or selling it. Students should be aware of this data being used in spear phishing attempts. Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware is a persistent and pernicious threat to any business. Paying the criminals doesn’t guarantee the safety of stolen data – but blocking the initial attack does.
Breach Risk Levels
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate
Risk Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.
Avantia Cyber Security & ID Agent to the Rescue: Ransomware often makes its way into company inboxes in the form of a phishing email. Why not stop that email from ever arriving with our NEWEST addition to our digital risk protection platform: Graphus, a smart AI-driven automated phishing defense solution so unique that it uses a patented algorithm to learn how businesses communicate for exactly the protection they need. Call Avantia on 07 30109711 or email info@avantiacorp.com.au
THREAT FOCUS: Instacart - UNITED STATES
Exploit: Unauthorized Access to Data
Instacart: Grocery Shopping and Delivery Service
Risk to Business: 1.775 = Severe - In a statement posted to its website, Instacart has announced that it has suffered another data breach, less than a month after a breach that was widely reported in the media containing user account data. This time, two employees at a third-party service provider accessed accounts that they shouldn’t have, exposing customer information again.
Individual Risk: 2.821 = Moderate - Instacart’s forensic investigation did not find any evidence the two support agents had downloaded or digitally copied data from its systems. The company’s contract with the third-party vendor has been terminated, and impacted accounts have been notified via email.
Customers Impacted: 2,180
How it Could Affect Your Business: Although the pandemic will continue to drive their business as people who are unable to shop in person flock to the service, in other circumstances this would assuredly cause customer dissatisfaction, especially after the information for 278,531 Instacart accounts turned up in a Dark Web marketplace after the first one.
Breach Risk Levels
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.
Avantia Cyber Security & ID Agent to the Rescue: Third party risk is a problem that every business faces today. Ensure that business credentials are monitored and protected from endangering companies if they end up in a Dark Web data dump as a result of a third party data breach. Protect your business against Dark Web compromise with a FREE Real Time Dark Web Credential search by calling Avantia on 07 30109711 or Email info@avantiacorp.com.au
THREAT FOCUS: Freepik - UNITED STATES
Exploit: Unauthorized Database Access (Hacking)
Freepik: Photo and Graphic Library
Risk to Business: 1.903 = Severe - Photo and graphics giant Freepik the security breach occurred after hackers were able to exploit an SQL vulnerability to gain access to one of its databases storing user data. The unidentified cybercriminals gained access to usernames and passwords for the oldest accounts registered on the Freepik and Flaticon websites, impacting millions of users.
Individual Risk: 2.782 = Moderate - Potentially affected users have been notified via email the company reports that impact varies per account. Not all users had passwords associated with their accounts. The company estimates that number at 4.5 million users who used federated logins (Google, Facebook, or Twitter) to log into their accounts. For the remaining 3.77M users the attacker got their email address and a hash of their password. For 3.55M of those users, the method to hash the password was bcrypt. For 229K users, the method was salted MD5. Since the attack, all users have been updated to bcrypt.
Customers Impacted: 8.3 million
How it Could Affect Your Business: It pays to guard old data too by updating storage security and access security. Many of the oldest databases and accounts involved in this incident had never had their security updated and it had long since become obsolete, making it easier for hackers to break in and steal.
Breach Risk Levels
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.
Avantia Cyber Security & ID Agent to the Rescue: Protect access points to data and systems with Passly, state-of-the-art security that minimizes threats by minimizing the openings that criminals can use to get at your data – but maximizing the identity and access management controls that keep that data safe. Call Avantia today on 07 30109711 or Email info@avantiacorp.com.au for more information.
THREAT FOCUS: Carnival Corporation - UNITED STATES
Exploit: Ransomware
Carnival Corporation: Cruise Line
Risk to Business: 1.903 = Severe - Carnival has released a statement noting that on August 15 attackers “accessed and encrypted a portion of one brand’s information technology systems,” and that the intruders also downloaded files from the company’s network. preliminary assessment of the incident, Carnival said it expects that the attackers gained access to some guest and employees’ personal data, but it is still investigating the incident. This is Carnival’s second breach this year after another breach was disclosed in March. Individual Risk: 2.312 = Severe - The investigation into exactly what data and what kind of data was stolen is ongoing. Carnival expects that both passenger and employee data has been impacted, but has offered no specifics. Anyone who has traveled on a Carnival cruise and staffers should be wary of phishing and identity theft attempts.
Customers Impacted: Unknown
How it Could Affect Your Business: Protection from ransomware starts with protection from phishing – including adding automated phishing protection and phishing resistance training to your security stack.
Breach Risk Levels
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.
Avantia Cyber Security & ID Agent to the Rescue: Our digital risk protection platform packs a punch to protect your data from phishing threats through the combined power of BullPhish ID and Graphus. For more information please call Avantia on 07 30109711 or Email info@avantiacorp.com.au
THREAT FOCUS: Royal Military Colleges - CANADA
https://globalnews.ca/news/7283754/student-financial-rmc-data-leak-cyber-attack/?web_view=true
Exploit: Ransomware
Royal Military Colleges – Military Training Higher Education System
Risk to Business: 2.045 = Severe - A DoppelPaymer ransomware incident was reported last month affecting Canada’s military college system. Now that data from the Royal Military College (RMC) of Canada has appeared on the Dark Web this week. The Department of National Defense (DND) did not confirm the leak contains RMC information. Reports from analysts who have seen the data say that the files appear genuine and include student progress reports and acceptance letters, as well as a myriad of financial documents like tax receipts and budgets for various departments.
Individual Risk: 2.603 = Moderate - No personally identifiable information or financial data for students appears to have been affected. Financial data appears to be concentrated in official channels. Exposure of student disciplinary records could potentially be embarrassing, and data could be used for spear phishing or blackmail attempts
Customers Impacted: Unknown
How it Could Affect Your Business: No institution is immune to phishing – not even a huge government entity with access to cutting-edge technology and training. Every business of every size needs phishing resistance training.
Breach Risk Levels
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.
Avantia Cyber Security & ID Agent to the Rescue: Add phishing resistance training to your must-have solutions list to empower employees to remain aware of trouble in order to spot, stop, and report phishing attacks fast. Call Avantia for more information on 07 30109711 or Email info@avantiacorp.com.au
THREAT FOCUS: Canpar Express - CANADA
https://www.theregister.com/2020/08/24/in_brief_security/?&web_view=true
Exploit: Ransomware
Canpar Express: Shipping and Logistics
Risk to Business: 2.175 = Severe - Canadian logistics giant Canpar Express is just beginning to dig out from a ransomware attack that shut down some company capability last week. Extensive website outages including an inability to schedule pickups or deliveries led to many frustrated commercial and private customers, and they complained expensively on social media about delayed shipments and a lack of information. As of publication time, service had not yet been restored, and the company’s website contains only one page announcing the attack, with no estimated time of recovery listed.
Individual Risk: There is no information available about what (if any) information was stolen in this attack.
Customers Impacted: Unknown
How it Could Affect Your Business: A complete lack of communication on the company’s part is not soothing any tempers, and what little information has been made available doesn’t disclose any details or an expected recovery timeline, making customers feel disregarded.
Breach Risk Levels
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.
Avantia Cyber Security & ID Agent to the Rescue: Protecting companies from ransomware starts with protecting them from phishing with Graphus. The smart AI learns and grows to provide just the right protection for every unique business. Call Avantia now on 07 30109711 or Email info@avantiacorp.com.au
THREAT FOCUS: Myerscough College - UNITED KINGDOM
https://www.bbc.com/news/uk-england-lancashire-53822246?&web_view=true
Exploit: DDos/Hacking
Myerscough College: Institution of Higher Learning
Risk to Business: 2.707 = Moderate - In what had to be the most frustrating end-of-school saga possible for students and teachers, Myerscough College suffered a brutal denial of service attack that it said “severely damaged all IT infrastructure” on exam results day. The college’s systems were so badly impacted that everything was taken offline, with staff only able to be contacted through social media. Students were eventually able to recover test results after staffers manually emailed their grades.
Individual Risk: No sensitive data or financial information was reported as stolen, but the incident is still under investigation. Customers Impacted: Unknown
How it Could Affect Your Business: An attack this crippling will not just impact the teachers and students involved, it will incur a significant recovery and rebuilding cost.
Breach Risk Levels
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.
Avantia Cyber Security & ID Agent to the Rescue: Protect access to systems and data with a multifunctional secure identity and access management solution like Passly. Get protection that goes to work on day one and deploys in days, not weeks, to protect data and systems in a flash. Call Avantia on 07 30109711 or Email info@avantiacorp.com.au
THREAT FOCUS: SnapFulfil - UNITED KINGDOM
https://www.theregister.com/2020/08/20/snapfulfil_ransomware_attack/?&web_view=true
Exploit: Ransomware
SnapFulFil: Warehouse Management Software Developer
Risk to Small Business: 1.407 = Extreme - In an email to customers last week, UK logistics software developer SnapFulFil reported that it had suffered a ransomware attack, shutting down operations for at least one customer, with other customers potentially impacted as well. There was no report of what data or systems were affected, and the developer claimed to be making upgrades that would protect clients from further harm.
Individual Risk: No personal information was reported as stolen in this incident.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware can shut down your business completely, causing chaos for customers and damaging your professional reputation. A total systems shutdown will not help burnish the reputation of a company that specializes in warehouse management software.
Breach Risk Levels
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.
Avantia Cyber Security & ID Agent to the Rescue: Protecting a business from ransomware requires many tools these days. Our suite of digital risk protection solutions is ready to help businesses fight back against cybercrime like ransomware. Call Avantia on 07 30109711 and let us show you how.
THREAT FOCUS: RailYatri - INDIA
https://www.infosecurity-magazine.com/news/travel-site-exposed-37m-records/?&web_view=true
Exploit: Unsecured Database
RailYatri: Travel Facilitation Website
Risk to Business: 1.791 = Severe - Cybersecurity researchers discovered Elasticsearch server without password protection or encryption on August 10 containing 43GB of customer and corporate data before it was deleted by the infamous “Meow” attacker. An estimated 37 million records linked to around 700,000 unique users of the popular site and a mobile app had data exposed including users’ full name, age, gender, physical and email addresses, mobile phone numbers, booking details, GPS location and names/first and last four digits of payment cards.
Individual Risk: 2.227 = Severe - The data exposed in this breach could create an opportunity for identity theft, spear phishing attempts, or other social attack driven cybercrime. Users should reset their account password and stay alert for fraud attempts.
Customers Impacted: 700,000+
How it Could Affect Your Business: Unsecured databases continue to be a problem, and with new cyberattacks like MeowBot that don’t just lock up data but delete it, guarding against intrusions like this is crucial to prevent unrecoverable data disasters.
Breach Risk Levels
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.
Avantia Cyber Security & ID Agent to the Rescue: Passly provides extra protection for data by creating fewer, more controlled pathways for access through individual staff Launchpads that allow IT teams to quickly manage permissions and add or remove access anytime, anywhere. Learn more by calling Avantia Cyber Security on 07 30109711
THREAT FOCUS: Experian - SOUTH AFRICA
Exploit: Phishing (Impersonation Scheme)
Experian: Credit Rating and Monitoring Firm
Risk to Business: 1.394 = Extreme - In an audacious impersonation scheme, a hacker convinced staffers at Experian that they were a client who should be allowed to access consumer data to create insurance and credit-related marketing leads, enabling them to obtain information about 24 million citizens and 794,000 businesses. The hacker has been apprehended and the devices used confiscated. Experian maintains that no financial or sensitive data was compromised, but the incident and the extent of the damage is still being investigated.
Individual Risk: 1.591 = Severe - At this time, Experian is not reporting that any sensitive financial or personal data was stolen, but this is an incident that could have long-reaching implications for South African consumers and businesses, and there is no guarantee that PII or financial data wasn’t compromised. Consumers and businesses should use caution in communications around financial topics and be alert for fraud, identity theft or spear phishing attempts
Customers Impacted: Unknown
How it Could Affect Your Business: Handing out information to hackers in a conversation is just as bad as opening an infected email attachment – they’re both phishing, one’s just dressed up differently. Failing to update employee training to raise awareness of phishing dangers that go beyond suspicious email attachments (especially now that messaging and SMS are popular formats for phishing attacks) opens companies up to disasters like this one.
Breach Risk Levels
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.
Avantia Cyber Security & ID Agent to the Rescue: Guard against phishing by training staffers to stay alert for all kinds of phishing attempts from impersonation schemes to malicious PDFs with BullPhish ID. We update our plug-and-play training kits and videos monthly to assure that training stays up-to-date. Find out more by calling 07 30109711
THREAT FOCUS: Canva - AUSTRALIA
Exploit: Unauthorized Systems Access
Canva – Digital Design Platform
Risk to Business: 1.667 = Sever - Digital design powerhouse Canva found itself in hot water this week as hackers accessed the platform and used it to facilitate spear phishing attacks. Canva unwittingly provided phishing campaigns with graphics that then made the threat actors’ attacks appear more legitimate to facilitate pilfering credentials through social engineering trickery. The problem was first noted in February but has accelerated since. The hack may be related to a significant May 2019 data breach that Canva has not confirmed but was widely reported.
Individual Risk: 2.776 = Moderate - At this time, Experian is not reporting that any sensitive financial or personal data was stolen, but this is an incident that could have long-reaching implications for South African consumers and businesses, and there is no guarantee that PII or financial data wasn’t compromised. Consumers and businesses should use caution in communications around financial topics and be alert for fraud, identity theft or spear phishing attempts
Customers Impacted: Unknown
How it Could Affect Your Business: Information that is stolen in a breach can end up on the Dark Web and reverberate for years. That data can be used in many ways by cybercriminals to capitalize on the results of cybercrime in phishing attacks, credential stuffing, and more.
Breach Risk Levels
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.
Avantia Cyber Security & ID Agent to the Rescue: Dark Web ID monitors employee credentials and specially protected email addresses to ensure that you’ll know which direction danger might be coming from. See the power of Dark Web ID’s Threat Exposure Reporting to see how you can protect your data. Call Avantia on 07 30109711 for a free demo.
______________________________________________________________________________
POSTSCRIPT
Meet Graphus.
We’ve just added a fresh solution to our digital risk protection platform to help defend businesses from today’s biggest threat – phishing. Meet Graphus, a unique automated phishing defense solution. Here are the critical things that you need to know about Graphus: This automated phishing defense solution is smart – it uses a patented smart AI to evolve an algorithm that learns from a company’s communication patterns to help guard against potential phishing emails landing in inboxes. The 3 pillars of the Graphus defense system add layered protection between staffers and potentially malignant phishing emails.
TrustGraph® automatically detects and quarantines any malicious emails that break through an organization’s email security platform or existing Secure Email Gateway (SEG).
EmployeeShield® alerts intended recipients of a potentially suspicious message by placing an interactive warning banner at the top that allows users to quarantine or mark the message as safe with a single click.
Phish911™ empowers employees to proactively report suspicious and unwanted emails for IT departments to investigate.
Get superior short-term and long-term protection as it evolves to keep up with new threats.
Simple deployment and operation that seamlessly meshes with Office 365 and GSuite.
There’s simply nothing else on the market like Graphus. Learn more about Graphus and how it can provide advanced protection against phishing danger for you and your clients by calling Avantia Cyber Security on 07 30109711 today.
Healthcare Breaches Climb As Attackers Branch Out
When we think about a healthcare data breach, we’re often thinking about someone stealing payment information or PII from a healthcare facility. But that’s not all hackers are looking for anymore, and they’re ranging far outside the usual setting to find the information that they want – leading to a huge cybersecurity headache for healthcare organizations.
Just last week, hackers launched ransomware attacks against a device manufacturer and several healthcare providers, and they weren’t just targeting patient information – they were also looking for treatment and testing data related to COVID-19, a hot commodity on the Dark Web.
Hackers target Research Data.
Recently, hackers were able to secure a $1.14 million ransom from The University of California San Francisco after successfully landing a ransomware attack that encrypted the COVID-19 research data at their medical school, and drug manufacturers like Gilead have also had research data targeted.
Healthcare breaches have surged since the start of 2020 – Department of Health and Human Services’ HIPAA Breach Reporting Tool website shows 302 major health breaches impacting nearly 8.7 million individuals have occurred so far in 2020. So how can you protect your clients?
The Stakes Are Rising As Breach Penalties Expand
The former CSO of Uber was charged with obstruction of justice and misprision of a felony this week for his role in an alleged coverup of the notorious 2016 data breach which impacted an estimated 57 million individuals. What does that mean for companies that suffer a breach now, and what can you do to reduce your breach risk?
Breach penalties have been steadily increasing worldwide as regulators and lawmakers respond to public pressure to hold executives and companies to account that play fast and loose with data protection or attempt to cover up incidents. and the penalties aren’t just monetary – legal implications for executives and companies are becoming more common, especially if companies are uncooperative in investigations.
So what can you do right now to prevent a costly data breach? Add a secure identity and access management solution. A solution like Passly that combines multi-factor authentication, secure shared password vaults, single sign-on, and simple remote management increases your company’s compliance with data safety best practices and protocols while also protecting your systems from cybercrime.
Adding better protection against hackers is essential for protecting not only your data, but it’s also essential for protecting your business. Between the exorbitant cost of recovery and the regulatory nightmares that can follow a sensitive data breach, investing in a secure identity and access management solution now to guard your gateways is a small price to pay for greater peace of mind.
______________________________________________________________________________
AVANTIA CYBER SECURITY - PARTNER FOCUS
TrustGraph®: Advanced, Patented AI Technology. TrustGraph® analyzes over 50 different attributes of your employees’ communications, including the devices they use, who they message most, what time of day they communicate, and so on. The powerful AI uses this data to create profiles of trusted relationships. TrustGraph® then compares incoming communications to these profiles to detect and prevent sophisticated phishing, spear phishing, and business email compromise attacks.
FOR MORE INFORMATION ON GRAPHUS AI DEFENSE GRADE CYBER SECURITY, PLEASE CONTACT AVANTIA CYBER SECURITY
ON +61 7 30109711 / info@avantiacorp.com.au
_____________________________________________________________________________
DISCLAIMER*
Avantia Corporate Services Pty Ltd T/A Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, other members of the 5 Eyes Alliance, the Australian Cyber Security Centers, and other sources in 56 countries who provide cyber breach and cyber security information in real time. Given their international focus and experience in the cyberspace arena we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the contents accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.