top of page
  • Avantia Threat Update


Updated: Jun 29, 2019


This past week, ‘The Donald’ strikes back with a cyber attack, ransomware shuts down multiple healthcare providers, hackers keep phishing at Australian Schools & Universities, Chinese Crypto Jacking software flourishes and Canadian Cybersecurity is under the pump*.

This Past Week’s Top Dark Web Compromises*:

Top Source Hits: ID Theft Forums Top Compromise Type: Domain Top Industry: Construction & Engineering Top Employee Count: 1 - 10 Employees

This Past Week’s Top Targeted Industries*:

Finance Hits: 331 | Targets: Western Union, Coinbase, Equifax Inc, Desjardins Group,

Software Hits: 128 | Targets: Google, Electronic Arts Inc, Expedia Group Inc., Rackspace Hosting, Inc., Fujitsu

Information Technology Hits: 125 | Targets: Google, Sabre Corporation, Expedia Group Inc., Rackspace Hosting, Inc., Fujitsu

Software Hits: 76 | Targets: Electronic Arts Inc, Rackspace Hosting, Inc., Fujitsu, Tata Consultancy Services, DXC Technology Software Hits: 76 | Targets: Electronic Arts Inc, Rackspace Hosting, Inc., Fujitsu, Tata Consultancy Services, DXC Technology

Consumer Electronics Hits: 74 | Targets: Hewlett Packard Enterprise Co., Telefonaktiebolaget LM Ericsson, Quantum Corporation, Fujitsu, HP

This Past Week’s Top Threat Actor*:

Ministry of State Security (China) Hits: 73 | Targets: HP, United States, Hewlett Packard Enterprise Co., Australia, Marriott International

Hezbollah Hits: 41 | Targets: Israel, Syria, Lebanon, Iran, United States

Inj3ct0r Team Hits: 21 | Targets: WordPress, Joomla, Twitter, Apache HTTP Server, SCADA and ICS Products and Technologies

APT33 Hits: 19 | Targets: Saudi Arabia, United States, Critical infrastructure systems, WinRAR, Saudi Aramco

в/ч 74455 Hits: 16 | Targets: Main Intelligence Directorate (GRU), World Anti-Doping Agency, Democratic National Committee, Democratic Congressional Campaign Committee, TAS

This Past Week’s Top Exploited Malware*:

Stuxnet Hits: 36 | Targets: Iran, North Korea, Industrial Control Systems, SCADA and ICS Products and Technologies, United States

Loki Hits: 31 | Targets: Microsoft Office Excel, Microsoft Office, Microsoft Windows, Android, United Kingdom

Nanocore Hits: 28 | Targets: Microsoft Windows, Dark Web, Microsoft Office Word, Hackforums

Silex Hits: 27 | Targets: Unix, England, UNIX-like, Honeypot, Operating system

Mirai Hits: 23 | Targets: Internet of Things, Deutsche Telekom, Germany, United States, Home



U.S. Struck Iranian Military Computers This Past Week – Its Cyber Warfare*:

U.S. military cyber forces launched a strike against Iranian military computer systems on Thursday as President Donald Trump backed away from plans for a more conventional military strike in response to Iran's downing of a U.S. surveillance drone, U.S. officials said Saturday. Two officials told The Associated Press that the strikes were conducted with approval from Trump. A third official confirmed the broad outlines of the strike. All spoke on condition of anonymity because they were not authorized to speak publicly about the operation. The cyberattacks — a contingency plan developed over weeks amid escalating tensions — disabled Iranian computer systems that controlled its rocket and missile launchers, the officials said. Two of the officials said the attacks, which specifically targeted Iran's Islamic Revolutionary Guard Corps computer system, were provided as options after Iranian forces blew up two oil tankers earlier this month. The IRGC, which was designated a foreign terrorist group by the Trump administration earlier this year, is a branch of the Iranian military. The action by U.S. Cyber Command was a demonstration of the U.S.'s increasingly mature cyber military capabilities and its more aggressive cyber strategy under the Trump administration. Over the last year U.S. officials have focused on persistently engaging with adversaries in cyberspace and undertaking more offensive operations. There was no immediate reaction Sunday morning in Iran to the U.S. claims. Iran has hardened and disconnected much of its infrastructure from the internet after the Stuxnet computer virus, widely believed to be a joint U.S.-Israeli creation, disrupted thousands of Iranian centrifuges in the late 2000s. Tensions have escalated between the two countries ever since the U.S. withdrew last year from the 2015 nuclear deal with Iran and began a policy of "maximum pressure." Iran has since been hit by multiple rounds of sanctions. Tensions spiked this past week after Iran shot down an unmanned U.S. drone — an incident that nearly led to a U.S. military strike against Iran on Thursday evening. The cyberattacks are the latest chapter in the U.S. and Iran's ongoing cyber operations targeting the other. In recent weeks, hackers believed to be working for the Iranian government have targeted U.S. government agencies, as well as sectors of the economy, including finance, oil and gas, sending waves of spear-phishing emails, according to representatives of cybersecurity companies CrowdStrike and FireEye, which regularly track such activity. This new campaign appears to have started shortly after the Trump administration imposed sanctions on the Iranian petrochemical sector this month. It was not known if any of the hackers managed to gain access to the targeted networks with the emails, which typically mimic legitimate emails but contain malicious software. "Both sides are desperate to know what the other side is thinking," said John Hultquist, director of intelligence analysis at FireEye. "You can absolutely expect the regime to be leveraging every tool they have available to reduce the uncertainty about what's going to happen next, about what the U.S.'s next move will be." The Iranian actor involved in the cyberattack, dubbed "Refined Kitten" by CrowdStrike, has for years targeted the U.S. energy and defence sectors, as well as allies such as Saudi Arabia and the United Arab Emirates, said Adam Meyers, vice president of intelligence at CrowdStrike. The Department of Homeland Security said in a statement released Saturday that its agency tasked with infrastructure security has been aware of a recent rise in malicious cyber activities directed at U.S. government agencies by Iranian regime actors and proxies. Cybersecurity and Infrastructure Security Agency Director Christopher C. Krebs said the agency has been working with the intelligence community and cybersecurity partners to monitor Iranian cyber activity and ensure the U.S. and its allies are safe. "What might start as an account compromise, where you think you might just lose data, can quickly become a situation where you've lost your whole network," Krebs said. "This is not a remote war (anymore)," said Sergio Caltagirone, vice president of threat intelligence at Dragos Inc. "This is one where Iranians could quote unquote bring the war home to the United States."Caltagirone said as nations increase their abilities to engage offensively in cyberspace, the ability of the United States to pick a fight internationally and have that fight stay out of the United States physically is increasingly reduced. The U.S. has had a contentious cyber history with Iran. In 2010, the so-called Stuxnet virus disrupted the operation of thousands of centrifuges at a uranium enrichment facility in Iran. Iran accused the U.S. and Israel of trying to undermine its nuclear program through covert operations. Iran has also shown a willingness to conduct destructive campaigns. Iranian hackers in 2012 launched an attack against state-owned oil company Saudi Aramco, releasing a virus that erased data on 30,000 computers and left an image of a burning American flag on screens. In 2016, the U.S. indicted Iranian hackers for a series of punishing cyberattacks on U.S. banks and a small dam outside of New York City. The Defense Department refused to comment on the latest Iranian activity. "As a matter of policy and for operational security, we do not discuss cyberspace operations, intelligence or planning," Pentagon spokeswoman Heather Babb said in a statement. The White House did not respond to a request for comment. Despite the apparent cyber campaign, experts say the Iranians would not necessarily immediately exploit any access they gain into computer systems and may seek to maintain future capabilities should their relationship with the U.S. further deteriorate. "It's important to remember that cyber is not some magic offensive nuke you can fly over and drop one day," said Oren Falkowitz, a former National Security Agency analyst. It takes years of planning, he said, but as tensions increase, "cyber impact is going to be one of the tools they use and one of the hardest things to defend against."

Human Services Dept Breach affects 645,000 Clients*:

Oregon Department of Human Services officials say they are notifying about 645,000 clients whose personal information is at risk from a January data breach. The Statesman-Journal reports state officials announced the notifications Tuesday and will start mailing them Wednesday. People affected were enrolled in the department's welfare and children services programs at the time of the breach. Officials said the compromised data includes personal health information, but it's unknown if was viewed or inappropriately used. The state is also providing 12 months of identity theft monitoring and recovery services, which includes a $1 million insurance reimbursement policy to impacted individuals. The breach happened during an email "phishing" attempt that targeted the department Jan. 8. Nine employees opened the email and clicked on a link that gave the perpetrator access to their email accounts.

Chinese software ‘nastie’ enslaves football field sized-load of Servers and puts them to work digging up digital dosh in crypto-mines*.

More than 50,000 servers around the world have been infected with malware that installs crypto-coin-mining scripts and advanced rootkits, it is claimed. Known as Nanshou, the software nasty, we're told, infects machines by brute-forcing Microsoft SQL Server account passwords and using known exploits to elevate its privileges. It then drops onto the compromised Windows systems one of 20 different payloads, each including versions of a coin-mining tool and a kernel-mode rootkit that gives the mining software the ability to run without the threat of being detected or terminated by an administrator or security software. The Guardicore Labs researchers who say they discovered the campaign reckoned this week that Nanshou is particularly noteworthy in its use of rootkit tools and techniques that had previously only been seen wielded by the Chinese government's hacking crews. It is believed someone, or some group, in China, possibly run-of-the-mill criminals, have obtained these tools and used them against thousands of servers dotted around the planet. "Breached machines include over 50,000 servers belonging to companies in the healthcare, telecommunications, media and IT sectors. Once compromised, the targeted servers were infected with malicious payloads," wrote Guardicore bug-hunters Ophir Harpaz and Daniel Goldberg. "These, in turn, dropped a crypto-miner and installed a sophisticated kernel-mode rootkit to prevent the malware from being terminated." The attack itself uses relatively low-tech means to get into the targeted boxes. The attack server first scans for servers with open SQL Server ports then attempts to brute-force the password and, from there, run commands and elevation of privilege exploits in order to get system rights and implant the rootkit on the victim server. The payload itself is what caught the eye of the researchers. In particular, the Guardicore team found that the malware had used cryptographically signed driver-level rootkits that were last spotted as part of sophisticated Beijing-backed hacking operations. The software nasty's central command-and-control server has since been disabled, and its code-signing certificate revoked. "Obtaining a signed certificate for a packed driver is not at all trivial and requires serious planning and execution," Harpaz and "In addition, the driver supports practically every version of Windows from Windows 7 to Windows 10, including beta versions. This exhaustive coverage is not the work of a hacker writing a rootkit for fun." At the same time, the group behind Nanshou also made some rookie mistakes that suggest they weren't the same people who developed the more advanced code found in the rootkits. In particularly, the operator failed to put any sort of security in front of the one command and control server they used to run the entire operation. "Logs, victims lists, usernames, binary files – we had them all in a mouse click," the malware detectives mused. "In addition, all binary files had their original timestamps; an experienced malware author would have tampered with those to complicate the analysis process." The big takeaway from the report, other than a reminder not to use common passwords that can be brute-forced, is that the tools used by Chinese state hackers have now made their way into the hands of the country's cybercrime operators

“Microsoft has detected suspicious activity” Tech support Scam*.

Microsoft has detected suspicious activity” scam is the web browser redirection causing program that focuses on tricking users into displaying warnings and notifications about system issues. This is a social engineering attack that suggests people call the support number, so the problems can get fixed by technicians. Unfortunately, these warnings are fake and caused by the adware-type intruder installed on the computer behind your back, and the people on the other side are scammers. When you encounter the Microsoft has detected suspicious activity tech support scam message, it can be exited as a browser window, but the continuous appearance of the fake alerts indicate the additional intruder and possible risk. There is nothing wrong with your machine, and viruses are not targeting credentials or logins. However, calling the provided number and installing promoted software can lead to such problems like stolen data. Remember that Microsoft or any other company, a software developer does not send messages about PC issues, especially such alerts with contact information or phone numbers. Microsoft has detected suspicious activity is nothing but a pop-up, so don't provide your personal data for the scammers and clean the machine as soon as possible. The free app management program TSS MoboPlay offered by the ‘Microsoft Certified Technician’ behind the phone is nothing else but a brand new cyber threat that is known as “Microsoft has detected suspicious activity” Tech support scam. The scammers try to trick users into calling fake Microsoft technicians. Victims receive a screen where they are informed about some suspicious activities on their computers. This message itself proves that the computer has been infected with malware. Scammers try to scare victims that some “attackers” might try to steal their personal information such as banking details, email credentials, or passwords. To protect their privacy and computer, people are asked to call 1-800 “toll-free” number. We want to discourage you from doing that.. This call might be charged to you and be very expensive - you might be unpleasantly surprised when you receive the next phone bill. However, it’s not the biggest problem. People hiding behind the “Microsoft has detected suspicious activity” virus might try to convince you to reveal personal details or trick to purchase some bogus software that is supposed to clean and fix the computer. Not only could this software include malware, but also scammers might trick you installing some remote access tools. “Microsoft has detected suspicious activity” scam delivers various messages and alerts with warnings on the screen. These pop-ups depend on the victim, but the initial note shows the following:

Microsoft has detected some suspicious activity on this computer. All access to this device has been revoked due to a network security breach. Attackers might attempt to steal personal information, banking details, emails, passwords and other files on this system. Please contact a Microsoft certified technician on 1-800-603-5246.

The screen delivered by the TSS MoboPlay has a window where victims should type an activation key. People are supposed to get this key after calling the provided 1800 phone number. What happens if you try to enter a random activation key? The program delivers a message saying, “Your key seems to have been expired. Please call at 1-800-603-5246 to get a new one.” As you already know the consequences of this call might be serious; so, remove “Microsoft has detected suspicious activity” immediately. Cybercriminals use many distribution ways how to spread tech support scams. However, the primary distribution method is via free app management program or a potentially unwanted program of the adware type. Therefore, you should be careful with installing new software.


THREAT FOCUS: Nagle Catholic College – AUSTRALIA*

Exploit: Phishing attack Nagle Catholic College: Independent Roman Catholic day school Risk to Small Business: 1.666 = Severe: A four-day “highly sophisticated” cybersecurity attack that began when someone clicked on a malicious link in a phishing email has allowed hackers to access parents’ personal information stored on the network. The school is working with law enforcement and cybersecurity experts to address the data breach by identifying cybersecurity standards in need of remediation and fully understanding the scope of the attack. Due to this cybersecurity incident, the school will have to foot the bill for cybersecurity services while also facing increased scrutiny from media and community members.

Individual Risk: 2.142 = Severe: Although the school is still in the process of identifying the compromised data, it’s clear that financial information was accessed during the attack. This could include parents’ bank account details, credit card information, and scanned signatures. Since this information is valuable on the Dark Web and can spread quickly, those impacted should be vigilant about monitoring their financial accounts while also obtaining necessary credit monitoring services to ensure that their credentials are not being misused.

Customers Impacted: Unknown

Effect On Customers: Phishing scams are easy to execute and possible to defend. However, with these attacks increasing in frequency and complexity, every organization needs to adequately assess this threat by providing their employees and stakeholders with the tools necessary to defend against a phishing scam. In this case, a single email is wreaking havoc on an entire institution yet could have been prevented far before it began.

Risk Levels: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

THREAT FOCUS: Australian Catholic University – AUSTRALIA*

Exploit: Phishing attack Australian Catholic University: Public university with seven campuses throughout Australia Risk to Small Business: 2 = Severe Risk: A phishing email supposedly originating from the university tricked several employees into providing their account details through a fake login page. Since these credentials could provide hackers with access to multiple university systems, those impacted by the breach had their credentials reset and relevant financial institutions were notified.

Individual Risk: 2.285 = Severe Risk: Although the data breach was relegated to university staff, those who entered their credentials in the fake login page could have had their email accounts, calendars, and bank account details compromised. Therefore, anyone impacted by the breach should monitor their accounts for suspicious activity

Customers Impacted: Unknown

Effect On Customers: This is the second data breach this month at an Australian university, and it comes after a report on the lax cybersecurity standards at the country’s schools. Since the information acquired in phishing scams can be used for other services, companies can face cascading consequences for not working to solve the problem before a breach occurs. Phishing scams are entirely preventable through proper awareness training, making cybersecurity training programs a must for defending against these increasingly prolific attacks.

Risk Levels: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


Exploit: Unauthorized email access Mermaids UK: Charity and advocacy organization supporting gender diverse and transgender youth in the UK Risk to Small Business: 1.555 = Severe Risk: 1,100 company emails containing sensitive, intimate details about their users were inadvertently accessed and shared on a private messaging group. The emails were related to the organization’s work between 2016 - 2017, and they were searchable under certain circumstances. Since the organization’s constituents are especially vulnerable, this data breach undermines their ability to carry out their mission, and it could negatively impact their ability to acquire the funding necessary to continue their work.

Individual Risk: 1.857 = Severe Risk: Although the charity contends that only the news organization that discovered the breach had accessed the emails, those impacted by the breach should not presume that it’s reach was so restricted. It’s possible that their names, addresses, and intimate details about their dealings with the organization were viewable in the breach.

Customers Impacted: Unknown

Effect On Customers: Every organization needs to prioritize their users' data protection, and those serving vulnerable clients need to be especially diligent about this prerogative. In this case, insufficient security protocols could do considerable harm to those impacted, something that is both unacceptable and unnecessary. At the same time, supporting those impacted by a data breach should be a top priority, and understanding what happens to affected data on the Dark Web can provide victims the peace-of-mind necessary to adequately recover from a breach.

Risk Levels: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

THREAT FOCUS: Desjardines Credit Union – CANADA*

Exploit: Unauthorized network access Desjardins: Credit union cooperative Risk to Small Business: 1.333 = Extreme: A former employee gained access to the company’s network, ultimately making off with the data of millions of members. Significant amounts of personally identifiable information were taken in the breach, impacting both its home users and business customers. The bank is in the process of notifying those impacted by the breach, and they are partnering with local law enforcement to mitigate the risk to their customers. This is a significant cybersecurity incident at a major financial institution, and it now faces the responsibility of updating its cybersecurity protocols along with the costs of identity and financial monitoring services while it works to rebuild its reputation.

Individual Risk: 2.142 = Severe Risk: The data breach included information from personal and business accounts. For personal users, this information contained names, dates of birth, social insurance numbers, addresses, phone numbers, and email addresses. Meanwhile, corporate data involved business names, addresses, phone numbers, owners’ names, and the names of users with access to accounts. Desjardins is providing free credit monitoring services for anyone impacted by the breach.

Customers Impacted: 2.9 million

Effect On Customers: Quick communication and effective response methods can go a long way toward helping companies recover from a data breach. While it’s no substitute for adequately guarding data in the first place, providing the right services can accelerate the recovery time while helping companies recoup some of the reputational damage incurred from a data breach.

Risk Levels: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

THREAT FOCUS: City Of Riviera Beach – USA*

Exploit: Ransomware City of Riviera Beach: Local government organization serving Riviera Beach, Florida Risk to Small Business: 1.555 = Severe: When a single employee clicked on a malicious email link containing ransomware, the city’s entire computer network was encrypted by ransomware. The encryption prevented the city from using email, logging 911 calls, or even controlling their water utilities. After spending nearly $1 million on new IT infrastructure, the city ultimately decided to pay the ransom, which cost $600,000 in Bitcoin. The payment, which will come from the city’s insurance provider, became necessary when the city discovered that it didn’t have adequate backups to restore vital information to this equipment.

Individual Risk: No personal information was compromised in the breach.

Customers Impacted: Unknown

Effect On Customers: A ransomware preparedness plan is a veritable must-have for every organization since cybersecurity threats should be considered a “when”, not an “if” proposition. Such plans should include adequate backups, which can allow cities to avoid paying a ransom, but also proper training to avoid the phishing emails that frequently deliver the ransomware. These preventative measures are significantly more affordable than the cost of a ransom payment and the ancillary opportunity costs that accompany such an attack.

Risk Levels: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

THREAT FOCUS: ResiDex Software – USA*

Exploit: Unauthorized network access ResiDex Software: Software provider for assisted-living, group facilities, and care-giving organizations

Risk to Small Business: 2.333 = Severe: When the software company was the victim of a ransomware attack on April 9th, it discovered unauthorized network access starting on April 2nd. ResiDex launched an IT forensics investigation, which determined that no company information was accessed in the attack. However, hackers could have gained access to the personal information of its clients. Not only will ResiDex have to bear the cost of updating its cybersecurity standards, but the unquantifiable reputational damage will have continuing consequences as the company tries to attain new clients or maintain relationships with existing customers.

Individual Risk: 2 = Severe: Since ResiDex serves assisted-living, group facilities, and care-giving organizations, patients at these locations could have their information compromised in the breach. This could include names, social security numbers, and protected health information that was stored with the provider. The software company notified all impacted individuals, but this information can quickly spread on the Dark Web, and those impacted should attain proper identify and financial monitoring services to ensure that their information remains secure.

Customers Impacted: Unknown

Effect On Customers: When sensitive personal information is compromised in a data breach, companies have a responsibility to help their customers regain confidence in their data’s integrity. In addition to providing identity and financial monitoring services to those impacted, understanding if the exposed information is accessible on the Dark Web by hackers is a critical component of a strong breach response. Risk Levels: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

THREAT FOCUS: Neo Urology – USA*

Exploit: Ransomware NEO Urology: Healthcare provider for urology care services Risk to Small Business: 1.666 = Severe: Hackers gained access to NEO Urology’s network, encrypting the company’s files and disrupting many of their services. Employees were notified of the ransomware by a fax listing “” as a contact address for additional information. While their network was inaccessible, the practice reported operational losses of $30,000 - $50,000 per day, a significant sum that ultimately led them to pay the $75,000 ransom using Bitcoin. In this case, it was more affordable to pay the ransom than to experience the revenue losses that accompany an inaccessible network. Unfortunately, their willingness to pay could make them a target for additional attacks.

Individual Risk: No personal information was compromised in the breach.

Customers Impacted: Unknown

Effect On Customers: Every company needs a ransomware response plan that is both technological and philosophical. Many ransomware attacks originate through phishing scams or other malware, a maxim that underscores the importance of robust cybersecurity initiatives. At the same time, developing adequate backup protocols can help companies avoid paying ransoms that neither guarantee a solution nor curtail bad actors from returning in the future.

Risk Levels: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


POSTSCRIPT: Canadian Companies Unprepared for Cost and Consequences of a Data Breach*

Shred-it’s annual Data Protection Report, which evaluates the most prescient threats to data security, took aim at Canadian businesses and concluded that they have an overly optimistic outlook of today’s cybersecurity landscape.

Consequently, many companies are not prepared to defend against a data breach, which could negatively impact revenue, employee, and customer retention.

The survey identified shifting consumer sentiments about data privacy and encouraged Canadian businesses to cater to the changing market dynamics by considering the reputational damage that accompanies a data breach along with other serious consequences.

Today, the stakes couldn’t be higher.

A single data breach can have devastating outcomes for companies of all sizes, and this year’s survey concluded that too many companies need to prioritize cybersecurity as a critical component of overall business success. In many cases, partnering with a qualified security consultant can patch holes in your cybersecurity protocols while bolstering your defences going forward.

Three Billion Phishing Emails are Sent Every Day*

Phishing attacks are wreaking havoc as they encourage unsuspecting recipients to hand over critical credentials that give hackers access to network infrastructure, personal financial accounts, and other important portals.

This type of cybersecurity threat is ultimately the most defensible, since phishing attacks not only need to make it through email filters, but recipients have to directly act upon the message. Yet, they continue to inflict serious damage on small and medium businesses alike, becoming more common and complicated in today’s digital landscape.

According to a recent report, more than 3.4 billion phishing emails are sent each day, making it increasingly probable that an employee will accidentally engage with the message. This underscores the need for awareness and prevention training to disrupt these efforts. Given the high cost of recovering from a phishing attack, acquiring comprehensive training from trusted professionals (like Avantia Cyber Security) is a cost-effective way to equip your employees to defend against phishing attacks.

Disclaimer*: Avantia Corporate Services Pty Ltd and Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, and up to 56 other countries who provide cyber breach information to us in real time. Given their international focus and experience in the cyberspace arena we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the contents accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.

bottom of page