Search
  • Avantia Threat Update

DANGER CLOSE - SHARKS ARE STALKING YOUR ENCRYPTED PASSWORDS


Dark Web monitoring now more important than ever...


This Past Week, FREE Password De-Encripter launched that ‘cracks’ 55 Character Encrypted Passwords, international Cosmetics Retailer in damage control over credentials breach, Dark Web compromises a company's network, healthcare records are held for ransom, lights go out in South Africa, data breaches become more expensive and major breaches in Australia, South Africa, United Kingdom, Canada, Puerto Rico & United States*.


This Past Week’s Top Dark Web Compromises*:

Top Source Hits: ID Theft Forums

Top Compromise Type: Domain 

Top Industry: Education & Research

Top Employee Count: 1 - 10 Employees 


This Past Weeks Top Targeted Industries*:

Finance Hits: 633 | Targets: Capital One Financial Corp, Equifax Inc, UniCredit Group, Deutsche Bank, PayPal

Bank Hits: 418 | Targets: Capital One Financial Corp, UniCredit Group, SunTrust Banks, Deutsche Bank, National Australia

Bank Hits: 415 | Targets: Capital One Financial Corp, UniCredit Group, SunTrust Banks, Deutsche Bank, National Australia

Mortgage Sellers Hits: 378 | Targets: Capital One Financial Corp, SunTrust Banks, Morgan Stanley, Wells Fargo, JPMorgan.

Mortgage Companies Hits: 378 | Targets: Capital One Financial Corp, SunTrust Banks, Morgan Stanley, Wells Fargo, JPMorgan Chase & Co. Hits: 633 | Targets: Capital One Financial Corp, Equifax Inc, UniCredit Group, Deutsche Bank, PayPal


This Past Week’s Top Threat Actors*:

Hezbollah Hits: 22 | Targets: Israel, Syria, Lebanon, Iran, United States

Shadow Brokers Hits: 15 | Targets: Microsoft Windows, Microsoft, Cisco Systems Inc, Iran, Eternal Chemical Co. Ltd.

Romanian Hackers Hits: 8 | Targets: Hillary Rodham Clinton, Yahoo, Washington, DC, United States, Democratic National

Lazarus Group Hits: 6 | Targets: Sony Corp, South Korea, Cryptocurrency, United States, Bitcoin

0v1ru$Hits: 6 | Targets: Sytech (Moscow company), Federal Security Service (Russia), Russia, Active Directory, Guangdong Shengyi Sci. Tech Co., Ltd.


This Past Week’s Top Malware Exploits*:

SystemBC Hits: 51 | Targets: Microsoft Windows, Dark Web, InfoSec, Microsoft Edge, tunnel C.

GermanWiper Hits: 18 | Targets: Germany

LookBackHits: 17 | Targets: Utilities

Sodinokibi Hits: 14 | Targets: Oracle WebLogic Server, Microsoft Windows, Germany, InfoSec, Oracle Corp

Stuxnet Hits: 10 | Targets: Iran, North Korea, Industrial Control Systems, SCADA and ICS Products and Technologies, United States



IN OTHER NEWS:


Free Password ‘Hascat’ launched that can De-Encrypt 55 Character Passwords*

The latest version of hashcat, was released over the weekend. Says lead developer Jens Steube, “it is the result of over 6 months of work, having modified 618,473 total lines of source code.” Hashcat is a freely available password de-encripter. It is a dual-purpose weapon: it can be used by security auditors to stress-test company passwords, and it can be used by criminals to crack lists of stolen passwords. One of its biggest weaknesses had been an inability to handle passwords in excess of 15 characters: until now – the new version can handle passwords and phrases typically up to 55 characters in length. “This was by far one of the most requested features”, notes Steube. “We resisted adding this ‘feature’, as it would force us to remove several optimisations, resulting in a decrease in performance for the fast hashes.” So the new version also comes with a downside – a performance hit that “typically averages around 15% in speed” In reality, this probably won’t worry its users too much. It is an off-line cracker, which means it cracks lists of passwords. For security administrators and auditors, these lists will be taken from the company servers. For criminals – whether they are the original hackers or just script surfers downloading online hacking dumps – they come from stolen passwords. A ‘blackhat’ Hacker will use hashcat on stolen passwords or will have got them from the original hacker. He will use hashcat in a similar fashion against the list of passwords, but will then use the cracked passwords to access the users’ accounts – or sell the cracked passwords to other criminals to use as they will. What the new version of hashcat demonstrates is that size is no longer as important as it used to be – it’s what the user does with the characters that matters. Length is still important; but rather than just a combination of words or phrases, it should be a mix of characters, numbers and punctuation symbols. ‘Ars Technica’ illustrates the problem: ‘Yiannis Chrysanthou’ cracked ‘Ph'ngluimglw'nafhCthulhuR'lyehwgah'naglfhtagn1’, an occult phrase from an HP Lovecraft story. “But because the phrase was contained in this Wikipedia article, it wound up in a word list that allowed Chrysanthou to crack the phrase in a matter of minutes”, warns Ars. Users should use a unique password for each different online account – that way even if it is stolen by a hacker and cracked by hashcat, it will at least be only one account that is compromised and for security and peace of mind, get their Usernames and Passwords monitored for listing on the Dark Web.


Sephora in damage control after data leak.*

International cosmetics retailer Sephora is today in damage control after informing customers across the Asia Pacific, including in Australia, that their personal information and encrypted passwords may have been exposed to an “unauthorised third party”. Becoming the latest business to fail in safeguarding consumer data, Sephora has this week apologised to customers but has yet to even confirm how many shoppers are affected by the breach. The company said it discovered the breach “over the last two weeks”, involving the names, dates of birth, genders, email addresses, encrypted passwords and even the “beauty preferences” of e-commerce customers.All existing passwords have been cancelled for affected accounts, which indicates Sephora is aware of the extent of the leak, despite so far failing to publicly confirm how many Australian users could be vulnerable. The retailer confirmed on Wednesday they contacted the Office of the Australian Information Commissioner (OAIC) on 29 July. Sephora, owned by international luxury house LVMH, has been making waves in the local market since landing in 2015, commanding a large following of particularly young consumers who shop with the brand online and in its growing number of Australian stores. Customers in Singapore, Malaysia, Indonesia, Thailand, the Philippines, Hong Kong and New Zealand have also been affected by the breach. Sephora is yet to confirm the circumstances behind the breach, including whether they were hacked by a malicious third party. Within the hour of this story being originally published Sephora responded to a series of questions sent on Tuesday, revealing experts concluded “no major vulnerability” was found on its websites. “The external independent experts we engaged to investigate concluded that no major vulnerability was found on Sephora SEA’s websites, nor did they find any traces of a cyberattack,” the company said in a statement on Wednesday.Beth Glancey, the country manager for Sephora in Australia and New Zealand, sent a short statement to media on Wednesday morning reiterating information contained in customer emails sent earlier this week. “We have cancelled all existing passwords for customer accounts and thoroughly reviewed our security systems. We have reached out to our affected customers to explain what happened, and what steps they should take,” she said. “Being transparent and protecting the safety of our customers’ information is our utmost priority.” Sephora has not identified who the third party is, or whether they know, but claims it has “no reason to believe that any personal data has been misused”. Further, it claims “no credit card information was accessed” by the mysterious third party. Sephora has also yet to specify when exactly the data breach occurred and when they first became aware of the breach, saying only that they became aware of the matter in the last two weeks. The company was asked to be more specific but declined to do so.


Ransomware Attack impacts 522,000 patients in Puerto Rico*

A Puerto Rico-based medical center and a related women and children's hospital are victims of a recent ransomware attack impacting the data of more than 522,000 individuals. The combined incident is currently the largest health data breach reported to US federal regulators this year involving ransomware. In a joint statement issued July 19, Bayamón Medical Center and Puerto Rico Women and Children's Hospital, both part of the same organisation and based in Bayamon, Puerto Rico, say that on May 21 they discovered that patient information was involved in "a blocking incident" that affected the hospitals' computer network. "From our research, the hospitals and their consultants understand that the information of our patients was simply encrypted - blocked - and there is currently no indication that the information itself has been used by an unauthorised person. We will continue to monitor the situation," the statement says. The hospitals add they are also "strengthening our security protocols and providing additional training to our employees to reduce the likelihood of a similar event happening in the future." The hospitals did not indicate whether they paid a ransom or remediated the situation without paying the hackers. The type of information impacted, "to which the hospitals did not have access for a short period of time," included clinical, demographic and financial information such as patients' full name, and in some cases Social Security numbers, date of birth and diagnosis, the statement says. "None of patient data was lost as a result of the incident, and to date there is no evidence to suggest that patient information was extracted from our network or that there has been some attempt to misuse patient information." Bayamón Medical Center and Puerto Rico Women and Children's Hospital did not immediately respond to an Information Security Media Group's request for additional information about the incident. The attacks on Bayamón Medical Center and Puerto Rico Women and Children's Hospital were reported separately by each of the two hospitals on July 19 to the U.S. Department of Health and Human Services as hacking/IT incidents involving a network server, according to HHS' HIPAA Breach Reporting Tool website. Also commonly called the "wall of shame," the website lists reports of major health data breaches impacting 500 or more individuals. Bayamón Medical Center reported the incident as impacting nearly 422,500 individuals and Puerto Rico Women and Children's Hospital reported the breach as affecting nearly 100,000 individuals. To date, the incident reported alone by Bayamon Medical Center is the largest breach involving ransomware posted on the federal tally so far this year. The Bayamón incident report is also the fourth largest health data breach of any type posted on the HHS website so far in 2019. Other major health data breaches reported so far to HHS this year as involving ransomware attacks include an incident impacting 106,000 individuals reported in May by Indiana-based Talley Medical Surgical Eyecare Associates (see 2 Medical Practices Among Latest Ransomware Attack Victims). But it's not only larger healthcare entities that have reported being victims of ransomware attacks so far in 2019. A number of smaller healthcare providers, including Connecticut-based non-profit Southeastern Council on Alcoholism and Drug Dependence in May have reported to HHS ransomware incidents impacting thousands of patients (see 'Survivor' Lessons from Attack on Dental Practice). Some security experts predict that ransomware attacks on healthcare sector entities will continue to surge. "I don't see this abating any time soon," says former healthcare CIO, David Finn, executive vice president at security consultancy, CynergisTek. "Unfortunately, like so much around security in healthcare, it will likely get worse before it gets better." Efforts to prevent falling victim to these attacks need to be multifaceted, he says. "There are no silver bullets for security. Everyone keeps looking for one but you can't fix it with technology alone; you can't just expect that training people will solve it. Systems and workflows are complex in healthcare, and so this will have to be addressed holistically and systemically - this is not something we do well in healthcare," he says. "Ransomware is particularly complex because it frequently leverages 'social engineering' and the trust that is core to healthcare and then is able to use those opportunities to deploy very targeted and effective attacks," Finn says. Susan Lucci, senior privacy and security consultant at tw-Security, offers a similar perspective. "The most common way ransomware is introduced to a system occurs when an unsuspecting employee clicks on a link or opens an attachment that has been compromised," she notes. "Although many organisations have taken proactive steps to alert their workforce to this pervasive threat, it still occurs because the attackers make their communications look authentic. The subject line or content makes a compelling argument to believe the email is legitimate. " One evolving trend involving ransomware is that the attacks continue to grow more sophisticated and can engage defenders in "cat-and-mouse like activities," Finn notes. "While malware has had the ability to detect sandboxes and virtual machines for some time, we are now seeing attacks that can bypass some firewalls and some anti-virus products," he notes. "Since ransomware is now offered as-a-service, the operators are not always technical, and more attacks are actually being outsourced in this way," he says. "Often the infection vectors are difficult to identify because the ransomware deletes all evidence of how it was 'dropped,' and some are using anti-forensic recovery techniques which can make recovery from backup more difficult." Because preventing and defending against ransomware is becoming more complicated, healthcare sector entities and their vendors need to step up their strategies, Finn says. "A very common ingress point is spoofed email, so one thing that can solve a lot of problems is multi-factor authentication to email and other systems," he says. However, "we keep hearing that 'passwords are dead' but if you have systems with them, they should be strong, they should be changed regularly, not stored or transmitted in clear text. Given that medical devices will likely be a significant vector for attack, changing default passwords on devices and any system, frankly, that connects to the hospital network is still critical." In the meantime, entities need to ensure that their users are trained - and frequently reminded - on ways to spot and avoid falling victim to suspicious email and attachments containing malware, Lucci says. Additionally users also need to be kept in the loop about evolving threats, she says. "One of the best ways to keep your workforce informed is to make it real. Sharing current examples that have happened in healthcare is far more valuable than just stating the issue along with the consequences. It brings the situation into focus."


Johannesburg Ransomware Attack Leaves Residents in the Dark*

The virus affected the network, applications, and databases at City Power, which delivers electricity to the South African financial hub. Johannesburg's City Power, the municipal entity delivering power to the South African financial hub, was hit with a ransomware attack that encrypted its network, databases, and applications. The attack struck Thursday morning and prevented residents from buying electricity, uploading invoices, or accessing the City Power website. Officials said it also affected response time to logged calls, as some of the internal systems to dispatch and order material were slowed down. "Ransomware virus is known globally to be operated by syndicates seeking to solicit money," the City of Joburg tweeted after the attack. "We want to assure residents of Johannesburg that City Power systems were able to proactively intercept this and managed to deal with it quickly." The city, which owns City Power, notes there was no personal data compromised in the attack. Johannesburg implemented temporary measures to help those affected. Suppliers seeking to submit invoices were told to bring them to City Power offices; customers were asked to log calls on their cellphones using the mobile site, as they couldn't access the utility's website. Residents called a local radio station to say the attack had left them without power. At the time of the attack, City Power spokesperson Isaac Mangena said to News24 that cold weather could lead to unplanned outages, as the electrical system overloads with higher demand. Plans were in place to deal with unplanned outages, he added; City Power had sent more technicians to regions of the city where unplanned, repeated outages frequently occur. City Power and Johannesburg officials have been regularly posting updates to both entities' Twitter accounts; the City of Joburg most recently reported most of the IT applications and network affected by the attack "have been cleaned up and restored." Johannesburg joins a growing number of cities targeted with ransomware as criminals take aim at municipalities around the world. Other victims include Baltimore, Atlanta, and Riviera Beach, Florida. While security experts typically recommend not paying ransom — and US mayors have committed to follow their advice — unprepared victims may have no choice. Riviera Beach recently paid $600,000 to its attackers, a decision that could potentially have "far-reaching consequences," said Ilia Kolochenko, founder and CEO of security company ImmuniWeb. Kolochenko anticipates attacks like these will continue. "Cities, and especially their infrastructure sites, are usually a low-hanging fruit for unscrupulous cyber gangs," he says. "These victims will almost inevitably pay the ransom as all other avenues are either unreliable or too expensive." What's more, he adds, is cryptocurrencies can't be traced back to the attackers; as a result, most get away with it.


Russian 'Silence' hacking crew turns up the volume – with $3m-plus cyber-raid on bank's cash machines*

A prominent Russian hacker crew is seemingly expanding its reach – having just pulled off a multi-million dollar cyber-heist in Bangladesh, we're told. Singapore-based security outfit Group-IB told  We believe the crooks, dubbed Silence, stole at least $3m (£2.4m) from Bangladesh-based Dutch-Bangla Bank via a string of cash-machine withdrawals over a span of several days. The cyber-gang made a name for itself last year by breaking into various bank networks using purpose-built exploits and tools. The group is extremely small, possibly made up of as few as two people, though it appears to be extremely smart and armed with a considerable arsenal of malicious code written by its members. In this latest caper, according to the authorities, the group was able to infiltrate the Dutch-Bangla Bank's network, install malware on its PCs, and seize control of its card processing system, allowing them to, apparently, order individual ATMs to dispense cash without alerting the rest of the bank's network. With the card system under their control, the hackers then sent people from Ukraine – possibly either group members or just hired money mules – to visit various ATM locations in Bangladesh and make fraudulent withdrawals that were processed by the compromised card system and thus approved: the hacked backend OK'd the withdrawals. Team Group-IB said the mules were on their phones before each withdrawal, likely in order to coordinate with the person remotely allowing the machines to dispense cash. When all was said and done, Group-IB said, the criminals made off with at least $3m from Dutch Bangla alone. The researchers believe the attack is the start of a larger campaign from Silence as the hacking operation looks to expand from regional attacks in Eastern Europe and move further into Asia in order to go after higher-value targets. "Having tested their tools and techniques in Russia, Silence has gained the confidence and skill necessary to be an international threat to international banks and corporations. Asia particularly draws cybercriminals' attention," noted Group-IB head of dynamic analysis of malicious code Rustam Mirkasymov. "Dutch Bangla Bank is not the first Silence victim in the region. In total, we are aware of at least four targets Silence attacked in Asia recently." he said.



THREAT FOCUS: City Power - SOUTH AFRICA*

Exploit: Ransomware

City Power: Provider of prepaid electric power for Johannesburg, South Africa

Risk to Small Business: 2 = Severe: A ransomware attack disabled many critical functions for the city’s primary electricity provider, including the company’s database, internet network, web apps, and websites. Consequently, customers are unable to buy electrical power units or to sell electricity back to the grid. The attack, which took root on July 25th, occurred on a standard payday for the city, and many residents use their funds to secure electricity for the next month. Meanwhile, the company’s limited network access is making it more difficult to address blackouts and other technological concerns.

Individual Risk: No personal information was compromised in the breach.

Customers Impacted: Unknown

Effect On Customers:The repair costs of a ransomware attack are well documented, but the reputational and opportunity costs, while more difficult to quantify, can be even more devastating. In this case, City Power is missing a primary sales opportunity, while the reputational damage that accompanies their inability to serve customers, especially those without power, can have significant long-term consequences. Therefore, protecting IT infrastructure before an attack is a necessity in today’s digital environment.

Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


THREAT FOCUS: Sky News - UNITED KINGDOM*

Exploit: Credential stuffing attack

Sky UK: British telecommunications company

Risk to Small Business: 2.333 = Severe Risk: Following a credential stuffing attack detected in June that provided hackers with access to several Sky.com email accounts, the company is resetting all user passwords and locking their accounts. To regain access to their information, Sky customers have to call the company, and an automated system walks them through the unlocking process. While this may prevent these credentials from being used in an attack, the process is very inconvenient for customers, and it can have long-term consequences for the brand’s reputation.

Individual Risk: 2.571 = Moderate Risk: Although some Sky.com accounts were accessed, the company does not believe that personal information was viewed or downloaded, and their recent actions are precautionary rather than reactionary. However, anyone with a Sky account should carefully monitor their credentials for possible signs of unauthorized access.

Customers Impacted: Unknown

Effect On Customers: Credential stuffing attacks are becoming more prominent, having impacted several high-profile companies in the past year. The tactic relies on user credentials attained on the Dark Web, and it can be especially successful when employees don’t actively update their passwords. Knowing if login credentials are compromised can give companies the edge, prompting employees to reset their passwords before an attack occurs.

Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


THREAT FOCUS: Eastern Ontario Municipality - CANADA*

Exploit: Ransomware

Eastern Ontario Municipality: Local government serving residents in Eastern Ontario, Canada

Risk to Small Business: 2.111 = Severe Risk: On June 30th, hackers exploited a network vulnerability to access the government’s system, inflecting it with ransomware that cut off access to vital services. While many services were restored within days, government employees still cannot access their email accounts. Officials are refusing to pay the $7,000 to $10,000 ransom payment, and they are attempting to restore services using other measures. Even so, recovering from the attack won’t come cheap as the cost of restoring infrastructure is often more expensive than paying a ransom.

Individual Risk: No personal information was compromised in the breach

Customers Impacted: Unknown

Effect On Customers: There are no ideal solutions for combating a ransomware attack once it takes hold. Therefore, every organisation should make defence a top priority. While this includes many elements, advanced knowledge of compromised credentials can give organisations the opportunity to make adjustments before an attack, saving time, money, and customer data all at once.

Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


THREAT FOCUS: Cancer Treatment Centers Of America: UNITED STATES*

Exploit: Phishing attack

Cancer Treatment Centers of America: National, for-profit network of cancer care, research, and outpatient care centers

Risk to Small Business: 1.888 = Severe: On June 6th, the Cancer Treatment Centers of America detected unauthorised email account access at its Philadelphia-based medical center. The account was compromised when an employee fell for a phishing scam in early May, meaning that intruders had access to patient data for more than a month before it was detected. As a result, the company will face enhanced regulatory scrutiny even as they grapple with the technological and public relations implications associated with a data breach.

Individual Risk: 2.142 = Severe: A single phishing scam compromised the personally identifiable information for thousands of patients. This includes their names, addresses, phone numbers, dates of birth, medical record numbers, and other patient-related information. Those impacted by the breach should monitor their accounts for unauthorised access, and they should consider identity or credit monitoring services to help ensure the long-term integrity of their data.

Customers Impacted: 3,904

Effect On Customers: Personally identifiable information can quickly make its way to the Dark Web, and every organisation needs a plan for protecting that information in the event of a data breach. At the same time, providing supportive services, like credit or identity monitoring, is a good first step toward repairing the damage and restoring customer confidence in your organisation.

Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


THREAT FOCUS: Park DuValle Health Centre - UNITED STATES* Exploit: Ransomware

Park DuValle Health Center: Non-profit medical center serving patients in Louisville, KY

Risk to Small Business:  1.777 = Severe: After successfully restoring their network following a ransomware attack in April, Park DuValle Health Center was attacked again in June, ultimately choosing to pay $70,000 to restore access to their network. The most recent ransomware attack encrypted medical records, contact information, insurance information, and all other patient-related data for past and present patients. The healthcare provider has been without this information since June 7th, and they’ve been unable to schedule new patients during that time. Consequently, the clinic is relying on patients’ memories about treatment and medications, a troubling reality for any healthcare provider.

Individual Risk: No personal information was compromised in the breach

Customers Impacted: Unknown

Effect On Customers: A ransomware attack is a costly ordeal with broad consequences that extend beyond the immediate expense of restoring system access. In this case, Park DuValle’s entire business was crippled, making the $70,000 ransom payment the least of their financial worries. It’s a reminder that having the tools necessary to respond to a ransomware attack is part of the cost of doing business in today’s digital environment.

Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


THREAT FOCUS: iNSYNQ Cloud Hosting - UNITED STATES*

Exploit: Ransomware

iNSYNQ: Cloud hosting platform providing virtual desktops for enterprise clients

Risk to Small Business: 2.111 = Severe: A ransomware attack on July 16th crippled the cloud hosting platform’s services. The attack had cascading consequences, impacting both iNSYNQ and companies that use its products. In response, iNSYNQ was forced to take down their entire network, which instigated a lengthy recovery process that encouraged significant criticism on social media. Therefore, iNSYNQ’s ransomware battle is playing out on two fronts. Their IT team is struggling to restore its comprehensive digital infrastructure even as the company is navigating a PR disaster that could have grave financial implications down the road.

Individual Risk: 2.428 = Severe: While no personal information was compromised in the event, the unique nature of iNSYNQ’s product offering means that many users may have lost access to their data without a clear path to restoration. The company is encouraging all users to back up their data for thirty days to hedge against the threat of data loss from this ransomware attack.

Customers Impacted: Unknown

Effect On Customers: Ransomware attacks have become so prominent that they can feel like an inevitability, and companies should treat them as such. Losing access to company data is devastating, but when client services are implicated, the consequences are magnified. As a result, supportive services like identity or credit monitoring can offer customers the peace-of-mind necessary to begin restoring the company’s badly damaged reputation.

Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.



POSTSCRIPT:


Ransomware Gets a New Lease on Life *

Ransomware attacks have made a precipitous return to public life, making them one of the most potent threats in today’s digital landscape. 

Once targeting individual computer systems, ransomware fell out of favor with cybercriminals as it failed to net significant returns. That changed when cybercriminals began targeting local governments and small and medium-sized businesses where they can earn thousands of dollars from the relatively inexpensive attack method. 

Many attribute this shift in approach to the WannaCry ransomware virus, which captured national headlines and set a new direction for future cybercriminals.

As municipalities and organisations grapple with the best response plan, it’s clear that bad actors will continue to wreak havoc with new iterations of ransomware. A strong defence is the most affordable and advantageous approach to these attacks and getting expert eyes (like ours!) on your cybersecurity landscape can ensure that your vulnerabilities are accounted for.


The Increasing Cost of a Data Breach*

As the headlines continually demonstrate, data breaches are quickly becoming a prominent problem for organisations of any size and operating in any sector. The bad news, according to IBM’s annual report on the cost of data breaches, is that they are also becoming more expensive. 

In 2019, companies can expect to spend $3.92 million on a data breach, a 12% increase in just five years. 

With today’s regulatory landscape trending toward consumers, companies can expect these numbers to continue increasing as governments intend to exact financial penalties from organisations that can’t protect their customers data. 

Consequently, highly-regulated industries like healthcare and financial services saw the most significant price escalations.

The report is especially troubling for SMBs. IBM concluded that companies with less than 500 employees will still incur losses in excess of $2 million if a data breach occurs, and they can expect these costs to continue to for several years after a breach.

The high cost of a data breach makes cybersecurity partnerships a relatively inexpensive way to protect your organization from the catastrophic consequences that accompany a breach.



Disclaimer*: Avantia Corporate Services Pty Ltd and Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, and up to 56 other countries who provide cyber breach information to us in real time. Given their international focus and experience in the cyberspace arena we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the contents accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.

Subscribe below to receive our weekly Threat Updates straight to your inbox.

Call (07) 3010 9711 

info@avantiacorp.com.au

 

Avantia Corporate Services Pty Ltd,                    Level 7, 320 Adelaide Street

Brisbane, Queensland 4000

AUSTRALIA.

  • LinkedIn Social Icon
  • Facebook Social Icon

DISCLAIMER*: Avantia Corporate Services Pty Ltd and Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, and up to 56 other countries who provide cyber breach and cybersecurity information to us in real-time. Given their international focus and experience in the cyberspace arena, we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the content's accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.

*COPYRIGHT 2020* Avantia Corporate Services  PTY LTD - All Rights Reserved.

© 2020 by Avantia CORPORATE SERVICES . All Rights Reserved.