Search
  • Avantia Threat Update

DELIVEROO GETS 'MAULED'


Deliveroo threatens to "Eat Competition" but gets 'mauled' instead!

This week, food delivery service ‘Deliveroo’ becomes the victim of 3rd party hacks, a US ice cream maker is melted by malware, a French video sharing platform faces a credential stuffing attack, and cybersecurity misconceptions result in vulnerabilities.


This Week’s Top Dark Web Credential Compromises:

Top Source Hits: ID Theft Forum (100%) Top Compromise Type: Domain (99%) Top Industry: High-Tech / IT Top Employee Count: 11 - 50 Employees (43%)


This Week’s Top Targeted Industries:

Aviation Hits: 591 | Targets: Airbus Group, Airbus, Boeing, British Airways, Delta Air Lines

Aerospace and Defense Hits: 591 | Targets: Airbus Group, Airbus, Boeing, British Airways, Delta Air Lines

Manufacturing Hits: 344 | Targets: Airbus Group, Sony Corp, Boeing, Huawei Technologies, Mitsubishi Electric Corporation

Aerospace and Defense Hits: 300 | Targets: Airbus Group

Transportation Hits: 284 | Targets: Airbus, British Airways, FedEx , Alaska Airlines, Delta Air Lines


This Week’s Top Threat Actors:

APT28 Fancy Bear Hits: 67 | Targets: Democratic National Committee, Democratic National Convention, United States, Germany, United States Senate

APT39 Hits: 52 | Targets: Iran, FireEye Inc, U.S. Defense Industrial Base, Telecommunications, United States

Kerala Cyber Warriors Hits: 44 | Targets: People for Animals, Facebook, Bangladesh, Oman-Based Company, Pakistan

Inj3ct0r Team Hits: 25 | Targets: WordPress, Joomla, Twitter, Apache HTTP Server, SCADA and ICS Products and Technologies

Lizard Squad Hits: 19 | Targets: Xbox Live, Sony Corp, PlayStation Network, Malaysia Airlines Flight 370, Facebook


This Week’s Top Malware Exploitations:

Joanap Hits: 84 | Targets: United States, Microsoft Windows, North Korean Government, North Korea, South Korea

LockerGoga Hits: 38 | Targets: Altran Technologies SA

Wcry Hits: 35 | Targets: Boeing, Microsoft Windows, United Kingdom, Bitcoin, North Korea

Remexi Hits: 32 | Targets: Iran, Microsoft Windows, Jordan, Saudi Arabia Android Clipper

Hits: 13



In Other News:


Deliveroo Mauled by Customers for 3rd Party Breaches:

Deliveroo customers’ accounts have been accessed and used to buy food they did not order, according to reports. An investigation by the BBC’s Watchdog programme found that hundreds of pounds’ worth of food and drink had been bought fraudulently through the delivery service. As with many online services, users can save their payment information. Although it is not fully visible when an order is placed, this means purchases can be easily made. One customer, whose suspicions were raised by an unexpected confirmation email, found more than £200 had been spent through her Deliveroo account in a single afternoon. Deliveroo said no financial data had been compromised. It said passwords stolen in other data breaches had been used to access its customers’ accounts. “We are aware of these cases raised by Watchdog – they involve stolen food, not credit card numbers,” it said. “These issues occur when criminals use a password stolen from another service unrelated to our company in a major data breach. The stolen password is then used to fraudulently access someone’s account.” It said that in such cases it works with customers to secure their accounts, reimburses them for the fraudulent transactions and “where appropriate” works with the authorities. Security experts said the incident was an example of why users should use strong security practices to protect their information across different sites and services. “This is a perfect example of why people need to be using different password/username credentials for different sites,” said James Romer, chief security architect EMEA at SecureAuth. “Using the same combination is the equivalent of a skeleton key to your online life. It makes it too easy for bad actors to gain entry to more and more information. “This is of monumental importance, particularly on sites like Deliveroo where customers save their card details for convenience, leaving them left with holes in their bank accounts too. “This laid-back consumer attitude is no longer acceptable” he said


GDPR Update: 95,000 Data Breach Complaints Since Adoption:

Since the widely anticipated installation of the EU privacy law known as the General Data Protection Regulation (GDPR), regulators have received over 95,000 complaints of possible data breaches within an eight month period. GDPR enables privacy enforcers to levy fines of up to 4 percent of global revenue or 20 million euros (US$23 million), whichever amounts to a higher number. Just last week, the French data protection watchdog imposed a fine of 50M euros on Alphabet-owned Google over allegations that they failed to obtain user consent for personalized ads, the largest GDPR sanction to date. As more penalties begin to join in the mix, organizations must consult experts to ensure that they are adhering to the stringent regulations for protecting EU consumers.

Nine simple steps to avoid risk.

Last year Google began rolling out Chrome 68. Now, Google’s browser will display a “Not Secure” warning next to the website in the address bar if the site is not secured with HTTPS. If you’re like most SME owners, you know you need to get more informed about cyber Safety but might not be sure how to get started. With the many breaches of data security around the world and across Australia recently, it’s becoming increasingly important to be diligent with online security. You owe it to your business to at least do the minimum to reduce the chance of being victimised. Just as a “Beware of dog” sign and your dog’s stress bark can stop criminals from breaking into your home, there are similar preventive measures you can take to protect your online “property.” Who is at risk? You might have heard that malware has been used to compromise Australian factories and even traffic lights! Hackers don’t care how big or small your site is — they’re just looking for data to sell. But business websites are increasingly popular targets — and the size of your business doesn’t matter to the bots that are constantly scouring the web for ‘easy’ targets. The risk for a small business website is now greater than ever and not limited to online merchants and shopping sites. These automated computer programs look for sites running versions of vulnerable systems and automatically attack them. If they can get sufficient access, they can then turn that website or server into another machine in their bot army to send spam and/or attack other sites. In many cases, planting malware is the first part of a break-in. If left untreated, other mayhem could follow. What’s more, malware is increasingly versatile and destructive. It can do all sorts of bad things, including:

· Erase all your data.

· Steal your customers’ information.

· Encrypt your data and hold it for ransom.


Get ahead of hackers with this checklist : Hackers don’t really care where they get their digital goodies — they’re simply looking for the path of least resistance to data they can sell on the darknet. Here’s how to fight back and protect yourself.


1. Verify your site in Google Site Console: If you enter your website in Google Site Console, the search engine will alert you if it finds malware on your site. Although Google typically sends malware alerts to your Message Center, you can have your Message Center messages forwarded to your email account.


2. Invest in a Malware Cleaner: Hackers look for the tiniest gap in your cyber safety protocols and use it to take over your website or blog. One of the easiest proactive measures you can take is to get a malware scanner for your website. There are many comprehensive malware cleaners available. Automated daily malware scanning and removal can head off security breaches that would otherwise cause business downtime and negatively affect your reputation when the word gets out you’ve been hacked.


3. Get an SSL certificate: Another key cyber safety strategy is to add an SSL certificate to your website. These digital certificates encrypt data as it moves between your site and visitors. It is the “Beware of dog” sign for your website and an essential step to establishing site security. Hackers can’t intercept these encrypted exchanges, so anything your customers submit to your site — passwords, credit card numbers and other private and confidential details — is safe. An SSL certificate adds a highly visible green lock to your web address (URL).


4. Install a web application firewall (WAF): A web application firewall (WAF) is a cloud-based service that screens web traffic in real time, determining whether the traffic is normal or malicious. The WAF enhances cyber safety by blocking malicious traffic from reaching your site, while allowing legitimate visitors to proceed unimpeded.


5. Keep your CMS (Contact Management System) up-to-date: Regardless of which content management system (CMS) you use — WordPress, Drupal, Joomla, etc. — don’t put off updates. This includes their various themes and plugins. Updates include security patches for recently discovered vulnerabilities, so the sooner you update, the sooner you’re protected. Don’t forget, hackers only need one door or window to sneak in and cause havoc.


6. Use a different password for every site: If ever there is a breach, having different passwords prevents the damage from easily and quickly spreading across all your sites. This goes for devices, too. Since all devices are now interconnected, a security gap in one makes all of them vulnerable to break-in.


7. Get your Email Username URL and Passwords monitored for listing for sale on the Dark Web: If Cyber Criminals get these (oftentimes from 3rd party data breaches) compromised credentials, cyber criminals can enter your IT systems and install malware, steal funds from your financiers or attack your customer base at will without detection. 24/7/365 monitoring and alert programs can avoid disaster.


8. Give every user their own account: Another simple cyber safety strategy is to avoid sharing accounts between people, limiting each user’s access to only the data and repositories/folders they need to use. Don’t give anyone unrestricted ‘admin’ privileges unless they are completely trustworthy and require that level of access.


9. Make sure your site is backed up: It is recommended that daily backups are done with backups stored off-site for 30 days. Test the backups regularly to ensure they are complete and that restoring the site can be done quickly by staff who are readily available. It serves no purpose to have a plan that relies on just one person who might or might not be available when needed!.



THREAT FOCUS: Graeter’s Ice Cream - USA

Exploit: Malware on website checkout page. Graeter’s Ice Cream: Regional ice cream brand based in Cincinnati. Risk to Small Business: 1.888 = Severe Customers Impacted: Approximately 12,000.

Risk to Small Business: 1.888 = Severe: After discovering the potential breach, the ice cream chain was forced to notify approximately 12,000 customers, informing them that their personal and payment information may have been compromised. Malicious code was inserted into the company website’s checkout page between June 28, 2018 and December 18, 2018, but the investigation has still not definitively revealed if anyone was actually breached. Nevertheless, customers are upset due to uncertainty surrounding the breach and the brand will reluctantly undergo security process improvements that will cost additional time and money.

Individual Risk: 2.428 = Severe: The malware was capable of copying any data entered during the checkout process, including personal details (names, addresses, phone numbers, fax numbers) and financial information (card types, numbers, expiration dates, and card verification codes). With this in hand, hackers are able to conduct payment fraud or build data profiles that can be sold on the Dark Web. Effect On Customer’s Business: Considering that Graeter’s is still unsure if the malware was able to siphon payment data, the situation can quickly become frightening and frustrating for the end-user. The ambiguity leads to customers shuffling through statements and wondering if they’ve been hacked, causing them to think twice before doing business on a checkout page that has previously been breached.

Risk Levels: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


THREAT FOCUS: Valley Hope Association – USA

Exploit: Database leak. Valley Hope Association: Kansas-based group of addiction treatment centres. Risk to Small Business: 1.777 = Severe Customers Impacted: 70,000 patients.

Risk to Small Business: 1.777 = Severe: Upon discovering suspicious activity on an employee email account dating back to October 2018, the association began notifying patients that sensitive data might have been compromised, including payment, personal, and health information. Aside from dealing with disgruntled patients, the association must implement new security measures and offer free credit monitoring and identity protection services.

Individual Risk: 2.142 = Severe: Although the details varied by patient, anything from personal data including names, SSNs, date of births, license numbers to protected health information (PHI) such as claims and billing data, health insurance details, medical record numbers, prescriptions, and doctor’s names could have been involved. This poses grave risk to patients and caregivers that are affected. Effect On Customers Business: Every single minute that transpires between a cyber-attack and discovery is crucial, as it can be measured in time, money, and customer churn. Organizations of all sizes should focus their efforts on early detection, which can help reduce the number of patients or consumers impacted.

Risk Levels: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


THREAT FOCUS: Lebanon VA Medical Centre – USA

Exploit: Employee error. Lebanon VA Medical Centre: Veterans hospital located in Pennsylvania. Risk to Small Business: 1.555 = Severe Customers Impacted: 1,002 patients.

Risk to Small Business: 2 = Severe: A hospital employee accidentally sent an email to a veteran’s family member with protected health information (PHI) for up to 1,002 patients. Instead of emailing a document listing all nursing homes that work with the US Department of Veteran Affairs, the staff member ended up violating HIPAA requirements by sending a historical list of nursing home residents. Although this was an isolated incident with limited risk, the centre will be encrypting files that contain historical information and notifying all patients that may have been affected

Individual Risk: 2.574 = Moderate: The disclosed list included veteran names, abbreviated SSNs, nursing home admittances, diagnoses, and service-connection disability ratings. Although this may not seem like much exposure, anytime PHI is involved, risk increases significantly. Effect On Customers Business: This event demonstrates the ease at which such a breach, however innocent, can occur. By implementing encryption, organizations can showcase their commitment toward data security for their patients or consumers, which also serves as a reflection of their services and care.

Risk Levels: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach


THREAT FOCUS: B & Q Home Improvements – UNITED KINGDOM.

Exploit: Database leak. B&Q: Home improvement retailer. Risk to Small Business: 2.222 = Severe Customers Impacted: 70,000.

Risk to Small Business: 2.222 = Severe: Security researchers discovered that B&Q exposed the information of 70,000 people who were allegedly involved in criminal activity related to their stores. This can be classified as sensitive data under new GDPR requirements. However, what’s worse is that the company failed to report the incident or take the database offline after being notified.

Individual Risk: 2.714 = Moderate: Since the nature of the data includes criminal activity, along with associated names and vehicle details, this could be specifically damaging for those accused. If received in the wrong hands, it can be leveraged for data breaches, or even cause reputational harm to individuals.

Effect On Customers Business: When a breach occurs, a company’s cybersecurity practices and incident response teams are examined under a microscope. In this case, not only did a third party discover the compromise, but the company did not act in time. As news headlines demonstrate, such a delay in action will be criticized online, causing overall brand erosion and eventually cascading to customer loyalty being negatively

Risk Levels: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


THREAT FOCUS: Daily Motion - FRANCE

Exploit: Credential stuffing attack. DailyMotion: Video sharing platform Risk to Small Business: 2.333 = Severe Customers Impacted: To be determined

In this incident, hackers attempted to scam parents of Newcastle students by asking them to pay school fees in bitcoin to receive a 25% discount. Since the attackers had access to the email addresses of parents, the Information Commissioner’s Office (ICO) is investigating to learn more and advising caution regarding future phishing attacks targeted towards schools.

Individual Risk: 2.571=Moderate: It is still unknown how hackers gained access to parents’ email addresses, which could put personal information at risk. However, it is unlikely that payment details were exposed.

Effect On Customers: Multiple cybersecurity firms have issued recent warnings for cyber-attacks that are intended for the education sector. Hackers have zeroed in on such institutions because store valuable information and are protected by legacy systems that are easily compromised

Risk Levels: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


THREAT FOCUS: Cebuana Lhuillier – PHILLIPINES

Exploit: Email server compromise. Cebuana Lhuillier: Pawn shop and microfinance firm. Risk to Small Business: 2 = Severe Customers Impacted: 900,000 clients.

Risk to Small Business: 2 = Severe: The company recently announced that data from 900,000 clients, or 3% of total clientele, had been accessed August 5th and 12th of 2018. Hackers downloaded contact lists used for marketing campaigns, which they can use to orchestrate email phishing attacks. Along with hiring a third-party information security provider, the company has alerted authorities and customers. However, the breach did not involve financial details and the company will likely recover after spending resources on containing the breach.

Individual Risk: 2.857 = Moderate: The attacker gained access to customer birthdays, addresses, and sources of income, which is quite limited in scope compared to other reported breaches. However, customers should ensure that this information cannot be leveraged to access other accounts.

Effect on Customers Business: When we think of data breaches, we usually do not account for marketing campaigns that reveal relatively little about customers. Yet, with the increased vigilance towards protecting personal information, even this type of data must be secured. As companies begin to accumulate more data around their customers to fortify their marketing efforts, they must also consider the implications for data security and identity

Risk Levels: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


THREAT FOCUS: Cryptopia Currency Exchange – NEW ZEALAND

Exploit: Payment fraud. Cryptopia: Online cryptocurrency exchange. Risk to Small Business: 1.888 = Severe Customers Impacted: Unknown.

Risk to Small Business: 1.888 = Severe: The breach initially occurred on January 13 and 14, yet little was known regarding the method of compromise. Hackers were able to extract cryptocurrency amounting to anywhere from $3 to $16 million in USD (NZ $4.4M-23.5M) over 5 days. Aside from likely having to reimburse customers, the exchange will have to contract with expensive financial forensics teams and likely face a decline in users.

Individual Risk: 2.428 = Severe: User wallets were depleted over 5 days, resulting in heavy financial losses among individuals. It remains to be seen if they will recover any of it, with the only silver lining being that personal information was most likely not compromised.

Effect On Customers: For companies dealing with discreet financial instruments, it becomes even more important for businesses to enhance their security efforts. Since cryptocurrency is based on anonymity, it will be incredibly difficult to trace hacker activities and understand how and which users were affected.

Risk Levels: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.





POSTSCRIPT:

How Cybersecurity Misconceptions are creating Vulnerabilities. According to a recent survey among 2,034 consumers, public misperceptions are making customers more vulnerable to breach. Almost 90% believe that cybersecurity risks are increasing, with 41% who know someone that has been a victim and 25% being personally impacted.

However, just over half are taking critical measures such as using two-factor authentication or changing their settings across browsers, social media, or email. Additionally, most have not recognized the vulnerabilities involved in smart home devices or mobile device security.

There is also a lack of alignment in terms of which breaches are the most common and severe, with 97.4% being aware of viruses, even though phishing and identity theft are the first and second most damaging threats to consumers. In order to prepare for future breaches to come, consumers must educate themselves on the new landscape of cybersecurity and take recommended actions to protect themselves.



* Disclaimer: Avantia Corporate Services Pty Ltd and Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, and up to 56 other countries who provide cyber breach information to us in real time. Given their international focus and experience in the cyberspace arena we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the contents accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions.

Want The Information  Cyber Criminal's  Don't Want You To Know?

Subscribe below to receive our weekly Threat Updates straight to your inbox.

Call (07) 3010 9711 

info@avantiacorp.com.au

 

Avantia Corporate Services Pty Ltd,                    Level 7, 320 Adelaide Street

Brisbane, Queensland 4000

AUSTRALIA.

  • LinkedIn Social Icon
  • Facebook Social Icon

DISCLAIMER*: Avantia Corporate Services Pty Ltd and Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, and up to 56 other countries who provide cyber breach and cybersecurity information to us in real-time. Given their international focus and experience in the cyberspace arena, we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the content's accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.

*COPYRIGHT 2020* Avantia Corporate Services  PTY LTD - All Rights Reserved.