Search
  • Avantia Threat Update

DISASTER STRIKES - 8.8 BILLION DATA RECORDS BREACHED IN MAY 2020



THIS PAST WEEK: 8.8Billion Data Records breached in May 2020; Hackers sell stolen User Data on the Dark Web including PII info; Hacker leaks Database of Dark Web hosting providers; Half of all employees admit to cutting cyber corners whilst working from home; Blackberry partners with ‘DeDrone’ to counter drone technology; Hackers target your Smartphones to enter your companies network; A malware attack undermines the benefits of shopping online; ,A new study reveals that password management is a serious problem for data breach victims and major Breaches occur in UNITED STATES; IRELAND; CANADA; BELGIUM; UNITED KINGDOM and AUSTRALIA. 


Dark Web ID Trends:

Top Source Hits: ID Theft Forums

Top Compromise Type: Domain

Top Industry: Education & Research

Top Employee Count: 1 - 10

__________________________________________________________________________________


LIST OF DATA BREACHES AND CYBER ATTACKS IN MAY 2020 - 8.8 BILLION RECORDS

Avantia Cyber Security’s UK Partner, IT Governance Ltd reported 8,801,171,594 breached data records in one month of May 2020. Yes, thats right 8.8 billion. Whilst he majority of those were the result of a leaky database belonging to the Thai phone network AIS that was quickly resolved – but it was a dire month even if you discount that. There were 105 incidents in total, including several that are alarming either in terms of their size or their severity. Indeed, it bears reminding relatively small breaches can often be the most damaging – such as an email gaffe this month in which the identities of 250 abuse survivors in Northern Ireland were exposed

.

HACKERS SELL STOLEN USER DATA FROM HOME-CHEF, CHATBOOKS AND CHRONICLE

Three more high-profile databases are being offered for sale by the same group claiming the Tokopedia and Unacademy breaches, and the more recently reported theft of Microsoft’s private GitHub repositories. Going by the name Shiny Hunters, the group is now selling user records from meal kit delivery service HomeChef, from photo print service ChatBooks, and Chronicle.com, a news source for higher education. Together, the three databases count user records and passwords from 26 million accounts. The ask prices are between $1,500 and $2,500. In a conversation with BleepingComputer, the hackers said that they have more databases from other breached websites. They plan on selling them in the near future. BleepingComputer was unable to independently confirm if the data that is offered for sale is authentic or not; the past two sales suggest that it is. Researchers at digital risk protection company ZeroFox caught the posts from the hackers and assess with high confidence that the breaches are legitimate. With eight million user records, the HomeChef trove is the most expensive. It was advertised today and had not been sold when the researchers saw the hackers’ post. The hackers demand $2,500 for emails, bcrypt-hashed passwords, IP addresses. Although the passwords need to be dehashed to extend the range of illegal activities this database can serve, it still has value. Personally identifiable information (PII) including phone numbers, zip codes, and partial social security numbers are also present in the sample set from the hackers. The post for the ChatBooks database was published on May 3 and the asking price is $2,000 for 15 million rows of data. It did not have any buyers through the dark web forum it was advertised on. From the sample provided by Shiny Hunters, the database has email addresses, passwords hashed with the SHA-512 function, social media access tokens, and some PII (Personally Identifiable Information). With a price tag of $1,500, the data from Chronicle.com is the cheapest. It is also the smallest, with three million user records. It was posted on May 3 and there are no details about the type of information it contains. Just like with the others, nobody bought it. The lack of buyers makes it probable that the three databases will soon become available on other markets for lower prices. “It is likely that this actor will continue to breach companies and post their content for sale,” notes ZeroFox Alpha Team in a blog post this past week. They add that these tactics proved successful for other hackers and there is no reason this should not work in the case of Shiny Hunters.


HACKER LEAKS DATABASE OF DARK WEB HOSTING PROVIDER

Leaked data contains email addresses, site admin passwords, and .onion domain private keys.

The hacker has leaked online the database of Daniel's Hosting (DH), the largest free web hosting provider for dark web services. The leaked data was obtained after the hacker breached DH earlier this year, on March 10, 2020. At the time, DH owner Daniel Winzen said the hacker breached his portal, stole its database, and then wiped all servers. On March 26, two weeks after the breach, DH shut down its service for good, urging users to move their sites to new dark web hosting providers. Around 7,600 websites -- a third of all dark web portals -- went down following DH's shutdown. A hacker going by the name of KingNull uploaded a copy of DH's stolen database on a file-hosting portal. According to a cursory analysis of today's data dump, the leaked data includes 3,671 email addresses, 7,205 account passwords, and 8,580 private keys for .onion (dark web) domains. "The leaked database contains sensitive information on the owners and users of several thousand darknet domains," threat intelligence firm Under the Breach said today after analysis of the leak. ‘Under the Breach’ said the leaked data can be used to tie the owners of leaked email addresses to certain dark web portals. "This information could substantially help law enforcement track the individuals running or taking part in illegal activities on these darknet sites," Under the Breach said. Furthermore, if the site owners moved their dark web portals to new hosting providers but continued to use the old password, hackers could also take over their new accounts -- if they crack the leaked DH hashed passwords. However, while threat intelligence firms and law enforcement may comb the database in search of clues of users who hosted cybercrime-related sites, the leaked data may also put the owners of dissident and political sites at risk of having their identities exposed by oppressive regimes, which could have dire consequences if those users did not take necessary steps to protect their identities. IP addresses, which could have helped law enforcement in some investigations, were not included in the dumped data. The March 2020 hack was the second time that DH suffered a security breach. The site had been previously hacked in November 2018 when an intruder similarly breached the site's backend database server and deleted all sites. More than 6,500 were wiped at the time, but no data was ever leaked.

However, DH is not the only major dark web hosting provider to have been hacked. In 2017, the same Anonymous hacker collective took down Freedom Hosting II after they discovered that the hosting provider was sheltering child abuse portals. KingNull, who also claimed to be part of the Anonymous hacker collective, did not return an email seeking additional comment. Following the March 2020 hack, Winzen said that he still plans to relaunch the service in several months, but only after several improvements, and that this was not a priority.

HALF OF EMPLOYEES ADMIT THEY ARE CUTTING CYBER SECURITY CORNERS WHEN WORKING FROM HOME.

Distractions while working from home, pressure to hit deadlines and using personal devices are all creating additional security risks for remote workers.Half of employees are cutting corners with regards to cybersecurity while working from home – and could be putting their organisation at risk of cyberattacks or data breaches as a result. The coronavirus pandemic has forced both employers and employees to quickly adjust to remote working – and, often without the watchful eyes of IT and information security teams, workers are taking more risks online and with data than they would at the office. Analysis by researchers at cybersecurity company Tessian reveals that 52% of employees believe they can get away with riskier behavior when working from home, such as sharing confidential files via email instead of more trusted mechanisms. According to Tessian's The State of Data Loss Report, some of the top reasons employees aren't completely following the same safe data practices as usual include working from their own device, rather than a company issued one, as well as feeling as if they can take additional risks because they're not being watched by IT and security. In some cases, employees aren't purposefully ignoring security practices, but distractions while working from home – such as childcare, room-mates and not having a desk set-up like they would at the office – are having an impact on how people operate.

Meanwhile, some employees say they're being forced to cut security corners because they're under pressure to get work done quickly. Half of those surveyed said they've had to find workarounds for security policies in order to efficiently do the work they're required to do – suggesting that in some cases, security policies are too much of a barrier for employees working from home to adapt to. However, by adopting workarounds employees could be putting their organisation at risk from cyberattacks, especially as hackers increasingly turn their attention to remote workers. "People will cut corners on security best practices when working remotely and find workarounds if security policies disrupt their productivity in these new working conditions," said Tim Salder, CEO of Tessian. "But, all it takes is one misdirected email, incorrectly stored data file, or weak password, before a business faces a severe data breach that results in the wrath of regulations and financial turmoil." While the surge in remote working is bringing additional challenges for both employees and employers, there are a number of simple steps that can be taken to boost security without impeding productivity. One of these is employing multi-factor authentication, providing an extra barrier to defense that helps stop cyber criminals gaining access to accounts – and potentially corporate data.


BLACKBERRY PARTNERS WITH DEDRONE ON COUNTER-DRONE TECHNOLOGY.

Dedrone will be integrating BlackBerry's AtHoc crisis communications software into its products to enable real-time alerts when a malicious or unauthorized drone is detected in a customer's airspace. BlackBerry has announced it's partnering with the airspace security firm Dedrone to deliver counter-drone technology. Dedrone will be integrating BlackBerry's AtHoc crisis communications software into its products to enable real-time alerts when a malicious or unauthorized drone is detected in a customer's airspace.  The new integration will allow customers to create automated, highly targeted alerts based on criteria such as flight zones, drone behavior or user groups.  "When an unauthorized drone enters restricted airspace, time is of the essence," Dedrone President and Chief Business Officer Aaditya Devarakonda said in a statement. "The more effectively the on-site personnel can respond, the better their chances of countering whatever the drone is there to do." Dedrone, founded in 2014, works with a range of public and private sector customers, including the US military, allied and coalition forces, correctional facilities, airports and utilities.  BlackBerry, for its part, transitioned away from the mobile device business to focus on security software and services. Endpoint security management is one of its areas of focus.  "Drones are one of the many IoT endpoints that add to the growing chaos that security leaders must navigate," BlackBerry's SVP of Secure Communications Christoph Erdmann said in a statement. 

HACKERS ARE TARGETING YOUR SMARTPHONE AS A WAY INTO THE COMPANY NETWORK

Campaigns targeting smartphones have risen by a third in just a few months warns security company. The number of phishing attacks targeting smartphones as the entry point for attempting to compromise enterprise networks has risen by more than a third over the course of just a few months. Analysis by cybersecurity company Lookout found that there's been a 37% increase in mobile phishing attacks worldwide between the last three months of 2019 and the first few months of 2020 alone. Cyber security 101: Protect your privacy from hackers, spies, and the government

Phishing emails have long been a problem for desktop and laptop users, but the increased use of mobile devices – especially as more people are working remotely – has created an additional attack vector for cyber criminals who are targeting both Android and IOS phones. Attacks targeting desktop email applications can leave tell-tale signs that something might not be quite right, such as being able to preview links and attachments, or see email addresses and URLs that might look suspicious. However, this is harder to spot on mobile email, social media and messaging applications because the way they're designed for smaller screens. "It's difficult to spot red flags that we normally detect on a laptop or PC on such a small mobile screen," Hank Schless, senior manager of security solutions at Lookout said. "Since we can't preview links, see full URLs in mobile browsers, and quickly tap anything that comes our way, malicious actors are investing their time and energy into making these campaigns undetectable to the untrained eye". In many cases, attackers are able to design fake login pages that look almost exactly like that of the organisation they're targeting, especially now so many businesses rely on cloud platforms like Office 365. If a user enters their username and password into a phishing page, they're handing these over to an attacker who can take advantage of this to gain access to their corporate accounts. Mobile phishing attacks against personal accounts are also on the rise, as attackers exploit smartphones and mobile browsers in attempts to steal login details, banking information and other personal data. One campaign uncovered by Lookout saw customers of a major Canadian bank targeted by an attacker who sent out a mass text message to thousands of people asking them to login into their account, directing them to pages that looked almost identical to the real thing. Attackers are also attempting to take advantage of the coronavirus pandemic with mobile phishing campaigns, posing as government and health organisations. "Mobile phishing campaigns will continue to get harder to spot, and we can expect more advanced social engineering in channels beyond SMS and email," said Schless. "The line between a personal device and a work device will get blurrier, and attackers know that they can use platforms outside the protection of traditional corporate security policies to gain access to an organization's infrastructure," he added. Defending against mobile phishing attacks can be difficult, but warning employees about the risk of these campaigns can go some way to preventing them. Organisations could also consider using a mobile security system – but they also need to be aware that it doesn't cross a line when it comes to invading privacy of the user. "Ideally, the solution should not inspect content and should instead only alert the person when they encounter a malicious link and automatically block the nefarious connection. These alerts will educate users to adjust their browsing habits and ultimately lower your organization's overall risk profile," said Schless.


__________________________________________________________________________________

THREAT FOCUS: Quidd   DIGITAL - UNITED STATES

https://www.itproportal.com/news/account-credentials-of-four-million-quidd-users-exposed-online/


Exploit: Unauthorized database access 

Quidd: Digital collectibles app  

Risk to Small Business: 2.137 = Severe Bad actors infiltrated a Quidd database and shared its contents online, exposing users’ account credentials. The database was circulating on private forums for months, but the platform didn’t identify the breach until it appeared on a public board this week. The passwords were encrypted, but hackers have already cracked more than 135,000 passwords. Quidd’s slow response was further exacerbated by delayed notification procedures, as victims still haven’t been notified of the incident.    I

ndividual Risk: 2.795 = Moderate The data breach compromised usernames and passwords. All platform members should immediately update their credentials while assessing the integrity of other online accounts. Quidd users should continue evaluating their accounts for unusual or suspicious activity. 

Customers Impacted: 4,000,000

Effect On Customers: Rapidly identifying and responding to potential data breaches is a critical component of any defensive posture. In this case, the company could have acted much sooner if the Dark Web was being monitored for their information. Being able to identify the sale or transfer of company data enables businesses to respond before an incident escalates.

Risk Levels: 1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: Dark Web ID monitors the Dark Web to find out if your employee or customer data has been compromised. We work with our partners to strengthen their security suite by offering an industry-leading detection and real time alert system Discover more and get a FREE Credential Search of the Dark Web by calling Avantia on 07 30109711 now - before its too late.

THREAT FOCUS: Arbonne International - UNITED STATES

https://www.bleepingcomputer.com/news/security/arbonne-mlm-data-breach-exposes-user-passwords-personal-info/


Exploit: Unauthorized database access

Arbonne International: Multi-level marketing (MLM) platform 

Risk to Small Business: 1.692 = Severe A data breach has exposed personal information for thousands of MLM participants. The data loss event began when the company detected unusual network activity on April 20th, but the incident was not revealed publicly until this week. The breach specifically applies to California employees, which means regulatory authorities will likely scrutinize the incident under the California Consumer Privacy Regulation

Individual Risk: 2.591 = Severe The breach compromised MLM members’ names, email addresses, mailing addresses, phone numbers, purchase histories, and account passwords. Those impacted need to reset their Arbonne account password, and they should update other credentials using the same details. At the same time, victims should carefully monitor their accounts and communications for suspicious activity, since personal data is often used in subsequent phishing scams and other fraud attempts.   

Customers Impacted:  3,527

Effect On Customers: Consumer sentiment has quickly shifted toward a privacy-first approach to personal information, and regulatory efforts are enforcing that priority. Data privacy laws already apply in many places, and companies should expect more regulatory scrutiny in the years ahead.

Risk Levels:

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & Huntsman Digital Auditor to the Rescue: Helping SME’s to understand the importance of security is no easy task. With an ‘Essential8’ Digital Security Audit we offer a remote access, independent, ‘real time’ audit of our clients critical operational infrastructure systems to determine where the gaps are, with recommendations for remediation.

Its the first step to real cyber security. Call Avantia’s office on 07 30109711 or visit: https://www.avantiacybersecurity.com/cyber-security-audit

THREAT FOCUS: Minted Marketplace - UNITED STATES 

https://www.bleepingcomputer.com/news/security/minted-discloses-data-breach-after-5m-user-records-sold-online/


Exploit: Unauthorized database access

Minted: Online marketplace for independent artists 

Risk to Small Business: 1.980 = Severe After a database was made available on the Dark Web, Minted acknowledged a data breach that compromised customer information. The breach happened when hackers accessed a company database on May 6th, and it’s unclear why it took the company more than three weeks to identify and respond. Customers are increasingly willing to walk away from platforms that can’t protect their data, and the company’s slow response could make it more challenging to regain users’ trust. 

Individual Risk: 2.602 = Moderate The incident compromised users’ data, including their names, addresses, phone numbers. Less than 1% of victims also had their dates of birth exposed. In addition, users’ login credentials were impacted. In response, those affected by the breach need to update their Minted passwords and any other platform passwords that use similar information.  

Customers Impacted: 5,000,000

Effect On Customers: Data beaches are a public relations nightmare, and a fast, effective response can be the difference between restoring trust and watching customers walk away. At the same time, equipping employees and customers with tools to secure their accounts demonstrates a tangible commitment to data security.

Risk Levels:

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & Huntsman Digital Auditor to the Rescue: Helping SME’s to understand the importance of security is no easy task. With an ‘Essential8’ Digital Security Audit we offer a remote access, independent, ‘real time’ audit of our clients critical operational infrastructure systems to determine where the gaps are, with recommendations for remediation.

Its the first step to real cyber security. Call Avantia’s office on 07 30109711 or visit: https://www.avantiacybersecurity.com/cyber-security-audit

THREAT FOCUS: Northwest Atlantic Fisheries Organization (NAFO) - CANADA

https://www.cbc.ca/news/canada/nova-scotia/ransomware-attack-at-fisheries-organization-in-halifax-1.5585701?&web_view=true


Exploit: Ransomware 

NAFO: International fisheries organization 

Risk to Small Business: 1.542 = Extreme A ransomware attack has compromised the organization’s servers, making them unusable. Consequently, NAFO’s website has been inaccessible for more than a week, and a critical database for an upcoming scientific council is inoperable. NAFO had previously been warned of cybersecurity vulnerabilities, but they failed to take action, which may have contributed to this effective ransomware attack. Now the organization must decide if they will pay the undisclosed ransomware or attempt to restore systems in other ways. Regardless, it will be an expensive recovery process for the organization and its employees.   

Individual Risk: At this time, no personal information was compromised in the breach.  

Customers Impacted: Unknown

Effect On Customers: Ransomware attacks are devastating for small businesses, which often lack the robust resources of larger corporations to restore operations. In an already-challenging business environment, ensuring that your digital environment is prepared to defend against these attacks should be a top priority. As NAFO learned the hard way, failing to repair small vulnerabilities can have outsized consequences.

Risk Levels:

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & BullPhish ID: Designed to protect against human error, Bullphish ID simulates phishing attacks that can lead to ransomware attacks and manages security awareness training campaigns to educate employees, making them the best defense against cybercrime. Training including video is now available in 8 languages! Learn more by calling Avantia on 07 30109711 or contacting us at info@avantiacorp.com.au today.


THREAT FOCUS: Savia Rights - IRELAND

http://www.irishnews.com/news/northernirelandnews/2020/05/26/news/abuse-group-says-it-s-too-late-for-apologies-over-major-data-breach-1951504/


Exploit: Accidental data sharing  

Savia: Victims’ rights group 

Risk to Small Business: 1.427 = Extreme An employee included hundreds of abuse victims’ personal identities in an external email, creating a data privacy incident with vast implications. Advocates, incensed by the oversight, called for the organization’s leader to resign, and others have publicly threatened to sue Savia. Making matters worse, the organization was slow to address the error, promising to manage the situation after a long holiday weekend concluded. For an organization predicated on trust, this incident has significantly undermined its mission, making it more difficult to successfully advocate for victims’ rights. At the same time, regulatory scrutiny will certainly accompany the incident, potentially bringing financial consequences to an already-arduous situation.

Individual Risk: 1.122 = Extreme The data breach included the names and personal stories for hundreds of victims, many who never shared their stories publicly. This privacy violation could have profound personal implications for each person involved. 

Customers Impacted: 250

Effect On Customers: The Information Commissioner has already promised an investigation into the data breach. The results of the investigation could have profound implications for the organization. When coupled with the reputational damage, Savia certainly has a long road ahead as it seeks to rebuild the public’s trust.

Risk Levels:

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security and Cyber Hawk to the Rescue: More than 70% of all cybersecurity incidents today are the result of internal security issues that no firewall or anti-virus could have prevented.  Cyber Hawk combines machine learning and intelligent tagging to identify anomalous activity, suspicious changes and threats caused by misconfigurations. For More information call Avantia on 07 30109711 or Email info@avantiacorp.com.au today.

THREAT FOCUS: European Parliament   - BELGIUM      

https://www.cpomagazine.com/cyber-security/sensitive-data-belonging-to-european-officials-leaked-in-a-major-eu-parliament-breach/


Exploit: Unauthorized database access 

EU Parliament: Legislative branch of the European Union  

Risk to Small Business: 2.105 = Severe A website managed by the European Parliament exposed sensitive personal details for current and former staff members. The breach was detected by a cybersecurity company conducting a random screening of exposed data, meaning EU officials were unaware of the vulnerability. This underscores the agency’s integrity, as it tries to curtail data privacy issues through its expansive General Data Protection regulation. In response, users will be required to reset passwords more frequently and adhere to more stringent defensive tactics.   

Individual Risk: 2.430 = Severe Officials have not released the specific information categories compromised in the breach, but they admitted that it includes both personal and professional data. Notably, the breach exposes people to the risk of phishing attacks, which could lead to even more harmful compromises. Those impacted need to carefully scrutinize incoming, ensuring that they are engaging with authentic communications.

Customers Impacted: 16,200

Effect On Customers: Even after steps are taken to repair the damage of a data breach, the consequences can linger for years afterward. Bad actors can reuse stolen information to craft convincing phishing scams that threaten sensitive information. Therefore, in today’s digital environment, phishing scam awareness training is a must-have component of any data security initiative.

Risk Levels:

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & BullPhish ID: Designed to protect against human error, Bullphish ID simulates phishing attacks that can lead to ransomware attacks and manages security awareness training campaigns to educate employees, making them the best defense against cybercrime. Training including video is now available in 8 languages! Learn more by calling Avantia on 07 30109711 or contacting us at info@avantiacorp.com.au today.

THREAT FOCUS: Páramo Clothing - UNITED KINGDOM      

https://www.theregister.co.uk/2020/05/19/paramo_hack_magecart/?&web_view=true


Exploit: Malware attack

Páramo: Clothing retailer 

Risk to Small Business: 1.755 = Severe Card-skimming malware was active on Páramo’s online store for more than eight months before the retailer identified and eradicated the malicious code. Specifically, the malware redirected shoppers’ card information through a PayPal plugin. The information was forwarded to hackers who could use the data to commit financial fraud. This attack was especially difficult to detect, underscoring the importance of actively securing the online checkout process against bad actors.

Individual Risk: 1.992 = Severe The card-skimming malware collected shoppers’ names, addresses, card numbers, and CVV codes. This information can be used in a variety of financial crimes, and victims should immediately report the breach to their financial institutions. Also, they should enroll in a credit monitoring service that can help ensure the long-term integrity of their personal and financial data.  

Customers Impacted: 3,743

Effect On Customers: Online shopping has surged since the COVID-19 pandemic, presenting an opportunity for retailers to recoup some of the losses from diminished foot traffic. However, while shoppers are spending more money online than ever before, they are also more willing to walk away from retail outlets that can’t protect their information. Card-skimming malware is a real threat to the checkout process, and it’s one of many cybersecurity concerns that businesses looking to capitalize on their online stores need to consider.

Risk Levels:

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & Huntsman Digital Auditor to the Rescue: Helping SME’s to understand the importance of security is no easy task. With an ‘Essential8’ Digital Security Audit we offer a remote access, independent, ‘real time’ audit of our clients critical operational infrastructure systems to determine where the gaps are, with recommendations for remediation.

Its the first step to real cyber security. Call Avantia’s office on 07 30109711 or visit: https://www.avantiacybersecurity.com/cyber-security-audit

THREAT FOCUS: Big Footy  Fan Club - AUSTRALIA   

https://www.smh.com.au/politics/federal/big-footy-data-breach-exposed-private-details-of-up-to-100-000-users-20200529-p54xnz.html


Exploit: Phishing scam

Big Footy: AFL fan website   

Risk to Small Business: 2.226 = Severe Cybersecurity researchers discovered more 132GB of accessible data originating from Big Footy’s online platform. The data includes personal and business data, as well as private conversions between users. The company has taken steps to secure its infrastructure and notify users, two tasks that will be costly to its reputation and bottom line. Big Footy hopes that bad actors haven’t accessed this information, but information that’s publicly exposed is often collected and sold on the Dark Web.

Individual Risk: 2.761 = Moderate The breach exposed users’ private messages, email addresses, phone numbers, passwords, and other sensitive personal details. The breach compromised many high-profile users, including police officers and government officials, giving the public unprecedented access to their private conversations. Big Footy is warning users to carefully monitor their accounts and communications for signs of misuse. Those impacted by the breach should update their Big Footy passwords and any other account credentials using a similar password combination.

Customers Impacted: Unknown

Effect On Customers: Today’s organizations face threats on many fronts, making accidental, unforced errors especially problematic. In this case, the company failed to adequately assess its IT environment to ensure that all of the access points were secure. It’s a reminder that small details can have enormous consequences, and today’s organizations need to plan for a 360-degree approach to cybersecurity.  

Risk Levels:

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & Huntsman Digital Auditor to the Rescue: Helping SME’s to understand the importance of security is no easy task. With an ‘Essential8’ Digital Security Audit we offer a remote access, independent, ‘real time’ audit of our clients critical operational infrastructure systems to determine where the gaps are, with recommendations for remediation.

Its the first step to real cyber security. Call Avantia’s office on 07 30109711 or visit: https://www.avantiacybersecurity.com/cyber-security-audi

______________________________________________________________________________


POSTSCRIPT:


Small Businesses Suffer More Than A Quarter of all Breaches     

According to Verizon’s 2020 Data Breach Investigations Report, small businesses are increasingly the target of cybercriminals. The report, which analyzed more than 157,000 cybersecurity incidents, found that 28% were directed at small businesses. Previously, cybercriminals have targeted larger organizations as the rate of return was often higher. However, a transition to cloud computing and the use of social engineering attacks, like phishing scams, has increased the risk for small businesses.  In response, it’s clear that small businesses need to prioritize cybersecurity as a data breach has an outsized effect on smaller organizations. Among other recommendations, the report encourages small businesses to invest in continuous vulnerability management, secure their email infrastructure to protect themselves from the growing threat of phishing attacks. It’s also essential that companies recognize and identify insider threat sources and eliminate them as quickly as possible. Using tools and services that support good password hygiene, offering things like single sign-on, two-factor authentication, and other password-oriented enhancements, and enforcing stricter password reuse and sharing policies can help mitigate the risk of password compromise through password reuse and weakness.


New Trouble Comes From Users Who Rarely Update Their Passwords    

Despite years of advocacy and continual advice to update passwords frequently, the majority of victims fail to follow through on this priority. According to research by the Carnegie Mellon University’s CyLap, even after a data breach, users rarely voluntarily update their credentials, and only 13% even did so within three months of a known breach. Updating passwords consistently is an essential security tool. Part of protecting a company’s data and systems from bad actors requires knowing when that company’s credentials have been compromised – and that compromise isn’t always on them. A third party breach could put corporate passwords at risk unexpectedly.  Given the high number of compromised credentials available on the Dark Web, updating passwords after a breach is a critical recovery act that can help limit the scope and impact of the breach. Dark Web ID is an essential tool for finding out if company credentials have been compromised in someone else’s breach.    

__________________________________________________________________________________


OUR CYBER SECURITY PARTNERS - THE BEST OF THE BEST


MSD Information Technology is an Australian Managed Service Provider who believes that technology should support and enhance an organisations success, not constrain it.  MSD are experts in the SME Business environment, helping companies to grow without ICT limits. MSD has assisted in client growth from a single staff member at 1 office to 100 staff across multiple offices over a wide range of industries and collaborate with Avantia Cyber Security to execute the technical and operational aspects of Cyber  Security and Cyber Resilience.


ID Agent provides a comprehensive set of threat intelligence and identity monitoring solutions to private and public sector organizations and to millions of individuals impacted by cyber incidents. The company's flagship product, Dark Web ID, combines human and sophisticated Dark Web intelligence with capabilities to identify, analyse and monitor for compromised or stolen employee and customer data, mitigating exposure to clients’ most valuable assets – their digital identity. 


Huntsman 'Essential 8' Cyber Auditor provides security technology to measure, report and reduce cyber risk to enable the digital transformation of governments and business to more efficient operating models, while at the same time complying with the increasing demands of legislative requirements.  Huntsman's 'Essential 8 Auditor' is a cybersecurity auditing tool that provides an objective, quantitative measure of an organisation’s cyber posture to determine and alert organisations to any gaps in key cyber defense strategies. The Essential 8  (E8) Framework was developed by the Australian Signals Directorate (ASD).  It is a prioritised list of practical security controls that organisations can implement to make their organisation’s information more secure and has been found to mitigate up to 85% of cyber attacks. 


WatchGuard has pioneered cutting-edge cybersecurity technology and delivered it as easy-to-deploy and easy-to-manage solutions. With industry-leading network security, secure Wi-Fi, multi-factor authentication, and network intelligence products and services, WatchGuard enables more than 80,000 small and midsize enterprises from around the globe to protect their most important assets. In a world where the cybersecurity landscape is constantly evolving, and new threats emerge each day, WatchGuard makes enterprise-grade cybersecurity technology accessible for every company. WatchGuard is headquartered in Seattle, Washington, with offices throughout North America, Europe, Asia Pacific, and Latin America. 


Unitrends Cloud Backup makes efficient, reliable backup and recovery as effortless and hassle-free as possible. Unitrends combine deep expertise gained over thirty years of focusing on backup and cloud storage purpose-built to make data protection simpler, more automated and more resilient than any other solution in the industry. Up to 1 TB of cloud storage is included for each workstation, more than enough for even the largest endpoints. No fees to access your data or restore files, and recovery is self-service. No surprises. No gotchas. Just simple, cost-efficient endpoint protection that you would expect from a company with over 30 years of experience. 


IT Governance is a leading global provider of cyber risk and privacy management solutions, with a special focus on cyber resilience, data protection, PCI DSS, ISO 27001 and cybersecurity.  In an increasingly punitive and privacy-focused business environment, they are committed to helping businesses protect themselves and their customers from the perpetually evolving range of cyber threats.  Their deep industry expertise and pragmatic approach helps their clients improve their defenses and make key strategic decisions that benefit the entire business.


Symantec Endpoint Protection is a client-server solution that protects laptops, desktops, and servers in your network against malware, risks, and vulnerabilities. Symantec Endpoint Protection combines virus protection with advanced threat protection to proactively secure computers against known and unknown threats, such as viruses, worms, Trojan horses, and adware. Providing low maintenance and high power across all operating systems, Symantec Endpoint Protection communicates over your network to automatically safeguard both physical systems and virtual systems against attacks.  


LastPass is a  Password Manager that stores encrypted passwords online. The standard version of LastPass comes with a web interface, but also includes plugins for various web browsers and apps for many smartphones.  As a password manager, LastPass will help you in your day-to-day work while improving the overall security of your online life. Key benefits of using LastPass include: Convenience – No more forgotten or mistyped passwords; Time saved – Instantly log in to websites; Stronger security – Long passwords that you don't have to remember.


Perimeter Protection - Without proper attention to the physical security of information assets, your IT Data and Infrastructure are subject to security threats from known or unknown sources looking to steal or compromise your IP.   The risk of physical security breaches, internally or externally, to your IT Systems, are critical to protecting your most valuable asset: Data.  Physical protection includes essential Alarms and Monitoring; CC TV Systems; Access Control Systems; Intercoms; Cameras and Backup Systems. At Perimeter Security, we are experts in  Assessing, Supplying, Installing and Monitoring robust  Security Infrastructure to suit all your needs.


Cyber Hawk - More than 70% of all cybersecurity incidents today are the result of internal security issues that no firewall or anti-virus could have prevented.  Cyber Hawk combines machine learning and intelligent tagging to identify anomalous activity, suspicious changes and threats caused by misconfigurations.  It is uploaded remotely on your Windows based Endpoints (Desktops/Laptops/Tablets) and keeps you posted of any potential internal security issues going on inside your network. Set the time for the daily scan and Cyber Hawk reports back with an email alert sent to any address you specify. The daily alerts aggregate the issues that were detected during the past 24 hours and can be sorted either by priority/severity (high, medium and low) of the threat, or by the type of issue (threat, anomaly, change).


PASSLY is our Digital Risk Protection Platform. With the mass migration to remote work and the increased dependency on cloud applications to run daily business operations, Secure Identity and Access Management is the cornerstone of enabling the right people to have the right resources - all from the right devices and locations.  Passly includes state-of-the-art features to protect your systems and data, including multi-factor authentication, secure password vault, single sign-on, and integration with Dark Web ID to view exposed credential hits. Passly is the ideal security solution for today’s remote workforce – at a fraction of the price of other tools. 


BullPhish ID platform delivers simulated phishing attacks and security awareness training campaigns designed to educate employees, making them the best defense against cybercrime. 22 engaging training videos and online quizzes offered by BullPhish ID are available in the following languages, in addition to English: Dutch;  French;  German; Italian;

Portuguese;  Spanish (Iberian/European) and Spanish (Latin) Employees learn best in their native language. By offering BullPhish ID training videos with translations in seven additional languages, we’re making security awareness training more accessible to users around the world. Training your employees about the dangers and risks of cybersecurity is the first line of defense by expanding and empowering companies and their employees to take action against cyber threats and to shore up protection of digital identities and corporate assets.

If you feel that any of the above services could be of benefit to your business please contact Paul Nielsen on +61 7 30109711 (Office Hours) at Avantia Corporate Services, for a confidential no-obligation discussion about your needs.

______________________________________________________________________________


Disclaimer*:

Avantia Corporate Services Pty Ltd T/A Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, and up to 56 other countries who provide cyber breach and cyber security information to us in real time. Given their international focus and experience in the cyberspace arena we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the contents accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.

*COPYRIGHT 2020* Avantia Corporate Services - All Rights Reserved.

(9,023,720)

Want The Information  Cyber Criminal's  Don't Want You To Know?

Subscribe below to receive our weekly Threat Updates straight to your inbox.

Call (07) 3010 9711 

info@avantiacorp.com.au

 

Avantia Corporate Services Pty Ltd,                    Level 7, 320 Adelaide Street

Brisbane, Queensland 4000

AUSTRALIA.

  • LinkedIn Social Icon
  • Facebook Social Icon

DISCLAIMER*: Avantia Corporate Services Pty Ltd and Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, and up to 56 other countries who provide cyber breach and cybersecurity information to us in real-time. Given their international focus and experience in the cyberspace arena, we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the content's accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.

*COPYRIGHT 2020* Avantia Corporate Services  PTY LTD - All Rights Reserved.