Search
  • Avantia Threat Update

EVIL CORP FOUNDER WITH TIES TO RUSSIAN FSB INTELLIGENCE SERVICES IS INDICTED IN THE USA.


US$ 5Million reward for capture offered.

This Past Week*, hackers with links to Russian FSB Intelligence Services indicted in US; France threatens revenge attack after targeted breaches; Passwords - a hackers perspective; North Korean group launches Trojan Virus; Major US Data Center gets Ransomwared; Ransomware costs companies on multiple fronts, Phishing scams have extensive data security consequences, Australian companies fail to adequately evaluate their third-party data sharing standards and major data breaches in USA; CANADA; HOLLAND; UNITED KINGDOM & SPAIN.


Known Customers Effected by Data Breaches reported in this Briefing

this past 4 weeks: 3,444,159 *


Dark Web ID Trends*:

Top Source Hits: ID Theft Forums  Top Compromise Type: Domain Top Industry: Medical & Healthcare  Top Employee Count: 1 - 10 Employees 

______________________________________________________________________________


EVIL CO FOUNDER INDICTED BY US TREASURY - US$ 5M REWARD OFFERED*

A Lamborghini-driving Moscow hacker whose number plate reads “THIEF” and calling his operation Evil Corp, has ties to the FSB Russian intelligence service. He was indicted by US authorities Thursday for the cybertheft of tens of millions of dollars. An indictment unsealed in Pittsburgh named Maksim Yakubets and his Evil Corp partner Igor Turashev as the main figures in a group which inserted malware on computers in dozens of countries to steal more than $100 million from companies and local authorities. The indictment was accompanied by sanctions from the US Treasury on the two men, as well as the announcement of a $5 million reward toward Yakubets' arrest and conviction -- the highest reward ever offered for a cybercriminal. "Maksim Yakubets allegedly has engaged in a decade-long cybercrime spree that deployed two of the most damaging pieces of financial malware ever used and resulted in tens of millions of dollars of losses to victims worldwide," said US Assistant Attorney General Brian Benczkowski. The Treasury said Yakubets specifically worked for the FSB intelligence agency "as of 2017" and was "tasked to work on projects for the Russian state." "Evil Corp and their Dridex software serves as yet another example of the Russian government enlisting the assistance of cybercriminals to carry out malign activities," a Treasury official told reporters on condition of anonymity. "Today's action makes absolutely clear that we will not tolerate this type of activity by any government or by any government's proxies." Evil Corp used phishing schemes to insert Dridex, Bugat and other malware files on a victims' computers, gaining access to identities, passwords, and ultimately bank accounts, from which they then transferred millions of dollars to themselves. Their tools, which built from an early malware known as Zeus, could also be used to defeat banks' online computer security systems. Investigators were aware of Yakubets, 32, already in 2009, after they traced him from his online nickname "aqua." According to Britain's National Crime Agency, which took part in the investigation, he was unabashed about his wealth, spending over a quarter-million pounds (over US$330,000) on his wedding. His customized Lamborghini has a personalized number plate that translates to "thief, according to the NCA. Yakubets oversaw the Evil Corp network managing the thefts and transfers of money. Officials said their operation exhibited 'Rarely-seen' sophistication which was constantly evolving, innovating and was audacious in staying ahead of investigators, even as some its participants, including two Ukraine based hackers in 2014, were arrested and network nodes shuttered. In 2015 US and British investigators disabled the Dridex botnet, but "within weeks" Evil Corp adapted it and their infrastructure to resume their thefts. The group "had a level of sophistication and scope of threat that we rarely see," said Pittsburgh-based US Attorney Scott Brady. Victims included a Franciscan Sisters religious order, a Pennsylvania district school board, an oil company and a gun manufacturer. In the United States, the total stolen in almost a decade was $70 million, while worldwide the known losses top $100 million, officials said. At least 300 banks hit by the fraudulent thefts are known, but officials say the individuals robbed could number in the thousands worldwide. Yakubets and Turashev were charged in Pittsburgh and a parallel indictment in Lincoln, Nebraska with multiple counts of conspiracy, computer hacking, wire fraud, and bank fraud. Both men are believed to be in Russia, and face possible extradition to the United States if they are arrested in other countries.


FRANCE THREATENS REVENGE ATTACK AFTER ITS HOSPITALS ATTACKED*

French authorities said they may hit back at cyber assailants who’ve struck a public hospital, forcing it to suspend all but the most vital systems. “The attacker is still active, and looking for targets in France,” said Guillaume Poupard, the head of the National Cyber Security agency ANSSI. He spoke on the sideline of a conference in Paris. “The French law allows us to be active against the attacker, to neutralize it. We’re not ruling it out,” he said. Authorities said the Nov. 15 attack’s characteristics are similar to those of a criminal group from Russia called TA505 and have deployed 50 agents at the Rouen hospital to repair networks and restore operations. Poupard said a series of attacks in the past weeks hit public and private operators with an emphasis on the health sector. He declined to say if publicly listed companies had been targets. While French police may be limited in their response, national agencies are increasingly launching their own cyberattacks across borders. French President Emmanuel Macron said in an interview with the Economist that he wants to collaborate on cyber security with Russia, an area where “we’re waging total war against one another.” Hospitals are becoming a favorite target for hackers worldwide. In the U.S., three hospitals were forced to suspend all but the most critical cases after a ransomware outbreak last month. Multiple hospitals in Australia also suffered attacks in October. In the U.K. in 2017, an outbreak cost the National Health Service 92 million pounds ($119 million) and shut down networks for several days. The Rouen hospital, 100 miles northwest of Paris, is one of 13 across France to be listed as a vital medical center. It was forced to halt services over the weekend after attackers sought to block its systems and demanded a ransom. A criminal investigation has been opened. “They must not have done enough research; hospitals in France have no money,” Poupard said.


WHAT IS PASSWORD RECOVERY AND HOW IS IT DIFFERENT FROM PASSWORD CRACKING - A HACKERS PERSPECTIVE.*

Why wasting time recovering passwords instead of just breaking in? Why can we crack some passwords but still have to recover the others? Not all types of protection are equal. There are multiple types of password protection, all having their legitimate use cases. In this article, we’ll explain the differences between the many types of password protection. The Password locks access In this scenario, the password is the lock. The actual data is either not encrypted at all or is encrypted with some other credentials that do not depend on the password.

Passwords with instant recovery possible Ever hidden the front-door key under a doormat “just in case”? Believe it or not, many passwords (as well as actual encryption keys) are stored alongside with the data they are designed to protect. Unsurprisingly, this strategy has a name of “Keys Under Doormats”. Governments in many countries including Australia, the UK and the US are trying to push the “Keys Under Doormats” strategy. Weak encryption It sometimes happens that the data is encrypted, the password is unknown and not stored alongside with the data, but the entire protection scheme is still vulnerable. Microsoft continued using this weak encryption scheme in Office 2003. While Microsoft offered other key lengths (e.g. 64 or 128 bits) available by manually changing the Crypto Service Provider, the default (and most widely used) setting remained 40-bit encryption. Strong encryption: you must attack the password, and it may be slow Finally, we’re going to discuss strong encryption with no known vulnerabilities. If the data is encrypted with a reasonably long encryption key and neither the encryption algorithm nor its actual implementation in the product have vulnerabilities or backdoors. The only possible way to access the data is recovering the original password. The password is used to calculate the actual encryption key ( ‘decryption key’ if you like), and that key is then used to decrypt the data. Password recovery companies are developing tools for trying as many password combinations per second as at all possible, while companies attempting to protect the data make their passwords as slow to break as possible. A hundred passwords per second is not going to break anything, so we must either improve the attack speed or reduce the number of passwords we try (or combine both methods). Speaking of backdoors: The device, file or document is encrypted with a strong encryption algorithm, and if a cryptographically strong password is specified (and neither the password nor the recovery key are stored or cached anywhere) can be incredibly tough to crack. In order to decrypt the data, one must run an exhaustive attack on the password, spending days, weeks or months without anything guaranteed. We’re watching encryption-related cases closely. Anecdotal evidence we collected during the past several years suggests that once the law enforcement faces strong encryption, the encryption wins in two of every three cases. This cannot satisfy some governments, and this is why certain countries are pushing encryption backdoors allowing the big brother to access encrypted data without a fuss. Australia has passed a law that would require companies to weaken their encryption, a move that could reverberate globally. Countries such as the US and the UK are watching closely. The three countries are pushing Facebook to create a backdoor to encrypted messages.

Conclusion: There are many different types of password protection ranging from a simple lock all the way to strong encryption algorithms employing long encryption keys and hundreds of thousands hash iterations to defer brute-force attacks.


NORTH KOREAN LAZARUS GROUP LAUNCHES NEW MACOS TROJAN*

The Lazarus group, which has been named as one of North Korea's state-sponsored hacking teams, has been found to be using new tactics to infect macOS machines. Dinesh_Devadoss, a threat analyst with anti-malware merchant K7 Computing, took credit for the discovery and reporting of what is believed to be the Lazarus group's first piece of in-memory malware on the Apple operating system. In-memory infections, also known as file-less malware, operate entirely within the host machine's volatile RAM. This allows the software nasty to avoid setting off any antivirus systems that monitor files in storage or otherwise don't regularly scan all of system memory for threats The malware sample found by Dinesh_Devadoss was dissected this week by Mac security guru Patrick Wardle, who says that the attack is a new spin on the classic Lazarus group tactic for slipping its malware onto the machines of unsuspecting users; by not installing any files during the secondary stage of the attack where the actual malicious activity occurs. As with other infections from the Lazarus group, the attack begins as a fake cryptocurrency application that uses social engineering to trick the user into installing and running what they think is a legitimate app. This portion of the attack is similar to the previous 'applejeus' malware. After the trojan is launched, however, the malware shows off its new trick: the secondary payload, the one where the actual spying or data theft would occur, can be performed in-memory without having to install further files on the hard drive. To do this, Wardle says, the malware first downloads and decrypts the payload, then, using macOS API calls, creates what is called an object file image. This lets the malicious package run in memory just as it would were it installed locally. "As the layout of an in-memory process image is different from it’s on disk-in image, one cannot simply copy a file into memory and directly execute it," Wardle said. So far, there is no indication as to precisely what Lazarus group plans to do with its new toy. "At this time, while the remote command & control server remains online," Wardle explained, "it simply it responding with a '0', meaning no payload is provided." If the history of Lazarus group is any indication, however, the malware will likely have some sort of financial or government use to help fill the North Korean regime's coffers. 


RANSOMWARE ATTACK HITS MAJOR US DATA CENTER*

Cyrus One, one of the biggest data center providers in the US, has suffered a ransomware attack, ZDNet has learned. In an email after this article's publication, a CyrusOne spokesperson confirmed the incident and said they are currently working with law enforcement and forensics firms to investigate the attack, and help customers restore systems impacted systems. "Six of our managed service customers, located primarily in our New York data center, have experienced availability issues due to a ransomware program encrypting certain devices in their network," CyrusOne told ZDNet. "Our data center colocation services, including IX and IP Network Services, are not involved in this incident. Our investigation is on-going and we are working closely with third-party experts to address this matter," the company said. According to details ZDNet received in a tip, the incident took place yesterday and was caused by a version of the REvil (Sodinokibi) ransomware. This is the same ransomware family that hit several managed service providers in June, over 20 Texas local governments in early August, and 400+ US dentist offices in late August. According to a copy of the ransom note, this was a targeted attack against the company's network. The point of entry is currently unknown. One of the six customers impacted by the ransomware infection is FIA Tech, a financial and brokerage firm. Tech ransomware caused on outage of FIA Tech cloud services. In a message to customers, FIA Tech said "the attack was focused on disrupting operations in an attempt to obtain a ransom from our data center provider." FIA Tech did not name the data center provider, but a quick search identifies it as CyrusOne. ZDNet has been told by a source close to CyrusOne that the data center provider does not intend to pay the ransom demand, barring any future unforeseen developments. The company owns 45 data centers in Europe, Asia, and the Americas, and has more than 1,000 customers. It is also considering a sale after receiving takeover interest over the summer, according to Bloomberg. CyrusOne is a publicly-traded, NASDAQ-listed company. In an SEC filing last year, the company explicitly listed "ransomware" as a risk factor for its business.

______________________________________________________________________________


THREAT FOCUS: DeBella’s Subs - UNITED STATES*

https://www.democratandchronicle.com/story/news/2019/11/26/dibellas-subs-customers-your-credit-card-may-have-been-breached-rochester/4308295002/

Exploit: Malware attack

DeBella’s Subs: Rochester-based restaurant chain

Risk to Small Business: 2 = Severe: Credential stealing malware was discovered in the restaurant chain’s information systems almost a year after the initial incident. However, the company acknowledged that the breach investigation was completed well before the company notified the public, a misstep that will undoubtedly mar the recovery process. The company is taking steps to ensure that this type of attack won’t be successful in the future, but that won’t help the hundreds of thousands impacted by this data breach.

Individual Risk: 2.428 = Severe: Customers’ personal and financial data may have been compromised in the breach. This includes names, payment card numbers, expiration dates, and CVV numbers. The breach is limited to customers in Connecticut, Indiana, Michigan, Ohio, New York, and Pennsylvania between March 22, 2018 and December 28, 2018. Although the damage resulting from the data exposure may already been inflicted, those impacted should still take necessary precautions such as contacting their financial institutions and reviewing card histories to check for unauthorized charges.

Customers Impacted: 305,000 Effect On Customers: Reputation management and restoration is a critical component of an effective data breach response plan. Although it’s more difficult to quantify than direct financial losses, reputational damage can be extremely problematic for any company and even place their ability to recover in jeopardy. Instead, providing timely communications and a comprehensive overview of what happens to customer data after it’s stolen can help companies demonstrate that they are serious about data security, helping restore customer confidence along the way. Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Avantia Cyber Security & ID Agent to the Rescue: We go into the Dark Web to keep you out of it. Dark Web ID™ is the leading Dark Web monitoring platform in Cyberspace. The award-winning platform combines human and sophisticated Dark Web intelligence with search capabilities to identify, analyze and proactively monitor for an organization’s compromised or stolen employee and customer data. Schedule a demo today: Call Avantia on 07 30109711 today.


THREAT FOCUS: Great Plains Health - UNITED STATES*

https://www.usnews.com/news/best-states/nebraska/articles/2019-11-27/north-platte-hospital-reports-ransomware-attack

Exploit: Ransomware

Great Plains Health: Local hospital

Risk to Small Business: 2.333 = Severe: A ransomware attack disrupted many services at Great Plains Health, including email and other internal communication technologies. As a result, the healthcare provider has cancelled some procedures and appointments, while continuing to provide emergency services as needed. Whether Great Plains Health ultimately decides to pay the ransom or to attempt a recovery from backups, the result will undoubtedly be expensive. Especially when coupled with the opportunity cost and reputational damage that accompanies a data breach, the consequences of a ransomware attack can be financially devastating and long-lasting.

Customers Impacted: Unknown Effect On Customers: Healthcare providers are increasingly caught in the crosshairs of ransomware attacks, as cybercriminals capitalize on the critical nature of their services and the quality of information stored. The industry as a whole already faces strong regulatory oversight that can have costly consequences for healthcare companies that succumb to a breach. Even more importantly, a disruption in care services or communication can have even more severe implications for patients and put their lives at risk. Therefore, a robust cyber defense should be considered a staple to any healthcare service provider in the digital age. Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Avantia Cyber Security & ID Agent to the Rescue: With BullPhish ID™, MSPs can provide a more complete picture of a company’s security posture and potential risk, transforming the weakest links of an organization into their strongest points of protection. Find out how you can get started with us here: https://www.idagent.com/bullphish-id.


THREAT FOCUS: Magellan Rx Management - UNITED STATES* 

https://www.marketwatch.com/press-release/magellan-rx-management-statement-regarding-security-incident-2019-11-27

Exploit: Phishing scam

Magellan Rx Management: Full-service pharmacy benefit manager

Risk to Small Business: 1.777 = Severe: An employee fell for a phishing scam that provided hackers with access to his account, which contained health plan member data. The breach occurred back on May 28th, and it wasn’t identified until July 5th. However, it’s unclear why the company waited until November before disclosing the breach to the public. Officials haven’t found any evidence that the data was misused, but the lengthy response time makes it more difficult for those impacted by the breach to secure their information before it’s used for nefarious purposes.

Individual Risk: 2 = Severe: The breach included member information, including names, dates of birth, health plan member ID numbers, health plan names, providers, diagnoses, and other healthcare-related information. This information is often used to facilitate additional cybercrimes like spear phishing attacks, so those impacted by the breach should be critical of digital communications, especially those requesting personal information.

Customers Impacted: Unknown Effect On Customers: Despite advanced security practices and other defensive efforts, phishing scams will inevitably make their way into employees’ inboxes. Fortunately, such messages can be rendered harmless, unless they are acted upon by an employee. Every business can enhance its defensive posture by providing comprehensive awareness training to keep employees abreast of the latest threats and the best practices for protecting company data. Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Avantia Cyber Security & ID Agent to the Rescue: BullPhish ID simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime. Phone 07 30109711 to find out how we can help you.


THREAT FOCUS: Waterloo Catholic District - CANADA*

https://www.cbc.ca/news/canada/kitchener-waterloo/waterloo-catholic-district-school-board-responding-to-significant-malware-incident-1.5375226

Exploit: Ransomware attack

Waterloo Catholic District: Local academic institution

Risk to Small Business: 2.111 = Severe: A ransomware attack has significantly disrupted services at Waterloo Catholic School District, forcing the academic institution to hire a third-party IT security firm to try and restore their network’s functionality. Nearly a week after the attack, the district still hadn’t fully restored network functionality, which will curtail its ability to provide adequate student services. It underscores the opportunity cost that always accompanies a ransomware attack, which only compounds the rising expenses of this devastating attack vector.

Customers Impacted: Unknown Effect On Customers: Academic institutions are frequently seen as soft targets for cybercrimes. Given their modest resources for cyber defense and the critical nature of their services, many hackers see this as an opportunity to cash in. Unfortunately, once ransomware takes root, there are no good or affordable solutions, and costs can quickly escalate to catastrophic levels. Simply put, a proactive defense is the only response that can actually make a meaningful difference toward protecting the IT infrastructure and the bottom line. Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Avantia Cyber Security to the Rescue: Helping SME customers understand the importance of cyber security is no easy task. The whole idea of ‘risk’ in our digital age is overwhelming for many. A ‘holistic’ Cyber Security Audit of a businesses Operational; Legal; Reputational and Recovery Risks can clarify where the cracks are and how to fix them. For a confidential discussion call Avantia on 07 30109711 (office hours).


THREAT FOCUS: Waterloo Brewing Company - CANADA*

https://www.cbc.ca/news/canada/kitchener-waterloo/waterloo-brewing-cyberattack-1.5367658

Exploit: Spear phishing attack

Waterloo Brewing Company: Ontario-based brewing company

Risk to Small Business: 1.666 = Severe: Cybercriminals executed a social engineering cyber-attack that tricked an employee into responding to fraudulent wire transfer requests totaling more than $2 million. The brewer doesn’t believe that their systems were breached, but bad actors were able to use readily available information to generate authentic-looking, incredibly effective invoices. The company is trying to recover the funds, but those efforts may ultimately be fruitless, making this an expensive learning experience for the employee and the company.

Customers Impacted: Unknown Effect On Customers: Cybercriminals have an ever-evolving arsenal of attack methodologies all aimed at separating businesses from their money. Not only do SMBs need to stay abreast of these tactics, but the services that provide Dark Web monitoring can give them a head start toward addressing potential vulnerabilities, giving them a chance to respond before that information is used to dupe unsuspecting employees into willingly facilitating significant monetary losses. Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Avantia Cyber Security & ID Agent to the Rescue: Dark Web ID monitors the Dark Web to find out if your employee or customer data has been compromised. We work with our non US based partners to strengthen their security suite by offering industry-leading detection. To discover more phone Avantia on 07 30109711 (office hours).


THREAT FOCUS: Datrix Network Services - UNITED KINGDOM*

https://www.theregister.co.uk/2019/11/28/datrix_phishing_attack/

Exploit: Phishing attack

Datrix: Network services and cloud solutions provider

Risk to Small Business: 2.111 = Severe: While reading emails on a smartphone, an employee accidentally clicked on a phishing email that provided hackers with access to his entire email account, which was used to send additional phishing messages to the company’s accounting department and customer-base. The company shut down the affected account in 15 minutes, but not before hundreds of malicious emails were sent, potentially spreading the damage even further.

Individual Risk: 2.285 = Severe: Approximately 300 Datrix customers received phishing emails purportedly originating from the company. Datrix is encouraging everyone impacted by the breach to permanently delete the malicious communications and to be wary of any future communications from the company.

Customers Impacted: Unknown Effect On Customers: It only takes a single compromised account to wreak havoc on your company’s reputation and bottom line. This data disaster was contained in fifteen minutes, but the repercussions will be far-reaching and wide-spread. Employee awareness training can help mitigate this threat by transforming potential vulnerabilities into a robust defense against cybercrime.

Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Avantia Cyber Security & ID Agent to the Rescue: Designed to protect against human error, BullPhish ID simulates phishing attacks and manages security awareness training campaigns to educate employees, making them the best defense against cybercrime. Learn more by calling Avantia on 07 30109711 (Office Hours)


THREAT FOCUS: Vistaprint Marketing - HOLLAND*

https://techcrunch.com/2019/11/25/vistaprint-security-lapse/

Exploit: Exposed database

Vistaprint: Small business marketing product provider

Risk to Small Business: 1.888 = Severe: Vistaprint left an unencrypted database exposed, allowing anyone to access information related to customer service calls, chats, and emails. After the company was publicly alerted to the oversight on Twitter, they brought the database offline. The database has been exposed since November 5th, giving cybercriminals extensive access to sensitive customer data. At the very least, the episode was embarrassing for Vistaprint, which was exposed in a public forum and forced to issue a public notification of their poor data management standards. This hard-to-quantify reputational damage can be an impediment to businesses operating in competitive, digital spaces where customers are increasingly unwilling to do business with companies that can’t protect their data.

Individual Risk: 2.285 = Severe: In addition to information related to users’ customer service interactions, the data breach compromised personally identifiable information, including names, email addresses, phone numbers. The company can’t guarantee that this information wasn’t accessed by bad actors. Since personally identifiable information has a robust market on the Dark Web, those impacted by the breach should closely monitor their online accounts for suspicious activity, and some users may want to enroll in identity monitoring services.

Customers Impacted: 51,000 Effect On Customers: Today’s customers are increasingly unwilling to do business with companies that can’t protect their personal data. That reality makes an unforced error, like an exposed database, especially egregious. In today’s tech-centered business environment, expansion and advanced features can’t be implemented at the expense of data security, a reality that privacy regulators and ordinary consumers are ready to enforce. Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Avantia Cyber Security to the Rescue: Helping SME customers understand the importance of cyber security is no easy task. The whole idea of ‘risk’ in our digital age is overwhelming for many. A ‘holistic’ Cyber Security Audit of their Operational; Legal; Reputational and Recovery Risks can clarify where the cracks are and how to fix them. For a confidential discussion call Avantia on 07 30109711 (office hours).


THREAT FOCUS: Prosegur Logistics - SPAIN*

https://www.zdnet.com/article/security-firm-prosegur-weve-shut-our-it-network-after-ryuk-ransomware-attack/

Exploit: Ransomware

Prosegur: Cash logistics and private security company

Risk to Small Business: 2.333 = Severe: A ransomware attack brought the company’s website offline and disrupted client services. To prevent the malware’s continued spread, Prosegur ultimately brought its entire IT infrastructure offline, compounding the customer-facing problems and forcing the company to issue a public statement. At the same time, many employees were sent home because their computers and account access were unavailable. These opportunity and productivity costs have become one of the most prominent complications of ransomware attacks, which have grown in prominence and cost in 2019.

Individual Risk: No personal data was compromised in the breach, but client security services were unavailable during the ransomware attack.

Customers Impacted: Unknown Effect On Customers: In addition to the potential for multimillion-dollar ransom payments, these malware attacks inflict significant opportunity costs that can sometimes be the proverbial financial nail in the coffin for many companies. Fortunately, malware always needs an entry point, and SMBs can protect their infrastructure through simple measures like protecting employee accounts and providing phishing scam training. Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Avantia Cyber Security & ID Agent to the Rescue: Dark Web ID monitors the Dark Web to find out if your employee or customer data has been compromised. We work with our non US based partners to strengthen their security suite by offering industry-leading detection. To discover more phone Avantia on 07 30109711 (office hours).

______________________________________________________________________________

POSTSCRIPT*:

Australian Companies have dangerous Data Sharing Practices* 

Third-party partnerships have become a normative, even necessary, component of doing business in 2019. Unfortunately, for many companies these potentially beneficial relationships are often a liability when it comes to data security. According to a recent study by Security in Depth, 84% of Australian companies had not completed a formal review of their data sharing practices with third-party partnerships, a staggering amount of negligence in today’s digital environment. 

For instance, nearly 60% of those surveyed acknowledged that they had experienced a third-party data breach in the past 12 months, a 3% increase from the previous year. These figures reveal a growing chasm between the known threat landscape and the steps that companies are willing to take to protect their valuable company and customer data.

Indeed, today’s threat landscape is expansive, but companies can mitigate many of the most prescient threats by partnering with Avantia Cyber Security that can offer best practices for securing third-party vulnerabilities. As the cost of a data breach quickly escalates, business leaders have millions of reasons to focus on cybersecurity as a business priority.

A comprehensive Cyber Security Audit can find a companies vulnerabilities and recommend methods to plug the gaps so you can sleep well at night. To find out more visit: https://www.avantiacybersecurity.com/cyber-security-audit




























Disclaimer*: Avantia Corporate Services Pty Ltd T/A Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, and up to 56 other countries who provide cyber breach and cyber security information to us in real time. Given their international focus and experience in the cyberspace arena we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the contents accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.

*COPYRIGHT 2019 Avantia Corporate Services - All Rights Reserved.

356,000

Want The Information  Cyber Criminal's  Don't Want You To Know?

Subscribe below to receive our weekly Threat Updates straight to your inbox.

Call (07) 3010 9711 

info@avantiacorp.com.au

 

Avantia Corporate Services Pty Ltd,                    Level 7, 320 Adelaide Street

Brisbane, Queensland 4000

AUSTRALIA.

  • LinkedIn Social Icon
  • Facebook Social Icon

DISCLAIMER*: Avantia Corporate Services Pty Ltd and Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, and up to 56 other countries who provide cyber breach and cybersecurity information to us in real-time. Given their international focus and experience in the cyberspace arena, we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the content's accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.

*COPYRIGHT 2020* Avantia Corporate Services  PTY LTD - All Rights Reserved.