Search
  • Avantia Threat Update

FLAW IN WINDOWS 10 DESCRIBED AS “EXTRAORDINARILY SCAREY” BY CYBER EXPERTS.



THIS PAST WEEK:

Microsoft confirms serious new security problems for Windows 10 users; Dutch spies helped Britian's GCHQ break Argentinian Crypto Code during Faulklands war; Supercomputers hacked accross Europe to mine Cryptocurrency; British Defense Contractor hacked, up to 100,000 past & present employees details stolen - Report; Hackers start leaking files stolen from shipping and transport giant Toll Holdings; Accidental data exposure erodes brand reputation; Ransomware disrupts operations, and insurers increase their scrutiny of cybersecurity policies and Major breaches in CYPRUS, AUSTRALIA; UNITED STATES & UNITED KINGDOM.


Dark Web ID Trends:

Top Source Hits: ID Theft Forums

Top Compromise Type: Domain

Top Industry: High-Tech & IT

Top Employee Count: 11-50

________________________________________________________________________

MICROSOFT CONFIRMS SERIOUS NEW SECURITY PROBLEM FOR WINDOWS 10 USERS

The US National Security Agency (NSA) in the USA has found a major issue with Windows 10 which could help hackers to create problems for users.  After advice, Microsoft confirmed that they have fixed the issue and they are now aware of it. The NSA found this issue when they had a press conference. No one knew that this issue was there or for how long. The security expert, Brian Krebs, said the software giant sent the patch to branches of the US military and other high-level users before its release. He described the flaw as “extraordinarily scary”. The problem comes in the core component of Windows named as crypt32.dll. It is a program which allows the software developers to get access to different functions like digital certificates. Microsoft said, “An attacker could exploit the vulnerability by using a spoofed (imitated) code-signing certificate to sign a malicious executable file, making it appear the file was from a trusted, legitimate source.” The user does not have any way of knowing the malicious file as the digital signature appears from a trusted provider. The company also gave warning to the vulnerability which can pave the way for man-in-the-middle attacks. (A man-in-the-middle attack requires three players. There’s the victim, the entity with which the victim is trying to communicate, and the “man in the middle,” who’s intercepting the victim’s communications. Critical to the scenario is that the victim isn’t aware of the man in the middle.) This can involve a hacker giving a legitimate program when it is rigged to act as spyware. The good news is that Microsoft disclosed that no one is abusing the vulnerability yet. Operating systems like Windows 7 were also not affected. Moreover, NSA says that hackers will quickly create and distribute tools to exploit the flaw.


DUTCH SPIES HELPED BRITAIN’S GCHQ BREAK ARGENTINE CRYPTO CODE DURING THE FALKLANDS WAR.

Dutch spies operating as a part of a European equivalent of the Five Eyes espionage alliance helped Britain’s GCHQ break Argentinian codes during the Falklands War, it has been revealed. Flowing from revelations made in German-language news reports earlier this year that Swiss cipher machine company Crypto AG was owned by the CIA and German counterpart the BND during most of the Cold War, an academic paper has described the Maximator alliance which grew from the Crypto AG compromise. Authored by Professor Bart Jacobs of Radboud University Nijmegen in the Netherlands, his in-depth article, titled Maximator: European signals intelligence cooperation, from a Dutch perspective shines a light on Cold War security and SIGINT from an oft-ignored perspective, at least in the Anglosphere. As related by Jacobs, Maximator was founded in 1976 and brought together Denmark, France, Germany, Sweden, and the Netherlands as a northwest European version of the Anglosphere's Five Eyes. The latter comprises Britain, America, Australia, Canada, and New Zealand - what Sir Winston Churchill called the English-speaking nations. Named after a Bavarian beer brand popular with BND spies at the agency's Munich HQ, Maximator came about in part because of "the emergence of signals intelligence via satellites, which required substantial investment" to forcibly decrypt. None of its members felt able to tackle the subject on its own. Dutch eavesdropping agency TIVC was one of the key parts of the Maximator alliance, playing a very important role in helping Britain during the 1982 Falklands War. When the Argentine junta invaded the British South Atlantic island on 2 April, Britain assembled a military task force which sailed and flew halfway around the world to expel the invaders and liberate the local population. Among Britain's means to defeat the Argentinians was good old-fashioned signals intelligence, or SIGINT: in everyday English, breaking the crypto on the Argentine military's communications so their plans and intentions could be read. Such work is in the DNA of GCHQ, which grew out of the Government Code and Cipher School in WWII. Yet GCHQ didn't have a full insight into the cipher machines the Argentinians were using. At the time, those were supplied by Crypto AG. Unfortunately for the South Americans, the models they had – HC550s and HC570s – included "rigged" algorithms, deliberately undermined "by the BND and the CIA, via their ownership of Crypto AG". “A directly involved Dutch source states that at that stage a specialist from TIVC travelled to GCHQ and explained how the HC500 Crypto AG devices for Argentinian naval and diplomatic communications worked; subsequent solution of the ciphers was left to GCHQ itself,” said Prof Jacobs, who spoke to multiple former Maximator personnel while writing his paper. We're reading their comms, said MP at war's outbreak, yet Argentina figured out that their comms were being eavesdropped upon, which Prof Jacobs attributed to a statement in the House of Commons by then-Labour MP Ted Rowlands, who still sits in the House of Lords as Baron Rowlands to this day. While criticising Conservative Prime Minister Margaret Thatcher on 3 April 1982 – the day after the invasion – Rowlands told the House: Last night the Secretary of State for Defense asked "How can we read the mind of the enemy?" I shall make a disclosure. As well as trying to read the mind of the enemy, we have been reading its telegrams for many years. I am sure that many sources are available to the Government, and I do not understand how they failed to anticipate some of the dangers that suddenly loomed on the horizon. At the time no MPs appeared to notice the significance of Rowlands' "disclosure", as the Hansard record shows. Historian Hugh Bicheno, in his 2006 book Razor's Edge: The Unofficial History of the Falklands War, excoriated Rowlands, writing that "this was the precise equivalent of publicly announcing, during World War II, that the Allies had broken the Enigma system used by the Nazis." Yet Prof Jacobs, in his history of the Maximator alliance, speculated that firm corroboration for the Argentinians may have come from a captured British pilot who was shot down while carrying "information that could only have been obtained via compromised communications". A list of British aircraft lost during the Falklands War reveals a small number of likely candidates. Although the one pilot actually taken prisoner by the Argentines, then-Flight Lieutenant Jeffrey Glover, said in 2007 he was not interrogated after being fished out of the icy South Atlantic when shot down in May 1982 during a recce mission, it is possible that other British aircraft shot down over land may have contained maps or other documents that Argentinian forces could have recovered. The public confirmation of Maximator's existence will continue to puzzle and intrigue historians, researchers and those with an interest in Cold War cryptography and SIGINT for years to come.


SUPERCOMPUTERS HACKED ACROSS EUROPE TO MINE CRYPTOCURRENCY

Confirmed infections have been reported in the UK, Germany, and Switzerland. Another suspected infection was reported in Spain. Multiple supercomputers across Europe have been infected t with cryptocurrency mining malware and have shut down to investigate the intrusions. Security incidents have been reported in the UK, Germany, and Switzerland, while a similar intrusion is rumored to have also happened at a high-performance computing center located in Spain. The first report of an attack came to light from the University of Edinburgh, which runs the ARCHER supercomputer. The organization reported "security exploitation on the ARCHER login nodes," shut down the ARCHER system to investigate, and reset SSH passwords to prevent further intrusions. The bwHPC, the organization that coordinates research projects across supercomputers in the state of Baden-Württemberg, Germany, also announced that five of its high-performance computing clusters had to be shut down due to similar "security incidents." This included:

The Hawk supercomputer at the High-Performance Computing Center Stuttgart (HLRS) at the University of Stuttgart

The bwUniCluster 2.0 and ForHLR II clusters at the Karlsruhe Institute of Technology (KIT)

The bwForCluster JUSTUS chemistry and quantum science supercomputer at the Ulm University

The bwForCluster BinAC bioinformatics supercomputer at the Tübingen University

Reports continued when security researcher Felix von Leitner claimed in a blog post that a supercomputer housed in Barcelona, Spain, was also impacted by a security issue and had been shut down as a result. More incidents surfaced - the first one came from the Leibniz Computing Center (LRZ), an institute under the Bavarian Academy of Sciences, which said it was disconnected a computing cluster from the internet following a security breach. The LRZ announcement was followed later in the day by another from the Julich Research Center in the town of Julich, Germany. Officials said they had to shut down the JURECA, JUDAC, and JUWELS supercomputers following an "IT security incident." And so has the Technical University in Dresden, which announced they had to shut down their Taurus supercomputer as well. New incidents also came to light with German scientist Robert Helling published an analysis on the malware that infected a high-performance computing cluster at the Faculty of Physics at the Ludwig-Maximilians University in Munich, Germany. The Swiss Center of Scientific Computations (CSCS) in Zurich, Switzerland also shut down external access to its supercomputer infrastructure following a "cyber-incident" and "until having restored a safe environment. None of the organizations published any details about the intrusions. However, the Computer Security Incident Response Team (CSIRT) for the European Grid Infrastructure (EGI), a pan-European organization that coordinates research on supercomputers across Europe, has released malware samples and network compromise indicators from some of these incidents. The malware samples were reviewed by a UK-based cyber-security firm. The company said the attackers appear to have gained access to the supercomputer clusters via compromised SSH credentials. (SSH keys are authentication credentials. SSH - Secure Shell - is used for managing networks, operating systems, and configurations. It is also inside many file transfer tools and configuration management tools. Every major corporation uses it, in every data center.) The credentials appear to have been stolen from university members given access to the supercomputers to run computing jobs. The hijacked SSH logins belonged to universities in Canada, China, and Poland. Chris Doman, Co-Founder of Cado Security, told ZDNet today that while there is no official evidence to confirm that all the intrusions have been carried out by the same group, evidence like similar malware file names and network indicators suggests this might be the same threat actor. According to Doman's analysis, once attackers gained access to a supercomputing node, they appear to have used an exploit for the CVE-2019-15666 vulnerability to gain root access and then deployed an application that mined the Monero (XMR) cryptocurrency. Making matters worse, many of the organizations that had supercomputers go down this week had announced in previous weeks that they were prioritizing research on the COVID-19 outbreak, which has now most likely been hampered as a result of the intrusion and subsequent downtime. These incidents aren't the first time that crypto-mining malware has been installed on a supercomputer however, this marks the first time when hackers did this. In previous incidents, it was usually an employee who installed the cryptocurrency miner, for their own personal gain. For example, in February 2018, Russian authorities arrested engineers from the Russian Nuclear Center for using the agency's supercomputer to mine cryptocurrency. A month later, Australian officials began an investigation into a similar case at the Bureau of Meteorology, where employees used the agency's supercomputer to mine cryptocurrency.


BRITISH DEFENSE CONTRACTOR HACKED, UP TO 100,000 PAST & PRESENT EMPLOYEES DETAILS SIPHONED OFF - REPORT

Britain's Ministry of Defense contractor Interserve has been hacked, reportedly leaking the details of up to 100,000 of past and current employees, including payment information and details of their next of kin. The Daily Telegraph reports that up to 100,000 employee details were stolen, dating back across a number of years. Interserve currently employs around 53,000 people. A source said that names, addresses, bank details, payroll information, next of kin details, personnel and disciplinary records had been swiped. The intrusion took place “earlier this month,” the tight-lipped firm said in a statement. A spokeswoman ignored questions about how many people were affected by the hack and whether MoD services would be impacted as the company responds. “This will take some time and some operational services may be affected. Interserve has informed the Information Commissioner (ICO) of the incident. We will provide further updates when appropriate,” said the company in a statement, also asking “former employees, clients and suppliers” to exercise “heightened vigilance”. The National Cyber Security Centre confirmed it is helping Interserve with the aftermath of the reported security breach. Interserve holds a number of public sector contracts comprising, among others, some of the Ministry of Defense’s more important bases. The company website says it has a presence on 35 MoD sites, including: the Falkland Islands; the vital mid-Atlantic RAF staging post on Ascension Island; Gibraltar; and Cyprus. The contract for the overseas bases is reportedly worth around £500m. Interserve also maintains the vital and secretive MoD bunkers at Corsham, coyly referred to as “the cutting edge global communications hub for the Ministry of Defense”. Corsham is in fact the home of the MoD’s Global Operations Security Control Centre, as well as the Joint Security Co-ordination Centre, plus a Cyber Security Operations Centre.Informed said that quite a few people at Corsham would be unhappy with news that a contractor with full access to the sensitive site has been hacked.


HACKERS START LEAKING FILES STOLEN FROM SHIPPING AND TRANSPORT GIANT TOLL HOLDINGS

Hackers claim to have obtained more than 200 GB of archived data from Australian transportation and logistics giant Toll, and they have already started leaking it after the company refused to pay a ransom. Toll admitted earlier this month that it was hit by ransomware for the second time this year. The company initially said that the attack, which involved Nefilim ransomware, did not result in any data getting stolen, but it later confirmed that the cybercriminals did manage to steal some files after gaining access to a corporate server. Toll said the compromised server stored information on current and former employees and details on commercial agreements with enterprise customers, but claimed that customer operational data was not exposed. Nefilim is designed to encrypt files on infected systems, but its operators are also known to steal data from victims and threaten to make it public if a ransom is not paid. Toll said it would not be paying the ransom and the cybercriminals said on their website that they were releasing “part 1” of the stolen files. The website set up by the cybercriminals is named “Corporate Leaks” and it can be accessed via the Tor anonymity network (on the DARK WEB). It currently stores information allegedly stolen from seven companies that refused to pay up. The cybercriminals claim to have stolen more than 200 GB of archived files from Toll and they have so far made available a 2 GB archive. Internet & Enterprise Security ENews reports seeing a list of over 18,000 files that the hackers claim to have stolen from Toll, and these only appear to be the files included in the “part 1” archive. They seem to include various types of financial documents, such as financial reports, board reports, payroll documents, and invoices, going as far back as 2003. However, none of the files in the list appears to be more recent than 2018. In a statement published on Wednesday, Toll informed customers that “the attacker has now published to the DARK WEB some of the information that was stolen from that server.” “As a result, we are now focused on assessing and verifying the specific nature of the stolen data that has been published. As this assessment progresses, we will notify any impacted parties as a matter of priority and offer appropriate support,” the company said. According to its website, Toll has more than 40,000 employees and a global logistics network that spans across 1,200 locations in over 50 countries.

______________________________________________________________________________


THREAT FOCUS: Edison Mail - UNITED STATES 

https://threatpost.com/edison-mail-ios-bug-exposes-emails-to-strangers/155814/


Exploit: Coding error

Edison Mail: Email application 

Risk to Small Business: 2.171 = Severe A coding error in Edison Mail’s popular iOS app allowed messages to be viewed by other users. The update was released on Friday, May 15th, and the company claims that it was repaired by the end of the weekend. However, for an app that touts its advanced security features, this oversight undermines one of its primary selling points. What’s more, three days is an eternity in the cybersecurity space, giving bad actors ample time to take advantage of this vulnerability. Users, incensed by the oversight, aggressively criticized the platform on social media, adding a PR component to an already-arduous recovery process. 

Individual Risk: 2.602 = Moderate The app’s flaw only applies to iOS users who downloaded the update on May 15th. Many victims noted that they could read up to 100 emails from accounts that didn’t belong to them, potentially compromising anything in those messages. Those impacted by the breach should carefully monitor their accounts for misuse, and they should consider enrolling in credit and identity monitoring programs to help secure their information if it falls into the wrong hands.  

Customers Impacted: Unknown

Effect On Customers: After years of seemingly endless cybersecurity incidents, many consumers are finally fed up with companies that can’t protect their privacy. As many users commented on social media, this event undermined their trust in the application, which could prompt them to turn to a competitor for a more compelling platform. In this way, cybersecurity can be considered a bottom-line differentiator that can make or break companies in the digital economy. 

Risk Levels:

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & Huntsman Digital Auditor to the Rescue: Helping SME’s to understand the importance of security is no easy task. With an ‘Essential8’ Digital Security Audit we offer a remote access, independent, ‘real time’ audit of our clients critical operational infrastructure systems to determine where the gaps are, with recommendations for remediation.

Its the first step to real cyber security. Call Avantia’s office on 07 30109711 or visit: https://www.avantiacybersecurity.com/cyber-security-audit

THREAT FOCUS: Home Chef Catering - UNITED STATES

https://www.bleepingcomputer.com/news/security/home-chef-announces-data-breach-after-hacker-sells-8m-user-records/


Exploit: Unauthorized database access 

Home Chef: Meal kit & food delivery company 

Risk to Small Business: 1.790 = Severe Hackers obtained a database containing customer data, and sold the information on the Dark Web. The database, which was lifted in a data breach in early May, was available for just $2,500, and it contains the personal data for more than 8 million customers. This incident will further stigmatize Home Chef, which is still grappling with the cybersecurity implications of the previous breach.  

Individual Risk: 1.980 = Severe The database stored customer details, including email addresses, encrypted passwords, partial credit card information, genders, ages, and subscription information. Victims should immediately update their Home Chef account passwords and any other platform credentials using the compromised data. In addition, they should carefully monitor their online accounts for instances of fraud or misuse. 

Customers Impacted: 8,000,000

Effect On Customers: Customers’ personal data is a valuable commodity, and there is an army of ready buyers on the Dark Web. In response, every company needs to know when their company or client data is being circulated in this nefarious environment, potentially giving them an opportunity to respond before bad actors can capitalise on its availability. 

Risk Levels:

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: We go into the Dark Web to keep you out of it. Dark Web ID is the leading Dark Web monitoring platform in the world. The award-winning platform combines human and sophisticated Dark Web intelligence with search capabilities to identify, analyze, and proactively monitor for an organisation’s compromised or stolen employee and customer data. Schedule a FREE demo today: Call Avantia on 07 30109711 today.



THREAT FOCUS: Wishbone Applications - UNITED STATES

https://www.zdnet.com/article/hacker-selling-40-million-user-records-from-popular-wishbone-app/?&web_view=true


Exploit: Unauthorized database access

Wishbone: Poll & Comparison App

Risk to Small Business: 1.562 = Severe A company database was stolen by hackers, who then released the data in full on the Dark Web. The information was captured as part of a cybersecurity incident that occurred in January 2020, and it’s unclear why it took Wishbone more than five months to identify the incident. This is the second cybersecurity incident for the perennially popular company. Now, consumers are much less forgiving. In addition, today’s regulatory environment is significantly more critical of companies’ cybersecurity stance, which could contribute to a multifaceted problem for the platform moving forward.

Individual Risk: 1.670 = Severe Users’ personal data was exposed in the breach. This includes usernames, email addresses, phone numbers, hashed passwords, and profile pictures. This information is easily obtained on the Dark Web, and everyone impacted should immediately update their account passwords and take steps to secure their personal details. Since this information can quickly be redeployed in a spear phishing campaign, victims need to be especially vigilant about monitoring the veracity of incoming messages.

Customers Impacted: 40,000,000

Effect On Customers: Consumers and data privacy regulators are increasingly critical of companies that fail to protect customer data. Moving forward, it’s evident that data security will be a bottom-line issue for many companies, as they will rely on their defensive capabilities to bolster consumer sentiment and to ward off regulators, both of whom are ready to hold businesses accountable for privacy violations.

Risk Levels:

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: We go into the Dark Web to keep you out of it. Dark Web ID is the leading Dark Web monitoring platform in the world. The award-winning platform combines human and sophisticated Dark Web intelligence with search capabilities to identify, analyze, and proactively monitor for an organization’s compromised or stolen employee and customer data. Schedule a FREE demo today: Call Avantia on 07 30109711 today.

THREAT FOCUS: Mathway Tutoring - UNITED STATES

https://www.bleepingcomputer.com/news/security/mathway-investigates-data-breach-after-25m-records-sold-on-dark-web/


Exploit: Unauthorized database access 

Mathway: Online tutoring and mathematics education platform

Risk to Small Business: 1.807 = Severe Hackers accessed a company database and made it available for sale on the Dark Web. The breach was first detected by cybersecurity researchers when the platform’s data was available for private purchase. Now, it’s widely available to bad actors for $4,000. The incident is especially untimely, as students and teachers turn to online platforms to supplement learning opportunities while schools operate remotely. It could impact the platform’s ability to capitalize on this prominent moment for ed-tech services.   

Individual Risk: 1.780 = Severe While Mathway is unable to detail specific data sets compromised in the breach, they acknowledged that users’ account credentials were exposed. Consequently, all users should reset their account passwords and continue to monitor their accounts for instances of fraud. As the company provides more specific details, users should continue to adjust their response accordingly. 

Customers Impacted: 25,000,000

Effect On Customers: There are millions of account credentials available on the Dark Web, and businesses that are serious about securing their data will put an additional layer of protection between login credentials and IT infrastructure. Taking simple steps, like adding Dark Web monitoring to a company’s cybersecurity plan, can help companies keep their data secure even when passwords are compromised. 

Risk Levels:

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: We go into the Dark Web to keep you out of it. Dark Web ID is the leading Dark Web monitoring platform in the world. The award-winning platform combines human and sophisticated Dark Web intelligence with search capabilities to identify, analyze, and proactively monitor for an organization’s compromised or stolen employee and customer data. Schedule a FREE demo today: Call Avantia on 07 30109711 today.

THREAT FOCUS: Covve Application - CYPRUS

https://portswigger.net/daily-swig/covve-revealed-as-source-of-data-breach-impacting-23m-individuals


Exploit: Unauthorized database access  

Covve: Address book app    

Risk to Small Business: 2.208 = Severe A cybersecurity researcher identified an unsecured database containing millions of customers’ personal data. The database was first discovered in February, but the breach wasn’t linked to Covve until May 15th. It took the company several days to identify the scope of the incident before notifying customers. Although the company notes that the breach contains “mostly scriptable data from public sources,” it will undoubtedly have meaningful customer satisfaction and public relations blowback for the company. 

Individual Risk: 2.702 = Moderate The exposed database includes some users’ names, job titles, email addresses, phone numbers, and physical addresses. Covve notes that account details, including login credentials, remain secure, but this information can be repurposed for numerous identity and financial crimes. Those impacted by the breach should enroll in an identity monitoring service to ensure the long-term integrity of their information, and they need to carefully vet their incoming messages to identify potential spear phishing messages.  

Customers Impacted: 23,000,000 

Effect On Customers: Today’s companies are constantly under siege from bad actors, making an accidental, avoidable data breach especially problematic. Given the numerous ways that company or customer data can make its way into the wrong hands, every company needs advanced notification when their information could be compromised.

Risk Levels:

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: Dark Web ID monitors the Dark Web to find out if your employee or customer data has been compromised. We work with our partners to strengthen their security suite by offering industry-leading detection. Call 07 30109711 for a FREE Dark Web Search.

THREAT FOCUS: EasyJet Airlines - UNITED KINGDOM      

https://www.dailystar.co.uk/news/latest-news/breaking-easyjet-hacked-9m-customers-22050964


Exploit: Unauthorized database access 

EasyJet: Airline 

Risk to Small Business: 1.809 = Severe Hackers accessed EasyJet’s network, compromising customer details and exposing them to potential cybersecurity risks. The company took quick action to secure compromised IT, but the breach will still have costly implications for the company, which now has a triumvirate of responsibilities, including repairing IT vulnerabilities, restoring customer trust, and addressing regulatory scrutiny. The timing couldn’t be worse, as the airline industry, like many sectors, has been severely degraded by the COVID-19 pandemic, making this breach especially problematic for the company.  

Individual Risk: 2.191 = Severe Customers’ personally identifiable information (PII) was exposed in the breach. This includes usernames, passwords, credit card numbers, and passport credentials. The company encourages customers to carefully monitor incoming communications, as this information is often used to craft convincing-looking spear phishing campaigns. In addition, customers should consider enrolling in a credit or identity monitoring service to help ensure their information’s security even after the immediate crisis subsides.

Customers Impacted: 9,000,000

Effect On Customers: As many companies begin turning their attention to post-COVID-19 recovery strategies, the growing number of cybersecurity risks threaten to undermine these efforts. Companies looking to thrive after the crisis need to address these risks that stand in opposition to data security and many organizations’ viability.

Risk Levels:

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: Designed to protect against human error, Bullphish ID simulates phishing attacks and manages security awareness training campaigns to educate employees, making them the best defense against cybercrime. Training including video is now available in 8 languages! Learn more by calling 07 30109711 today

THREAT FOCUS: BlueScope Steel  - AUSTRALIA   

https://www.cisomag.com/bluescope-cyber-incident/


Exploit: Ransomware 

BlueScope Steel: Steel manufacturer

Risk to Small Business: 1.702 = Severe A cybersecurity incident at the steel producer has disrupted operations at the company’s Australia-based facilities. In response, the company shuttered parts of its digital operations, reverting to manual operations whenever possible. BlueScope Steel expects its capabilities to be diminished as it works to recover from this disruptive cyberattack.

Individual Risk: At this time, no personal data was compromised in the breach.  

Customers Impacted: Unknown

Effect On Customers: Ransomware attacks are a uniquely expensive cyber threat. Not only do they force companies to pay high recovery costs, but the productivity loss and opportunity costs compound the problem. These attacks are not inevitable. Companies can defend against these attacks by ensuring that their digital environment doesn’t offer a foothold to bad actors.

Risk Levels:

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & Huntsman Digital Auditor to the Rescue: Helping SME’s to understand the importance of security is no easy task. With an ‘Essential8’ Digital Security Audit we offer a remote access, independent, ‘real time’ audit of our clients critical operational infrastructure systems to determine where the gaps are, with recommendations for remediation.

Its the first step to real cyber security. Call Avantia’s office on 07 30109711 or visit: https://www.avantiacybersecurity.com/cyber-security-audit

THREAT FOCUS: The Toll Group - AUSTRALIA   

https://www.zdnet.com/article/tolls-stolen-data-finds-itself-on-the-dark-web/


Exploit: Ransomware 

The Toll Group: Transportation and logistics company   

Risk to Small Business: 1.205 = Extreme The cascading consequences of a January cybersecurity incident are becoming increasingly apparent for The Toll Group. Earlier this month, the logistics company suffered a ransomware attack predicated on this earlier network compromise. The incident included data exfiltration. That information has now been shared and sold on the Dark Web, complicating an already arduous recovery process for the company and its customers. This incident is a reminder that cybercriminals are no longer content to encrypt networks in hopes of a financial windfall. They are willing to steal and sell company data to ensure that they earn a return on their efforts. 

Individual Risk: 1.407 = Severe The compromised server contains personal information for many past and present employees. While the company didn’t identify the specific data points, employees should assume the worst and take precautionary measures to secure their personal and financial information. This includes monitoring accounts for suspicious activity and enrolling in credit and identity monitoring services to oversee their personal information 

Customers Impacted: Unknown

Effect On Customers: This incident highlights a troubling trend in ransomware. Criminals are exfiltrating data before encrypting company networks, creating multifaceted income streams that make their work more lucrative, and, consequently, more advantageous. However, ransomware attacks are not inevitable, and companies can defend their networks and data by ensuring that their accounts are secure and their network is protected against bad actors. 

Risk Levels:

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: Designed to protect against human error, Bullphish ID simulates phishing attacks and manages security awareness training campaigns to educate employees, making them the best defense against cybercrime. Training including video is now available in 8 languages! Learn more by calling 07 30109711 today

__________________________________________________________________________________


POSTSCRIPT:


Verizon’s 2020 Data Breach Investigations Report Narrows Down the Threat Landscape     

Cybersecurity is a known threat that can be hard for non-tech folks to understand and can be seen as too broad to truly prioritize. Giving solid, actionable information about the nature and frequency of today’s threats is helpful when illustrating why cybersecurity matters. Verizon’s 2020 Data Breach Investigations Report shows that threats continue to grow and lays out a few facts that make it easier to quantify the importance of strong security, especially when supporting a remote workforce.  More than two-thirds of all data breaches are attributable to just three factors: credential theft, social engineering attacks like phishing scams, and human error.   Insider threats are a constant problem in the breach landscape, and that hasn’t changed.  While we usually think of threats as coming from outside an organization, malicious insider threats are incredibly devastating and need to be a major concern.  The listed attack methodologies comprise the most likely vulnerabilities, allowing businesses to respond with more pinpoint precision. Cybersecurity tools are becoming more effective at blocking common malware strains, with human error overtaking malware this time. Some of it still gets through,  though especially as part of a phishing attack.  The threat of phishing attacks has never been higher, making updated training and testing essential. Although technology has become more successful at filtering phishing scams, many continue to make their way to employees’ inboxes, which is why the report called for businesses to implement security awareness training programs to combat these attacks.  BullPhish ID contains phishing training materials in 8 languages including COVID-19 phishing kits. While today’s threat landscape is ominous and expansive, Verizon’s latest report makes it clear that businesses can make significant improvements to their defensive posture by prioritizing the most


Cyber Insurers Increase Scrutiny of COVID-19 Claims As the Pandemic Increases

Businesses hoping to rely on cybersecurity insurance coverage to offset the cost of a data breach may have a more difficult time recouping their losses. According to reporting by The Wall Street Journal, insurers are becoming increasingly critical of cybersecurity-related claims. Specifically, companies are adding questions to surveys used to calculate premiums and assess damages. In some ways, this change is the result of a rapid shift to remote work. As we’ve covered extensively, remote work comes with many cybersecurity risks, and insurers are hedging their bets, assuming that they could incur an influx of claims as companies fail to grapple with the ramifications of remote work. For businesses, this is a reminder that they shouldn’t rely on cyber insurance to bail them out if they have a cybersecurity incident. Instead, they should invest in the tools that can prevent a cybersecurity incident in the first place.    

Disclaimer*:

Avantia Corporate Services Pty Ltd T/A Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, and up to 56 other countries who provide cyber breach and cyber security information to us in real time. Given their international focus and experience in the cyberspace arena we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the contents accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.

*COPYRIGHT 2020* Avantia Corporate Services - All Rights Reserved.

(105,000,000)

Want The Information  Cyber Criminal's  Don't Want You To Know?

Subscribe below to receive our weekly Threat Updates straight to your inbox.

Call (07) 3010 9711 

info@avantiacorp.com.au

 

Avantia Corporate Services Pty Ltd,                    Level 7, 320 Adelaide Street

Brisbane, Queensland 4000

AUSTRALIA.

  • LinkedIn Social Icon
  • Facebook Social Icon

DISCLAIMER*: Avantia Corporate Services Pty Ltd and Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, and up to 56 other countries who provide cyber breach and cybersecurity information to us in real-time. Given their international focus and experience in the cyberspace arena, we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the content's accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.

*COPYRIGHT 2020* Avantia Corporate Services  PTY LTD - All Rights Reserved.