Search
  • Avantia Threat Update

GDPR - IMPACTS ON SME’S WORLDWIDE.

Updated: Jul 19



This Past Week:

How the European GDPR legislation impacts on Small/Medium businesses worldwide; Euro police forces infiltrate encrypted phone biz - now criminal eurochat users are being rounded up; Home Router Warning: They are riddled with known security flaws; Microsoft confirms takedown of phishing domains; Over 5 Billion unique credentials offered on cybercrime marketplaces; A storm of ransomware rocks companies around the world; Unsecured databases spell trouble, and Major Breaches in BRAZIL, CANADA, UNITED STATES, UNITED KINGDOM & INDIA.


Dark Web ID’s Top Threats

Top Source Hits: ID Theft Forums

Top Compromise Type: Domain

Top Industry: Hospitality

Top Employee Count: 501+

________________________________________________________________________


HOW THE EUROPEAN GDPR REGULATIONS IMPACT ON SMALL/MEDIUM BUSINESSES WORLDWIDE.

When the GDPR came into effect, there was a misconception that it only applied to multinationals, and that small business owners didn’t need to bother with it. The truth is that the Regulation applies to all organisations that process EU residents’ personal data, whether they are sole traders, small businesses or conglomerates. However, there is an exemption for organisations that employ fewer than 250 people. If your organisation fits that criterion, you only need to document processing activities that:

  • Are more than a one-off occurrence or something you do rarely;

  • Are likely to result in a risk to the rights and freedoms of data subjects; and

  • Involve special categories of personal data or criminal conviction and offense data.

The Regulation came into effect on 25 May 2018, and was designed to strengthen the rights of EU residents regarding the way organisations process and use their personal data. These rights essentially boil down to two things: first, organisations must have a clear purpose for collecting personal information, and to give individuals the ability to review, amend or challenge data processing practices. Second, organisations must implement security measures to protect personal data from being breached or misused, and they must disclose any security incidents involving this data. I

If your organisation is located outside Europe but processes EU residents’ personal data, the GDPR applies.

That’s because the scope of the Regulation is based on the location of the data subject, not the organisation. What is personal data? In the most basic terms, personal data is any information that someone can use to identify, with some degree of accuracy, a living person. Examples of personal data include:

A name and Surname; A home Address; An Email Address; An identification card number; Location data; An IP address' The advertising identifier of your phone

There is also a special category of personal data devoted to sensitive information. It consists of information related to:

Racial or ethnic origin; Political opinions; Religious or philosophical beliefs; Trade union membership; Genetic data; and

Biometric data (where processed to uniquely identify someone).

Because this information could be particularly damaging if breached, the GDPR requires that organisations take extra steps to protect it. Contrary to what you might have heard, you don’t necessarily need consent to process personal data. It is in fact only one of six lawful bases you can use – and because of the complexity in obtaining and maintaining consent, you should only use it when none of the other bases apply. When you do rely on consent, remember that the data subject needs to provide a clear affirmative action for it to be valid. That means no pre-ticked boxes or agreements hidden within other requests. Examples of a clear affirmative action include signing a consent statement on a paper form, clicking an opt-in button or link, and choosing technical settings or preferences on a dashboard. You can market directly to anyone, provided that the processing meets certain requirements. You must obtain the data subject’s information using one of the six lawful bases, the way you use that information must have a minimal impact on their privacy and you must be reasonably sure that they wouldn’t object to what you are doing. If the processing is also subject to the PECR (Privacy and Electronic Communications Regulations), you must also inform the data subject that you’re using their data for marketing purposes. If they object, you are required to stop processing their personal data. The GDPR gives individuals the right to review any personal data of theirs that an organisation processes. The process by which they do that is known as a DSAR (data subject access request) – and once received, organisations have one month to respond. Organisations must notify their supervisory authority – in the UK, the ICO (Information Commissioner’s Office) – of a data breach within 72 hours of becoming aware of it. By ‘breach’, we aren’t simply referring to cyber attacks; it can be any incident that results in the accidental or unlawful destruction, loss, alteration, unauthored disclosure of, or access to, personal data. As this definition suggests, data breaches are only sometimes the result of a criminal hacker breaking into your systems. They are just as likely to occur when an employee accidentally sends personal information to the wrong person, loses a laptop containing personal data or fails to password-protect an online database. All of these scenarios are subject to the GDPR’s data breach reporting requirements, and require you to notify the ICO.

Publishers Note:

If unsure about any aspect of the GDPR that may apply to you we strongly suggest to consult a Lawyer in your jurisdiction to obtain clarity.


EURO POLICE FORCES INFILTRATE ENCRYPTED PHONE BIZ - NOW ‘CRIMINAL’ EUROCHAT USERS ARE BEING ROUNDED UP.

French and Dutch police have boasted of infiltrating and killing off encrypted chat service EncroChat, alleging it was used by organised crime gangs to plot murders, sell drugs, launder criminal profits and more. The encrypted chat platform is alleged by British, French and Dutch law enforcement agencies to have been used by around 60,000 people in total – many of whom, it is alleged, were members of organised crime gangs using the network to plan their crimes. "Since 2017, the French gendarmerie and judicial authorities have been investigating phones that used the secured communication tool EncroChat, after discovering that the phones were regularly found in operations against organised crime groups and that the company was operating from servers in France," said EU law enforcement coordination body Eurojust in a statement. In May, police in France, assisted by the Netherlands' cops, infiltrated EncroChat's core network – and in mid-June the operator pulled the plug, having realised the game was up. Users were urged to throw away their handsets. EncroChat was a reseller of encrypted phones as well as a mobile network operator – potentially an MVNO, if Motherboard's description of its operations is accurate. Its handsets, said to be BQ Aquaris X2 Android units running two OSes side by side – one innocent, one with privacy features enabled – had a custom messaging app which routed messages through a central server. The phones also had a panic button feature, where entering a certain PIN to the unlock screen would wipe the device. Handsets were said to cost around £1,500 for a six-month contract. The takedown of the network has been a poorly disguised secret, with Northern Irish suspects reportedly being arrested last week after data from EncroChat's servers was shared around European police forces. Various media reported a fortnight ago that EncroChat's operators pulled the plug after realising the entire product had been compromised by police agencies. "The data was in first instance shared with the Netherlands. Eurojust facilitated the creation of a joint investigation team (JIT) between the two countries and with the participation of Europol, the European Union Agency for Law Enforcement Cooperation, in April 2020," said Eurojust, which tantalisingly mentioned that Dutch police had access to an "encrypted data stream". This latter phrase could be read as suggesting that EncroChat's encryption had been broken, though official sources have, perhaps understandably, been very coy about what exactly was done to compromise EncroChat's systems. More should emerge during criminal trials in the coming weeks and months. After French and Dutch police broke into EncroChat, British police were permitted to use their findings, meaning UK police forces were then able to kick down doors and make arrests. The National Crime Agency (NCA) claims a total of 746 arrests and the seizure of two tonnes of drugs, 77 assorted firearms and £54m in cash – so far – as a result of the EncroChat intelligence. "The NCA created the technology and specialist data exploitation capabilities required to process the EncroChat data, and help identify and locate offenders by analysing millions of messages and hundreds of thousands of images," said the UK agency in a statement about its Operation Venetic. There is no evidence in the public domain so far to support British police claims that all 10,000 of EncroChat's UK users were criminals. Such devices are of interest to legitimate users (journalists, lawyers, academics, domestic and foreign political campaigners – to name just a few) as well as criminals, though the UK state is notably hostile to the idea of encrypted comms that its agents can't read whenever they feel like it.


HOME ROUTER WARNING: THEY ARE RIDDLED WITH KNOWN SECURITY FLAWS.

Germany's Fraunhofer Institute for Communication (FKIE) has carried out a study involving 127 home routers from seven brands to check for the presence of known security vulnerabilities in the latest firmware. The results are appalling.  The FKIE study found that 46 routers hadn't got a single security update within the past year and that many routers are affected by hundreds of known vulnerabilities.  FKIE assessed that ASUS and Netgear do a better job on some aspects of securing routers than D-Link, Linksys, TP-Link and Zyxel, but it argues the industry needs to do more to secure home routers.  FKIE found that AVM, a German router manufacturer, was the only vendor that didn't publish private cryptographic keys in its router firmware. The Netgear R6800 router contained 13 private keys.   In the worst cases of devices FKIE assessed, the routers hadn't been updated for more than five years.  About 90% of the routers in the study used a Linux operating system. However, manufacturers weren't updating the OS with fixes made available from Linux kernel maintainers.  "Linux works continuously to close security vulnerabilities in its operating system and to develop new functionalities. Really, all the manufacturers would have to do is install the latest software, but they do not integrate it to the extent that they could and should," said Johannes vom Dorp, a scientist at FKIE's Cyber Analysis & Defense department.   "Numerous routers have passwords that are either well known or simple to crack – or else they have hard-coded credentials that users cannot change," he added. The study targeted five key signals in firmware images to assess each manufacturer's approach to cybersecurity. These included the days since the last firmware update was released; how old are the OS versions running these routers; the use of exploit mitigation techniques; whether private cryptographic key material isn't private; and the presence of hard-coded login credentials. FKIE concludes that router makers are significantly lagging in the delivery of security updates compared with operating system makers.  "The update policy of router vendors is far behind the standards as we know it from desktop or server operating systems," FKIE notes in the report. "Most of the devices are powered by Linux and security patches for Linux kernel and other open-source software are released several times a year. This means the vendors could distribute security patches to their devices far more often, but they do not."The results mirror findings from a 2018 US study by American Consumer Institute (ACI), which analyzed 186 small office/home office Wi-Fi routers from 14 different vendors. It found 155, 83%, of the firmware sampled had vulnerabilities to potential cyberattacks, and that each router had an average of 172 vulnerabilities. ACI criticized router makers for not providing an auto-update mechanism to keep routers updated. Often updates are only made after high-profile attacks on routers, such as Mirai IoT malware, and the state-sponsored VPNFilter malware.  As for exploit mitigation, a researcher who recently found 79 Netgear router models had a remotely exploitable flaw also found that its web-based administration panel never applies the exploit mitigation technique ASLR (address space layout randomization), lowering the bar for remote attackers to take over an affected router.   The German study found that more than a third of the devices use a kernel version 2.6.36 or older, with the latest security update for 2.6.36 provided in February 2011.


MICROSOFT CONFIRMS TAKEDOWN OF PHISHING DOMAINS

Microsoft has been approved to take control of malicious web domains which were used to send phishing messages regarding COVID-19. According to a blog by Tom Burt, corporate vice-president of customer security and trust at Microsoft, said this was part of disrupting operations which were taking advantage of the global pandemic in an attempt to defraud customers in 62 countries around the world.  Burt claimed Microsoft’s Digital Crimes Unit (DCU) first observed these criminals in December 2019, when they deployed a sophisticated, new phishing scheme designed to compromise Microsoft customer accounts.  The attackers attempted to gain access to customer emails, contact lists, sensitive documents and other valuable information. The phishing emails were designed to look like they originated from an employer or other trusted source, and frequently targeted business leaders across a variety of industries, attempting to compromise accounts, steal information and redirect wire transfers.  In recent months, the phishing emails contained messages regarding COVID-19 as a means to exploit pandemic-related financial concerns, using terms such as “COVID-19 Bonus,” and encouraging victims to click on malicious links. Once these links were clicked on, the user was prompted to grant access permissions to a malicious web application controlled by the criminals and access the victim’s Microsoft Office 365 account. “This scheme enabled unauthorized access without explicitly requiring the victims to directly give up their login credentials at a fake website or similar interface, as they would in a more traditional phishing campaign,” Burt explained. “As we’ve observed, cyber-criminals have been adapting their lures to take advantage of current events, using COVID-19-related themes to deceive victims. While the lures may have changed, the underlying threats remain, evolve and grow, and it’s more important than ever to remain vigilant against cyber-attacks.” Burt claimed Microsoft takes measures to monitor and block malicious web apps based on telemetry indicating atypical behavior, and in cases where criminals suddenly and massively scale their activity and move quickly to adapt their techniques to evade Microsoft’s built-in defensive mechanisms, additional measures such as the legal action filed in this case are necessary. “This unique civil case against COVID-19-themed BEC attacks has allowed us to proactively disable key domains that are part of the criminals’ malicious infrastructure, which is a critical step in protecting our customers, Burt said. “Microsoft and our Digital Crimes Unit will continue to investigate and disrupt cyber-criminals and will seek to work with law enforcement agencies around the world, whenever possible, to stop these crimes.” Jake Moore, cybersecurity specialist at ESET, said: “The ability to send a phishing email from a trusted source is the perfect disguise for any threat actor. Compromised domains are very much sought after, so closing the option will no doubt act as a severe blow to those attempting to gain control and use them for illicit purposes.  “This latest move won’t eradicate the phishing email problem but it will no doubt plug a sizeable hole in a major issue seen worldwide.”


OVER 5 BILLION UNIQUE CREDENTIALS (USERNAMES/PASSWORDS) OFFERED ON CYBERCRIME MARKETPLACES

More than 15 billion username and password pairs have been offered on cybercrime marketplaces, including over 5 billion unique credentials, according to a report published on Wednesday by San Francisco-based risk protection solutions provider Digital Shadows. Over the past few years, Digital Shadows added to its breach repository more than 15 billion credentials shared on criminal forums, paste sites, file sharing services, and code sharing websites. The company told SecurityWeek that most of these usernames and passwords have been offered for free and the total number does not include numbers claimed by sellers, which indicates that the actual amount of exposed credentials is even higher. After eliminating duplicates, Digital Shadows identified more than 5 billion unique username and password combinations. In terms of prices, the average cost of a single account sold on cybercrime marketplaces was $15.43. Unsurprisingly, the most expensive are banking and financial services accounts, with an average price of nearly $71, but Digital Shadows researchers have also seen accounts sold for over $500. Antivirus accounts cost just over $20, while other types of accounts typically cost less than $10. This includes cable, social media, VPN, streaming, adult, education, music, file sharing, and video game accounts. In the case of antivirus accounts, Alex Guirakhoo, threat research team lead at Digital Shadows, told SecurityWeek that they are mostly for consumer products. “Much like with the popularity of streaming accounts for sale, it’s likely that many buyers are simply of the mindset that they do not want to pay for their own antivirus subscription,” he explained. Threat actors are also offering access to critical systems housed by organizations. Domain admin access has been offered for as much as $120,000, with an average price of just over $3,100. Pricing also depends on the targeted industry, with the local government and financial sectors having the highest prices. The company also noticed that accounting-related usernames are highly sought after, particularly accounts that include strings such as “invoice.” Digital Shadows has pointed out that account takeover attacks are easy to conduct, as well as cheap, with specialized tools being sold for an average of only $4. Marketplaces such as Genesis Market also allow cybercriminals to rent account access as an alternative to purchasing credentials. Hackers can rent an identity for a certain period — this often costs less than $10 — and the service also provides the victim’s “fingerprint data” to make it easier to hijack accounts and perform transactions without getting detected. This fingerprint data includes the victim’s IPs, cookies and time zones.

______________________________________________________________________________


THREAT FOCUS: Department of Education - UNITED STATES

https://www.washingtonpost.com/education/2020/06/30/education-dept-left-social-security-numbers-thousands-borrowers-exposed-months/


Exploit: Unsecured Database

United States Department of Education: Federal Government Agency 

Risk to Small Business: 2.077 = Severe - A large number of Americans may have had their personally identifiable data compromised by the United States Department of Education. According to reports, the agency left the Social Security numbers of tens of thousands of people seeking student debt relief unprotected and susceptible to a data breach for at least six months. While the information was stored securely enough to prevent an external breach, any users of the agency’s systems could freely access the information in a simple shared folder, including outside contractors.   

Individual Risk: 2.316 = Severe - The breached information was collected from complaints filing for student debt relief after paying for years of education of dubious value from for-profit colleges. Personally identifiable information, including Social Security numbers, was not secured correctly. The information was easily obtained by anyone with access to agency or contractor systems. Those who suspect that they may be at risk should watch their credit reports and be on alert for spear phishing attacks.

Customers Impacted: 240,000

Effect On Customers: Failure to secure a customer’s information briefly is bad enough but allowing that information to stay unsecured for more than 6 months shows indicates an overall lack of concern regarding cybersecurity that may make future clients think twice about starting a business relationship.

Cybersecurity Risk Levels

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & Huntsman Digital Auditor to the Rescue: Helping SME’s to understand the importance of security is no easy task. With an ‘Essential8’ Digital Security Audit we offer a remote access, independent, ‘real time’ audit of our clients critical operational infrastructure systems to determine where the gaps are, with recommendations for remediation.

Its the first step to real cyber security. Call Avantia’s office on 07 30109711 or visit: https://www.avantiacybersecurity.com/cyber-security-audit

THREAT FOCUS: Healthcare Fiscal Management - UNITED STATES

https://www.hipaajournal.com/up-to-58000-individuals-impacted-by-healthcare-fiscal-management-ransomware-attack/


Exploit: Ransomware

Healthcare Fiscal Management: Payment Solutions Provider 

Risk to Small Business: 2.429 = Severe - Maze ransomware has claimed another victim. Healthcare Fiscal Management in North Carolina was hit, exposing private data for thousands of patients of St. Mary’s Healthcare System in Georgia, including names, dates of birth, Social Security numbers, account numbers, medical record numbers, and dates of service. The company was able to restore data from backup storage the same day to a different hosting provider and a forensic investigation firm was brought on board to investigate the breach.

Individual Risk: 2.393 = Severe - Investigators do not believe that any of the stolen data is available on the internet or currently in the hands of the attackers, but that can’t be confirmed. Customers of St. Mary’s Healthcare System who suspect that they may be affected should monitor their credit reports for identity theft attempts. This information could also be used for blackmail or spear phishing attempts.  

Customers Impacted: 58,000 

Effect On Customers: Ransomware is an ongoing threat to every business, and it’s primarily delivered via phishing. Failure to stop a ransomware attack can not only cost a fortune in recovery, it can also incur huge fines from regulators. Companies that deal with particularly sensitive data should have constantly updated training in place for every user to prevent phishing attacks from landing. 

Cybersecurity Risk Levels

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & BullPhish to the Rescue: BullPhish ID simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime – now with COVID-19 scam awareness kits. Call Avantia on 07 30109711 (office Hours) to find out how you can get started.

THREAT FOCUS: CNY Works - UNITED STATES

https://www.syracuse.com/business/2020/07/data-breach-at-cny-works-career-center-may-have-exposed-personal-information-of-56000-clients.html?&web_view=true


Exploit: Ransomware

CNY Works: Employment Assistance Non-Profit

Risk to Small Business: 1.803 = Severe - Job seekers who used CNY Works as part of their search were recently informed that their personal information may have been compromised in a data breach caused by ransomware in December 2019. The agency noted that it had only begun notifying potentially affected clients in June 2020 because it did not discover that any personal information was affected until May 2020. 

Individual Risk: 2.227 = Severe - Personally identifiable data including names, addresses, phone numbers, email addresses, and Social Security numbers was compromised. CNY Works is offering all potentially affected clients a one-year membership in a service that helps prevent identity theft by detecting possible misuse of personal information.  

Customers Impacted: 56,000 

Effect ON Customers: By taking so long to investigate the incident and warn potential victims, CNY Works has left them at risk for identity theft. Data that enables identity theft is a valuable commodity in Dark Web markets and travels quickly, enabling bad actors to open credit accounts with the stolen information.   

Cybersecurity Risk Levels

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: Dark Web ID uses 24/7/365 human and machine monitoring and analysis to find information like stolen employee passwords that puts data at risk in Dark Web markets, enabling companies to learn about a breach and mitigate the damage fast.  Please call 07 30109711 to schedule your FREE Dark Web Scan for your stolen credentials.

THREAT FOCUS: V Shred - UNITED STATES

https://www.hackread.com/fitness-firm-v-shred-leaks-606-gb-customer-data/


Exploit: Unsecured Database

V Shred: Fitness and Nutrition Brand 

Risk to Small Business: 1.345 = Extreme - An unsecured Amazon S3 bucket is once again the cause of a data breach. This time, fitness and nutrition company V Shred failed to secure 606 GB of customer data that is now in the hands of cybercriminals. The huge haul of information includes the full name, age, gender, date of birth, spouse names, email address, phone numbers, home addresses, health conditions, citizenship status, Social Security number, social media accounts, username, and password for clients and fitness trainers throughout the US. It’s also suspected that potentially revealing fitness journey “before” and “after” photos were included in the files. 

Risk to Individuals: 1.341 = Extreme - All U.S. clients and trainers who were associated with V Shred should be cautious about potential threats to their credit as well as blackmail, identity theft, and spear phishing attempts using the stolen data, and conclude that any personally identifiable information that was stored by the company has now been exposed.

Customers Impacted: 100,000+ 

Effect On Customers: Failure to secure this database could be catastrophic for this company. It entered an agreement with trainers and clients when it collected such personal information, and it failed to keep up its end, creating distrust that will linger. This information has already been seen on the Dark Web and includes extremely sensitive data. 

Cybersecurity Risk Levels

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: Digital risk protection is a necessity for any organization that handles and stores sensitive data. In this economy, no one can afford a breach. Be sure that companies have all of their cybersecurity bases covered with our digital risk protection platform. Call 07 30109711 to find out more.

THREAT FOCUS: Heartland Farm Mutual - CANADA

https://portswigger.net/daily-swig/data-breach-at-canadian-insurance-firm-exposes-personal-information\


Exploit: Email Account Compromise 

Heartland Farm Mutual: Insurance Company 

Risk to Small Business: 2.335 = Severe - An unknown actor gained unauthorized access to an employee email account and all of the information it contained. Heartland Farm Mutual, a provider of agricultural insurance, announced that a small number of clients may have had their personal data exposed in the incident. The company has announced that the incident was contained quickly and that they’re bringing in an outside firm to investigate the breach.  

Individual Risk: 2.717 = Moderate - Customers who corresponded with the affected account had personal information exposed. The company claims to have notified everyone who may have had information compromised, offering them credit monitoring for a year.  

Customers Impacted: Unknown

Effect On Customers: Email compromise is often the result of a successful phishing attack. Phishing is the top menace of 2020 and is, unfortunately, more effective against remote workers. Cybercriminals are using a huge variety of means to attempt phishing attacks and constantly changing tactics. 

Cybersecurity Risk Levels

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & Passly to the Rescue: With Passly, get the secure identity and access management solutions that you need to protect your systems and data in today’s remote work landscape at a price that you can afford, including multi-factor authentication, single sign-on, and secure password storage. Find out more by phoning Avantia on 07 30109711 or Click the link to get started: https://www.avantiacybersecurity.com/overwatch

THREAT FOCUS: BMW UK - UNITED KINGDOM

https://www.scmagazine.com/home/security-news/bmw-customer-database-for-sale-on-dark-web/?web_view=true


Exploit: Unauthorized Database Access  

BMW UK: Automobile and Truck Manufacturer, UK Division

Risk to Small Business: 2.203 = Severe - A customer database containing information for BMW owners in the UK was recently discovered for sale by cybersecurity researchers, The database was offered in an underground forum by the KelvinSecurity Group, a well-known hacking group responsible for several major data sales in the last few months. The available information included customer names, emails, addresses, vehicle numbers, dealer names, and other information. The data was purportedly obtained from a corporate call center and includes records from 2016 to 2018. The database is also reported to contain data for some UK customers of other car companies including Mercedes, Honda, and Hyundai.   Individual Risk: 2.616 = Moderate - No financial information or highly sensitive personal data was reported stolen in the breach. BMW owners in the UK should be aware that this information could be used for spear phishing.  

Customers Impacted: 500,000 

Effect On Customers: One stolen credential can lead to a world of trouble. Data like this is always popular on the Dark Web. While highly coveted information like credit card numbers or other financial data isn’t included in this database, the information that is available could prove useful for bad actors who are looking for ammunition to mount spear phishing and whaling attacks.

Cybersecurity Risk Levels

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: Dark Web ID uses 24/7/365 human and machine monitoring and analysis to find information like stolen employee passwords that puts data at risk in Dark Web markets, enabling companies to learn about a breach and mitigate the damage fast.  Please call 07 30109711 to schedule your FREE Dark Web Scan for your stolen credentials.

THREAT FOCUS: Light SA - BRAZIL

https://securityaffairs.co/wordpress/105477/cyber-crime/sodinokibi-ransomware-light-s-a.html?&web_view=true


Exploit: Ransomware

Light SA: Energy Provider 

Risk to Small Business: 2.133 = Severe - REvil ransomware is to blame again, this time in an attack that has encrypted data at a Brazilian energy company. The attackers have asked for a $14 million ransom to release the impacted data. Hackers purportedly encrypted the data through a known vulnerability in Windows software that allows them to encrypt Windows system files. The ransom has increased to $14 million after the company failed to pay the initial demand of $7 million in equivalent Monero by the original deadline imposed.  

Individual Risk: No individual data was reported as compromised.

Customers Impacted: Unknown

Effect On Customers: Even cybercriminals are working overtime these days. Ransomware attacks have increased since the beginning of 2020 and that shows no signs of slowing down. Most ransomware is delivered through phishing, making phishing resistance training a crucial component of an effective defense against ransomware. 

Cybersecurity Risk Levels

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & BullPhish to the Rescue: BullPhish ID simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime – now with COVID-19 scam awareness kits. Call Avantia on 07 30109711 (office Hours) to find out how you can get started.

THREAT FOCUS: Limeroad Apparel - INDIA

https://ciso.economictimes.indiatimes.com/news/personal-details-of-1-29-million-limeroad-customers-up-for-sale-on-darkweb-cyble/76715156?&web_view=true


Exploit: Unauthorized Database Access 

Limeroad: Apparel Marketplace 

Risk to  Small Business: 2.655 = Moderate - Approximately 1.29 million customers of popular Indian social shopping site Limeroad had their personal data compromised last week in a database break-in, and the stolen information is already up for sale on the Dark Web. Cyber researchers report that the database contained the full names of users, phone numbers, and email addresses of users. No financial data was noted as compromised.  

Individual Risk: 2.702 = Moderate - While some personal information was compromised in the breach, no financial data or sensitive identity information was stolen. Limeroad users should be on the lookout for potential spear phishing attempts using this data. 

Customers Impacted: 1,290,000

Effect On Customers: Unauthorized access to a database can often be traced to a compromised password. While this was a minimally damaging breach, it makes customers wonder about the rest of a company’s cybersecurity strategy – and how safe their more sensitive data might be.

Cybersecurity Risk Levels

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: Dark Web ID uses 24/7/365 human and machine monitoring and analysis to find information like stolen employee passwords that puts data at risk in Dark Web markets, enabling companies to learn about a breach and mitigate the damage fast.  Please call 07 30109711 to schedule your FREE Dark Web Scan for your stolen credentials.

______________________________________________________________________________

POSTSCRIPT:


Cryptocurrency Scam Raises Business Breach Risks After It Hits Thousands of Victims Worldwide 

Cryptocurrency has been revolutionary in creating a new world economy, and it’s the primary vehicle for transactions on the Dark Web. After lots of splashy coverage in mainstream news organizations around the world, the fascination for it has spread from Dark Web markets to average internet users – making them the perfect targets for cybercriminals.  In a recent scam, cybercriminals were able to pull off a multi-stage operation that exposed the personal data of thousands of users worldwide including 147,610 victims in the UK, 82,263 Australians, 4,149 South Africans, 4,147 people in the US, 3,499 folks in Singapore, 2,491 Malaysians and 2,420 people in Spain, and other countries. Data like this is fodder for Dark Web markets. The data was obtained through an interesting style of phishing scam. Users were lured in by an SMS message “starring” a locally famous celebrity (in this case a local journalist) who had “built a fortune” through cryptocurrency trading. Victims who clicked the link were then directed to a unique landing page that had an article quoting a local news personality that dovetailed believably to their region. Each unique SMS link also contained some personal information for the target.  When the target clicked anything on the fake article landing page, they were then directed to a bitcoin investment platform, where the personal information that had been carried through the process in their unique link was then automatically filled in – and they were asked for their balances in other bitcoin accounts, which were now accessible to the thieves.  As scams that are hatched through SMS and messaging applications become more common, they can also become an unexpected threat to businesses. Staffers frequently handle personal correspondence on their work devices, especially as more companies employ a “Bring Your Own Device” policy. Interacting with scam messages like these can give cybercriminals an opening to strike. Staffers need to understand that phishing isn’t just an email problem – it’s a problem everywhere.  Updated phishing training with a dynamic solution like BullPhish ID gets everyone up to speed on potential types of phishing, with easy to understand lessons about common attacks served in bite-sized pieces and delivered through engaging videos to keep lessons memorable, plus online quizzes to test retention. BullPhish ID offers plug-and-play training content in 8 languages, bolstering a business’s cybersecurity by strengthening its best defense against phishing – their employees. 


The Ransomware Tide is Rising Worldwide 

No industry is immune to ransomware attacks. Just last week, hackers attempted to breach more than 30 news sites owned by a major US media company in an audacious attempt to deploy WastedLocker ransomware. The hacking gang, known as Evil Corp, was attempting to use this method to infect the systems of employees of over 30 major US private firms using fake software update alerts that popped up after the targeted employees browsed news at the affected news sites.   It’s common for employees to access non-work websites from their work machines during the workday. Everyone checks a few headlines or looks up the weather. In this case, the employees’ computers were set up to be used as a stepping point into their companies’ networks. There hasn’t been any reported further action, but that doesn’t mean that there wasn’t a successful compromise at one of the targeted firms.  By 2021, it’s estimated that a ransomware attack will take place every 11 seconds. So, what’s the most common way that ransomware is delivered? Phishing. Whether it’s a malicious link, a spurious PDF, a poisoned SMS, or the old classic infected attachment, ransomware is the threat that really keeps IT staffers up at night.  A phishing resistance training and testing solution that is consistently updated with the latest threats can help companies effectively defend against ransomware attacks by improving their defense against phishing. BullPhish ID delivers, with easy to understand, engaging training campaigns including video components that clearly explains today’s threats. The simple set-up, grouping, and deployment tools allow you to manage campaigns any way you need to get every staffer enlisted in the effort to guard against ransomware.

______________________________________________________________________________


AVANTIA CYBER SECURITY - OUR CYBER PARTNERS SHOWCASE

Unitrends makes efficient, reliable backup and recovery as effortless and hassle-free as possible. Unitrends combine deep expertise gained over thirty years of focusing on backup and cloud storage purpose-built to make data protection simpler, more automated and more resilient than any other solution in the industry. Up to 1 TB of cloud storage is included for each workstation, more than enough for even the largest endpoints. No fees to access your data or restore files, and recovery is self-service. No surprises. No gotchas. Just simple, cost-efficient endpoint protection that you would expect from a company with over 30 years of experience. 


TO FIND OUT MORE CALL AVANTIA ON 07 30109711

Disclaimer*:

Avantia Corporate Services Pty Ltd T/A Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, other members of the 5 Eyes Alliance, the Australian Cyber Security Centers, and other sources in 56 countries who provide cyber breach and cyber security information in real time. Given their international focus and experience in the cyberspace arena we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the contents accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.

*COPYRIGHT 2020* Avantia Corporate Services - All Rights Reserved.

(2,244,000)

Want The Information  Cyber Criminal's  Don't Want You To Know?

Subscribe below to receive our weekly Threat Updates straight to your inbox.

Call (07) 3010 9711 

info@avantiacorp.com.au

 

Avantia Corporate Services Pty Ltd,                    Level 7, 320 Adelaide Street

Brisbane, Queensland 4000

AUSTRALIA.

  • LinkedIn Social Icon
  • Facebook Social Icon

DISCLAIMER*: Avantia Corporate Services Pty Ltd and Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, and up to 56 other countries who provide cyber breach and cybersecurity information to us in real-time. Given their international focus and experience in the cyberspace arena, we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the content's accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.

*COPYRIGHT 2020* Avantia Corporate Services  PTY LTD - All Rights Reserved.