Search
  • Avantia Threat Update

GEOPOLITICS WILL DRIVE AGGRESSIVE CYBER ACTIVITY THROUGHOUT 2020*.


How Will This Impact On Your Business?

This Past Week*, Cyber Security Threats in 2020, Dental practices get toothache; new malware campaign attacks hotels worldwide, sloppy telcos replace SMS with ineffective RCS technology,

Piles of insecure smart toys fill retailers shelves, Online stores compromise customer credentials, Ransomware cancels a holiday performance, and more than half of organisations admit that they are not ready for a cyberattack and major breaches in USA; UNITED KINGDOM; NEW ZEALAND and AUSTRALIA.

Known Customers Effected by Data Breaches reported in this Briefing

this past 4 weeks: 23,512,156 *


Dark Web ID Trends*:

Top Source Hits: ID Theft Forums  Top Compromise Type: Domain Top Industry: Education & Research Top Employee Count: 101 - 250 Employees 

______________________________________________________________________________


GEOPOLITICS IS LIKELY TO UNDERPIN CYBERSECURITY THREATS IN 2020*.

International politics have always centered on nations seeking to surpass their rival nations, both economically and militarily. The rivals involved haven't changed in decades; but the primary battleground has moved to the internet. 2020 may prove a pivotal year for this rivalry with the U.S. presidential elections and what amounts to a current global trade war. Some aspects of this trade war will probably not increase aggressive cyber activity (for example, France's plan for a digital tax on U.S. service companies has been answered by a threat to impose duties of up to 100% on a variety of French products, such as champagne, imported into the U.S.). The U.S./China trade war, however, is on a different level; and will undoubtedly lead to increased Chinese cyber activity against western economies, and especially the U.S. economy. A close ally to a direct trade war is international economic sanctions -- the negative effect on the economy of the targeted nation is similar to, but more severe than, trade embargoes. Russia, Iran and North Korea are all targets of western sanctions; and all three are engaged in aggressive cyber activity against the west, and the U.S. in particular. This is further complicated by globalization, with major national corporations either already embedded or striving to embed themselves within rival nations. National manufacturing has become dependent upon international components, and while this can cause political problems (for example, Huawei in the west), it limits the potential for further global balkanization of the internet while simultaneously increasing the supply chain threat. This is against the background of the 2020 presidential election, where the four main foreign adversary nations will undoubtedly meddle. Russia is likely to welcome the re-election of Donald Trump, and will continue to stoke the Brexit divisions in the UK. The rise of right-wing politics in both the U.S. and Europe has weakened international alliances and cooperation in both areas, suiting Russia's global aims. China, Iran and North Korea are thought to prefer an alternative president who may prove more amenable on trade and sanctions. This is the background that Steve Durbin, managing director of the 10,000-strong Information Security Forum, believes will drive cybersecurity throughout 2020. He sees three areas for concern: an international race for technological supremacy; the supply chain and IoT; and a blurring between cybercrime and nation state activity. All, however, are underpinned by geopolitics that are not likely to change -- even if the trade war was ended in January. The race for technological supremacy is focused around nation-state activity and fed by geopolitics. "In 2020, the US and China will increase restrictions and protectionist measures in pursuit of technology leadership leading to a heightened digital cold war in which data is the prize," comments Durbin. "This race to develop strategically important next generation technology will drive an intense nation-state backed increase in espionage."  The tensions between the U.S. and China are not limited to technology alone, but stem from the mutual belief that each country is trying to dominate the other. "Technology is a hot potato," Durbin told SecurityWeek. "But there is a belief in the U.S. that China is pursuing an anti-American land grab. Look, for instance, at the way in which China has been investing in road and sea links beyond China and into Europe, buying up ports, etcetera. There is concern in the U.S. that this is almost a Chinese imperialist land grab." Increased state-level cyber espionage feeds into another of Durbin's predictions for 2020 -- the increased blurring of the relationship between elite criminal gangs and their respective governments. "We know that some adversary states outsource parts of their hacking activity to gangs in order to preserve deniability," he said. But this is unlikely to be one-way cooperation. "Then comes the question," he added, "if you're doing that, are you also providing additional resources -- which could be financial, it could be skill sets, it could be a variety of resources -- to help some of these gangs. What is the quid pro quo? It's difficult to prove one way or the other, but there is a general belief that this is going on."  If nation state hacking increases, it will almost certainly be paralleled by improved resources for the more advanced criminal gangs. This is another concern for 2020. Nation state attacks will increase through the geopolitical situation, but criminal attacks will likely be more advanced and better resourced as an effect of those same geopolitical tensions. Geopolitics also underlies increasing concern over international supply chains, and the growing dependency on IoT and IIoT devices manufactured, or at least assembled from components manufactured, abroad. Many of these components come from China, and with little transparency into the supply chain, there is growing worry that IIoT devices could be compromised by foreign powers before being used by American critical industries. The foreign threat to critical industries is probably not the old-fashioned view of death and destruction warfare, but more one of civil disruption and chaos. The perfect example would be the financial industry. With increasing reliance on technology-driven purchasing, the problems caused by a complete failure in online finance would be catastrophic with no ability to use phone-based payments and no access to cash. The coming IoT threat isn't limited to industrial IoT -- smart homes are likely to become targets. "The attack surface in smart homes is increasing. People like devices. We even have smart robot vacuum cleaners able to take photos," commented Durbin.  At the same time, there is an increasing level of working from home. "This has two impacts," continued Durbin. "At the corporate level, the challenge for enterprises is to ensure that their employees are operating within a safe and secure environment when working at home. But it also raises the possibility of attacks on the individual. Once inside a smart home, attackers have the potential to gain access to everything on the individuals' computers, including passwords and payment data." It is a form of supply chain attack, where -- metaphorically -- the vacuum cleaner shoulder-surfs the householder. Politicians, high profile individuals, and CEOs will potentially become targets for extortion in their own home. Underlying, and certainly impacting, much of the cybersecurity threat we can expect throughout 2020, are global geopolitical tensions. If politics lies at the root, we need to ask if politicians should take a stronger role in solving the problems. The answer is 'yes', but the reality is unlikely. "I think part of the challenge with politicians is that they are politicians," Durbin told SecurityWeek. "The primary interest of the majority is simply staying in power and getting re-elected. Most of them -- and this particularly applies to the UK -- are career politicians. They've never done anything else; they've never been in industry and they have no clue about anything than other than being a politician." That could be fine, he continued, if you then surround yourself with the right experts and listen. "But you're always going to have this conflict between the need to earn a living as a politician versus the other things. If we look at instances -- like the porn censorship proposals in the UK [politically expedient but technological nonsense] and some of the congressional hearings in the U.S. with Facebook and others, clearly these are politicians out of their depth. The question has to be, if you get to that position of power, how can it be that you haven't got the first clue? How can it be that you are not being briefed appropriately?" For now, political expediency will always trump cyber necessities -- especially in an election year. Solutions to the rising threats of 2020 will not come from government -- as always, organizations will need to take the lead in protecting themselves. "The coming year will be volatile, but targets will be predictable," says Durbin. "To survive in the new digital world, organizations will have to adapt. To thrive they must evolve."


DENTISTS GET MASSIVE TOOTHACHE*

A Colorado company that specializes in providing IT services to dental offices suffered a ransomware attack this week that is disrupting operations for more than 100 dentistry practices, KrebsOnSecurity has learned. Multiple sources affected say their IT provider, Englewood, Colorado USA. based Complete Technology Solutions (CTS), was hacked, allowing a potent strain of ransomware known as “Sodinokibi” or “rEvil” to be installed on computers at more than 100 dentistry businesses that rely on the company for a range of services — including network security, data backup and voice-over-IP phone service. Reached via phone Friday evening, CTS President Herb Miner declined to answer questions about the incident. When asked about reports of a ransomware attack on his company, Miner simply said it was not a good time and hung up. The attack on CTS comes little more than two months after Sodinokibi hit Wisconsin-based dental IT provider PerCSoft, an intrusion that encrypted files for approximately 400 dental practices. Thomas Terronez, CEO of Iowa-based Medix Dental, said he’s heard from several affected practices that the attackers are demanding $700,000 in bitcoin from some of the larger victims to receive a key that can unlock files encrypted by the ransomware. Others reported a ransom demand in the tens of thousands of dollars. In previous ransomware attacks, the assailants appear to have priced their ransom demands based on the number of workstation and/or server endpoints within the victim organization. According to CTS, its clients typically have anywhere from 10 to 100 workstations. Terronez said he’s spoken with multiple practices that have been sidelined by the ransomware attack, and that some CTS clients had usable backups of their data available off-site, while others have been working with third party companies to independently negotiate and pay the ransom for their practice only. Many of CTS’s customers took to posting about the attack on a private Facebook group for dentists, discussing steps they’ve taken or attempted to take to get their files back. “I would recommend everyone reach out to their insurance provider,” said one dentist based in Denver. “I was told by CTS that I would have to pay the ransom to get my corrupted files back.” “My experience has been very different,” said dental practitioner based in Las Vegas. “No help from my insurance. Still not working, great loss of income, patients are mad, staff even worse.” Terronez said the dental industry in general has fairly atrocious security practices, and that relatively few offices are willing to spend what’s needed to fend off sophisticated attackers. He said it’s common to see servers that haven’t been patched for over a year, backups that haven’t run for a while, Windows Defender as only point of detection, non-segmented wireless networks, and the whole staff having administrator access to the computers — sometimes all using the same or simple passwords. “A lot of these [practices] are forced into a price point on what they’re willing to spend,” said Terronez, whose company also offers IT services to dental providers. “The most important thing for these offices is how fast can you solve their problems, and not necessarily the security stuff behind the scenes until it really matters.”


HOTELS WORLDWIDE (AND THEIR GUESTS) TARGETED IN HUGE MALWARE CAMPAIGN*

“RevengeHotels” is a targeted cybercrime malware campaign against hotels, hostels, hospitality and tourism companies, mainly, but not exclusively, located in Brazil. We have confirmed more than 20 hotels that are victims of the group, located in eight states in Brazil, but also in other countries such as Argentina, Bolivia, Chile, Costa Rica, France, Italy, Mexico, Portugal, Spain, Thailand and Turkey. The goal of the campaign is to capture credit card data from guests and travelers stored in hotel systems, as well as credit card data received from popular online travel agencies (OTAs) such as Booking.com. The main attack vector is via email with crafted Word, Excel or PDF documents attached. Researchers were able to track two groups targeting the hospitality sector, using separate but similar infrastructure, tools and techniques. They named the first group RevengeHotels, and the second ProCC. These groups use a lot of social engineering in their attacks, asking for a quote from what appears to be a government entity or private company wanting to make a reservation for a large number of people. Their infrastructure also relies on the use of dynamic DNS services pointing to commercial hosting and self-hosted servers. They also sell credentials (Usernames/Passwords) from the affected systems, allowing other cybercriminals to have remote access to hotel front desks infected by the campaign. The activities of these groups has been monitoring the new malware they are creating for over a year. With a high degree of confidence, it was confirmed that at least two distinct groups are focused on attacking this sector; there is also a third group, though it is unclear if its focus is solely on this sector or if carries out other types of attacks. One of the tactics used in operations by these groups is highly targeted spear-phishing messages. They register typo-squatting domains, impersonating legitimate companies. The emails are well written, with an abundance of detail. They explain why the company has chosen to book that particular hotel. By checking the sender information, it’s possible to determine whether the company actually exists. However, there is a small difference between the domain used to send the email and the real one. An email sent to a hotel supposedly came from an attorney’s office with a spear-phishing message, written in Portuguese, that had a malicious file attached, misusing the name of a real attorney office, while the domain sender of the message was registered one day before, using a typo-squatting domain. The group goes further in its social engineering effort: to convince the hotel personnel about the legitimacy of their request, a copy of the National Registry of Legal Entities card (CNPJ) is attached to the quotation. The attached file, Reserva Advogados Associados.docx (Attorneys Associates Reservation.docx), is a malicious Word file that drops a remote OLE object via template injection to execute macro code. The macro code inside the remote OLE document contains PowerShell commands that download and execute the final payload. After unpacking the malicious files, the code is recognizable as the commercial RAT RevengeRAT (Remote Access Trojan virus) An additional module written by the group called ScreenBooking is used to capture credit card data. It monitors whether the user is browsing the web page. In the initial versions, back in 2016, the downloaded files from RevengeHotels campaigns were divided into two modules: a backdoor and a module to capture screenshots. Recently the researchers noticed that these modules had been merged into a single backdoor module able to collect data from clipboard and capture screenshots. In this example, the webpage that the attacker is monitoring is booking.com (more specifically, the page containing the card details). The code is specifically looking for data in Portuguese and English, allowing the attackers to steal credit card data from web pages written in these languages. Titles searched by the malware in order to capture the screen contents are Delphi binaries. The backdoor installed in the machine is more customized than that used by RevengeHotels: it’s developed from scratch and is able to collect data from the clipboard and printer spooler, and capture screenshots. Because the personnel in charge of confirming reservations usually need to pull credit card data from OTA websites, it’s possible to collect card numbers by monitoring the clipboard and the documents sent to the printer. According to the relevant underground forums and messaging groups, these criminals also infect front desk machines in order to capture credentials from the hotel administration software; they can then steal credit card details from it too. Some criminals also sell remote access to these systems, acting as a “concierge” for other cybercriminals by giving them permanent access to steal new data by themselves. Access to hotel booking systems containing credit card details is sold by criminals as a service and some Brazilian criminals tout credit card data extracted from a hotel’s system as high quality and reliable because it was extracted from a trusted source, i.e., a hotel administration system. The majority of the victims are associated with the hospitality sector. Based on the routines used, the researchers estimate that this attack has a global reach. However, based on our telemetry data, they can only confirm victims in the following countries: Argentina, Bolivia, Brazil, Chile, Costa Rica, France, Italy, Mexico, Portugal, Spain, Thailand and Turkey. Based on data extracted the researchers say they can see that potential victims from many other countries have at least accessed the malicious link. This data suggests that the number of countries with potential victims is higher than their telemetry has registered. RevengeHotels is a campaign that has been active since at least 2015, revealing different groups using traditional RAT (Remote Access Trojan) malware to infect businesses in the hospitality sector. While there is a marked interest in Brazilian victims, the telemetry shows that their reach has extended to other countries in Latin America and beyond. The use of spear-phishing emails, malicious documents and RAT malware is yielding significant results for at least two groups the researchers have identified in this campaign. Other threat actors may also be part of this wave of attacks, though there is no confirmation at the current time. If you want to be a savvy and safe traveler, it’s highly recommended to use a virtual payment card for reservations made via OTAs, as these cards normally expire after one charge. While paying for your reservation or checking out at a hotel, it’s a good idea to use a virtual wallet such as Apple Pay, Google Pay, etc. If this is not possible, use a secondary or less important credit card, as you never know if the system at the hotel is clean, even if the rooms are…...


SMS REPLACEMENT IS EXPOSING USERS TO TEXT & CALL INTERCEPTION THANKS TO SLOPPY TELCOS*

Researchers from SRLabs found that telecos are implementing the RCS standard in vulnerable ways, which bring back techniques to attack phone networks. A standard used by phone carriers around the world can leave users open to all sorts of attacks, like text message and call interception, spoofed phone numbers, and leaking their coarse location, new research reveals. The Rich Communication Services (RCS) standard is essentially the replacement for SMS. The news shows how even as carriers move onto more modern protocols for communication, phone network security continues to be an exposed area with multiple avenues for attack in some implementations of RCS "I'm surprised that large companies, like Vodafone, introduce a technology that exposes literally hundreds of millions of people, without asking them, without telling them," Karsten Nohl from cybersecurity firm Security Research Labs (SRLabs) told Motherboard in a phone call. SRLabs researchers Luca Melette and Sina Yazdanmehr will present their RCS findings at the upcoming Black Hat Europe conference in December, and discussed some of their work at security conference DeepSec on Friday. RCS is a relatively new standard for carrier messaging and includes more features than SMS, such as photos, group chats, and file transfers. Back in 2015, Google announced it would be adopting RCS to move users away from SMS, and that it had acquired a company called Jibe Mobile to help with the transition. RCS essentially runs as an app on your phone that logs into a service with a username and password, Nohl explained. SRLabs estimated RCS is already implemented by at least 100 mobile operators, with many of the deployments being in Europe. SRLabs said that all the major U.S. carriers—AT&T, T-Mobile, Sprint, and Verizon—were using RCS. SRLabs didn't find an issue in the RCS standard itself, but rather how it is being implemented by different telecos. Because some of the standard is undefined, there's a good chance companies may deploy it in their own way and make mistakes. "Everybody seems to get it wrong right now, but in different ways," Nohl said. SRLabs took a sample of SIM cards from a variety of carriers and checked for RCS-related domains, and then looked into particular security issues with each. SRLabs didn't say which issues impacted which particular telecos. Some of those issues include how devices receive RCS configuration files. In one instance, a server provides the configuration file for the right device by identifying them by their IP address. But because they also use that IP address, "Any app that you install on your phone, even if you give it no permissions whatsoever, it can request this file. So now every app can get your username and password to all your text messages and all your voice calls. That's unexpected," Nohl said. In another instance, a teleco sends a text message with a six-digit code to verify that the RCS user is who they say they are, but "then give you an unlimited number of tries" to input the code, Nohl said. "One million attempts takes five minutes," he added, meaning that it could be possible to brute force through the authentication process. "All of these mistakes from the 90s are being reinvented, reintroduced," Nohl said. "It is being rolled out for upwards of a billion people already who are all affected by this." Verizon did not respond to a request for comment and T-Mobile did not provide a statement in time for publication. Vodafone said in a statement, "We are aware of the research by SRLabs. We take security very seriously and we have a number of measures in place to protect RCS services. We will review these protections in light of the research and, if required, take any further protective measures." AT&T and Sprint directed questions to the GSM Association (GSMA), a trade body for network operators. Claire Cranton, a spokesperson for the GSMA, wrote in an email, "The GSMA is aware of research undertaken by SRLabs into RCS security in which some previously known, but no new, vulnerabilities are reported. The findings highlight issues with some RCS implementations but not every deployment, or the RCS specifications themselves, are impacted." Cranton said the researchers will present their findings to an expert group at GSMA next week, and that an initial analysis of the research shows there are countermeasures to the uncovered issues. "We are grateful to the researchers for allowing the industry the opportunity to consider their findings. The GSMA welcomes any research that enhances the security and user confidence of mobile services and encourages all researchers to submit their work to our Coordinated Vulnerability Disclosure (CVD) Program which enables them to share findings and to contribute to industry’s ongoing work to drive security improvements," Cranton wrote. Nohl said of the move to RCS, "We find that is actually a step backwards for a lot of networks."


BEWARE OF ‘BAD SANTA’ THIS CHRISTMAS - PILES OF INSECURE SMART TOYS FLOOD STORES*.

It seems to come around quicker every year – the failure of so-called smart toys to meet the most basic of security requirements. Which? has discovered a bunch of sack fillers that dirtbags can use to chat to your kids this Christmas. Back in 2017, the consumer group found toys with security problems relating to network connections, apps or other interactive features. The results of its latest round of testing show manufacturers are struggling to improve standards. Working with security researchers NCC Group, ‘Which?’ found a karaoke machine that could transmit audio from anyone passing within Bluetooth range because of its unsecured connection. It found walkie-talkies from VTech which anyone with their own set of similar equipment could connect to over a 200-metre range. It also found a Mattel-backed games portal which appeared to be unmoderated, allowing users to upload their own games with content inappropriate for children. Ken Munro, security researcher with consultancy Pen Test (penetration testing) Partners, said that although there was no evidence the vulnerabilities revealed by ‘Which?’ had not been used by nefarious characters to contact children, parents should still beware of toys that do not meet minimum standards. "The reason we don't hear of these attacks is they are local: it would be one parent at a time. Is it still worrying? Yes, I don't like the idea of this thing being unsecured," he said. Earlier this year, the UK's Department for Digital, Culture, Media and Sport launched an industry consultation on the back of a 2018 report which advocated the removal of burden from consumers to securely configure their devices and instead ensure that strong security is built into IoT devices and services by design. In 2017, ‘Which?’ and German counterpart ‘Stiftung Warentest’ raised concerns about i-Que Robot, which also offered an unsecured Bluetooth connection. Munro said he was not surprised manufacturers had struggled to demonstrate any improvement in security awareness or standards. "We've seen much worse vulnerabilities involving kids' tracking watches, whereby a hacker can remotely track thousands of kids in real time," he said. While UK regulation is still in the works, and adverse publicity has little affect, incoming legislation in California is more likely to force manufacturers to build security into product design from the outset. From 1 January 2020, Senate Bill 327 will make reasonable security mandatory for consumer products in California. Given it is such a large market, and the home of both the global technology and media industries, the legislation is set to change smart toy manufacturing, Munro said. "I think that will have a huge influence on manufacturing. If you want to sell stuff in California, it's got to be safe. That will trickle down, so UK production improves as well." In response to the ‘Which?’ study, a spokesperson for VTech said consumers should be assured the VTech KidiGear Walkie Talkies, which uses the industry-standard AES encryption to communicate, are safe. "Pairing... cannot be initiated by a single device. Both devices have to start pairing at the same time within a short 30-second window in order to connect. Additionally, if already linked to its paired handset, pairing with an additional, external handset is not possible," a spokesperson said.Meanwhile, ‘Sphero’, maker of the Sphero Mini interactive toy also implicated in the ‘Which?’ study, said that the feature highlighted related to the Sphero Edu app, which was meant to be used in classrooms or in the home with teacher or parent supervision.


THREAT FOCUS: McLaren Health Plan - UNITED STATES* 

https://www.beckershospitalreview.com/cybersecurity/michigan-insurer-alerts-members-of-data-breach.html

Exploit: Phishing scam

McLaren Health Plan: Health maintenance organization

Risk to Small Business: 1.666 = Severe: A successful phishing attack on one of the company’s third-party vendors compromised patient data at McLaren Health Plan. The hackers used a compromised email account to send spam emails, putting patient data at risk. The exposure will inevitably lead to reputational damage, and the sensitive nature of the information breached will invite scrutiny from healthcare regulators along with the prospect of financial penalties.

Individual Risk: 2.571 = Moderate: The breach exposed patients’ personally identifiable information, including names, dates of birth, identification numbers, health plan information, providers, diagnosis, drug information, and authorization information. Notably, this information has been available since October, so those impacted by the breach should quickly examine their accounts for unusual activity and take precautions to ensure that their personal information remains secure.

Customers Impacted: Unknown Effect On Customers: Third-party partnerships represent an opportunity to expand your company’s capabilities but can also manifest themselves as cybersecurity risks. Given the increasingly onerous consequences of a data breach, cybersecurity standards should be top consideration when establishing such relationships. Better product or service offerings can be a boon, but not if they come at the expense of data security. Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Avantia Cyber Security & ID Agent to the Rescue: BullPhish ID™ simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime. Call Avantia on 07 30109711 for more information.


THREAT FOCUS: On The Border - UNITED STATES*

https://www.restaurantbusinessonline.com/topics/border-reports-data-breach

Exploit: Malware attack

On The Border: Casual restaurant chain

Risk to Small Business: 1.888 = Severe: Hackers installed malware on the restaurant’s payment processing platform, which provided access to customers’ payment information from locations across 27 states. The attack occurred between April 10th and August 10th, and it did not include franchised restaurants or catering orders. Unfortunately, the breach wasn’t discovered until November 14th, giving hackers ample time to misuse customers’ personal information and financial data. Moreover, it’s unclear why the company waited several weeks to notify customers of the breach, a misstep that will certainly slow the recovery process.

Individual Risk: 2.571 = Moderate: Customers at certain restaurant locations had their personal and financial information stolen, including their names, credit card numbers, credit card expiration dates, and security codes printed on the back of the cards. This information not only has a ready market on the Dark Web, but it can be used directly by hackers to commit financial crimes. Therefore, those impacted by the breach should immediately notify their financial institutions and enroll in identity and credit monitoring services to ensure that their information isn’t misused now or in the future.

Customers Impacted: Unknown Effect On Customers: Recovering from a data breach is a challenging process, as companies are tasked with demonstrating their data security improvements while also wooing back customers that inevitably abandon them after a breach. While the best option is to prevent a data security incident from occurring in the first place, companies can expedite the recovery process by supporting their customers at every turn. In this case, understanding what happened to payment data after it was stolen can go a long way toward mitigating the damage and restoring customer confidence. Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Avantia Cyber Security & ID Agent to the Rescue: Dark Web ID™ can find out how payment data is being used on the Dark Web, even in the case of a malware attack. We work with our Clients to strengthen their security suite by offering industry-leading detection. Find out more by calling Avantia on 07 30109711


THREAT FOCUS: New Jersey Shakespeare Theatre - UNITED STATES*

https://www.bleepingcomputer.com/news/security/ransomware-writes-drama-at-shakespeare-theatre/

Exploit: Ransomware attack

New Jersey Shakespeare Theatre: Theatre company dedicated to Shakespeare and classical works

Risk to Small Business: 2.111 = Severe: A ransomware attack has disabled the company’s access to its ticketing system and patron database. The attack arrives as the company is scheduled to begin its holiday production, a significant draw for the theatre. The first showing was cancelled while the company developed an alternative ticketing method. Fortunately, customer data was fully encrypted and not viewable by hackers, but the Shakespeare Theatre also can’t access this information. In response, customers are being asked to bring confirmation emails or ticket stubs to the performance so that the show can go on.

Customers Impacted: Unknown Effect On Customers: Ransomware attacks are uniquely expensive, due to the upfront cost of restoring technical services along with opportunity costs associated with lost capability. The prevalence of this threat is increasing the impetus for companies to ensure that their IT infrastructure doesn’t provide a foothold for criminals to inflict financial and reputational damage on their platform. Often employee accounts serve as the easiest targets for hackers to execute phishing attacks against, making this a good place to start when securing against malware. Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Avantia Cyber Security & ID Agent to the Rescue: With AuthAnvil™, you can protect your employees’ password integrity. We offer integrated multi-factor authentication, single sign-on, and identity management solutions to protect your credentials and your data. Find out more by calling Avantia on 07 30109711


THREAT FOCUS: Sweaty Betty - UNITED KINGDOM*

https://www.bleepingcomputer.com/news/security/uk-retailer-sweaty-betty-hacked-to-steal-customer-payment-info/

Exploit: Payment skimming malware

Sweaty Betty: Activewear retailer

Risk to Small Business: 1.555 = Severe: Hackers injected payment skimming malware into the company’s online store, compromising customers’ personal and financial information. The breach impacts customers shopping online between November 19th and November 27th who paid with a credit or debit card. However, shoppers using PayPal and Apple Pay did not have their information stolen. Sweaty Betty has contacted customers impacted by the breach, but they are not publicly acknowledging the compromise on their website.

Individual Risk: 2.286 = Severe: Online shoppers impacted by the breach had their personal and financial information forwarded to a malicious third-party. This information includes names, passwords, addresses, email addresses, telephone numbers, payment card numbers, CVV numbers, and card expiration dates. Victims should immediately contact their financial institutions to notify them of the breach. Moreover, enrolling in credit and identity monitoring services can detect unusual or malicious activity, helping customers ensure that their information is secure. Finally, customers should change their passwords across other accounts that share similar login details because this information was compromised by hackers and will likely find its way to the Dark Web.

Customers Impacted: Unknown Effect On Customers: As witnessed by this year’s holiday shopping frenzy, e-commerce comprises an increasingly larger slice of the retail pie. However, customers have demonstrated an unwillingness to do business with companies that can’t protect their data, and instances like this undermine the financial viability of businesses reliant on online sales to drive revenue. Ensuring that your IT infrastructure is fortified serves as an advantageous and necessary next step for any company hoping to build their business around online shopping. Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Avantia Cyber Security & ID Agent to the Rescue: We go into the Dark Web to keep you out of it. Dark Web ID is the leading Dark Web monitoring platform in the Channel. The award-winning platform combines human and sophisticated Dark Web intelligence with search capabilities to identify, analyze and proactively monitor for an organization’s compromised or stolen employee and customer data. Schedule a demo today by calling Avantia on 07 30109711


THREAT FOCUS: Mixcloud - UNITED KINGDOM*

https://techcrunch.com/2019/11/29/mixcloud-data-breach/

Exploit: Exposed database

Mixcloud: Audio streaming platform

Risk to Small Business: 1.777 = Severe: The music streaming platform failed to secure a database containing customer data, and that information was quickly shared on the Dark Web. Embarrassingly, the company was notified of the error by the media who were contacted by the hackers who stole the information in early November. Now, Mixcloud has to contend with a deluge of public criticism as well as a cadre of angry customers who are upset that their personal information is available for purchase on the Dark Web.

Individual Risk: 2.714 = Moderate: The stolen data includes usernames, email addresses, and encrypted passwords. In addition, the breach included sign in data, including IP addresses and links to profile photos. This information can be used in identity crimes or to execute other cybercrimes, such as phishing scams. Those impacted by the breach should be especially critical of unusual digital correspondence, while monitoring their accounts for unusual or suspicious activity.

Customers Impacted: 20,000,000 Effect On Customers: The cost of a data breach is enormous, and it’s continually climbing. Given that reality, an unforced error, like an exposed database, is an especially egregious way to diminish your business prospects. Indeed, companies that don’t adequately account for their data security will face harsh technical, consumer, and regulatory costs now and in the years ahead. Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Avantia Cyber Security to the Rescue: Helping SME customers understand the importance of cyber security is no easy task. The whole idea of ‘risk’ in our digital age is overwhelming for many. A ‘holistic’ Cyber Security Audit of a businesses Operational; Legal; Reputational and Recovery Risks can clarify where the cracks are and how to fix them. For a confidential discussion call Avantia on 07 30109711 (office hours) - We can help you with that.


THREAT FOCUS: British American Tobacco - UNITED KINGDOM*

https://www.securitymagazine.com/articles/91356-british-american-tobacco-suffers-data-breach-and-ransomware-attack

Exploit: Ransomware attack

British American Tobacco: Tobacco manufacturing company

Risk to Small Business: 1.888 = Severe: An exposed database was seized by hackers who encrypted 352 GB of company data and demanded a ransom payment to release the information. The specific exposed platform stored data from Romanian residents who supplied their information in an effort to win tickets to parties and events featuring famous local and international performers. British American Tobacco was first notified of the database on November on September 22nd, when cybersecurity researchers attempted to contact the company. Unfortunately, no action was taken, and now both the company and its customers will suffer the consequences.

Individual Risk: 2.857 = Moderate: The exposed database included customers’ personally identifiable information, such as full names, email addresses, phone numbers, dates of birth, gender, source IP, and tobacco product preferences. It’s unclear if the hackers intend to use this information to target consumers, but personal data is often sold on Dark Web, so those impacted by the breach should enroll in identity monitoring services to ensure that their information isn’t misused.

Customers Impacted: Unknown Effect On Customers: Customers are fed up with companies that can’t protect their personal information, and many are choosing to take their business elsewhere after a data breach occurs. This sentiment is only amplified when SMBs demonstrate indifference or incompetence toward data security. In contrast, companies that actively prioritize data security position themselves to thrive in today’s cybersecurity landscape. Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Avantia Cyber Security to the Rescue: Helping SME customers understand the importance of cyber security is no easy task. The whole idea of ‘risk’ in our digital age is overwhelming for many. A ‘holistic’ Cyber Security Audit of a businesses Operational; Legal; Reputational and Recovery Risks can clarify where the cracks are and how to fix them. For a confidential discussion call Avantia on 07 30109711 (office hours) - We can help you with that.


THREAT FOCUS: Council of Licensed Firearm Owners - NEW ZEALAND*

https://www.tvnz.co.nz/one-news/new-zealand/police-investigating-potential-privacy-breach-firearms-buy-back-database

Exploit: Accidental data exposure

Council of Licensed Firearm Owners: Volunteer shooting-related organization

Risk to Small Business: 1.666 = Severe: A buyback program for registered gun owners failed to protect its database, exposing participants’ information to the public. The error brought significant ridicule from the program's critics, and it underscores the importance of ensuring that user data is locked down and secure at all times. As a result of this oversight, the organization was forced to take their website offline, which will undermine its goals and could hinder its long-term prospects.

Individual Risk: 2.571 = Moderate: Internet users were able to view and take screenshots of participants’ personal details and financial information. Not only does this potentially produce a security concern because of the controversial nature of the program, but this information can quickly make its way to the Dark Web where it can be repurposed into other, more nefarious, cybercrimes. Those impacted by the breach should notify their financial institution of the event, and they should enroll in identify and credit monitoring services to ensure that their information remains secure.

Customers Impacted: 70,000 Effect On Customers: Today’s organizations face cyber threats on multiple fronts, so an unforced error is uniquely problematic and egregious. With the holistic cost of a data breach continually rising, every organization has millions of reasons to embrace this priority and to get it right. By evaluating your organization’s entire threat landscape, it’s possible to ensure that technological capabilities are an asset rather than a liability. Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: With BullPhish ID, MSPs can provide a more complete picture of a company’s security posture and potential risk, transforming the weakest links of an organization into their strongest points of protection. Find out how you can get started with us by calling Avantia on 07 30109711


THREAT FOCUS: Monash IVF Clinic - AUSTRALIA*

https://www.smh.com.au/national/fears-over-patient-data-breach-after-cyber-attack-on-monash-ivf-20191203-p53gj0.html

Exploit: Phishing scam

Monash IVF: Cash logistics and private security company

Risk to Small Business: 1.666 = Severe: A widespread phishing scam at Monash IVF was more effective than originally thought. While the group reported the breach in early November, the original assessment did not account for patient data that was compromised in the breach. The company’s confidential patient databases were unharmed in the attack, but many of the compromised staff emails contained patient data, which could have been accessed by hackers. Monash IVF stores peoples’ highly sensitive personal data, and it’s likely that this updated assessment will bring further customer and regulatory scrutiny to their business, a development that will slow the recovery process and could increase costs.

Individual Risk: 2.142 = Severe: Monash IVF stressed that many of those impacted by the breach only had their email addresses accessed, but some patients had more sensitive information compromised. This includes names, contact information, partner details, dates of birth, nationality, occupation, financial details, medical insurance details, health information, drivers’ license or passport numbers, and medical history. Victims should be aware that this data is often repurposed to compile authentic-looking phishing scams that, if acted upon by recipients, can further compromise personal data.

Customers Impacted: Unknown Effect On Customers: When employees fall for phishing scams, everyone loses. While these malicious messages will inevitably make their way into employees’ inboxes, they don’t have to lead to a breach. Instead, employee awareness training is a proven way to reduce the risk of phishing scams leading to costly data breaches that negatively impact your company's reputation and customers’ well-being. Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Avantia Cyber Security & ID Agent to the Rescue: Designed to protect against human error, BullPhish ID simulates phishing attacks and manages security awareness training campaigns to educate employees, making them the best defense against cybercrime. Learn more by calling Avantia at 07 30109711

______________________________________________________________________________

POSTSCRIPT

More Than Half of All Organizations Admit They Aren’t Ready for Cyberattack* 

Data security incidents continue to make headlines every week. Even so, a recent survey found that most organizations still aren’t prepared for the veritable inevitability of a data breach.  Indeed, more than 800 CISOs (Chief Information Security Officer) from three continents expressed similar sentiments about their data security standards. Notably, 51% do not believe that they are ready to respond to a data breach, while nearly a third have untested response plans in place. Meanwhile, the vast majority believe that the cybersecurity landscape will worsen or stay the same in the year ahead. Perhaps that’s why 76% plan to increase their cybersecurity budgets in 2020. When establishing their priorities, CISOs identified security software and employee awareness training as their top priority. As it stands, too many companies aren’t responding to the real and escalating threat of a data loss event. Many are ignoring the Legal, Reputational & Recovery Risks that are equally as important as Operational risks that focus on IT infrastructure only.


Managing Director of Avantia Cyber Security, Paul Nielsen says “You wouldn’t got to a tyre shop to get a new set of tyre’s for your car because they were all bald, and only buy 2 or 3 tyre’s because you just know your car will come to grief. Why then would you only cover 1, 2 or 3 of the 4 pillars of Cyber Security - Operational Risk is not the only factor. To be truly "Cyber Aware" you need to investigate your Legal Risk; Reputational Risk and Recovery Risk.” Check out the ‘CYBER AUDIT’ tab on the navigation bar of this website to see how a ‘holistic’ Independent Certified Cyber Security Audit can show you where the cracks are, and how to plug them’



Disclaimer*: Avantia Corporate Services Pty Ltd T/A Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, and up to 56 other countries who provide cyber breach and cyber security information to us in real time. Given their international focus and experience in the cyberspace arena we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the contents accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.

*COPYRIGHT 2019 Avantia Corporate Services - All Rights Reserved.

(20,070,000)

Want The Information  Cyber Criminal's  Don't Want You To Know?

Subscribe below to receive our weekly Threat Updates straight to your inbox.

Call (07) 3010 9711 

info@avantiacorp.com.au

 

Avantia Corporate Services Pty Ltd,                    Level 7, 320 Adelaide Street

Brisbane, Queensland 4000

AUSTRALIA.

  • LinkedIn Social Icon
  • Facebook Social Icon

DISCLAIMER*: Avantia Corporate Services Pty Ltd and Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, and up to 56 other countries who provide cyber breach and cybersecurity information to us in real-time. Given their international focus and experience in the cyberspace arena, we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the content's accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.

*COPYRIGHT 2020* Avantia Corporate Services  PTY LTD - All Rights Reserved.