Subscribe below to receive our weekly Threat Updates straight to your inbox.

Call (07) 3010 9711 

info@avantiacorp.com.au

 

Avantia Corporate Services Pty Ltd,                    Level 7, 320 Adelaide Street

Brisbane, Queensland 4000

  • LinkedIn Social Icon
  • Facebook Social Icon

© 2019 by Avantia Cyber Security. All Rights Reserved.

Disclaimer*: Avantia Corporate Services Pty Ltd and Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, and up to 56 other countries who provide cyber breach and cybersecurity information to us in real-time. Given their international focus and experience in the cyberspace arena, we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the content's accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.

Search
  • Avantia Threat Update

GOVT MOVES TO SECURE THE INTERNET OF THINGS (iOT)


This Past Week: The British Government moves to secure the Internet of Things (iOT); The latest Pay Pal phishing Email goes beyond your Login;What is Password recovery and how is it different than Password Cracking; Ransomware erodes productivity; A malware attack permanently destroys patient data and a new study reveals the extent of data breaches in the UK as well as major breaches in CANADA; UNITED KINGDOM; AUSTRALIA and UNITED STATES.


Top Dark Web ID Trends:

Top Source Hits: ID Theft Forums  Top Compromise Type: Domain Top Industry: Education & Research Top Employee Count: 251 - 500 Employees

______________________________________________________________________________


GOVERNMENT MOVES TO SECURE THE “INTERNET OF THINGS”

The British government has finally woken up to the relatively lax security of IoT devices, and is lurching forward with legislation to make gadgets connected to the web more secure. The Department of Digital, Culture, Media and Sport said it will require makers of IoT hardware to ship devices with unique passwords that cannot be reset to a factory default setting. The regulation will also require these companies to "explicitly state" how long they will continue to support devices when customers purchase the product, and appoint someone – one throat to choke – to act as a point of contact so that punters can more easily report issues. "Our new law will hold firms manufacturing and selling internet-connected devices to account and stop hackers threatening people's privacy and safety," digital Minister Matt Warman – a former Telegraph hack – said in a statement. "It will mean robust security standards are built in from the design stage and not bolted on as an afterthought." The regulation is a belated step in the right direction, some in the info-sec community told us. "The result of the consultation show strong support for regulation of the wild west that is IoT security," said Ken Munro, a security researcher at info-sec firm Pen Test Partners. "Next, the government needs to step up and legislate quickly to protect us from those smart device vendors who don't treat our privacy and security with the respect they should do." But others, such as Jason Nurse, an assistant professor in cybersecurity at the University of Kent, worry how effective the regulations will be in practice. "If manufacturers require consumers to setup new passwords at product installation, these individuals will need to manage these passwords for each connected device," he told us. "This could significantly increase the number of passwords the average household has to manage – and there are also questions about what happens when such passwords are forgotten or misplaced." Smart devices have become a booming part of consumer electronics in recent years. But experts have warned that many devices are vulnerable to hackers and eavesdropping. In December, hackers were able to infiltrate the bedroom of an eight-year-old child via a Ring home security camera installed in her bedroom. The Amazon-owned company unveiled new privacy features at CES earlier this month.


THE LATEST PAYPAL PHISHING EMAIL GOES BEYOND YOUR LOGIN CREDENTIALS.

“In this world, nothing can be said to be certain, except death, taxes, and PayPal phishing email scams,” said Benjamin Franklin. Don’t believe me? Google it. Okay, okay, he might have missed out on the PayPal phishing part, but you get the point. Thanks to the huge incentive they have, fraudsters keep using PayPal’s name to fool users into doing something that they shouldn’t. This time, they’ve come up with a new phishing scam that uses PayPal as leverage — only this time, they’re also set their expectations high. ESET researchers in Latin America discovered this scam, which cybercriminals posing as the online payment service use to get users to provide other sensitive information, including: Access credentials; Private information, including your mailing address; Credit or debit card information; Email account login information. How the Latest PayPal Phishing Email Scam Snares Victims: Presenting the Bait Humans are funny animals. As a species, we possess the most complex type of brain and have an even more complex psychology working behind it. However, we tend to behave so predictably in certain situations. Hackers and scamsters understand this quite well, and they are exceptional at using this truth to their advantage. They do this through the use of phishing scams. The latest PayPal phishing email scam is no different in this regard, except that it chooses a smarter way to go about it. As it goes with most phishing scams, it all starts with an email. This email (somewhat) looks as if it has come from PayPal and instills fear by “informing” you of an unusual login from an unknown device. Then it tells you to secure your account to avoid any potential financial loss. In the context of this scam, once the user has clicked on the link provided in the email, they’re taken to a website that’s designed to look like PayPal’s official website. This web page, often written in poor English, tells you that they (PayPal) have noticed some unusual activity on your account and asks you to enter a captcha code to proceed further. One thing to note here is that instead of leading you straight to a (fake) login page, fraudsters ask you to enter a captcha code. Psychologically, this is a smart move. It’s like playing it “true” before bluffing in poker. All poker players would get this. Another thing to note here is that the web page where you’re taken has a “secure” padlock in front of its URL bar. Users who’re educated to look for the padlock security indicator, will likely consider this website to be a safe website. If you fall prey to this plot, you’re taken to a fake PayPal login page, and you’re asked to log into your account. This page looks exactly like the real PayPal login page. First, you’re asked for your user name, and then you’re asked for your password, just like you’re asked on the official PayPal website. You know what happens when you click on the Log In button after entering — er, giving away — your credentials, don’t you? However, your PayPal user information is not the only thing the phishers are after in this particular PayPal phishing scam. Once you log in, you’re asked to verify your account. Like the previous page, this page, too, is written in poor English. It prompts you to click on the Continue to PayPal button. Once you click on that button, the next phase of this PayPal phishing email scam takes you to a series of web pages that ask you for your personal information such as home address and financial information. In the end, you’re once again asked to enter your PayPal credentials to “link an email account.” Once you do all of this, then a message displays that tells you that you’ve successfully restored your account. However, this couldn’t be further from the truth — what you have done is virtually wrap up your identity into a nice, pretty little package and handed it over to the cybercriminal. Now, your information is available for them to misuse through various forms of fraud. That’s the outcome of the latest PayPal phishing email scam.

A Final Word

No matter how we curse hackers and fraudsters, we have to acknowledge that they’re quite smart (barring their English) when it comes to fooling us. They know our pain points, they know what our brains respond to specific situations, and they know how ignorant or unobservant we can be. We’re like fish taking the shiny bait they throw out to capture us. Now you know why they call it “phish”ing. No matter how smart cybercriminals are, we can always be a step ahead of them. All we need is a little bit of cyber security awareness and to exercise our skills of observation. No phishing scam in the world can fool you if you are vigilant. Remember, a phisher is nothing more than a poor man’s magician. Don’t Get Breached - 91% of cyber attacks start with an email. 60% of SMEs are out of business within six months of a data breach. Not securing your email is like leaving the front door open for hackers.


WHAT IS PASSWORD RECOVERY AND HOW IS IT DIFFERENT FROM PASSWORD CRACKING?

Why would a hacker waste time recovering passwords instead of just breaking in? Why can they crack some passwords but still have to recover the others? Not all types of protection are equal. There are multiple types of password protection, all having their legitimate use cases. In this article, we’ll explain the differences between the many types of password protection. The password locks access In this scenario, the password is the lock. The actual data is either not encrypted at all or is encrypted with some other credentials that do not depend on the password.

Data: Unencrypted

Password: Unknown

Data access: Instant, password can be bypassed, removed or reset

A good example of such protection would be older Android smartphones using the legacy Full Disk Encryption without Secure Startup. For such devices, the device passcode merely locks access to the user interface; by the time the system asks for the password, the data is already decrypted using hardware credentials and the password ‘default_password’. All passwords protecting certain features of a document without encrypting its content (such as the “password to edit” when you can already view, or “password to copy”, or “password to print”) also belong to this category.

A good counter-example would be modern Android smartphones using File-Based Encryption, or all Apple iOS devices. For these devices, the passcode (user input) is an important part of data protection. The actual data encryption key is not stored anywhere on the device. Instead, the key is generated when the user first enters their passcode after the device starts up or reboots.

Users can lock access to certain features in PDF files and Microsoft Office documents, disabling the ability to print or edit the whole document or some parts of the document. Such passwords can be removed easily with Advanced Office Password Recovery (Microsoft Office documents) or (PDF files). Passwords with Advanced PDF Password Recovery Instant recovery possible Ever hidden the front-door key under a doormat “just in case”? Believe it or not, many passwords (as well as actual encryption keys) are stored alongside with the data they are designed to protect. Unsurprisingly, this strategy has a name of “Keys Under Doormats”. When using this strategy, the data is encrypted, meaning that accessing it without the key (by resetting or removing the password, for example) is not possible. However, the very fact that the key is accessible alongside with the data makes the decryption instant (if not always trivial).

Data: Encrypted

Password: Stored alongside with the data

Data access: Instant, password can be extracted and used for decryption Examples of such strategies are many. iCloud backups produced by your iPhone, for example, are securely encrypted with industry-standard AES256 encryption. The decryption keys are stored on a different physical server (so at least the data is protected against physical break-ins), but easily accessible when you’re pulling the data chunks. Crypto containers such as BitLocker, TrueCrypt/VeraCrypt or PGP store their on-the-fly encryption keys in the computer’s volatile memory. By extracting such keys from the computer’s RAM you can bypass lengthy attacks and unlock encrypted volumes in an instant. Guess what? We have a tool for that: Elcomsoft Forensic Disk Decryptor. Another example would be recovery keys or escrow keys that are stored under the doormat, well, “just in case”. This includes BitLocker recovery keys (good luck brute-forcing your way in!), FileVault2 escrow keys, as well as many others. We can extract FileVault2 keys with Elcomsoft Phone Breaker. Speaking of online accounts, many users will have their passwords stored right on their computer in browser cache (Chrome, Edge, Firefox or Safari). These passwords are instantly accessible with proper software such as Elcomsoft Internet Password Breaker. Governments in many countries including Australia, the UK and the US are trying to push the “Keys Under Doormats” strategy, which is arguably  not the brightest idea. Weak encryption It sometimes happens that the data is encrypted, the password is unknown and not stored alongside with the data, but the entire protection scheme is still vulnerable.

Data: Encrypted

Password: Unknown

Data access: We can use the binary encryption key (not the password) to decrypt the data.

Attack: Attack on encryption key, not the password; attack on the password (very fast); exploiting a vulnerability to decrypt data without the password or to quickly derive the password from data itself.

Sometimes, one may still be able to quickly gain access to information even if the file is encrypted and the password or encryption key are not stored alongside with the data. Any of the following leads to weak encryption:

Encryption key too short (40-bit and 56-bit encryption are dead, e.g. all versions of Microsoft Office before Office 2007). If this is the key, one can attack the encryption key instead of the password (see next chapter for Rainbow/Thunder Tables attack).

Poor implementation of encryption (e.g. allows plaintext attack as in the classic ZIP encryption scheme). Elcomsoft Advanced Archive Password Recovery is designed to exploit this vulnerability in old ZIP archives, utilizing known-plaintext attacks and delivering guaranteed one-hour recovery for certain types of archives. Note that the weak encryption algorithm has been since fixed by ZIP developers.

Single-iteration password hashing (allows for extremely fast attacks with millions or tens of millions passwords per second, e.g. iTunes backups in iOS 10.0) Rainbow Tables / Thunder Tables

Microsoft Office used to be a textbook example of weak encryption. In Office 97, Microsoft used RC4 for encryption and MD5 for hashing. Due to US export restrictions, the company limited the encryption key to just 40 bits. Back then, this encryption could be broken in days by attacking the key with a supercomputer (presumably, US government owned). Today, a single Intel Core i7 CPU can break this same key in a matter of days. Smarter attacks can break this encryption in minutes; password attacks are not required. Microsoft continued using this weak encryption scheme in Office 2003. While Microsoft offered other key lengths (e.g. 64 or 128 bits) available by manually changing the Crypto Service Provider, the default (and most widely used) setting remained 40-bit encryption. The use of an encryption key this short allowed developing an attack involving pre-computed hash tables. For all 40-bit encryption keys, precomputed hash tables can be calculated instead of attacking the password. While rainbow tables cover 97-99% of possible keys, we developed our own patented technology we call Thunder Tables. Thunder Tables allow decrypting any password-protected Microsoft Office 97-2003 document in minutes. The same technology can be used to break encryption in documents saved by newer versions of Microsoft Office in compatibility mode. A rule of thumb: if the document has a .doc or .xls extension (as opposed to the newer .docx or .xlsx), it can be broken with Thunder Tables. A particular attack allowing to quickly decrypt documents protected with weak 40-bit keys has been developed for Microsoft Office documents and used in Advanced Office Password Breaker. In the meanwhile, the US government had significantly loosened its grip on the export of cryptographic technologies. However, it was not until Office 2007 when Microsoft had finally moved on and implemented a stronger encryption scheme in Office. Strong encryption: You must attack the password, and it may be slow, If the data is encrypted with a reasonably long encryption key and neither the encryption algorithm (e.g. AES-256, or even AES-128) nor its actual implementation in the product have vulnerabilities or backdoors

Data: Encrypted

Password: Unknown

Data access: The original password must be provided in order to calculate the encryption key. The encryption key is then used to decrypt the data.

Attack: We must recover the original password by trying all possible combinations.

The only possible way to access the data is recovering the original password. The password is used to calculate the actual encryption key ( ‘decryption key’ if you like), and that key is then used to decrypt the data. Password recovery companies are developing tools for trying as many password combinations per second as at all possible, while companies attempting to protect the data make their passwords as slow to break as possible. As an example, one can try up to a million passwords per second if the encryption key is calculated as a straightforward hash function. However, if the manufacturer uses not one but 10,000 hash iterations to derive the encryption key from the password, the attack naturally becomes 10,000 times slower, resulting in speeds of about a 100 passwords per second instead of a million. This, by the way, is exactly what Microsoft does in MS Office 2013 and 2016. A hundred passwords per second is not going to break anything, so we must either improve the attack speed or reduce the number of passwords we try (or combine both methods). To make attacks faster we can make use of existing video cards, making them serve as GPU accelerators. To make attacks even faster, we can combine multiple GPUs. To make attacks faster yet, we can combine multiple computers with multiple GPUs into a distributed network (see Elcomsoft Distributed Password Recovery for details). Even the fastest distributed network will choke when trying to brute-force a .docx file protected with a password like “JoeSmith1956”. A single GPU-assisted PC can try about 100 passwords per second. 12 alphanumerical characters in that password make for a whooping 3,226,266,762,397,899,821,056 possible password combinations. Even if you build a large distributed network that is able to attack 1 million passwords per second (and building a GPU farm like that would be extremely costly), projected recovery time will be 102,236,492.25 years. (If you’d like to try other passwords, check out the online password strength calculator). However, that very same password can be broken in minutes if we use the simplest dictionary attack. Two English words followed by the year of birth give very low entropy, allowing this password to be broken quickly even on a single PC. In order to reduce the number of passwords to try, we are using all of the following strategies:

Lists of frequently used passwords, including those leaked from various sources.

Smart dictionary attacks and mutations, combining dictionary words with modifications such as “add a digit or two”, “append a year” or “tinker with character cases”.

Lists of existing passwords for the user such as those extracted from their computer or from their cloud account (e.g. Apple iCloud Keychain or passwords from the user’s Google Account).

Speaking of backdoors

The device, file or document is encrypted with a strong encryption algorithm, and if a cryptographically strong password is specified (and neither the password nor the recovery key are stored or cached anywhere) can be incredibly tough to crack. In order to decrypt the data, one must run an exhaustive attack on the password, spending days, weeks or months without anything guaranteed. We’re watching encryption-related cases closely. Anecdotal evidence we collected during the past several years suggests that once the law enforcement faces strong encryption, the encryption wins in two of every three cases. This cannot satisfy some governments, and this is why certain countries are pushing encryption backdoors allowing the big brother to access encrypted data without a fuss.

Australia has passed a law that would require companies to weaken their encryption, a move that could reverberate globally (link). Countries such as the US and the UK are watching closely as discussed at RSA 2019 (link). The three countries are pushing Facebook to create a backdoor to encrypted messages (link).

Conclusion

There are many different types of password protection ranging from a simple lock all the way to strong encryption algorithms employing long encryption keys and hundreds of thousands hash iterations to defer brute-force attacks.

______________________________________________________________________________


THREAT FOCUS: TV Eyes - UNITED STATES

https://www.zdnet.com/article/ransomware-hits-tv-radio-news-monitoring-service-tveyes/

Exploit: Ransomware

TV Eyes: Media monitoring service

Risk to Small Business: 2.222 = Severe: An unidentified ransomware strain has disabled the network’s core servers and engineering workstations. As a result, clients have been unable to access any information, which could have broad and long-lasting financial consequences for the media monitoring company. TV Eyes has declined to pay the ransom. Still, brand erosion and opportunity costs will make this an expensive attack at a critical time for the company, whose services are widely used by news outlets and PR agencies to access media content for reporting purposes.

Individual Risk: 2.875 = Moderate: At this time, no personal information was compromised in the breach. However, some PR professionals and media members had expressed fears that their data was compromised before hackers encrypted their files. Those impacted by the breach should update their account credentials while being especially critical of digital communications.

Customers Impacted: Unknown Effect On Customers: In addition to academic and government institutions, cybercriminals are increasingly targeting businesses that store customer data. Many are now willing to compromise customer data if ransom demands aren’t met, a new reality that significantly increases the potential damage of a ransomware attack. Since ransomware attacks always require a vulnerability to gain network access, companies should regularly assess their defensive postures to ensure that they are prepared for this nefarious attack methodology. Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & Huntsman Digital Auditor to the Rescue: Helping SME’s to understand the importance of security is no easy task. With an ‘Essential8’ Digital Security Audit we offer a remote access ‘real time’ audit of our clients critical operational infrastructure systems to determine where the gaps are with recommendations for remediation. Its the first step to real cyber security. Call Avantia’s office on 07 30109711 or visit https://www.avantiacybersecurity.com/cyber-security-audit


THREAT FOCUS: Electronic Warfare Association (EWA) - UNITED STATES

https://www.zdnet.com/article/dod-contractor-suffers-ransomware-infection/

Exploit: Ransomware

Electronic Warfare Associates (EWA): Electronic product and services company

Risk to Small Business: 2.111 = Severe: Cybercriminals encrypted the company’s web servers, leaving customer-facing signs of a cyberattack even several days after the event. In response, the company took down the affected servers, and it’s unclear how much of the company’s internal IT is impacted by the attack. More than a week after the attack was discovered by security researchers, EWA still hasn’t issued a statement to the public. This lack of transparency could complicate their recovery process, which already promises to be an arduous journey due to the complicated nature of their business.

Individual Risk: No personal information was compromised in the breach.

Customers Impacted: Unknown Effect On Customers: Ransomware attacks often come with cascading consequences that impact every part of a business. Not only does this attack vector come with high up-front expenses, but the reputational damage and opportunity cost can be even more damaging. Every company should assess its threat landscape to ensure that it can adequately defend against a devastating ransomware attack. Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: With BullPhish ID™, Avantia can provide a more complete picture of a company’s security posture and potential risk, transforming the weakest links of an organization into their strongest points of protection. Find out how you can get started by calling Avantia on 07 30109711 today.


THREAT FOCUS: Fondren Orthopedic Group - UNITED STATES

https://www.beckershospitalreview.com/cybersecurity/30-000-medical-records-damaged-in-malware-attack-at-texas-provider.html

Exploit: Malware attack

Fondren Orthopedic Group: Orthopedic healthcare services provider

Risk to Small Business: 1.555 = Severe: A malware attack destroyed a number of the medical provider’s patient records. The incident was first discovered in November 2019, but IT administrators only recently identified the permanent damage to their digital records. As a result, patients have to complete new patient information forms that include detailed medical histories. Given the sensitive and incredibly important nature of this information, this attack could negatively impact patient care, and it will undoubtedly invite regulatory oversight.

Individual Risk: 2.285 = Severe: Fondren Orthopedic Group noted that there is no evidence of patient information being compromised. However, the lost data includes patients’ names, addresses, phone numbers, treatment data, and healthcare information. It stands to reason that if hackers can erase patient data, then they can also use it for other nefarious purposes. Those impacted by the breach should carefully monitor their online accounts for unusual or suspicious activity, and they should scrutinize digital communications because compromised data is often redeployed in spear phishing attacks.

Customers Impacted: 30,049 Effect On Customers: After this devastating malware attack, Fondren Orthopedic Group announced an update to their cybersecurity practices, a move that is too little, too late for the thousands of patients impacted by the breach. There are many steps companies can take to mitigate the risk of a data breach, but those steps need to be taken before an incident occurs. Otherwise, these measures serve as vanity metrics as opposed to a defensive strategy. Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Avantia Cyber Security & ID Agent to the Rescue: We go into the Dark Web to keep you out of it. Dark Web ID is the leading Dark Web monitoring platform in the world. The award-winning platform combines human and sophisticated Dark Web intelligence with search capabilities to identify, analyse and proactively monitor an organization’s compromised or stolen employee and customer data. Schedule a demo today by calling 07 30109711



THREAT FOCUS: Confederation College - CANADA

https://www.cbc.ca/news/canada/thunder-bay/confederation-college-malware-incident-1.5449400

Exploit: Malware attack

Confederation College: Provincially funded college of arts and technology

Risk to Small Business: 2.222 = Severe: A malware attack disabled the college’s IT services, rendering many digital accounts unusable. Fortunately, Confederation College doesn’t believe that any personal information was compromised in the breach, but they will face blowback from their student body that entrusts their personal information to the school.

Individual Risk: 2.555 = Moderate: At this time, no personal information was compromised in the breach. However, the college encourages anyone with a school email address to reset their account password and the passwords for any other accounts that may also use these credentials.

Customers Impacted: Unknown Effect On Customers: Even when login credentials are compromised in a data breach, businesses can still protect their accounts with simple security features like two-factor authentication. This service requires users to confirm their identity on a separate device before allowing account access, so cybercriminals deploying stolen credentials for brute force attacks are unable to find their way on to your organization’s network. As more and more information makes its way online, two-factor authentication is an obvious tool that every organization should implement. Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & Huntsman Digital Auditor to the Rescue: Helping SME’s to understand the importance of security is no easy task. With an ‘Essential8’ Digital Security Audit we offer a remote access ‘real time’ audit of our clients critical operational infrastructure systems to determine where the gaps are with recommendations for remediation. Its the first step to real cyber security. Call Avantia’s office on 07 30109711 or visit https://www.avantiacybersecurity.com/cyber-security-audit


THREAT FOCUS: Tissue Regenix - UNITED KINGDOM

https://www.scmagazine.com/home/security-news/cybercrime/cyberattack-halts-tissue-regenixs-u-s-based-manufacturing-operations/

Exploit: Malware attack

Tissue Regenix: Medical technology company

Risk to Small Business: 1.888 = Severe: A malware attack forced Tissue Regenix to take its systems offline, which negatively impacted its short-term production capacity. Tissue Regenix hired cybersecurity experts to eradicate the malware, but the immediate financial repercussions were immense. The company’s shares dropped by 22% after the announcement. Researchers believe that the malware entered their network through a third-party, highlighting the importance of a 360-degree defensive posture that accounts for all possible risks.

Individual Risk: No personal information was compromised in the breach,

Customers Impacted: Unknown Effect On Customers: There are many ways that a data breach can impact a company’s financial outlook. In this case, the impact was immediate and intense. For businesses grappling with the cost of data security measures, this episode is a reminder that the cost of inaction can far exceed those of an effective cybersecurity strategy. Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & Huntsman Digital Auditor to the Rescue:  Helping SME’s to understand the importance of security is no easy task. With an ‘Essential8’ Digital Security Audit we offer a remote access ‘real time’ audit of our clients critical operational infrastructure systems to determine where the gaps are with recommendations for remediation. Its the first step to real cyber security. Call Avantia’s office on 07 30109711 or visit https://www.avantiacybersecurity.com/cyber-security-audit



THREAT FOCUS: Dundee College - UNITED KINGDOM

https://www.theregister.co.uk/2020/02/04/dundee_angus_college_ransomware/

Exploit: Ransomware

Dundee College: Academic and research institution

Risk to Small Business: 1.666 = Severe: A ransomware attack disabled Dundee College’s entire IT infrastructure, canceling classes and requiring thousands of students to reset their account credentials. Currently, the outage has lasted more than a week, and it includes access to student records, educational material, and online learning portals. The event takes place at a critical time for the school, as they are conducting interviews for future students. In addition, the incredible recovery cost and reputational damage will facilitate a serious blowback to the college’s financial viability.

Individual Risk: 2 = Severe: At this time, it’s unclear if personal data was compromised in the ransomware attack. However, Dundee College requires all students to reset their passwords before accessing their school accounts.

Customers Impacted: 5,000 Effect On Customers: Ransomware attacks come with a litany of consequences, ranging from reputational damage to regulatory penalties and lost business. At the same time, cybercriminals are increasingly taking their attacks a step further by stealing company data before they encrypt it, increasing the impetus for companies to develop a comprehensive response strategy. Identifying compromised data and its whereabouts on the Dark Web or hacker forums is an excellent place to start. Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: Dark Web ID monitors the Dark Web to find out if Employee’s or Customer’s data has been compromised. We work with our Clients to strengthen their security suite by offering an industry-leading detection and real time alert system. Schedule a Demonstration by calling Avantia Cyber Security on 07 30109711 today.



THREAT FOCUS: Metrix Consulting - AUSTRALIA

http://www.watoday.com.au/national/western-australia/perth-mint-visitor-data-stolen-after-feedback-survey-company-hacked-20200131-p53woy.html

Exploit: Phishing scam

Metrix Consulting: Strategic insight consultancy

Risk to Small Business: 2.222 = Severe: A Metrix Consulting employee fell for a phishing scam that compromised the personal data for visitors of the Perth Mint. The data was provided by visitors who completed a survey that was stored on Metrix Consulting’s servers. This is the second data breach at Perth Mint in the past two years, and it could have significant implications for Matrix Consulting, as they may have a difficult time maintaining contracts if they can’t protect their customers’ data.

Individual Risk: 2.285 = Severe: The personal data included visitors’ names, email addresses, home addresses, and telephone numbers. This information can be used in everything from identity fraud to spear phishing campaigns, so those impacted by the breach should carefully monitor their online accounts for suspicious activity. In addition, The Perth Mint is providing identity monitoring services to all victims and enrolling in this program can help provide long-term identity protection.

Customers Impacted: 1,480 Effect On Customers: Companies that can’t or won’t protect their customers’ data face a serious competitive disadvantage in today’s breach-fatigued environment. As we often report here, many companies terminate contracts with businesses that fail to secure their information, making data security a bottom-line issue for any organization collecting and storing personal data. Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Avantia Cyber Security & ID Agent to the Rescue: BullPhish ID simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime. Click the link to find out more: https://www.avantiacybersecurity.com/overwatch



THREAT FOCUS: Yarra Tram - AUSTRALIA

https://www.theage.com.au/national/victoria/yarra-trams-data-breach-commuters-email-addresses-exposed-20200203-p53xci.html

Exploit: Accidental data exposure

Yarra Tram: Melbourne-based tram network

Risk to Small Business: 2.555 = Moderate: A Yarra Tram officer email to 91 commuters rejected their compensation requests, but the employee failed to conceal the email addresses, exposing them to the other recipients. Embarrassingly, in a follow-up email that attempted to recall the initial message, the sender once again failed to conceal recipient names. Victims took to social media, complaining about the error. Despite being entirely avoidable, this unforced error will result in a reputational black eye for the company, which will have to work with its customer base to restore trust after this incident.

Individual Risk: 2.714 = Moderate: Recipients’ email addresses were exposed in the message. While this information doesn’t pose a significant threat to data security, it could be used to send phishing emails, and users should carefully evaluate any unusual incoming messages.

Customers Impacted: 91 Effect On Customers: Companies face cybersecurity threats from every direction, making internal, unforced errors especially egregious. Often, accidental data sharing is the result of a careless approach to data privacy. Therefore, every organization has an obligation to train their employees in the importance of data security and implement defensive best practices to reduce the risk of an embarrassing and costly data breach.

Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & Huntsman Digital Auditor to the Rescue: Helping SME’s to understand the importance of security is no easy task. With an ‘Essential8’ Digital Security Audit we offer a remote access ‘real time’ audit of our clients critical operational infrastructure systems to determine where the gaps are with recommendations for remediation. Its the first step to real cyber security. Call Avantia’s office on 07 30109711 or visit https://www.avantiacybersecurity.com/cyber-security-audit


POSTSCRIPT:


More than Half of British Consumers Endured a Data Breach in 2019  Globally, data breaches are increasing in both frequency and scope, a reality that is acutely felt by users in the United Kingdom. According to a new study, 58% of UK citizens experienced a data breach in the past twelve months. While today’s cyber threats are complicated and multifaceted, the study attributed the rise of increasingly complicated phishing attacks as a primary vector for data compromise. Not too long ago, we reported on four phishing attack trends that were impacting the data security landscape, and it’s clear that those methodologies were astonishingly effective at compromising user data in the past year. However, the report didn’t just identify the troubling trend. It recommends that users ditch their redundant, simplistic, and overly-personal passwords for strong, unique passwords across all of their accounts. Also, it encouraged users to adopt two-factor authentication as an effective way to prevent cybercriminals from gaining account access. While business email compromise is enabling data breaches with stunning frequency, companies and consumers are not powerless. Contact Avantia Cyber Security today to learn about our industry-leading tools for repelling phishingscams and  protecting account integrity with two-factor authentication.






Disclaimer*:

Avantia Corporate Services Pty Ltd T/A Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, and up to 56 other countries who provide cyber breach and cyber security information to us in real time. Given their international focus and experience in the cyberspace arena we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the contents accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.

*COPYRIGHT 2020* Avantia Corporate Services - All Rights Reserved.

(36,620)