Search
  • Avantia Threat Update

Hackers Show No Mercy

Updated: Aug 10, 2018

Hackers this week showed no mercy or regard to international boundaries. From Australia to North America, businesses of all sizes, across all industries were targeted. Malware injection and insecure databases were some of the most damaging compromises highlighted this week. At least 230 million individuals and 110 million businesses were exposed on the dark web.

Highlights include:

  • Ransomware be gone! 

  • Comcast’s leaky API

  • Another Intel CPU vulnerability?

  • Massive breach exposes how many kids you have and where you live.

In other news...


(1) Australian medical appointment booking app called HealthEngine is receiving negative attention from privacy advocates and Cyber Security professionals alike this week. It has come to light that they have been sharing patients’ personal information with a third-party law firm. The information sharing occurred daily as part of a referral partnership.


(2) Researchers at Cisco Talos have developed a tool that decrypts files affected by the ransomware called Thanatos. This news is only made better by the fact that they are releasing it at no cost. The less ransomware out there, the better.


(3) Comcast’s website has been leaking account information, including whether a home security setup is in place. Anyone on the customer’s network could trick one of the company’s APIs (Application Programming Interface) into returning customer information. Comcast was quick to shut down the API after the vulnerability was revealed to them. 


 (4) At the Black Hat USA Conference this year, it was revealed that Intel CPUs have a side-channel vulnerability that could be used to leak encryption keys for signing a message. Researchers at the Systems and Network Security Group at Vrije Universitet Amsterdam constructed an attack that can reliably extract an encryption key using Intel’s Hyper-Threading technology. To exploit the flaw, a hacker would need to already have malware on the system or use compromised credentials to log in.

Threat Focus: Exactis - USA Exploit: Elastic search insecure database exploit. Risk to Small Business: High: Demonstrable gross negligence while aggregating and normalizing PII. This increasingly common exploit (insecure/ publicly accessible database). This compromise will cross state and international boundaries. Risk to Exploited Individuals: High: The data breached could be used to execute extremely effective spear phishing campaigns. Exactis: A marketing and data aggregation firm based in Florida. Date Occurred/Discovered: June, 2018 Date Disclosed: June 27, 2018 Data Compromised: Names; Address; Email address; Telephone number; Interests; Habits; Number of children, their ages and gender; Whether the individual smokes; Religion; Pets; Etc… over 400 variables per person How it was compromised: Negligence Customers Impacted: 230 million Americans and 110 million businesses



Threat Focus: People Dedicated to Quality (PDQ) - USA Exploit: Hackers gained entry by exploiting an outside technology vendor’s remote connection tool. Demonstrates supply chain-based vulnerabilities. Risk to Small Business: High: Remote session / access tools are frequently targeted. Outsourcing and the cost-effectiveness of remote support makes this a very effective attack vector for hackers. This should be top of mind especially if an organization holds PII or any customer data of value.  Individual Risk: Low: Victims of this breach are highly vulnerable to financial fraud and identity theft. PDQ: People Dedicated to Quality, or PDQ for short, is a chicken focused food stop founded in Florida. Date Occurred/Discovered: May 19, 2017 – April 20, 2018 Date Disclosed: June 22, 2018 Data Compromised: Names; Credit Card information; Expiration dates; CVV Numbers;

How it was compromised: PDQ believes that a hacker gained access to their customer’s credit card information using an outside technology vendor’s remote connection tool. Customers Impacted: Unknown, but all 70 PDQ locations were compromised.



Threat Focus: FastBooking - France Exploit: Web Application Exploit, Remote Access, Malware injection. Risk to Small Business: High: There seems to be several layers to this exploit. Remote access was achieved to download the data scraping malware. This breach is far-reaching globally impacting businesses and individuals globally. The forensics, mandatory credit monitoring, brand damage will be costly and will linger to years.   Risk to Exploited Individuals: High: Personal data and credit card information was compromised during the breach, leaving individuals vulnerable to identity theft. FastBooking: Based in France, the company sells hotel booking software globally. Date Occurred/Discovered: Occurred on June 14, 2018, discovered on June 19, 2018. Date Disclosed: June 26, 2018 Data Compromised: Full name; Nationality; Home address; Email address; Booking information; Credit card details; Name on card; Card number; Expiration date

How it was compromised: Malware installed on their server which granted remote access.

Customers Impacted: 4,000 hotels in 100 countries. Prince Hotels is the first to inform customers, with 123,963 of their customers affected. Of these, 58,003 are instances of personal information compromised. 66,960 involved credit card information.



Threat Focus: Best Sleep Centre - Canada Exploit: Ransomware Risk to Small Business: High: Significant impact to business operations if data not properly encrypted and backed up. Risk to Exploited Individuals: Moderate: Data was encrypted by the ransomware. At this point, there is no public evidence that it was also exfiltrated. Best Sleep Centre: Winnipeg based mattress store Date Occurred/Discovered: June 2018 Date Disclosed: June 26, 2018 Data Compromised: The company’s server was encrypted. How it was compromised: Ransomware. The owner decided to pay the ransom, but negotiated it down to $2,000 CAD. Customers Impacted: Unknown at this time, but the business is impacted.


Threat Focus: Ticketmaster – United Kingdom Exploit: JavaScript chatbot with data scraper injected in to supply chain systems Risk to Small Business: High: Highlights how supply chain vulnerabilities can lead to massive data loss and exposure. Companies dealing with customer data / PII should have elevated security controls in place to prevent supply chain vulnerabilities. Risk to Exploited Individuals: High: This breach leaves Ticketmaster customers vulnerable to identity theft. Ticketmaster: A ticket purchasing website that is used globally for many types entertainment. Date Occurred/Discovered: Discovered on June 23, 2018. Could have occurred as early as September 2017. Date Disclosed: June 27, 2018 Data Compromised: Names; Address; Email address; Telephone number; Payment details; Ticketmaster login details.

How it was compromised: Malware hosted on a customer support product hosted by a third-party supplier which sent data to a remote location. Customers Impacted: Ticketmaster has been telling the media that about 400,000 customers have been affected, but in their alert to customers they claim that ‘less than 5% of their customer base have been affected. 5 percent of their customer base comes out to 11.5 million, so we will have to see if their investigation into the breach will reveal more affected customers.


Threat Focus: Facebook – USA (yes again) Exploit: Unsecured JavaScript file/ supply chain Risk to Small Business: High: A supply chain vendor that leaks data will tarnish the reputation of business. Risk to Exploited Individuals: Moderate: The data the quiz app is leaking could be used in spear phishing attacks. Facebook: A social media site that has over 2 billion monthly active users. Date Occurred/Discovered: End of 2016-present Date Disclosed: June 28, 2018 Data Compromised: Facebook ID; First name; Last name; Language; Gender; Date of birth; Profile picture; Cover photo; Currency; Devices used; When your information was last updated; Posts; Statuses; Photos; Friends on Facebook

How it was compromised: Any third party can view.



Consider this: When you think about Cyber Security think about the ones you care the most about – your family. If you have children or young adults using Smartphones, Tablets or Laptops consider their vulnerability. Do you want to put their digital selves in the hands of pedophiles, scammers and cyber criminals. The purchase of children’s digital credentials (username/password) is big business on the Dark Web. Check out our inexpensive Individual or Family monitoring service – it’s a ‘no brainer’ for your peace of mind. CLICK HERE FOR PRICING


__________________________________________________________________________________

PLEASE NOTE: Avantia Corporate Services Pty Ltd provides the content in this publication for general information only and has compiled the content from number of sources believed to be reliable. No warranty, implied or otherwise, is given as to its accuracy or fitness for use, no validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.

Subscribe below to receive our weekly Threat Updates straight to your inbox.

Call (07) 3010 9711 

info@avantiacorp.com.au

 

Avantia Corporate Services Pty Ltd,                    Level 7, 320 Adelaide Street

Brisbane, Queensland 4000

AUSTRALIA.

  • LinkedIn Social Icon
  • Facebook Social Icon

DISCLAIMER*: Avantia Corporate Services Pty Ltd and Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, and up to 56 other countries who provide cyber breach and cybersecurity information to us in real-time. Given their international focus and experience in the cyberspace arena, we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the content's accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.

*COPYRIGHT 2020* Avantia Corporate Services  PTY LTD - All Rights Reserved.

© 2020 by Avantia CORPORATE SERVICES . All Rights Reserved.