Avantia Threat Update
Data Breach leaves Australian students exposed.
Updated: Sep 3, 2018
A slow, but troubling week to say the least! Phishing and compromised databases still rule the day. This Week highlights incidents involving a New York-based gaming developer, medical data held by a University, the hack of Melbourne High School and the disclosure of sensitive data held by a popular babysitter application.
Twitc TV ees a breach.
Dark Web RAT's.
In Other News:
Is Breaking Bad? A German company by the name of Breaking Security has been up in arms about the use of their legitimate software named Remcos (Remote Control and Surveillance). Remcos is used for managing Windows systems remotely and is increasingly being used by hackers for malicious attacks known as Remote Access Trojan (RAT). The question is, however… are they telling the truth? Researchers have uncovered that the product sold by the company is widely advertised on Dark Web hacking forums and it seems that not only does the organization know that this is happening, they are encouraging it. Breaking Security has strongly stated that any license linked to malicious hacking campaigns are revoked, yet still, many hacking campaigns continue to use the service.
Not So Private Messages In May, the popular live streaming service, Twitch, exposed user’s private messages because of a bug in their code. The Amazon subsidiary disabled the service, which allowed users to download an archive of past messages. When a user requested this archive, the game streaming company accidentally intertwined messages from other users. Twitch has come out and said that this only affected a limited number of users and has provided a link for customers to visit so they can find out if any of their messages were exposed and what the messages were.
Threat Focus: Augusta University - USA
Augusta University: Georgia based healthcare network.
Exploit: Email compromise by phishing attacks. Risk to Small Business: High: This is a significant breach in scale and severity, and due to the sensitive nature of the data compromised the organization will likely face heavy fines. Individual Risk: Extreme: Individuals affected by this breach are at high risk for identity theft, as well as their medical information being sold on the Dark Web. Augusta University: Georgia based healthcare network. Date Occurred/Discovered: September 10, 2017 – July 11, 2018 Date Disclosed: August 20, 201 Data Compromised: Unknown
Data Compromised: Medical record numbers; Treatment information; Surgical details; Demographic information: Medical Data; Diagnoses; Medications; Dates of services; Insurance information; Social Security Numbers; Driver’s license numbers
Customers Impacted: 417,000
Threat Focus: Animoto - USA
Animoto: New York-based company that provides a cloud-based video-making service for social media sites.Exploit: Undisclosed. Risk to Small Business: High: A breach of customer trust, especially involving geolocation data, can be highly damaging to a company’s image. Individual Risk: Moderate: Users affected by this breach are at a higher risk of spam and phishing. Animoto: New York-based company that provides a cloud-based video-making service for social media sites. Date Occurred/Discovered: July 10, 2018 Date Disclosed: August 2018 Data Compromised: Names; Dates of birth; User email addresses; Salted and hashed passwords*; Geolocation
Customers Impacted: Unclear. Threat Focus: Sitter - USA.
Sitter: An app that connects babysitters and parents.
Exploit: Exposed MongoDB database. Risk to Small Business: High: Most customers would be uncomfortable with a company leaking data about their kids and when they are left alone with someone who doesn’t live there. Individual Risk: High: A lot of sensitive personal information was exposed in this breach, much of it unsettling. Sitter: An app that connects babysitters and parents. Date Occurred/Discovered: August 14, 2018 Date Disclosed: August 14, 2018 Data Compromised: Encrypted passwords; Number of children per family; User home addresses; Phone numbers; Users address book contacts; Partial payment card numbers; Past in-app chats; Details about sitting sessions; Locations;Times
Customers Impacted: 93,000.
Threat Focus - Melbourne High School - Australia
Melbourne High School: School in Melbourne, Australia.
Exploit: Negligence. Risk to Small Business: Extreme: This is a major exposure of sensitive and potentially embarrassing information that could irreparably damage a company’s reputation. Individual Risk: High: Those affected by the data breach have sensitive information about their personal medical information that is considered highly private and could leave them exposed to identity theft. Date Occurred/Discovered: August 20-22, 2018 Date Disclosed: August 22, 2018 Data Compromised: Medical information; Mental health conditions; Learning behavioral difficulties.
Customers Impacted: 300 students.
Tick Tock. The cost of cybercrime is no joke. This is easy to say from the perspective of someone whose business it is to know all about cybercrime trends, attack vectors etc, etc. But to really quantify how big of a problem cybercrime is in the world of business, it is often easier to compare it to day to day things… like a doctor explaining a complicated procedure or a mechanic telling you why your car is making that noise. So today I would like to compare the cost of cybercrime to the most universal understanding that there is… time.
The cost of cybercrime each minute globally: USD$1,138,888 / AUD$1,539,037
The number of cybercrime victims each minute globally: 1,861
Number of records leaked globally each minute (from publicly disclosed incidents): 5,518
The number of new phishing domains appearing each minute: .21
As you can see, cybercrime builds by the minute and why it is estimated to return US$ 6 Trillion / AUD$ 8.1 Trillion by 2021.
Consider this: When you think about Cyber Security think about the ones you care the most about – your family. If you have children or young adults using Smartphones, Tablets or Laptops consider their vulnerability. Do you want to put their digital selves in the hands of pedophiles, scammers and cyber criminals. The purchase of children’s digital credentials (username/password) is big business on the Dark Web. Check out our inexpensive Individual or Family monitoring service – it’s a ‘no brainer’ for your peace of mind. CLICK HERE FOR PRICING
Disclaimer: Avantia Corporate Services Pty Ltd provides the content in this publication for general information only and has compiled the content from number of sources believed to be reliable. No warranty, implied or otherwise, is given as to its accuracy or fitness for use, no validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action