HOSPITAL HANGS OUT 15,000 PATIENTS TO DRY......
Updated: Mar 6, 2019
This week an Australian Hospital’s Cardiac Centre is hacked along with Telco OPTUS; Dunkin Donuts faces a 2nd credential stuffing attack, a Canadian photo-sharing platform is breached, a French Cybersecurity Society is compromised and Australian Property Data is leaked as banks scramble*….
This Weeks Top Dark Web Compromises*:
Top Source Hits: ID Theft Forums (99%) Top Compromise Type: Domain (99%) Top Industry: Medical and Healthcare Top Employee Count: 1 - 10 Employees (94%)
This Weeks Top Industry Targets*:
Consumer Goods Hits: 141 | Targets: Toyota Motor Corp., Marriott International, Sony Corp, Home Depot, Starwood Hotels & Resorts Worldwide
Information Technology Hits: 135 | Targets: Microsoft, Google, Alcatel-Lucent, Symantec, Facebook
Software Hits: 135 | Targets: Microsoft, Google, Houzz, Symantec, Facebook
Manufacturing Hits: 131 | Targets: Toyota Motor Corp., Sony Corp, Boeing, Huawei Technologies, Siemens
Automotive Hits: 122 | Targets: Toyota Motor Corp., ZF TRW Automotive Holdings Corp.
This Weeks Top Threat Actors*:
APT28 Fancy Bear Hits: 161 | Targets: Democratic National Committee, Democratic National Convention, United States, Germany, United States Senate
Lazarus Group Hits: 60 | Targets: Sony Corp, South Korea, United States, Central Bank of Bangladesh, Cryptocurrency
Hezbollah Hits: 12 | Targets: Israel, Syria, Iran, Lebanon, United States
Thedarkoverlord Hits: 10 | Targets: Netflix, American Broadcasting Company, United States, Hiscox Ltd., Larson Studios
Team I Crew Hits: 9 | Targets: Pakistan, CRPF Co, Pakistan army, Pulwama, India
This Weeks Top Malware Discoveries*:
Rietspoof Hits: 24 | Targets: Skype, Instant Messaging, United States, Facebook Messenger
GandCrab Hits: 22 | Targets: Microsoft Office Word, Italy, Syria, Microsoft Windows Xp, Microsoft Windows
DrainerBot Hits: 21 | Targets: Android
Mirai Hits: 21 | Targets: Internet of Things, Dynamic Network Services, Inc (Dyn), Deutsche Telekom, Germany, United States
UPATRE Hits: 19 | Targets: University of Florida, Personal Computer, Microsoft Windows Xp, Microsoft Windows, Application Compatibility Database Installer
IN OTHER NEWS
Hospital Cardiology breach leaves 15,000 Australian patients exposed*.
A Cyber Crime syndicate has hacked and scrambled the medical files of about 15,000 patients from a specialist cardiology unit at Cabrini Hospital in Melbourne, Australia and demanded a ransom. Melbourne Heart Group, which is based at the leading private hospital has been unable to access some patient files for more than three weeks, after the malware attack crippled its server and corrupted data. The malware used to penetrate the unit's security network is believed to be from North Korea or Russia, while the origin of the criminals behind the attack has not been revealed. It has been reported that a payment was made, but some of the scrambled files have not been recovered, among them patients' personal details and sensitive medical records that could be used for identity theft.
A Melbourne Heart Group spokeswoman said it was working with government agencies to resolve the issue. She stressed there was no link between the encrypted data and any function relating to cardiac implantable electrical devices, such as pacemakers and defibrillators. The spokewoman would not say how many files had been affected or whether a ransom had been paid. The latest hack is expected to fuel calls for the federal government to reinforce the nation's cyber defences, particularly email security. This week, the Prime Minister conceded federal parliament and major political parties' security systems had been compromised by what was believed to be a state-based cyber attack. Professor Matt Warren, deputy director of Deakin University’s Centre for Cyber Security Research, said the data breach at Cabrini Hospital was most likely a “ransomware” attack. Someone, probably a staff member, using the hospital’s software could have inadvertently opened a corrupted link on a phishing email allowing ransomware, a form of malware, into the hospital’s system, Professor Warren said. From there, the attackers encrypt sensitive information from hospital servers, essentially locking it away from access by medical staff. “Then they say to the hospital ‘you must pay us to get your data back’,” Professor Warren said. “It’s sophisticated in that you have to get the malware onto the hospital system, but once you have done that then it is relatively easy. “Other than the cost it isn’t hard to be protected from this … organisations need to update and patch their security and systems regularly because the problem you have is the hackers' capabilities are becoming more sophisticated. The healthcare sector has become a preferred target for many online criminals”.
How to spot a fake website.*
Most of us use the internet without much thought. To that point, millions of people each year fall victim to URL spoofing (or fake websites) where you think you’re on a real website but, in fact, it’s a well-designed fake. What you’re actually doing is handing your information to hackers. With URL spoofing, the hacker creates a near-indistinguishable copy of a well-known website, like your bank. You then enter your login credentials assuming nothing is wrong. When you do, however, it won’t take you to your account. Instead, it sends that info directly to the hackers. You probably just assume the site must be down and you’ll try again later.
Google, for its part, is developing new ways to help protect its Chrome users. A feature it’s working on would act like a warning system that will tell you when you might be unknowingly visiting a fraudulent site. For instance, if you want to go to paypal.com but you actually got directed to paypa1.com. The purpose of URL spoofing, or creating fake websites, is solely for collecting information or exposing your device to malware. Many of these spoofed sites look so much like the real thing that it’s difficult to tell the difference. Once you do, however, it might be too late. The way most people land on these fake websites is by phishing emails sent out by scammers, which again, look like a legitimate email from a company you are familiar with, like PayPal. The link in the email will drive you to their fake website.
The most common ways that hackers trick people into giving their info are:
Hidden links – One of the oldest methods is to hyperlink words or buttons in emails, which go to these malicious sites. If you click on the link, it could infect your computer or trick you into giving information. URL shorteners – You might also notice a short URL on a social media site, on a website, or even in an email. This is another trick. Since you can’t really tell where the link is going, when you click it blindly, you could put yourself in danger. Links with weird characters – Links might also contain non-Latin characters, which is allowed when creating legitimate sites, but also opens up the door for fake sites to be created without you even realizing it. Misspelled links – Finally, they use the old ‘misspelled link’ trick, which means they create a link that looks very similar to a trusted link…just like the paypal.com vs paypa1.com listed above.
Here are some tips to keep you safe:
Check each and every URL before clicking, including links and buttons.Update your browser and antivirus softwareLook for spelling mistakesKeep your eyes out for news about scams. Type the URL into your address bar yourself instead of clicking on a linkCheck to make sure you are on an https:// site (NOT http://)
Details of 100,000 Home Loan applicants stolen from Australian Property Valuer:*
The nation's biggest banks are scrambling to contact up to 100,000 customers who may have been caught up in a major data breach at property valuation firm, LandMark White. The breach, which LandMark White first revealed late on Friday, could include property valuations and personal contact information of home owners, residents, and property agents, including first and last names, LandMark White is one of the biggest valuation firms used by banks and other lenders across the country for services such as assessing mortgage applications. On Tuesday night Commonwealth Bank of Australia and ANZ Bank revealed they had suspended LandMark White from their panels of valuers while National Australia Bank said it was still assessing the impact on its customers. Westpac did not respond by deadline. "As part of the data incident, customer information relating to property valuations was found hidden on the internet," the bank, Australia's biggest lender, said in a statement. The customer information that was disclosed relates directly to the valuations completed by LandMark White and includes customer name; contact details such as phone or email address; and details about the valued property. "We are working closely with experts in IT and cybersecurity as well as our corporate partners, to achieve the best possible outcome for our clients," LandMark White chief executive Chris Coonan said. ''Although LandMark White's investigation is ongoing, we have taken immediate steps to prevent any further disclosure of data. Currently there is no evidence of misuse of any information,'' Mr Coonan said. ANZ chief data officer Emma Gray said the bank was still working out how its customers were affected. She said ANZ had suspended the use of LandMark White and had no reason to believe other valuers were involved in the breach. "The customer information that was disclosed relates directly to the valuations completed by LandMark White and includes customer name; contact details such as phone or email address; and details about the valued property."
MyFitnessPal and CoffeeMeetsBagel data go for sale on the Dark Web*:
After the breach of MyFitnessPal last year involving 150M user accounts, the data has finally been packaged up along with stolen credentials from 15 other websites to be sold on the Dark Web. The asking price? Less than $20,000 in Bitcoin.
Other websites included are CoffeeMeetsBagel, Dubsmash, MyHeritage, ShareThis, HauteLook, Animoto, EyeEm, 8fit, Whitepages, Fotolog, 500px, Armor Games, BookMate, Artsy, and DataCamp. In total, 617 million compromised records are involved.
Cybercriminals can combine such databases to find users who are recycling passwords across multiple sites, allowing them to hack into valuable accounts that can be leveraged for fraud. By investing in solutions that can consistently monitor the Dark Web, companies can quickly understand how hackers are planning to use exposed information and implement cybersecurity safeguards.
THREAT FOCUS: Dunkin Donuts – USA*
Exploit: Credential stuffing attack Dunkin' Donuts: One of the world's leading baked goods and coffee chains
Risk to Small Business: 1.777 = Severe: On February 12th, Dunkin’ Donuts announced that it suffered a credential stuffing attack back in January. This news comes just a few months after the company fell victim to a similar attack on October 31, 2018. As we’ve covered before, hackers employ credential stuffing attacks by leveraging previously leaked usernames and passwords to access user accounts. In this case, they were able to breach DD Perks rewards accounts and are putting them up for sale on Dark Web forums. Aside for the “double whammy” of two attacks within a short time-frame, loyal customers who have lost their rewards will likely bring their business elsewhere.
Individual Risk: 2.571 = Moderate: The exposed accounts contain personal information such as first and last names, email addresses, 16-digit account numbers, and QR codes. Although the accounts have been put up for sale so that buyers on the Dark Web can cash out on reward points, they can also use credentials to orchestrate further cyberattacks.
Customers Impacted: 12,000
Effect on Customers: The trend of credential stuffing is only the first wave resulting from billions of recently leaked usernames and passwords. Companies that experience similar attacks on user accounts will be held liable, regardless of whether they are the source of the breach. To protect from future attacks, businesses must team up with security providers to ensure state-of-the-art password protection and Dark Web monitoring.
Risk Levels: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
THREAT FOCUS: Truluck’s Seafood, Steak & Crab House – USA*
Exploit: Malware injection into point-of-sale (POS) systems Truluck's: Houston-based chain restaurant.
Risk to Small Business: 2.111 = Severe: Truluck’s recently disclosed a data breach notification to one of its servers, which occurred between November 21 to December 8 of 2018. The investigation has revealed that malware was injected into POS systems of 8 restaurant locations across Austin, Houston, Naples, Southlake, and Chicago. Although payment information was compromised, personal information was not stored, which means that the company will likely deal with breach-related expenses but be able to retain customers.
Individual Risk: 2.111 = Severe: Compromised information included debit or credit card numbers and expiration dates. Hackers can use such details to execute payment fraud, so previous restaurant patrons should continuously review account statements and monitor credit reports.
Customers Impacted: To be determined
Effect on Customers: The payment breach was discovered two months after it was initially conducted, signaling an opportunity for Truluck’s to implement advanced security monitoring technologies. All businesses should consider the promise of machine learning solutions, which can detect and predict suspicious activities before they inflict damage.
Risk Levels: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
THREAT FOCUS: Data Camp – USA*
Exploit: Unauthorized system access DataCamp: Online learning platform for data science
Risk to Small Business: 2 = Severe: Last Monday, the site announced that it had suffered a breach affecting users of the platform. A third-party was able to gain access to one of its systems, and the company has notified users, logged out all accounts, and reset passwords since then. Additionally, an investigation has been initiated to discover the exact cause of the breach and how many users are affected.
Individual Risk: 2.574 = Moderate: Personal information including names, email addresses, and optional information such as location, company, biography, education, and profile picture were exposed. This was coupled by account details containing hashed passwords, account creation dates, last sign-in dates, and IP addresses. Users should immediately reset their passwords across all associated accounts, especially if they created a complete profile on DataCamp.
Customers Impacted: To be determined
Effect on Customers: Striking the balance between convenience and security becomes increasingly difficult during a breach incident. In this scenario, DataCamp took an added precaution by logging all users out of their accounts and requesting password resets. However, it is entirely possible that users will switch over to other platforms after being inconvenienced. To maintain a loyal customer base, companies should focus on security solutions that are not intrusive to the customer’s path to purchase.
Risk Levels: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
THREAT FOCUS: E500px - USA*
Exploit: Server hack 500px: Photo-sharing platform Risk to Small Business: 2 = Severe: The online marketplace for photographers recently reported that its servers were hacked all the way back in July 2018. Everyone who signed up for account before then, which amounts to 14.8M accounts, were exposed. Although the breach has compromised personal information, passwords were encrypted, and no payment data was involved.
Individual Risk: 2.428 = Severe: Hackers were able to access first and last names, usernames, hashed passwords, and birth-dates, along with gender and location. These details can be leveraged for credential stuffing attacks and other forms of cyber fraud, which means users should take proactive measures to reset passwords and secure accounts.
Customers Impacted: 14,800,000 users
Effect on Customers: 500px implemented a one-way cryptographic algorithm to hash user passwords, making it almost impossible to crack into them. Other online businesses should take notice and do the same, since encrypting passwords can mitigate the burden of a breach significantly. Additionally, the company has offered to send affected users all their data on file within 72 hours, a unique proposition that all should adopt to protect and engender trust with users after a breach.
Risk Levels: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
THREAT FOCUS: College of Physicians & Surgeon of Saskatchewan – CANADA*
Exploit: Employee breach eHealth Saskatchewan: Electronic health record system Risk to Small Business: 1.777 = Severe: Saskatchewan’s privacy commissioner Kruzeinski reported a breach discovered by eHealth in last April and May. Following a crash involving the Humboldt Broncos junior hockey team, seven physicians inappropriately accessed health information about the crash victims without a “need-to-know”. Upon discovery, Kruzeinski has recommended monthly audits for the violating physicians and enforcement of the “need-to-know” basis organization-wide. It remains to be seen if patients will become aware of the incident and go elsewhere for care.
Individual Risk: 2.142 = Severe: The privacy breach was contained to the victims of the car crash, but protected health information such as lab results, medications, and other chronic diseases could have been accessed.
Customers Impacted: 13 team members
Effect on Customers: Employee breaches can be disheartening for morale and overall culture. To prevent such an incident from occurring, organizations should implement safeguards that can deny access to employees that are searching for information unrelated to their work. Although eHealth decided to monitor this specific instance due to the high-profile nature of the crash, there is no system in place for real-time detection. All companies should partner with MSPs that can offer constant monitoring to discover customer and employee data breaches in a timely manner.
Risk Levels: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
THREAT FOCUS: Clusif - FRANCE *
Exploit: Human error resulting in data leak CLUSIF: Paris-based information security society Risk to Small Business: 2 = Severe: Personal records of the cybersecurity professionals that are members of CLUSIF could have been viewed by third parties on search engines. The president explained that the incident was due to human error and would allow users searching online to gain access to the data set by typing in ‘clusif’ or ‘csv’. As an organization dedicated to cybersecurity, the ironic incident may result in members leaving. Individual Risk: ? = To Be Determined as Investigation Progresses: Although the scope of the information that was leaked and available online is not yet known, an investigation is underway.
Effect on Customers: For companies that are doing business in the cybersecurity sector, a breach caused by human error can tarnish brand reputation and reduce authority in the space. Businesses that highlight their dedication to cybersecurity should partner with security solutions that can further demonstrate, instead of denigrate, the power of breach mitigation.
1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
THREAT FOCUS: OPTUS - AUSTRALIA*
Exploit: Website glitch and phishing Optus: Telecommunications company seeking to be first-in-market with 5G home broadband service
Risk to Small Business: 2.111 = Severe: Optus recently disabled its website after receiving user complaints of a system glitch displaying the wrong account information. Customers report being able to see each other’s information, and others have reported receiving phishing emails posing as the company itself. Since then, the company decided to reopen its website and contact customers who might have been impacted.
Individual Risk: 2.857 = Moderate: After being able to view the names, account numbers, services, and numbers of other users, customers are concerned that the website has been hacked and their login data has been accessed. However, until recently, they were unable to change their details since the website was taken down. This news comes shortly after the company paid multiple fines and refunds for misleading customers and developing proper identity verification safeguards. Users should be on high alert, as it is quite probable that a hacker was able to gain system access.
Customers Impacted: To be determined
Effect on Customers: As the proverb states, forewarned is forearmed. Companies that attempt to conceal a data breach can end up in the news cycle longer than normal and should instead work quickly to detect and mitigate the compromise. Without advanced detection, businesses run the risk of losing customer trust and facing additional consequences, making the benefits vs. costs assessment very clear.
Risk Levels: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
POSTSCRIPT:
What we can do to stop putting our data at risk of identity theft*
5 quick and easy tips for updating your data security
It’s safe to say that data breaches are one of the primary threats affecting the ways in which small businesses operate. All industries face the risk of exposing valuable personally identifiable information (PII) or protected health information (PHI). To compound the matter, innovations such as Internet of Things (IoT) become deeply integrated into operations and can create additional risk.
However, to mitigate even the most advanced cybersecurity concerns, we must begin by thinking simple and effective. Here are 5 steps for proactively preventing breaches and protecting your data in the event of a compromise:
1. Foster cybersecurity team buy-in
Consider implementing an incentive program for employees who detect significant vulnerabilities in cybersecurity. Create a workplace culture that values customer and employee privacy and offer continued education.
2. Make regular updates
Schedule timely updates and involve employees in the process by sending notifications and ensuring compliance.
3. Encrypt data
By making data unreadable for hackers, SMBs can dodge hefty fines and tarnished reputations in the event of a breach.
4. Backup data
By backing up your data onto multiple servers, you can prevent information from being lost in the case of a ransomware attack. Diversifying the format of how data is stored and keeping multiple copies that are secure offers additional protection.
5. Test cybersecurity protocols
By assessing vulnerabilities and conducting penetration testing, you can anticipate weaknesses in your security. Teaming up with security providers to stay constantly alert will offer the two-pronged benefit of preventing a breach from happening in the first place and being prepared pre- and post-incident.
* Disclaimer: Avantia Corporate Services Pty Ltd and Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, and up to 56 other countries who provide cyber breach information to us in real time. Given their international focus and experience in the cyberspace arena we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the contents accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.