Search
  • Avantia Threat Update

INSULIN PUMP FOR DIABETICS COULD BE FATAL.


Insulin pump recalled due to cyber hack vulnerability threat.

This Past Week MedTronic recalls its insulin pump for fear that hackers could kill patients, a report published shows Artificial Intelligence (AI) Cyber Security growing, BEC (Business Enterprise Compromises) scam US$300million per month from businesses, Ransomware stops the music at US Radio station and major breaches in Canada & USA


This Past Week’s top Dark Web compromises:

Top Source Hits: ID Theft Forums Top Compromise Type: Domain Top Industry: Medical & Healthcare Top Employee Count: 11 - 50 Employees

This Past Week’s Top Targeted Industries:

This Past Week's Top Industry Targets:

Finance Hits: 157 | Targets: Western Union, American Express, Equifax Inc, Desjardins Group, JPMorgan Chase & Co.

Software Hits: 100 | Targets: Evite, Google, Symantec, JPMorgan Chase & Co., Microsoft

Banking Hits: 84 | Targets: American Express, Desjardins Group, JPMorgan Chase & Co., SunTrust Banks, Belfius Bank and Insurance

Telecommunications Hits: 71 | Targets: Sprint Communications Inc., Samsung, Xiaomi, Sprint Corp., Huawei Technologies

Information Technology Hits: 68 | Targets: Google, Symantec, Microsoft, Twitter

This Past Week’s Top Threat Actors:

Turla Group Hits: 37 | Targets: G20, Microsoft, Linux, Iran, Mac

Hezbollah Hits: 23 | Targets: Israel, Syria, Lebanon, Iran, United States

GCHQ (UK) Hits: 17 | Targets: Proximus Group, United Kingdom, Belgium, Israel, Germany

Sea Turtle Hits: 7 | Targets: Domain Name System, Cisco Talos, Sweden, Greece, ICS-FORTH

Inj3ct0r Team Hits: 6 | Targets: WordPress, Joomla, Twitter, Apache HTTP Server, SCADA and ICS Products and Technologies

This Past Week’s Top Malware Exploits:

GandCrab Hits: 565 | Targets: Microsoft Office Word, Italy, Microsoft Windows, Russia

Agent Smith Hits: 121 | Targets: Android, Google, Smartphone, Mobile Devices, Operating system

WARZONE RAT Hits: 35 | Targets: Italy, Microsoft Equation Editor, Domain Name System, Microsoft Windows, Microsoft Windows 8

Ryuk Ransomware Hits: 29 | Targets: Bitcoin, United States, dataresolution, Check Point Software Technologies Ltd, Tronc, Inc.

KopiLuwak Hits: 17 | Targets: Microsoft Windows, Syria, Afghanistan, G20, revel.

_________________________________________________________________________


IN OTHER NEWS


Cyber Program vulnerabilities in MedTronic insulin pumps could lead to the murder of diabetics – insecure pump kit recalled:


Health implant maker MedTronic is recalling some of its insulin pumps following the discovery of security vulnerabilities in the equipment that can be exploited over the air to hijack them. Specifically, the manufacturer is recalling its MiniMed 508 and Paradigm insulin pumps, along with the CareLink USB control hub and some blood glucose monitoring devices used with the at-risk gear. America's medical drug watchdog the FDA also issued an alert this week over the holes, which can be leveraged by nearby hackers to execute commands on the pumps. These commands can, for instance, tell the pump to inject too much insulin, causing the patient to suffer hypoglycemia and pass out or enter a seizure, or too little insulin and cause the patient to develop serious life-threatening ketoacidosis. It's a bizarre way to kill someone right by you, of course, when hitting them over the head with a wrench will do it, but you never know. Medtronic said the recall is voluntary, and has offered patients who send in their pumps replacement equipment: the newer MiniMed 670G models that do not suffer from the vulnerability, dubbed CVE-2019-10964. Those who cannot obtain a new pump for whatever reason are advised to avoid connecting their pump to any non-Medtronic devices and to unplug the CareLink USB device when not in use. "The FDA has become aware that an unauthorized person (someone other than a patient, patient caregiver, or health care provider) could potentially connect wirelessly to a nearby MiniMed insulin pump with cybersecurity vulnerabilities," the drug agency said of the flaw. "This person could change the pump’s settings to either over-deliver insulin to a patient, leading to low blood sugar (hypoglycemia), or stop insulin delivery, leading to high blood sugar and diabetic ketoacidosis." Security researchers Billy Rios, Jonathan Butts, and Jesse Young found that the wireless radio communications used between a vulnerable MiniMed pump uses and its CareLink controller device was insecure. An attacker who was in close enough physical proximity to the pump could masquerade as a CareLink unit, and send potentially life-threatening commands to the insulin pump over the air using a software-defined radio or similar kit. "The vulnerabilities affect the radio features - they use a custom radio protocol and the vulnerabilities were exploited through the use of software-defined radios." The research builds on concepts first outlined by legendary infosec guru Barnaby Jack back in 2011. Jack, who died shortly before the 2013 Black Hat security conference, was among the first group of bug hunters, including Nathanael Paul and Jay Radcliffe, to describe how Medtronic and other medical implants were using insecure radio channels to transmit and receive patient data and commands, leaving the door open for miscreants to intercept and inject their own instructions to the devices with potentially catastrophic consequences.


Adoption of AI-enhanced Cybersecurity is Growing Rapidly: Report

The pace of machine learning adoption for cybersecurity is increasing. This may appear to be obvious (virtually no new security product or version is released without claim to artificial intelligence), but a new report confirms this with hard figures. While around 20% of firms used ML prior to 2019, closer to 60% will be using it by the end of the year. The Capgemini Research Institute queried 850 senior executives from IT, cybersecurity and OT in seven sectors across 10 countries, and compiled the report 'Reinventing Cybersecurity with Artificial Intelligence'. The report will not help the understanding of artificial intelligence in cybersecurity, but it does provide information on its current use. Sadly, it does not differentiate between different types of artificial intelligence. It says that AI in cybersecurity is "a set of capabilities that allows organizations to detect, predict and respond to cyberthreats in real time using machine and deep learning." Relatively few security products use deep learning -- it is perhaps really a technology for the future. Most current products employ machine learning -- but here the report makes no differentiation between the types of machine learning. This is a weakness in the report. It doesn't mention that machine learning can be supervised or unsupervised, nor the difference in false positive returns between the two. With unsupervised ML, the algorithms teach themselves. It is probably fair to suggest that this technology is not yet sufficiently mature -- and the result is a higher number of false positives. Supervised ML, where human experts continue to teach the system, currently remains the more effective approach, and anecdotally, companies receive better results from supervised machine learning. The result of this overly high-level view of artificial intelligence is that the figures quoted cannot provide a detailed analysis of the current state of either artificial intelligence in cybersecurity, or its effectiveness in different areas. For example, the report highlights that 64% of companies say that AI lowers the cost of detecting and responding to breaches. Thirty-six percent say it does not -- but there is no explanation of why or how AI has failed more than one-third of all organizations. Could it be as simple as many companies adopting the unsupervised route and having to handle large numbers of false positives? The report does not tell us. Similar questions could be asked about faster response to breaches. This is, after all, one of the primary selling points of ML in cybersecurity. Seventy-four percent of companies have experienced a timesaving of an average of 12%. But 26% of companies have experienced no time-saving. It would be useful for a better understanding of machine learning solutions if we understood why it has failed in these cases. Sixty-nine percent of organizations claim higher accuracy in detecting breaches -- but 31% have had no improvement. Sixty percent claim higher efficiency from analysts supported by ML -- but 40% claim no improvement. Since machine learning security products are being sold -- and bought -- on the basis of better detections and higher speeds, understanding failures could help better decision-making. Another fundamental weakness in the report is a lack of clarity over whether the AI employed by the respondents is developed in-house or bought from a security vendor. While the former is possible for the largest of firms, it will be difficult and probably involve a range of issues not experienced by users of vendor-supplied solutions. One potentially strong area in the report is the development of a recommended use case quadrant based on benefits against complexity. Unsurprisingly, malware detection, intrusion detection and fraud detection all figure in the high benefit, low complexity quadrant. These are classic uses for a wide range of cybersecurity ML-based product. Surprisingly, perhaps, endpoint protection and user analysis are at the other end of the scale. Given that attacks enter via endpoints, and the potential for user analysis to protect credentials and detect lateral adversarial movement on the network, the 'low benefit' classification could be questioned. The basic premise of this Capgemini report is to confirm the increasing use of AI (actually in the form of ML) within cybersecurity. This, however, is already self-evident to all security professionals. The report is titled, 'Reinventing Cybersecurity with Artificial Intelligence'. That has already happened, and is confirmed by the number of Capgemini respondents who intend to install ML over the coming months. What is necessary is an explanation of how different forms of AI will work best in different areas, and the specific advantages that can be delivered. Sadly, this is not delivered by this report.


Failures in Cybersecurity Fundamentals Still Primary Cause of Compromise: Report

While adversaries continuously refine their attack methodologies -- primarily towards greater efficiency, simpler operation and more effective outcomes -- security analysts are struck by the static nature of their recommendations to business. "The same issues and security gaps are blighting organizations' ability to identify and respond to threats," they say. Secureworks has analyzed the findings of more than 1,000 incident response engagements undertaken during 2018. These include both 'emergency' services involving live response to an ongoing incident, and 'proactive' services to help organizations plan for incidents and hunt for threats. What they found was evolutionary rather than revolutionary progress by the aggressor, versus the same continuing security failures among the victims. It is the basics of security that continue to fail: poor visibility, lack of MFA, and insufficient care over third party suppliers. Three areas of aggressor activity from Secureworks' Incident Response Insights Report 2019 illustrate the evolutionary nature of cybercrime: ransomware, convergence of techniques between criminal gangs and state-sponsored groups, and business email fraud. Ransomware is shifting from spray and pray against individual systems, to post-intrusion whole-business network compromise. The latter is far more effective. Spray and pray impacts an average of 1.8 hosts per incident, while the post intrusion method impacts an average of 114.3 hosts per incident -- and businesses can afford much higher ransoms for release (River Beach City in Florida recently paid a $600,000 ransom for the release of its systems). Although the use of SamSam has effectively stopped with the November 2018 indictment of two Iranian citizens, the methodology continues with Ryuk and LockerGoga. In one incident investigated by Secureworks, Emotet was used to introduce TrickBot which spread through the network before Ryuk was deployed, causing "a vast proportion of the organizationís network to become encrypted and rendered unusable." Secureworks sees no sign of this methodology slowing down in 2019. State-sponsored attackers accounted for just 7% of engagements through 2018, although Secureworks acknowledges that attribution is difficult. Partly, this is down to a degree of homogenization between criminals and state actors. "Many [state] groups conduct entire intrusions using publicly available tools and techniques, whereas others adopt increasingly sophisticated approaches to gain access to systems," say the analysts. The use of publicly available tools and the growing trend for ‘living off the land’ attacks ( In the cyber security world, living off the land attacks describe those attacks that make use of tools already installed on targeted computers or attacks that run simple scripts and shellcode directly in memory.) makes it difficult to ascribe an attack to a government. However, the analysts described one attack where, "The behaviors were common to most targeted attacks: initial access leveraged credentials that appeared to have been acquired in a previous incident; additional credentials were stolen and a web shell was installed for persistence; file listings were generated; and then a subset of files on those lists were stolen. "Business email fraud (including BEC and business email spoofing) is increasing. Twenty-one percent of financially motivated incidents investigated in 2018 involved business email fraud, and there is evidence that the attacks are becoming more sophisticated. In one case, note the analysts, "the threat actors monitored emails containing travel itineraries and timed their fraud activity while one of the victims was flying." The target could not verify the legitimacy of the request, and "the threat actors successfully stole more than $1 million USD." But while the threat landscape is continuously evolving and getting more effective, Securework's recommendations to business are remarkably similar to the recommendations made last year -- indicating that too many companies are still failing at the basics of security. The primary recommendations were, and still are, adopt MFA, increase visibility, and improve logging. While many attacks can still be stopped by traditional security controls at the perimeter, these controls have little effect against adversaries already on the network. Visibility into the network is required; but visibility must go beyond the perceived network, to include the whole network. Too often, organizations fail to accurately monitor all their assets. "How can an organization protect assets it does not know about?" ask the analysts. They go further to warn that threat actors often have a better understanding of the true network topology than do the owners, giving the example of APT35 extending its access within a compromised business services organization by leveraging a previously decommissioned domain controller. When this happens, "network defenders and responders will be at a severe disadvantage," they warn. The second part of visibility into the whole network is meaningful logging, and Secureworks recommends that organizations log as much information as possible across their environment for full visibility. In choosing what types of information should be logged, defenders should consider what data will be useful for incident responders. With appropriate technologies and processes to filter the log information into a small number of high-priority events, defenders can also use past events to predict and block future incidents. "For example," they say, "logging failed access attempts can reveal what actions did not work, but that data should be compared to successful attempts to establish normal behaviour for a specific user." If normal behaviour is altered, it could be an indication of attack. "By optimizing log completeness and log retention, organizations ensure that they have sufficient forensic readiness." But the single most common recommendation from Secureworks analysts remains, "Implement MFA." It is almost impossible to keep legitimate credentials out of the hands of attackers. They can be stolen from elsewhere, guessed or harvested from within the network. The analysts go further to suggest that "Every service available on the Internet, including cloud applications such as Office 365/Outlook, external VPNs, and SSO pages, should require users to provide a one-time password (OTP) in addition to their regular password." Despite OTP via SMS being deprecated by some standards, they add, "an OTP via SMS message to the userís phone is better than a single factor." The implementation of MFA can reduce successful incursions, impede lateral movement within a compromised network, and help secure the supply chain. "It can be easy to lose sight of security fundamentals as an organizationís complexity increases, but the recommendations in this report are widely accepted as best practices for a reason: they work," say the researchers. "The next best step on an organization's cybersecurity journey may be to take a step back and reassess its ability to execute the fundamentals."


Email scammers extract over $300m a month from American suits' pockets

While you're sweating to make an honest crust, email scammers are counting at least $301m in untaxed takings every month in the US alone, according to research by the Financial Crimes Enforcement Network. The FinCEN agency tallied the figures for 2018 and found the number of suspicious activity reports describing business email compromises had more than doubled from around 500 per month in 2016, to over 1,100 per month last year. Meanwhile, the number of scammers ballsy enough to impersonate a CEO or other members of the C-suite declined to 12 per cent, down from 33 per cent in 2017. The total value of attempted scams more than tripled in the same period. The agency revealed the favourite method of extracting payment information in 2018 involved fraudulent vendor or client invoices, with this method responsible for 39 per cent of incidents in 2018, up from 30 per cent in 2017. American manufacturing and construction businesses were the top targets for business email fraud, in both 2017 and 2018. FinCEN is a bureau of the US Department of the Treasury, established in 1990 to combat money laundering, terrorist financing and other financial crimes. In recent years, it has assumed a more active role in the cybercrim arena and cryptocurrency markets. One of its specialist subjects is email scams, mostly involving fraudulent payment instructions sent to financial institutions or businesses in order to help criminals get their hands on corporate funds. FinCEN said that, working with law enforcement agencies, it had managed to stop misappropriation of more than $500m via email to date – including $200m since 2017. The agency has issued an updated advisory on email fraud schemes detailing red flags — developed in consultation with the FBI and the US Secret Service — that financial institutions may use to identify and prevent popular methods of email fraud.



THREAT FOCUS: Eastern Ontario Municipality - CANADA

Exploit: Ransomware The Nation, Ontario: Eastern Ontario municipality

Risk to Small Business: 1.666 = Severe: On June 30th, the Canadian municipality was hit with a ransomware attack that crippled the government’s use of network capabilities, computers, and email accounts. Hackers demanded $10,000 in Bitcoin to decrypt the files, which the government declined to pay. Instead, it took officials more than two weeks to restore network services, although email systems are still inaccessible. The incident is a reminder that there are no good solutions once a ransomware reaches a company’s network.

Individual Risk: No personal information was compromised in the breach.

Customers Impacted: Unknown

Effect On Customers: In the wake of this event, government officials are reorienting several of the IT protocols to prevent future ransomware attacks. With ransomware becoming an all-too common malady for organizations in virtually every sector, it’s paramount that they execute those strategies before an attack occurs. While a comprehensive ransomware response plan has many components, it’s common for hackers to enter a company’s network using an employee’s compromised credentials. Partnering with security providers that can monitor for these things can prevent hackers from accessing your network and delivering crippling ransomware.

Risk Levels: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


THREAT FOCUS: Arlington County – UNITED STATES

Exploit: Phishing attack Dominion National: County in the Commonwealth of Virginia

Risk to Small Business:1.555 = Severe Risk: A phishing scam gave hackers access to the county’s payroll systems that contained copious amounts of personal data. Upon discovering the breach, officials worked to identity the scope and severity of the incident, concluding that this preventable breach will have serious implications for their employees. In this case, the agency’s preventative measures will prove to be too little too late, and their own employees will pay the price for inaction.

Individual Risk: 2.285 = Severe Risk: An investigation by two government agencies concluded that only employee data was compromised in the breach. Because hackers gained access to payroll systems, this information could include employee’s most sensitive information, including their names, addresses, Social Security numbers, and bank account information. Consequently, anyone impacted by the breach should immediately acquire credit and identity monitoring services to ensure their information’s long-term security.

Customers Impacted: Unknown

Effect On Customers: In the wake of this attack, Arlington County is taking several steps to protect their infrastructure in the future, including updating their network’s ability to identify a phishing email before it reaches an employee’s inbox and providing training to employees to identity and delete phishing emails before they compromise the network’s integrity. These measures can significantly reduce the risk of a phishing scam, and every organization should implement these protocols as a precaution against not a response to a phishing scam.

Risk Levels: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


THREAT FOCUS: KHSU Radio – UNITED STATES

Exploit: Ransomware KHSU Radio Station: Radio station owned by Humboldt State University

Risk to Small Business: 2.333 = Severe Risk: Hackers exploited a network vulnerability to deliver ransomware to KHSU’s programming systems and storage servers. Fortunately, the affected servers did not contain any sensitive data, but the attack disrupted the station’s programming, which went offline on July 1st. The hackers are demanding a ransomware to restore the systems, but an actual amount hasn’t been specified. Until services are restored, the station’s listeners will continue to be without programming.

Individual Risk: No personal information was compromised in the breach.

Customers Impacted: Unknown

Effect On Customers: The opportunity cost associated with a ransomware attack can be just as damaging as the immediate recovery cost. In this case, listeners are without the station’s regular programming, which will drive them to other stations. To make matters worse, the attack was issued using an avoidable network vulnerability. When it comes to avoiding a ransomware attack, the best offense is a strong defense. Prioritize a thorough review of your network infrastructure and repair any vulnerabilities before hackers exploit them for their own gain.

Risk Levels: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


THREAT FOCUS: Richmond Heights City Hall – UNITED STATES

Exploit: Ransomware Richmond Heights City Hall: Local government offices for Richmond Heights, Ohio

Risk to Small Business: 2.111 = Severe Risk: When an employee opened a phishing email, it unleashed ransomware that disrupted City Hall’s IT infrastructure. The malware encrypted the employee’s files and displayed a ransom note on the screen that demanded payment in Bitcoin to restore services. While the ransomware disabled the city’s computers and servers, their email and internet services were not impacted in the attack. Fortunately, the city-maintained backups that allowed them to restore their files without paying the ransom.

Individual Risk: No personal information was compromised in the breach.

Customers Impacted: Unknown

Effect On Customers: Ransomware can have catastrophic consequences for any organization, but this incident is a reminder that they are often initiated by subtle mistakes. In this case, a single phishing email could have compromised the IT infrastructure for an entire city government. Maintaining adequate backup services and other restorative processes are critical to recovering from a ransomware attack but protecting against the methods that are frequently used to deploy these attacks is equally important.

Risk Levels: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


THREAT FOCUS: Monroe College – UNITED STATES

Exploit: Ransomware Monroe College: Private for-profit college and graduate school based in New York City

Risk to Small Business: 1.888 = Severe: The college endured a ransomware attack that disabled network services at its three campuses. The perpetrators issued a demand for $2 million in Bitcoin to release the encrypted files that likely include most of their critical data for executing business and educational activities. While classes remain in session, all of the school’s email and website-based activities are inaccessible. Monroe College outsources its payroll, which preserved those services during the attack. Unfortunately, the school now has to decide between paying the exorbitant ransom and incurring the considerable cost of recovering network systems. Either way, it will be an expensive recovery process for Monroe College. Individual Risk: No personal information was compromised in the breach

Customers Impacted: Unknown

Effect On Customers: Monroe College is just the latest in a series of academic institutions impacted by a ransomware attack. These attacks significantly curtail their operations while costing precious funds that are earmarked for academics. Therefore, it’s imperative to understand potential vulnerabilities before such an attack occurs. Given the high expense of recovery, the slew of negative press, and the opportunity cost associated with a ransomware attack, the relatively affordable cost of examining network vulnerabilities and compromised credentials is a bargain.

Risk Levels: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


THREAT FOCUS: Essentia Health – UNITED STATES

Exploit: Phishing attack

Essentia Health: Integrated healthcare system offering services in Minnesota, Wisconsin, North Dakota, and Idaho

Risk to Small Business: 2 = Severe: A vendor providing billing services for the healthcare provider was the victim of a phishing scam that consequently compromised patient data at Essentia Health. The healthcare provider is investigating the incident and the integrity of other third-party vendor systems. In today’s digital landscape, verifiable data security standards are a must have for any partnership that involves personally identifiable information.

Individual Risk: 2.428 = Severe: Essentia notified those impacted by the breach, but they have not identified any attempted misuse of patient data. Even so, once sensitive personal information is accessed, it can quickly become accessible on the Dark Web, so those affected will need ongoing credit and identity monitoring services to ensure their data’s integrity.

Customers Impacted: 1,000

Effect On Customers: Data breaches that expose people’s personal information can have devastating consequences for both the company and the victims. The most advantageous road to recovery starts with ensuring that victims have the support necessary to adequately recover from the incident. This includes identifying the cause and scope of a breach as well as providing the credit and identity monitoring services that offer rapid detection of data misuse.

Risk Levels: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


THREAT FOCUS: La Porte County Government – UNITED STATES

Exploit: Ransomware La Porte County Government: Local government serving La Porte, Indiana

Risk to Small Business: 2.111 = Severe: A malware attack on the government’s IT infrastructure rendered more than half of their servers unusable. The attack, which delivered a ransomware virus, cut off access to the county’s website, email accounts, and other services. The remaining servers were taken offline to prevent malware from spreading further. The county purchased ransomware insurance last year, which will help offset the repair costs, but officials expect in order to fully recovery it will come at a significant expense.

Individual Risk: No personal information was compromised in the breach.

Customers Impacted: Unknown

Effect On Customers: Ransomware attacks on government agencies and institutions are on the rise, making a response plan a must-have element of any cybersecurity initiative. La Porte officials demonstrated many benefits of these plans, including rapid response capabilities, clear communication channels, and proper insurance to reduce the expense of an attack. Of course, surveying your organization’s IT infrastructure should be a top priority as well, since it can prevent an attack before it occurs.

Risk Levels: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


THREAT FOCUS: Los Angeles County Department Of Health – UNITED STATES

Exploit: Phishing attack Los Angeles County Department of Health: Government agency responsible for overseeing health initiatives in Los Angeles County

Risk to Small Business: 1.555 = Severe: On March 28th, an employee at a third-party contractor opened a phishing email that gave hackers access to the company’s data, which included personally identifiable information from the Los Angeles Department of Health. Although the data was encrypted, the email account also contained the encryption keys, which functionally nullified this security feature. As the second-largest health system in the United States, the agency oversees many clinics and hospitals that could be impacted by this attack. Now, the Los Angeles County Department of Health is tasked with reinforcing its cybersecurity standards while they support their constituents who were harmed in the attack.

Individual Risk: 2.285 = Severe: The data breach exposed sensitive patient information, including names, addresses, dates of birth, medical record numbers, and Medi-Cal identification numbers. In addition, two patients had their Social Security numbers compromised. Although patients were not the target of the attack and authorities haven’t found evidence that their information is being misused, personally identifiable information can quickly make its way to the Dark Web where it can be used to perpetrate financial and identity crimes. Therefore, those impacted by the breach should enrol in the provided credit and identity monitoring services to ensure their data’s continued integrity.

Customers Impacted: 14,591

Effect On Customers: Phishing attacks are an easy way for hackers to circumvent security standards by relying on employee ignorance and indifference to gain access to sensitive computer networks. Every organization can defend against these attacks by conducting awareness training with their employees. By equipping employees to identify and report phishing emails, organizations can effectively render these attacks ineffective.

Risk Levels: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.



POSTSCRIPT:


U.S. Mayors Unite Against Ransomware Payments 2019 has seen a significant uptick in the number of ransomware attacks on local governments. High profile attacks on cities in Florida and Maryland in the US attracted most of the mainstream media attention, but, to date, 22 municipalities were the victim of a ransomware attack in the first half of the year in the US. Local mayors are tired of paying the price for these attacks, and they codified this sentiment in a nonbinding, unanimous resolution at this year’s meeting of the U.S. Conference of Mayors where they vowed not to pay any more ransom demands. Noting that ransom payments provide a financial incentive for additional perpetrators to proliferate these attacks, conference members are committed to disincentivizing this behaviour in an attempt to abate this troubling trend. The conference is comprised of 1,400 mayors from various U.S. cities with populations of over 30,000, and, while there is no mandate that members must follow this resolution, it provides political and legal cover for mayors to refuse ransom payments. In some cases, not paying a ransom can be considerably more expensive, and it can take longer to recover affected systems. It also raises the stakes in the fight against ransomware, and local municipalities will need to do everything they can to fortify their IT infrastructure against the many access points for ransomware. Partnering with qualified third-party professionals can help your organization identify its most prescient vulnerabilities to ensure that they can avoid the decision to pay a ransom altogether.


Ransomware Attacks Target Network Attached Storage Devices According to recent findings by cybersecurity researchers, a new form of ransomware dubbed eChoraix, is being used to attack network attached storage (NAS) devices. The malware specifically targets QNAP NAS devices, which are used around the world. These devices are already connected to the internet, and hackers use brute-force attacks to expose weak login credentials to gain access to the device. These devices frequently store critical system backups and other sensitive information, but they often don’t come with the sophisticated security features that accompany built-in computer storage. Much like the delivery method, the malware’s source code is simple, consisting of less than 400 lines. Unfortunately, this simplistic attack can still cause serious damage to users’ data, as they will be forced to either pay a ransom to recover the backups or to rely on other storage units to provide these services. QNAP has issued a patch for these vulnerabilities, but, more broadly, every organization needs to be aware of the rapidly shifting landscape for today’s ransomware attacks that are becoming stealthier and more damaging. Cybersecurity services can help you navigate this landscape by transforming your vulnerabilities into your greatest asset in a robust cyber defence.





Disclaimer*: Avantia Corporate Services Pty Ltd and Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, and up to 56 other countries who provide cyber breach information to us in real time. Given their international focus and experience in the cyberspace arena we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the contents accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.

Want The Information  Cyber Criminal's  Don't Want You To Know?

Subscribe below to receive our weekly Threat Updates straight to your inbox.

Call (07) 3010 9711 

info@avantiacorp.com.au

 

Avantia Corporate Services Pty Ltd,                    Level 7, 320 Adelaide Street

Brisbane, Queensland 4000

AUSTRALIA.

  • LinkedIn Social Icon
  • Facebook Social Icon

DISCLAIMER*: Avantia Corporate Services Pty Ltd and Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, and up to 56 other countries who provide cyber breach and cybersecurity information to us in real-time. Given their international focus and experience in the cyberspace arena, we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the content's accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.

*COPYRIGHT 2020* Avantia Corporate Services  PTY LTD - All Rights Reserved.