Search
  • Avantia Threat Update

KILLER ROBOTS FIRM UP AS FUTURE THREAT




This Past Week a report reveals how Amazon, Microsoft & Intel, may be putting the world at risk of Killer Robot development with deadly AI; a NEW malware discovered that actually does record online X Rated content and captures viewers credentials for exploitation is outed; Chinese employee steals vital train transportation code and flee’s ‘back home’; Ransomware disrupts 22 Govt. Dept’s; Instagram phishing email uses 2FA as a lure; Australian Cyber Security Centre alerts to BlueKeeper vulnerability - 50,000 at risk; Ransomware threatens a company’s financial future; Online Shoppers have their payment information stolen by MageCart, and the Canadian Government launches its world first Cyber Security Certification Program for SMEs*.


This Past Week's Dark Web ID Exploitation Trends*: Top Source Hits: ID Theft Forums

Top Compromise Type: Domain 

Top Industry: Manufacturing

Top Employee Count: 11 - 50 Employees 

______________________________________________________________________________


Leading Tech Companies spearhead developments in AI towards autonomous Killer Robots*.

Amazon, Microsoft and Intel are among leading tech companies putting the world at risk through killer robot development, according to a report that surveyed major players from the sector about their stance on lethal autonomous weapons. Dutch NGO Pax ranked 50 companies by three criteria: whether they were developing technology that could be relevant to deadly AI, whether they were working on related military projects, and if they had committed to abstaining from contributing in the future. "Why are companies like Microsoft and Amazon not denying that they're currently developing these highly controversial weapons, which could decide to kill people without direct human involvement?" said Frank Slijper, lead author of the report published this week. The use of AI to allow weapon systems to autonomously select and attack targets has sparked ethical debates in recent years, with critics warning they would jeopardize international security and herald a third revolution in warfare after gunpowder and the atomic bomb. A panel of government experts debated policy options regarding lethal autonomous weapons at a meeting of the United Nations Convention on Certain Conventional Weapons in Geneva last Wednesday. Google, which last year published guiding principles eschewing AI for use in weapons systems, was among seven companies found to be engaging in "best practice" in the analysis that spanned 12 countries, as was Japan's Softbank, best known for its humanoid Pepper robot. Twenty-two companies were of "medium concern," while 21 fell into a "high concern" category, notably Amazon and Microsoft who are both bidding for a $10 billion Pentagon contract to provide the cloud infrastructure for the US military. Others in the "high concern" group include Palantir, a company with roots in a CIA-backed venture capital organization that was awarded an $800 million contract to develop an AI system "that can help soldiers analyse a combat zone in real time." "Autonomous weapons will inevitably become scalable weapons of mass destruction, because if the human is not in the loop, then a single person can launch a million weapons or a hundred million weapons," Stuart Russell, a computer science professor at the University of California, Berkeley told AFP on Wednesday. "The fact is that autonomous weapons are going to be developed by corporations, and in terms of a campaign to prevent autonomous weapons from becoming widespread, they can play a very big role," he added. The development of AI for military purposes has triggered debates and protest within the industry: last year Google declined to renew a Pentagon contract called Project Maven, which used machine learning to distinguish people and objects in drone videos. It also dropped out of the running for Joint Enterprise Defence Infrastructure (JEDI), the cloud contract that Amazon and Microsoft are hoping to bag. The report noted that Microsoft employees had also voiced their opposition to a US Army contract for an augmented reality headset, HoloLens, that aims at "increasing lethality" on the battlefield. According to Russell, "anything that's currently a weapon, people are working on autonomous versions, whether it's tanks, fighter aircraft, or submarines." Israel's Harpy is an autonomous drone that already exists, "loitering" in a target area and selecting sites to hit. More worrying still are new categories of autonomous weapons that don't yet exist -- these could include armed mini-drones like those featured in the 2017 short film "Slaughterbots." "With that type of weapon, you could send a million of them in a container or cargo aircraft -- so they have destructive capacity of a nuclear bomb but leave all the buildings behind," said Russell. Using facial recognition technology the drones could "wipe out one ethnic group or one gender, or using social media information you could wipe out all people with a political view." The European Union in April published guidelines for how companies and governments should develop AI, including the need for human oversight, working towards societal and environmental wellbeing in a non-discriminatory way, and respecting privacy. Russell argued it was essential to take the next step in the form of an international ban on lethal AI, that could be summarized as "machines that can decide to kill humans shall not be developed, deployed, or used."


New Malware discovered that records screen activity when victims watch X rated adult content - danger will robinson.....

The IT security researchers at ESET have discovered a nasty new malware that not only steals users’ private and financial data but also keeps an eye on their browsing activities including recording their screen whenever they watch specific X Rated Videos. Dubbed ‘Varenyky’ by researchers; the malware spreads itself through sophisticated spear phishing spam emails. Its prime target is Windows based computers where once the device is infected it steals login credentials, financial details, and recording screen activities while its victim “enjoys” x-rated content. Although the malware is currently only targeting French customers using Orange S.A. ISP (formerly France Télécom S.A.) services, the campaign highlights the fact that cybercriminals are capable of blackmailing victims by threatening to leak on-screen activity and demand ransom money and their threats now have ‘real’ teeth. It is important to note that this malware turns itself into Ransomware if you try to remove it. It is worth mentioning also that a similar type of attack was previously reported in which crooks emailed victims claiming that their PC has been infected by malware and they have video of the victim during the time they were watching pornography. The email further claimed to have access to victim’s contacts and threatened to leak the video in case they don’t pay a ransom payment in bitcoin. The email often contained victim’s password which, in some cases, was their real password stolen from previous data breaches – This type of attack is known as “sextortion”. In the case of ‘Varenyky’ malware, the email comes with a Microsoft document file appearing to be a pending phone bill issued by Orange S.A. ISP. “Overall, the email text content, the document’s filename and the “protected” content of the document emphasize to the recipients that they are dealing with a real bill and that they should open it. The quality of the French is very good; overall, the document is very convincing,” said ESET researchers. Upon executing the Word file, victims are asked for “human verification,” which, when verified enables macros in the background containing malware to drop its payload. Although researchers have identified Varenyky’s screen recording capabilities, they did not find any such video that was recorded and leveraged by the malware author - at least no yet. However, the email gives victims 72 hours to send payment in Bitcoin or the video will be sent to their contacts including friends, family, colleagues and shared on social media including Twitter and Facebook, etc. Victims are also told to refrain from to changing their passwords, cleaning their device or removing the malware “because the victim’s data is on a remote server.” If you are on Windows, there are several things you can do to prevent Varenyky malware from infiltrating your computer. First and foremost, avoid opening emails from anonymous contacts, do not download or executes files coming from such emails, keep your system upgraded, use reliable anti-virus software and scan your device regularly. In case you have received such extortion email; ignore it and change all your passwords accordingly. Stay safe online.

Train maker's Computer Coder goes ‘Loco” - flee’s to China with top-secret code.*

A software developer fled to China from America with vital train transportation system computer code, US prosecutors have alleged. Xudong "William" Yao stole the software blueprints from his former employer, an unnamed locomotive manufacturer based in Chicago, it is claimed, flew to the Middle Kingdom, and took up a job with a Chinese biz that specializes in automotive telematics – think vehicle monitoring, tracking, and communications. Yao was indicted by Uncle Sam in December 2017 roughly two years after he bailed out of the United States in 2015. His indictment was unsealed by the court recently after prosecutors agreed there was no longer a reason to keep the allegations hush-hush. According to the indictment, Yao, 57, joined the unnamed locomotive builder in August 2014 as a software engineer and almost immediately began hoarding commercially sensitive documents. Just weeks into his employment, prosecutors say, he had already amassed a cache of 3,000 files containing trade secrets belonging to his employer, including source code for the control system software used to drive the locomotives. At the same time, he made contact with the Chinese company to negotiate a job deal. Fast forward to February 2015 when, for reasons unrelated to this case, Yao was fired by the Chicago train firm. Later that month he made copies of the pilfered files, and attempted to find work with other businesses, the Feds claim. In July, we're told, Yao visited China to finalize a job deal with the aforementioned car telematics provider. In November that year, the actual transport of the stolen documents is said to have happened when Yao, carrying nine digital copies of the train company's control system source code among other secrets, flew out from Chicago's O'Hare International Airport for the last time on his way to China, where he is believed to still be residing. US prosecutors indicted Yao on nine counts of theft of trade secrets. Should he ever return to the United States and be arrested, he would formally be charged and tried. The case is one of a number involving allegations of US-based developers and engineers fleeing to China while in possession or trade secrets. In March, a former Tesla engineer was sued for lifting trade secrets from the Musk-y auto outfit with the intent of taking them to a Chinese rival, and last year a trio of Micron engineers were charged with stealing confidential docs from the chipmaker on behalf of two China-based outfits.


Ransomware disrupts 22 Government Departments*

On August 16, Texas local government became the latest victim of the expanding global racket that is Ransomware. We’d like to offer more detail on the incident but, so far, the Texas Department of Information Resources (TDIR) has said very little beyond the fact that 22 departments (originally said to be 23 but adjusted) were affected. Perhaps that’s not surprising – when ransomware visits 22 departments in a single state, the security staff are likely to have their hands full restoring services. What we do know is that, so far, two victims have come forward: the cities of Borger and Keene.The mayor of Keene, Gary Heinrich, said that the ransom demand was $2.5 million. Henrich indicated that it was a supply chain attack: They got into our software provider, the guys who run our IT systems. A lot of folks in Texas use providers to do that, because we don’t have a staff big enough to have IT in house. Some reports indicate that the ransomware used was a generic type known as ‘.JSE’ (after the extension that appends encrypted files), while another points the finger at something called ‘Sodinokibi’ (REvil), whose appearance was recently discovered.  Naturally, the attack was highly targeted: At this time, the evidence gathered indicates the attacks came from one single threat actor. Whatever unfolded in those departments last week, we can infer the seriousness of events from the list of US agencies that were name checked  in the official Press Release ie. The Texas Department of Information Resources; The Texas Division of Emergency Management; The Texas Military Department; The Texas A&M University System’s Security Operations Center/Critical Incident Response Team; The Texas Department of Public Safety; Computer Information Technology and Electronic Crime (CITEC) Unit and that’s without counting the US Department of Homeland Security, Federal Emergency Management Agency (FEMA), and the FBI. How did something that once attacked isolated police departments and universities grow into a problem menacing entire layers of state government and even, on several terrible occasions, the administration of entire cities? While US government is far from being the only target of ransomware crime, the sheer number of attacks affecting this sector is no coincidence. As well as being one of the largest governments on earth, the US is one the most complex, covering a web of federal, state, city, county, municipality, and township administrations, which vary by state. Such complexity makes defense against ‘devil takes the hindmost’ threats such as ransomware inherently difficult. Attackers only need to find one vulnerable system in a single office. Once behind firewalls, such threats can easily spread quickly. Hitting public organisations is also astute – the public pressure to get them working again is huge, something the attackers know works in their favor. Texas’s figures suggest that so far in 2019, ransomware has cost its counties $3.25 million, cities $2.5 million, and its education sector another $1.8 million. Unreported ransomware could be as high as additional $5 million (these numbers don’t include the toll on individuals and businesses). And it’s not only Texas. In June, it Louisiana causing a state of emergency to be declared. In May, the city of Baltimore was hit that might have been aided by the infamous EternalBlue vulnerabilities. Others victims have included  Georgia’s Court System; Monroe College in New York and a Florida City Council so badly affected it reportedly paid a $600,000 Ransom. Sophos CISO Ross McKerchar spoke about how these sorts of attacks unfold. The bad guys are moving upmarket with coordinated and planned attacks, aiming for larger payouts rather than opportunistic and automated attacks. This is likely a reaction to improved protection against fully-automated attacks. These sorts of attacks typically - Take longer to unfold: There’s a higher dwell time as the attackers manually work their way around the network towards their targets - Are harder to recover from: Attackers tend to understand the business and go for the most impactful assets. They take their time to ensure backups are also encrypted, and attempt to gain deep access to the environment, such as domain admin, making them much harder to kick out - Are carefully priced: In some cases, the attackers even access finance systems first so they know exactly how much the business can afford to pay.


Instagram phishing uses 2FA as a lure*

When cybercrooks first got into phishing in a big way, they went straight to where they figured the money was: your bank account. A few years ago, we used to see a daily slew of bogus emails warning us of banking problems at financial institutions we’d never even heard of, let alone done business with, so the bulk of phishing attacks stood out from a mile away. Back then, phishing was a real nuisance, but even a little bit of caution went an enormously long way. That’s the era that gave rise to the advice to look for bad spelling, poor grammar, incorrect wording and weird-looking web sites. Make no mistake, that advice is still valid. The crooks still frequently make mistakes that give them away, so make sure you take advantage of their blunders to catch them out. It’s bad enough to get phished at all, but to realise afterwards that you failed to notice that you’d “logged into” the Firrst Bank of Texass or the Royall Candanian Biulding Sociteye by mistake – well, that would just add insult to injury. These days, you’re almost certainly still seeing phishing attacks that are after your banking passwords, but we’re ready to wager that you get just as many, and probably more, phony emails that are after passwords for other types of account. Email accounts are super-useful to crooks these days, for the rather obvious reason that your email address is the place that many of your other online services use for their “account recovery” functions. A crook who can get at your emails before you do can use the [Reset password] button on your online accounts and click on the “choose new password” links that come back via email……without you ever noticing that a password reset was requested. Social media passwords are also valuable to crooks, because the innards of your social media accounts typically give away much more about you than the crooks could find out with regular searches. Worse still, a crook who’s inside your social media account can use it to trick your friends and family, too, so you’re not just putting yourself at risk by losing control of the account. Indeed, we now see more phishing attacks that are going after email and social media passwords than we do attacks against online banking accounts. Emails with login links are almost always bogus, especially for mainstream webmail accounts, and years of publicity about the risks of clicking through when emails demand you to “login now” have made us nervous of the L-word. In other words, a site without a padlock definitely isn’t to be trusted, in the same way that typos and grammatical errors should turn you away; but a site can’t automatically be trusted just because it has a padlock and was advertised with emails that were spelled correctly. The real Instagram login page is pretty close, so you can’t rely on visual mistakes in the password screen itself: What to do if the phishing page looks OK, and it has an HTTPS padlock just as you’d expect, so how are you supposed to spot phishes of this sort?

Watch out for any and all of these tricks whenever you receive an email that claims to be a security warning - Sign-in link in email. Easy solution: never use them! If you need to sign in to Instagram, you don’t need a link to find it. Use the app on your phone or a bookmark you set up yourself from your browser. Yes, it’s slightly more work. No, it’s not difficult - Unexpected domain name. Make sure you know where your browser has taken you. If the address bar is too short to see the full URL, copy and paste the text out of it to make sure. If it looks wrong, assume it is wrong and ignore it, or take a second opinion from someone you trust. Yes, it’s slightly more work. No, it’s not difficult - Unreasonable request. If you are worried that someone else has been logging into your account, use that account’s official way of checking your login activity. Don’t rely on web links that could have come from anywhere. Annoyingly, each social media app does this a bit differently, but once you know where to look you’ll never be tricked by an email like this again. Yes, it’s slightly more work. No, it’s not difficult. Stay safe online.



THREAT FOCUS: European Central Bank - GERMANY*

Exploit: Unauthorized database access

European Central Bank: Central bank for monetary policy within the Eurozone

Risk to Small Business: 1.666 = Severe Risk: Hackers infiltrated the database for Banks’ Integrated Reporting Director (BIRD), which includes the subscription information for a newsletter published by the organization. In addition, hackers injected malware into the network that can aid in phishing scams. As a result, the organization took their website offline indefinitely. However, all bank and market-related information was not impacted by the event.

Individual Risk: 2.428 = Severe Risk: Database access provided hackers with subscribers' personal information, including their email addresses, names, and position titles. Fortunately, account passwords were not compromised. Since the BIRD website operates independently from the central bank, more critical information was not exposed during the breach.

Customers Impacted: 481 How it Could Affect Your Customers: In today’s digital landscape, dealing with third-party vendors is an inevitable component of any comprehensive IT infrastructure. However, data security needs to be top-of-mind when contracting with third-parties. In this case, a vulnerability at a third-party hosting service compromised the data at an organization with a rigorous and multifaceted approach to data security.

Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security to the Rescue: Monitoring the Dark Web for stolen credentials is critical for SME’s who want to provide comprehensive security for their business and their staff. Provided complimentary with all Dark Web Monitoring subscriptions Avantia offers an online Staff Certification training and ‘BullPhish ID’ which compliments that data with simulated phishing attacks and security awareness training campaigns to educate employees, making them the best defence against cybercrime. Call +61 7 30109711 or Email info@avantiacorp.com.au to find out more.


THREAT FOCUS: Tribal Group PLC - AUSTRALIA*

Exploit: Unauthorized database access

Tribal Group PLC: Software and service provider for educational institutions

Risk to Small Business: 1.555 = Severe Risk: A data breach at the company’s subsidiaries, Tribal Campus, sent their stock price plummeting nearly 5%. The company reacted quickly to restrict the data breach and to repair the vulnerability, but they face an uphill battle to recover their stock price and to restore their tarnished reputation.

Individual Risk: 2.285 = Severe Risk: Those attending schools that rely on Tribal’s software and services could be impacted by the breach. The company is notifying individuals whose data was accessed, which could include their names and other personally identifiable information. This data can quickly spread on the Dark Web, and those affected should attain the credit and identity monitoring services necessary to ensure their information’s security and integrity.

Customers Impacted: 9,300 How it Could Affect Your Customers: Tribal Group PLC’s data breach underscores the vast financial implications of a data breach. Not only does repair and restoration result in significant expense but shifting consumer sentiment and global regulations are lowing investors tolerance for lax data security. In other words, data security is a bottom-line issue, and it should be a top priority for businesses of every size.

Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security to the Rescue: Monitoring the Dark Web for stolen credentials is critical for SME’s who want to provide comprehensive security for their business and their staff. Provided complimentary with all Dark Web Monitoring subscriptions Avantia offers an online Staff Certification training and ‘BullPhish ID’ which compliments that data with simulated phishing attacks and security awareness training campaigns to educate employees, making them the best defence against cybercrime. Call +61 7 30109711 or Email info@avantiacorp.com.au to find out more.


THREAT FOCUS: Choice Hotels - UNITED STATES*

Exploit: Ransomware

Choice Hotels: Hospitality franchisor based in Rockville, Maryland

Risk to Small Business: 2 = Severe Risk: An unsecured database for the hospitality company was discovered by security researchers, but cybercriminals stole a trove of company data before Choice Hotels could repair the vulnerability. When repairing the database, researchers discovered a ransom note indicating the data theft and demanding a $4,000 payment in Bitcoin to return the information. Cybersecurity personnel believe that the hackers intended to destroy the entire database, but their efforts failed.

Individual Risk: 2.714 = Moderate Risk: The data breach includes data from staff and students from the years 2001 - 2016, and it includes first and last names, school email addresses, and birth dates. Personal data can travel quickly on the Dark Web, and those impacted by the breach should enroll in the credit monitoring services offered by the district.

Customers Impacted: Unknown How it Could Affect Your Customers: Choice Hotels is working to put new security measures in place to prevent something like this from happening again. Unfortunately, once a breach occurs, customer information is readily and permanently available online. Therefore, data security is one of the best customer-facing initiatives that a business can adopt. When mistakes are made, knowing what happens to that information and putting procedures in place to prevent future breaches is a must-have service for any business. Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security to the Rescue: Monitoring the Dark Web for stolen credentials is critical for SME’s who want to provide comprehensive security for their business and their staff. Provided complimentary with all Dark Web Monitoring subscriptions Avantia offers an online Staff Certification training and ‘BullPhish ID’ which compliments that data with simulated phishing attacks and security awareness training campaigns to educate employees, making them the best defence against cybercrime. Call +61 7 30109711 or email info@avantiacorp.com.au to find out more.


THREAT FOCUS: Hy- Vee Supermarkets - UNITED STATES*

Exploit: Unauthorized database access

Hy-Vee: Supermarket chain with 245 locations throughout the Midwestern United States

Risk to Small Business: 1.777 = Severe: Unauthorized activity involving payment processing software compromised transaction data at the company’s fuel pumps, coffee shops, and restaurants. However, card data involving the company’s supermarket check lanes and other payment systems was not impacted by the breach. As a result, the regional company will have to spend considerably to upgrade its cybersecurity standards and absorb the less quantifiable costs in brand erosion.

Individual Risk: 2.428 = Severe: Hy-Vee took steps to eradicate the malicious activity, but the company has not revealed the specific data sets that were compromised in the breach. Given that the event focused on point-of-sale platforms, it’s possible that names and payment information was made available to hackers. Customers should anticipate further developments from the company, but they should carefully monitor their accounts to identify suspicious activity.

Customers Impacted: 15,298 How it Could Affect Your Customers: Supporting those impacted by a data breach is the most important responsibility of any company that fails to protect customer data. Having the policies, procedures, and technology in place to quickly respond to a breach can help mitigate the inevitable reputation damage and customer blowback that accompanies a security lapse. Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security to the Rescue: Monitoring the Dark Web for stolen credentials is critical for SME’s who want to provide comprehensive security for their business and their staff. Provided complimentary with all Dark Web Monitoring subscriptions Avantia offers an online Staff Certification training and ‘BullPhish ID’ which compliments that data with simulated phishing attacks and security awareness training campaigns to educate employees, making them the best defence against cybercrime. Call +61 7 30109711 or Email info@avantiacorp.com.au to find out more.


THREAT FOCUS: Camp Verde Unified Schools District - United States*

Exploit: Ransomware

Camp Verde Unified School District: Public school district serving students in Camp Verde, Arizona

Risk to Small Business:  2.111 = Severe: A ransomware attack prevented the school district from accessing its entire network for more than two weeks. The attack’s timing is particularly problematic since it occurred during back-to-school season for the district and its families. Consequently, records and payments are being recorded by hand as the district attempts to continue business as usual. Fortunately, the district has ransomware insurance that will help offset some of the costs, but those resources won’t undo the difficulties incurred by the organization at a critical time for business operations.

Individual Risk: No personal information was compromised in the breach.

Customers Impacted: Unknown How it Could Affect Your Customers: Opportunity cost is a significant factor in a ransomware attack. Many businesses are making arrangements to account for the costs of recovery, but there is no way to avoid losses in productivity and revenue that inevitably occur during a ransomware attack. Therefore, businesses and organizations need to take every precaution to prevent a ransomware attack before it occurs.

Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security to the Rescue: Monitoring the Dark Web for stolen credentials is critical for SME’s who want to provide comprehensive security for their business and their staff. Provided complimentary with all Dark Web Monitoring subscriptions Avantia offers an online Staff Certification training and ‘BullPhish ID’ which compliments that data with simulated phishing attacks and security awareness training campaigns to educate employees, making them the best defence against cybercrime. Call +61 7 30109711 or Email info@avantiacorp.com.au to find out more.


THREAT FOCUS: National Baseball Hall Of Fame - UNITED STATES*

Exploit: Malicious code script

National Baseball Hall of Fame: American History Museum for Major League Baseball

Risk to Small Business: 1.555 = Severe: The notorious hacking group MageCart infiltrated the National Baseball Hall of Fame, compromising the personal information of customers shopping on their e-commerce store. Hackers had access to shopper information for seven months, beginning in November 2018. The hackers injected a malicious script into the checkout page that forwarded user information to the hacking group. Now, the museum will incur the inevitable repair costs that always accompany a data breach, and the reputational damage to their online store will likely cost them revenue and loyal customers moving forward.

Individual Risk: 2.428 = Severe: MageCart scams steal customer data at checkout, and online shoppers between November 15, 2018 and May 14, 2019 could have their information stolen by the hacking group. This data involves customers’ names, addresses, and payment information, including CVV codes. Customers who made purchases at the online store during this timeframe are encouraged to contact their credit card company and monitor accounts for fraudulent or suspicious activity.

Customers Impacted: Unknown How it Could Affect Your Customers: Online shopping is quickly becoming the go-to buying method for many shoppers, and SMBs rely on this revenue stream to compete with major corporations. Therefore, securing IT infrastructure is critical to stay competitive in today’s digital-first environment. To mitigate the damage after a breach, businesses should strive to provide proactive customer care to ensure that they can quickly and completely recover from a breach. Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security to the Rescue: Monitoring the Dark Web for stolen credentials is critical for SME’s who want to provide comprehensive security for their business and their staff. Provided complimentary with all Dark Web Monitoring subscriptions Avantia offers an online Staff Certification training and ‘BullPhish ID’ which compliments that data with simulated phishing attacks and security awareness training campaigns to educate employees online, making your staff the best defence against cybercrime. Call +61 7 30109711 or email info@avantiacorp.com.au to find out more.


THREAT FOCUS: Grays Harbor Community Hospital - UNITED STATES*

Exploit: Ransomware

Grays Harbor Community Hospital: Healthcare provider operating as part of the Medical Group

Risk to Small Business: 1.666 = Severe: After an employee accidentally clicked on a phishing email, cybercriminals were able to infect the hospital’s IT infrastructure with ransomware that impacted the provider’s access to medical records, prescription information, and more services, including payment processing. The hackers demanded $1 million to unlock the files, a significant sum that places a serious strain on the cash-strapped hospital. While it’s unclear if the hospital paid the ransom, officials noted that restricted cash flow will threaten the organization’s future financial viability.

Individual Risk: 2.142 = Severe: While there is no evidence that personal data was collected as part of the breach, sensitive patient information, including medical records, demographic information, insurance information, medical history, medical treatment, and billing information could have been made accessible to unauthorized third-parties. Since personally identifiable information can quickly make its way to the Dark Web, where it can be used to facilitate additional cybercrimes, those impacted by the breach should acquire monitoring services to secure this information.

Customers Impacted: 85,000 How it Could Affect Your Customers: Ransomware is much more than a temporary inconvenience. The astounding costs surrounding repair, restoration, or even ransom payments can significantly impact a company’s ability to continue operating. Once ransomware takes hold of a company’s IT infrastructure, every path forward is expensive and fraught with difficulties. Therefore, identifying and addressing vulnerabilities before they enable a breach is the only effective way of avoiding the costly aftermath of a ransomware attack. Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security to the Rescue: Monitoring the Dark Web for stolen credentials is critical for SME’s who want to provide comprehensive security for their business and their staff. Provided complimentary with all Dark Web Monitoring subscriptions Avantia offers an online Staff Certification training and ‘BullPhish ID’ which compliments that data with simulated phishing attacks and security awareness training campaigns to educate employees online, making your staff the best defence against cybercrime. Call +61 7 30109711 or Email info@avantiacyber.com.au to find out more.



POSTSCRIPT:


Canadian Government Launches Cybersecurity Certification Program for SMEs* 

A recent survey by StaySafeOnline.org found that 71% of data breaches occur at small businesses, a prolific problem that the Canadian government is trying to solve. Consequently, they’re instituting an incentive program for SMEs prioritizing cybersecurity initiatives. 

The new initiative, ‘CyberSecure Canada’, allows organizations to prove that they meet specific security criteria, then awards the organization with a certificate and logo that they can include on their website and promotional material. 

To become CyberSecure certified, SMBs must demonstrate compliance with 13 security controls that collectively create a safer internet experience for businesses and their customers. The program strives to encourage Canadian SMBs to spend time and resources on cybersecurity initiatives. Not only will this help shore up their own long-term viability, but it also supports customer data security, a top priority in the digital age. Interestingly, the survey found that many companies aren’t equipped to defend against these threats. The research found that 64% of small businesses don’t have a security team, and only 1/3 provided cybersecurity training to their employees. Notably, SMBs don’t have to tackle this priority alone. Partnering with a professional Cyber Security company can help augment your cybersecurity posture and transforming weaknesses into strengths.


Avantia Cyber Security to the Rescue: Monitoring the Dark Web for stolen credentials and staff training is a critical pathway for all SME’s who want to provide comprehensive security for their business and their staff. Provided complimentary with all Dark Web Monitoring subscriptions Avantia offers an online Staff Certification training and ‘BullPhish ID’ which compliments that data with simulated phishing attacks and security awareness training campaigns to educate employees online, making your staff the best defence against cybercrime. Call +61 7 30109711 tor Email info@avantiacorp.com.au to find out more.


ACSC Warns Australian Small Businesses About BlueKeep Vulnerability* 

According to a warning by the Australian Cyber Security Centre, thousands of Australian SMBs are at risk of being compromised by the BlueKeep vulnerability that can wreak havoc on outdated Windows operating systems.  The warning comes on the heels of a disclosure by a security researcher who revealed a publicly available Remote Desktop Protocol that can scan for unpatched systems.  The ACSC estimates that 50,000 Australian devices are vulnerable to this malady, which is easily defensible using a patch provided in a software update. 

Unfortunately, for companies that don’t take advantage of the update, their systems can be easily infiltrated by bad actors who steal and destroy company data. Software updates are critical for ensuring that your business is protected in an ever-evolving threat landscape. Moreover, cybersecurity specialists (Like us!) can provide a comprehensive view of your cybersecurity readiness posture, ensuring that all vulnerabilities are accounted for.




Disclaimer*: Avantia Corporate Services Pty Ltd and Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, and up to 56 other countries who provide cyber breach and cyber security information to us in real time. Given their international focus and experience in the cyberspace arena we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the contents accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.

Want The Information  Cyber Criminal's  Don't Want You To Know?

Subscribe below to receive our weekly Threat Updates straight to your inbox.

Call (07) 3010 9711 

info@avantiacorp.com.au

 

Avantia Corporate Services Pty Ltd,                    Level 7, 320 Adelaide Street

Brisbane, Queensland 4000

AUSTRALIA.

  • LinkedIn Social Icon
  • Facebook Social Icon

DISCLAIMER*: Avantia Corporate Services Pty Ltd and Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, and up to 56 other countries who provide cyber breach and cybersecurity information to us in real-time. Given their international focus and experience in the cyberspace arena, we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the content's accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.

*COPYRIGHT 2020* Avantia Corporate Services  PTY LTD - All Rights Reserved.