Subscribe below to receive our weekly Threat Updates straight to your inbox.

Call (07) 3010 9711 

info@avantiacorp.com.au

 

Avantia Corporate Services Pty Ltd,                    Level 7, 320 Adelaide Street

Brisbane, Queensland 4000

  • LinkedIn Social Icon
  • Facebook Social Icon

© 2019 by Avantia Cyber Security. All Rights Reserved.

Disclaimer*: Avantia Corporate Services Pty Ltd and Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, and up to 56 other countries who provide cyber breach and cybersecurity information to us in real-time. Given their international focus and experience in the cyberspace arena, we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the content's accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.

Search
  • Avantia Threat Update

MALWARE SPITS CASH FROM ATM'S WORLDWIDE

Updated: Nov 1, 2019



This Past Week sees ATM malware breach spreads worldwide; Mobile phones targeted with Spyware; Chinese Govt App spies on 100million citizens; Microsofts top 6 Email Security best practices; Major breaches in Holland, United Kingdom, Canada and USA including hackers hijack a shoe company’s email list, patients are upset about healthcare data breaches, Twitter comes under fire for data misuse*


Customers Effected by Data Breaches reported in this Briefing this past week:

394,607 **

(**3/8 organisations highlighted in this briefing were unable to quantify Customers effected.)


Top Dark Web ID Trends*: Top Source Hits: ID Theft Forums

Top Compromise Type: Domain 

Top Industry: Education & Research

Top Employee Count: 501+ Employees 



MALWARE THAT SPITS CASH FROM ATM’S SPREADS AROUND THE WORLD*

A joint investigation between Motherboard and the German broadcaster Bayerischer Rundfunk (BR) has uncovered new details about a spate of so-called “jackpotting” attacks. At 10am on a late November morning in Freiburg, Germany, a bank employee noticed something was wrong with a bank ATM. "Ho-ho-ho! Let's make some cutlets today!" Cutlet Maker's control panel reads, alongside cartoon images of a chef and a cheering piece of meat. In an apparent Russian play-on-words, a cutlet not only means a cut of meat, but a bundle of cash, too. Jackpotting is a technique where cybercriminals use malware or a piece of hardware to trick an ATM into ejecting all of its cash, no stolen credit card required. Hackers typically install the malware onto an ATM by physically opening a panel on the machine to reveal a USB port.In some cases, we have identified the specific bank and ATM manufacturer affected. Although a European non-profit said jackpotting attacks have decreased in the region in the first half of this year, multiple sources said the number of attacks in other parts of the world has gone up. Attacked regions include the U.S., Latin America, and Southeast Asia, and the issue impacts banks and ATM manufacturers across the financial industry. "The U.S. is quite popular," a source familiar with ATM attacks said. Motherboard and BR granted multiple sources, including law enforcement officials, anonymity to speak more candidly about sensitive hacking incidents. During the annual Black Hat cybersecurity conference in 2010, late researcher Barnaby Jack demonstrated live on stage his own strain of ATM malware. The audience broke into applause as the ATM displayed the word "JACKPOT" and ejected a steady stream of bank notes. Now, similar attacks have been deployed in the wild. In that Freiburg instance no cash was stolen, the law enforcement official said but Christoph Hebbecker, a prosecuting attorney for the German state of North Rhine-Westphalia, said his office is investigating 10 incidents that took place between February and November 2017, including attacks in which thieves did make off with bundles of cash. In all, hackers stole 1.4 million Euro ($1.5 million), Hebbecker said. Hebbecker added that because of the similar nature of the attacks, he believes they are all linked to the same criminal gang. In some cases, the prosecutors have video evidence, but they have no suspects so far, they added. "The investigation is still ongoing," Hebbecker said in an email in German. Multiple sources said a number of the 2017 attacks in Germany impacted the bank Santander; two sources said they specifically involved the Wincor 2000xe model of ATM, made by the ATM manufacturer Diebold Nixdorf. "In general, we do not comment on dedicated, single cases," Bernd Redecker, director of corporate security and fraud management at Diebold Nixdorf, said in a phone call. "However, we are of course dealing with our customers on jackpotting, and we are aware of these cases. "Diebold Nixdorf has also sold these ATMs to the U.S. market. A Santander spokesperson said in an emailed statement, "Protecting our customers’ information and the integrity of our physical network is at the core of what we do. Our experts are involved at every stage of product development and operations to protect customers and the bank from fraud and cyber threats. This focus on protecting our data and operations prevents us from commenting on specific security issues. "Officials in Berlin said they had faced at least 36 jackpotting cases since spring 2018, resulting in several thousand Euro being stolen. They declined to name the specific malware used. In all, authorities have recorded 82 jackpotting attacks in Germany across different states in the past several years, according to police spokespeople. However, not all of those attacks resulted in successful cash-outs. It's important to remember ATM jackpotting is not limited to a single bank or ATM manufacturer, though. It is likely the other attacks impacted banks other than Santander; those are simply the attacks our investigation identified. "You will see this across all vendors; this is not dedicated towards a specific machine, nor towards a specific brand, and definitely not a region," Redecker said. "You will see this across all vendors; this is not dedicated towards a specific machine, nor towards a specific brand, and definitely not a region," Redecker said. "These are very old, slow machines," the source familiar with ATM attacks said. ATM manufacturers have made security improvements to their devices, Redecker from Diebold Nixdorf stressed. But that doesn't necessarily mean all ATMs across the industry will be up to the same standard and responsibility on securing access to the ATMs falls on the banks too."In order to execute a jackpotting attack, you have to have access to the internal components of the ATM. So, preventing that first physical attack on the ATM goes a long way toward preventing the jackpotting attack," David N. Tente, executive director of USA, Canada & Americas at the ATM Industry Association (ATMIA), said in an email. Redecker said he's been seeing attacks across the globe since 2012, with Germany suffering its first jackpotting attacks in Berlin in 2014.Around the time of the 2017 attacks, researchers at cybersecurity firm Kaspersky published research showing Cutlet Maker for sale on hacking forums since May of that year. It seemed anyone with a few thousand dollars could buy the malware, and have a go at jackpotting ATMs themselves. "The bad guys are selling these developments [malware] to just anybody," David Sancho, senior threat researcher at cybersecurity firm Trend Micro, and who works with Europol on jackpotting research, said. That has enabled smaller outfits or enterprising criminals to start targeting ATMs, he added. "Potentially this can affect any country in the world," Sancho said.Motherboard spoke to one cybercriminal claiming to sell the Cutlet Maker malware. "Yes I'm selling. It costs $1000," they wrote in an email, adding that they can offer support on how to use the tool as well. The seller provided screenshots of an instruction manual in Russian and English, which steps potential users through how to empty an ATM. Sections of the manual include how to check how many banknotes are inside the ATM, and installing the malware itself. The European Association for Secure Transactions (EAST), a non-profit that tracks financial fraud, said jackpotting attacks decreased 43 percent over the previous year, in a report published this month. But it's worth stressing that EAST's report only covers Europe. "It happens in parts of the world where they don't have to tell anybody about it," the source familiar with ATM attacks added. "It's increasing, but, again, the biggest problem we've got is that nobody wants to report this. "That lowering of the barrier of entry to ATM malware has arguably driven to some of the spike in jackpotting attacks. In January 2018, the US Secret Service began financial institutions of the first jackpotting attacks in the U.S., although those used another piece of ATM malware called Ploutus.D. "Globally, our 2019 survey indicates that jackpotting attacks are increasing," Tente from ATMIA wrote in an email. As the source familiar with ATM attacks said, "There are attacks happening, but a lot of the time it's not publicized. "On Friday, the FBI issued a confidential notice to banks warning them that hackers are planning a global heist that will allow them to withdraw large sums of money from ATMs, according to an email obtained by security researcher Brian Krebs. “The FBI has obtained unspecified reporting indicating cyber criminals are planning to conduct a global Automated Teller Machine (ATM) cash-out scheme in the coming days, likely associated with an unknown card issuer breach and commonly referred to as an “unlimited operation” the FBI letter to banks reads. Historically, ‘unlimited operations’ have targeted smaller banking institutions because they are less likely to have robust security mechanisms. In 2016, for example, cybercriminals stole $570,000 from Virginia’s National Bank of Blacksburg in an unlimited attack and only a few months later launched another unlimited attack against National Bank to the tune of nearly $2 million. The bank was compromised through a phishing attack that embedded malicious code in a Microsoft Word document.


MOBILE PHONES TARGETED WITH SPYWARE*

Mobile phones of two prominent human rights activists were repeatedly targeted with Pegasus, the highly advanced spyware made by Israel-based NSO, researchers from Amnesty International reported this week. The Moroccan human rights defenders received SMS text messages containing links to malicious sites. If clicked, the sites would attempt to install Pegasus, which is one of the most advanced and full-featured pieces of spyware ever to come to light. One of the activists was also repeatedly subjected to attacks that redirected visits intended for Yahoo to malicious sites. Amnesty International identified the targets as activist Maâti Monjib and human rights lawyer Abdessadak El Bouchattaoui. It's not the first time NSO spyware has been used to surveil activists or dissidents. In 2016, United Arab Emirates dissident Ahmed Mansoor received text messages that tried to lure him to a site that would install Pegasus on his fully patched iPhone. The site relied on three separate ZeroDay Vulnerabilities in iOS(A ‘ZeroDay Vulnerability‘ is a software security flaw that is known to the software vendor but doesn’t have a patch in place to fix the flaw. It has the potential to be exploited by cybercriminals). According to previous reports from Univision, Amnesty International, and University of Toronto-based Citizen Lab, NSO spyware has also targeted:

150 people, including US citizens and opposition critics chosen by an ex-president of Panama

22 journalists and activists researching corruption in the Mexican government

Two people,one an Amnesty International researcher and the other a dissident in Saudi Arabia

A potent attack exploiting a vulnerability in both the iOS and Android versions of WhatsApp was used to install Pegasus, researchers said five months ago. Last week, Google also uncovered evidence NSO was tied to an actively exploited Android zeroday that gave attackers the ability to compromise millions of devices. It's not known who the targets were in either of those attacks.

This week's report said that the targeting of the two Morrocan human rights defenders began no later than November 2017 and likely lasted until at least July of this year. In 2017 and 2018, the men received text messages that contained links to sites which Amnesty International previously said was part of NSO's exploit infrastructure. Other domains included revolution-news (which Citizen Lab has identified as tied to NSO) and the previously unknown site (which appears to impersonate Moroccan ecommerce company Hmizate. Starting this year, Monjib's iPhone started being suspiciously redirected to malicious sites. An analysis of logs Safari stores of each visited link and the origin and destination of each visit showed the redirects happened after Monjib entered "yahoo.fr" in the address bar of his Safari browser. Under normal conditions, Safari would quickly be redirected to the encrypted link. These redirections were possible only because the initial connection to Yahoo wasn't protected by an encrypted HTTPS connection. In the redirection from July, Monjib again tried to access Yahoo, but instead of typing an address in the browser, he searched for "yahoo.fr mail" on Google. When he clicked the result, he landed on the correct site. Authors of this week's report wrote: “We believe this is a symptom of a network injection attack generally called "man-in-the-middle" attack.” Through this, an attacker with privileged access to a target's network connection can monitor and opportunistically hijack traffic, such as Web requests. This allows them to change the behavior of a targeted device and, such as in this case, to re-route it to malicious downloads or exploit pages without requiring any extra interaction from the victim. Such a network vantage point could be any network hop as close as possible to the targeted device. In this case, because the targeted device is an iPhone, connecting through a mobile line only, a potential vantage point could be a rogue cellular tower placed in the proximity of the target or other core network infrastructure the mobile operator might have been requested to reconfigure to enable this type of attack. Because this attack is executed "invisibly" through the network instead of with malicious SMS messages and social engineering, it has the advantages of avoiding any user interaction and leaving virtually no trace visible to the victim. Experts believe this is what happened with Maâti Monjib's phone. As he visited yahoo.fr, his phone was being monitored and hijacked, and Safari was automatically directed to an exploitation server which then attempted to silently install spyware. Whenever an application crashes, iPhones store a log file keeping traces of what precisely caused the crash. These crash logs are stored on the phone indefinitely, at least until the phone is synced with iTunes. They can be found in Settings > Privacy > Analytics > Analytics Data. An analysis of Maâti Monjib's phone showed that, on one occasion, all these crash files were wiped a few seconds after one of these Safari redirections happened. It is believed that it was a deliberate clean-up executed by the spyware in order to remove traces that could lead to the identification of the vulnerabilities actively exploited. This was followed by the execution of a suspicious process and by a forced reboot of the phone. Amid growing criticism, NSO Group—which earlier this year was valued at $1 billion in a leveraged buyout by UK-based private equity firm Novalpina Capital—promised in September to follow a human rights policy based on these guiding principles. A key aspect of the policy was to "investigate whenever the company becomes aware of alleged unlawful digital surveillance and communication interception of NSO products."Amnesty International, for its part, remains skeptical. "In the absence of adequate transparency on investigations of misuse by NSO Group and due diligence mechanisms, Amnesty International has long found these claims spurious," this week's report said. "With the revelations detailed in this report, it has become increasingly obvious that NSO Group's claims and its human rights policy are an attempt to whitewash rights violations caused by the use of its products."


CHINESE GOVT SPIES ON 100MILLION CITIZENS FROM OFFICIAL APP*.

Analysis of the Study the Great Nation app found hidden elements that could help monitor use and copy data, said phone security experts Cure 53. The app gives the government "super-user" access, the security firm said. The Chinese government denied the app had the monitoring functions listed by the cyber investigators. Released in February, Study the Great Nation has become the most downloaded free program in China, thanks to persuasive demands by Chinese authorities that citizens download and install it. The app pushes out official news and images and encourages people to earn points by reading articles, commenting on them and playing quizzes about China and its leader, Xi Jinping. Use of the app is mandatory among party officials and civil servants and it is tied to wages in some workplaces. Starting this month, native journalists must pass a test on the life of President Xi, delivered via the app, in order to obtain a press card which enables them to do their jobs. On behalf of the Open Technology Fund, which campaigns on human rights issues, Germany cyber-security firm Cure 53 took apart the Android version of the app and said it found many undocumented and hidden features. In its lengthy report, Cure 53 said Study the Great Nation had "extensive logging" abilities and seemed to try to build up a list of the popular apps an individual had installed on their phone. It was "evident and undeniable that the examined application is capable of collecting and managing vast amounts of very specific data," said the report. The app also weakened encryption used to scramble data and messages, making it easy for a government to crack security. "The app contains code resembling a back door, which is able to run arbitrary commands with super-user privileges," said the report. Adam Lynn, research director at the Open Technology Fund, told the Washington Post, which broke the story: "It's very, very uncommon for an application to require that level of access to the device, and there's no reason to have these privileges unless you're doing something you're not supposed to be."

Cure 53 said there was "no evidence" that this high-level access was being used. but said it was not clear why an educational app would need such access to a phone. One "proven" human-rights violation was the extensive work that had gone into obfuscating the code inside the app which made it very hard to reverse engineer and understand.The Chinese government denied the app worked in the way Cure 53 characterised.

It told the Washington Post that the team behind Study the Great Nation had said there was "no such thing" in the program that resembled the capabilities Cure 53 identified. The Chinese embassy in London has not responded to a request for comment on the report.


MICROSOFT’S TOP 6 EMAIL SECURITY BEST PRACTICES*

Girish Chander, Microsoft's Group Program Manager of Office 365 Security wrote an excellent post on their blog titled "Top 6 email security best practices to protect against phishing attacks and business email compromise". He started out with: "Most cyberattacks start over email—a user is tricked into opening a malicious attachment, or into clicking a malicious link and divulging credentials, or into responding with confidential data. Attackers dupe victims by using carefully crafted emails to build a false sense of trust and/or urgency. And they use a variety of techniques to do this—spoofing trusted domains or brands, impersonating known users, using previously compromised contacts to launch campaigns and/or using compelling but malicious content in the email. In the context of an organization or business, every user is a target and, if compromised, a conduit for a potential breach that could prove very costly. "Whether it’s sophisticated nation-state attacks, targeted phishing schemes, business email compromise or a ransomware attacks, such attacks are on the rise at an alarming rate and are also increasing in their sophistication. It is therefore imperative that every organization’s security strategy include a robust email security solution. So, what should IT and security teams as well as SME owners be looking for in a solution to protect all their users, from frontline workers to the Senior Executices? Here are 6 tips to ensure your organization has a strong email security posture. "Girish says "Your users are the target. You need a continuous model for improving user awareness and readiness. An informed and aware workforce can dramatically reduce the number of occurrences of compromise from email-based attacks. Any protection strategy is incomplete without a focus on improving the level of awareness of end users. A core component of this strategy is raising user awareness through Phish simulations, training them on things to look out for in suspicious emails to ensure they don’t fall prey to actual attacks. Another, often overlooked, but equally critical, component of this strategy, is ensuring that the everyday applications that end-users use are helping raise their awareness. Capabilities that offer users relevant cues, effortless ways to verify the validity of URLs and making it easy to report suspicious emails within the application — all without compromising productivity — are very important. Solutions like the ‘BullPhish’ utilised by Avantia Cyber Security and others that offer Phish simulation capabilities are key. “Look for deep email-client-application integrations that allow users to view the original URL behind any link regardless of any protection being applied. This helps users make informed decisions. In addition, having the ability to offer hints or tips to raise specific user awareness on a given email or site is also important. And, effortless ways to report suspicious emails that in turn trigger automated response workflows are critical as well."



THREAT FOCUS: Hookers.nl - HOLLAND* 

https://www.pcmag.com/news/371264/hacker-loots-data-on-250-000-users-of-dutch-prostitution-sit

Exploit: Unauthorized database access

Hookers.nl: Adult entertainment website

Risk to Small Business: 1.888 = Severe: Hackers accessed a database for the adult website, attaining the personal details for thousands of users. Making matters worse, the bad actor is actively trying to sell this information on the Dark Web. While the sensitive nature of the information is somewhat unique, the incident underscores the robust market for personal details that can be used for everything from extortion schemes to spear phishing attacks.

Individual Risk: 2.714 = Moderate: Personally identifiable information, including email addresses, user names, IP addresses, and scrambled passwords were compromised. Those impacted by the breach should be especially leery of sextortion attempts that seek a cryptocurrency ransom in exchange for concealing embarrassing personal details from publication.

Customers Impacted: 250,000

Effect On Customers: Consumers trust digital platforms to protect their personal information, and failure to do so can be detrimental to any business's success. Simply put, any relevant business plan needs to include an intentional approach to data security that actively protects users’ information, and companies that can’t achieve these objectives are unlikely to remain competitive as consumers take their business elsewhere and regulatory consequences eat away at their profits.

Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: We go into the Dark Web to keep you out of it. Dark Web ID™is the leading Dark Web monitoring platform. The award-winning platform combines human and sophisticated Dark Web intelligence with search capabilities to identify, analyse, and proactively monitor for an organization’s compromised or stolen employee and customer data. Call Avantia on 07 30109711 (Business Hours) or Email info@avantiacorp.com.au to schedule a no obligation demonstration of our capabilities and a complimentary ‘real time’ search for you and your employees business & private credentials (username & passwords) available for purchase right now for as little as $1 on the Dark Web.


THREAT FOCUS: Norfolk & Norwich University Hospital - UNITED KINGDOM*

https://www.edp24.co.uk/news/politics/norfolk-and-norwich-university-hospital-data-breach-1-6319114

Exploit: Accidental data exposure

Norfolk and Norwich University Hospital: Healthcare provider issuing services in Norfolk, England

Risk to Small Business: 2 = Severe: A clerical error stemming from the hospital’s IT infrastructure resulted in eleven people receiving letters containing personal information from other patients. The breach was identified when a patient returned one of the letters to the hospital. Administrators are reaching out to those affected, but their efforts haven’t satiated the victims’ concerns. Instead, they are taking to the media to express their displeasure with the healthcare provider’s data security standards.

Individual Risk: 2.571 = Moderate: The letters contained patients’ names, addresses, dates of birth, and reason for attendance. Because of the small scope of data exposure, patients’ carry little risk of identity theft or other related crimes, but they should be mindful that their information was accessible by unintended third parties.

Customers Impacted: 11 Effect On Customers: Data exposure is a big deal to today’s consumers, and, regardless of the breach methodology, they will hold companies accountable. In this case, patients spoke directly with the media, expressing their displeasure with Norfolk and Norwich University Hospital’s data security protocols. This negative publicity can have far-reaching consequences that can reach much further than the initial damage of the data breach.

Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: We go into the Dark Web to keep you out of it. Dark Web ID™is the leading Dark Web monitoring platform. The award-winning platform combines human and sophisticated Dark Web intelligence with search capabilities to identify, analyze, and proactively monitor for an organization’s compromised or stolen employee and customer data. Call Avantia on 07 30109711 (Business Hours) or Email info@avantiacorp.com.au to schedule a no obligation demonstration of our capabilities and a complimentary ‘real time’ search for you and your employees business & private credentials (username & passwords) available for purchase right now for as little as $1 on the Dark Web.


THREAT FOCUS: TransUnion Credit - CANADA*

https://www.cbc.ca/news/business/transunion-data-breach-1.5315488

Exploit: Unauthorized database access

TransUnion: Consumer credit reporting agency

Risk to Small Business: 2.111 = Severe: Using compromised user credentials, hackers accessed the personal information of Canadian TransUnion customers. The breach, which occurred between June 2019 and July 2019 and detected in August, shines a spotlight on the company’s delayed breach response and notification process. Although the company’s IT infrastructure wasn’t at fault, their inability to account for a holistic vulnerability that allowed hackers using stolen credentials to access their customers’ information, will bring negative media scrutiny and public attention to the company.

Individual Risk: 2.857 = Moderate: TransUnion did not release a specific overview of the compromised data; however, the sensitive nature of their business means that personally identifiable information was likely included in the event. Notably, the company acknowledged that credit report data was exposed in the breach. This can include individuals’ names, dates of birth, current and former addresses, information on existing card and loan obligations, social insurance numbers, and other sensitive data.

Customers Impacted: 37,000 Effect On Customers: The deluge of data breaches in the past several years have made login credentials widely available to bad actors. Therefore, today’s companies should be proactive about identifying compromised credentials and taking intentional steps to limit accessibility using this information. Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: Dark Web ID™ monitors the Dark Web to find out if your employee or customer data has been compromised. We work with our Clients to strengthen their security posture by offering industry-leading detection. Call Avantia on 07 30109711 (Business Hours) or Email info@avantiacorp.com.au to schedule a no obligation demonstration of our capabilities and a complimentary ‘real time’ search for you and your employees business & private credentials (username & passwords) which may be available for purchase right now for as little as $1 on the Dark Web.


THREAT FOCUS: PAL Airlines - CANADA*

https://www.news957.com/business/2019/10/07/pal-airlines-investigating-data-breach-involving-customer-employee-information/

Exploit: Unauthorized database access

PAL Airlines: Economy airlines serving multiple locations

Risk to Small Business: 1.777 = Severe: A single employee email account was compromised, giving hackers access to sensitive customer and employee data. In response, the company is working with the federal authorities to determine the exact cause and scope of the incident. In the meantime, the airline is making efforts to contact customers, a necessary next step but one that is also unlikely to reduce the blowback resulting from lax cybersecurity standards.

Individual Risk: 2.571 = Moderate: Although hackers only accessed limited amounts of personal information, they did have access to customer and employee names, dates of birth, and credit card information. This data can quickly spread on hacker forums and Dark Web marketplaces, so those impacted by the breach should notify their financial institutions of the breach while also monitoring their accounts for unusual or fraudulent activity.

Customers Impacted: Unknown Effect On Customers: Customers and regulatory bodies are increasingly unwilling to overlook companies that can’t protect their data. Therefore, even relatively small data breaches can have an outsized bottom-line impact that can far outlast the actual data loss event. In today’s digital landscape, minimizing risk exposure and ensuring appropriate defenses is a critical component of any successful business. Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


ID Agent to the Rescue: We go into the Dark Web to keep you out of it. Dark Web ID™is the leading Dark Web monitoring platform. The award-winning platform combines human and sophisticated Dark Web intelligence with search capabilities to identify, analyze, and proactively monitor for an organization’s compromised or stolen employee and customer data. Call Avantia on 07 30109711 (Business Hours) or Email info@avantiacorp.com.au to schedule a no obligation demonstration of our capabilities and a complimentary ‘real time’ search for you and your employees business & private credentials (username & passwords) available for purchase right now for as little as $1 on the Dark Web.


THREAT FOCUS: Methodist Hospitals - UNITED STATES*

https://www.bleepingcomputer.com/news/security/phishing-incident-exposes-medical-personal-info-of-60k-patients/

Exploit: Phishing attack

Methodist Hospitals: Community-based healthcare system located in Gary, Indiana

Risk to Small Business: 1.222 = Extreme: A successful phishing attack against two employees compromised the private health data for thousands of patients. The incident occurred in June, but the healthcare provider didn’t finish investigating the breach until August. It’s unclear why the company waited two months before making the breach public. Regardless, Methodist Hospitals will face intense regulatory scrutiny due to the nature of information involved.

Individual Risk: 2.142 = Severe: The compromised data was accessed on June 12th or between July 1st and July 8th. It included patient names, addresses, health insurance information, Social Security numbers, government ID information, passport numbers, financial account numbers, payment card information, electronic signatures, usernames, and passwords. This incredibly expansive data set has great value on the Dark Web, as it can be used to perpetuate additional cybercrimes. Therefore, those impacted by the breach should take every precaution to protect their data, including contacting their financial institutions and enrolling in credit and identity monitoring services

Customers Impacted: 68,039 Effect On Customers: Today’s digital landscape is replete with threats, but companies are not defenseless. Phishing scams require employees to actively compromise their credentials, and comprehensive awareness training can equip team members to identify and report fraudulent communications, effectively rendering them useless and creating a safe environment for your customers’ data.

Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: BullPhish ID simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime.Call Avantia on 07 30109711 (Business Hours) or Email info@avantiacorp.com.au to schedule a no obligation demonstration of our capabilities and a complimentary ‘real time’ search for you and your employees business & private credentials (username & passwords) available for purchase right now for as little as $1 on the Dark Web.


THREAT FOCUS: TOMS Fashion Accessories - UNITED STATES*

https://www.vice.com/en_ca/article/a35434/toms-shoes-mailing-list-hacked-hacker-says-log-off

Exploit: Unauthorized database access

TOMS: Designer and producer of shoes, eyewear, coffee, apparel, and handbags

Risk to Small Business: 2.333 = Severe: In an unusual cybersecurity incident, a hacker hijacked the mailing list for TOMS and sent a message encouraging customers to log off their devices and enjoy the outdoors. The message was not malicious in nature, but the hacker admitted that he accessed the platform for a significant time period before sending the email. The hacker also ridiculed bad actors, describing their actions in obscene language sent to TOMS customers. Fortunately, the hacker didn’t disrupt any other elements of TOMS’ IT infrastructure, but his actions highlight the company’s weak cybersecurity standards, which could negatively impact the company on many fronts.

Individual Risk: No personal information was compromised in the breach.

Customers Impacted: Unknown Effect On Customers : Today’s customers value cybersecurity as highly as any other component of a company. This incident broadly publicized the company’s shortcomings, inviting media and customer scrutiny and serving as a warning for other companies to protect their IT environment at every level. This time, the breach was merely embarrassing, but the next one could be devastating.

Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: BullPhish ID simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime.Call Avantia on 07 30109711 (Business Hours) or Email info@avantiacorp.com.au to schedule a no obligation demonstration of our capabilities and a complimentary ‘real time’ search for you and your employees business & private credentials (username & passwords) available for purchase right now for as little as $1 on the Dark Web.


THREAT FOCUS: Magnolia Pediatrics - UNITED STATES*

https://www.beckershospitalreview.com/cybersecurity/louisiana-clinic-hit-by-ransomware-attack.html

Exploit: Ransomware

Magnolia Pediatrics: Full service pediatric medical provider

Risk to Small Business: 1.555 = Severe: A ransomware attack on the clinic’s IT company allowed hackers to access Magnolia Pediatrics’ network and encrypt it with ransomware. The company paid an undisclosed fee and received a decryption code to retrieve their information. Now, the practice has reset all user passwords, and they installed new firewalls and spam filters to protect against similar threats in the future. Of course, such retroactive measures cannot undo the costs associated with ransom payments, bad press, and negative publicity that could encourage patients to take their business elsewhere.

Individual Risk: 2.428 = Severe: Hackers encrypted patient data, including names, dates of birth, Social Security numbers, addresses, phone numbers, insurance information, and medical records. Magnolia Pediatrics doesn’t believe that any patient data was misused in the breach, but they are encouraging all users to monitor their credit card statements for unusual activity.

Customers Impacted: Unknown Effect On Customers: Whether companies choose to pay a ransom or restore their IT infrastructure, ransomware attacks are undoubtedly expensive. With additional financial repercussions that can last indefinitely, every company has thousands of reasons to protect their networks from damaging malware. Taking preventative steps before a breach occurs can save time, money, and personnel resources, making defensive maneuvers the cost-effective, advantageous approach to addressing the threat of ransomware.

Risk Levels;

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


ID Agent to the Rescue: We go into the Dark Web to keep you out of it. Dark Web ID™is the leading Dark Web monitoring platform. The award-winning platform combines human and sophisticated Dark Web intelligence with search capabilities to identify, analyze, and proactively monitor for an organization’s compromised or stolen employee and customer data. Call Avantia on 07 30109711 (Business Hours) or Email info@avantiacorp.com.au to schedule a no obligation demonstration of our capabilities and a complimentary ‘real time’ search for you and your employees business & private credentials (username & passwords) available for purchase right now for as little as $1 on the Dark Web.


THREAT FOCUS: UAB Medicine - UNITED STATES* 

https://www.bleepingcomputer.com/news/security/uab-medicine-data-breach-exposes-patient-info-in-phishing-attack/

Exploit: Phishing attack

UAB Medicine: Academic medical centre based in Birmingham, Alabama

Risk to Small Business: 1.666 = Severe: A phishing attack tricked several employees into providing their email credentials to hackers, which subsequently exposed the protected health information for thousands of patients. The email purported to originate from a hospital executive, asking employees to participate in a fake business survey. Executives believe that hackers were trying to access the healthcare provider’s payroll system, but they were prevented from reaching this information. Regardless, the August 7th breach will have significant impact on the patients whose data was compromised and on UAB Medicine, as they will bear the cost of credit monitoring and identity theft protection services as well as the increased regulatory scrutiny because of the nature of the information involved.

Individual Risk: 2.571 = Moderate: Hackers had access to patients’ protected health information, including names, medical record numbers, dates of birth, dates of service, location of service, and other medical-related information. Some patients also had their Social Security numbers compromised. UAB Medicine is encouraging anyone impacted by the breach to closely monitor their accounts and benefit statements for fraudulent activity. In addition, they should enroll in the year of free credit and identity monitoring services provided by UAB Medicine.

Customers Impacted: 19,557 Effect On Customers: Despite your best efforts, phishing attacks will likely make their way into your employees’ inboxes at some point. Fortunately, comprehensive awareness training can empower employees to sidestep ongoing efforts at gaining access to your network and compromising your data. Given the growing costs associated with a data breach, the ROI on cybersecurity best practices is remarkably clear, and should be required for every employee with an email account.

Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: BullPhish ID™ simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime.Call Avantia on 07 30109711 (Business Hours) or Email info@avantiacorp.com.au to schedule a no obligation demonstration of our capabilities and a complimentary ‘real time’ search for you and your employees business & private credentials (username & passwords) available for purchase right now for as little as $1 on the Dark Web.



POSTSCRIPT*:


20,000 E-commerce Sites Could Be Compromised by Magecart*

Providing an online shopping experience is increasingly critical for SMEs looking to stay ahead of the competition. Unfortunately, malware attacks are infecting the checkout page of many stores, compromising customer payment data and undermining companies’ efforts to attract business through their websites.  This reality became even more prescient this week when the notorious Magecart malware infected Volusion, a cloud hosting platform for online stores. Already, more than 6,500 stores have been compromised, and Volusion boasts a customer base of more than 20,000 companies, so the number of infected web stores might continue to grow. Most prominently, Volusion hosts the Sesame Street Live online store, which was brought offline after the attack was revealed. Now thousands of companies will be left grappling with the consequences of lost sales both now and in the future. Notably, this underscores the importance of understanding the specific cyberthreat landscape that most prominently impacts your business. If necessary, get third-party support from cybersecurity experts to adequately identify your risks and to establish best practice responses that ensure that your business benefits because of your IT environment.


Twitter Uses Two-Factor Data for Targeted Advertising* 

Implementing cybersecurity best practices are critical for today’s companies, especially in regards to securing infrastructure throughout an increasingly complicated threat environment. Unfortunately, in many cases, organisations rely on their customers to adopt these priorities in order to effectively protect their data.  These protocols include initiatives such as using strong, unique passwords to secure accounts and implementing two-factor authentication to further secure this information. Of course, companies undermine user adoption when they use that information to serve up targeted advertising. This week, Twitter acknowledged that it used the phone number and email address data from its two-factor authentication protocol to developing targeted advertisements. The information was used by the company’s tailored audiences program that allows companies to create targeted advertisements by matching their own marketing lists with Twitter user data. The company resolved the issue on September 17th, but it’s unclear how long companies benefit from this security-centered information. More importantly, this misuse of personal data might discourage users from adopting these security protocols in the future, a decision that would put both parties at risk for a data breach.




Disclaimer*: Avantia Corporate Services Pty Ltd and Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, and up to 56 other countries who provide cyber breach and cyber security information to us in real time. Given their international focus and experience in the cyberspace arena we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the contents accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.


*COPYRIGHT 2019 Avantia Corporate Services - All Rights Reserved.

355,050