MEDICARE CARD DETAILS FOR SALE ON THE DARK WEB RIGHT NOW.

This Past 2 Weeks: Australian Medicare Cards available for purchase on the Dark Web; 5 things you may know about Cyber Security training; Gamer company ZYNGA breached - 170 Million Usernames/Passwords stolen; ELASTICSEARCH server reveals 4 billion user accounts, spanning more than 4 terabytes of data exposed; too many companies are giving in to criminals’ demands and major data breaches in AUSTRALIA; GERMANY; CANADA & UNITED STATES.

Dark Web ID Trends: Top Source Hits: ID Theft Forums

Top Compromise Type: Domain 

Top Industry: High-Tech & IT

Top Employee Count: 11 - 50 Employees 

MEDICARE CARD DETAILS AVAILABLE FOR PURCHASE ON THE DARK WEB.

The Medicare card details of three former Australian Federal Police (AFP) commissioners were advertised for sale on a dark web marketplace, a revelation likely to raise significant concerns about the integrity of Medicare card information. Key points are:

Medicare details of three former AFP commissioners were advertised for sale on the dark web

Medicare credentials can be used in identification fraud

The introduction of the My Health Record has increased concerns about the privacy of health details

The Australian Broadcasting Commission (ABC) reveals that former Australian Federal Police (AFP) Commissioners Andrew Colvin, Mick Keelty and Tony Negus potentially had their personal details sold on a Dark Web site. The availability of Mr Colvin's data appears to have occurred while he was still Commissioner. The revelations are contained in a cache of documents obtained by the ABC that outline the efforts the AFP has taken to combat the sale of Government Medicare Card records and other Government information published on the Dark Web. Medicare credentials are valuable to organised crime groups. They can potentially be used for identification fraud to purchase goods or properties, or obtain fraudulent payments from Medicare. The targeting of high-profile law enforcement figures raises other concerns that the data could be used to impersonate a public official or gain access to other forms of identification or personal information. In July 2017 when reports first emerged that the Medicare card details of any Australian were available for sale on popular dark web site Alphabay, the AFP initiated Operation Elaphiti to investigate the allegations. The Department of Human Services is responsible for the integrity of the Medicare card system. Diary records from a federal agent tasked to the investigation written in July 2019 note there have been "2 sales of Colvin/Negus/Keelty details + more on Alphabay market". The officer later wrote "C's Details compromised", and that he had been advised to email another AFP team and "they will ascertain privacy & security implication". A spokeswoman for the AFP said: "We understand the details were available for sale on the dark web. "We are not aware whether details were actually sold." The specific nature of the sales listings relating to the former police commissioners is unusual. Dark web sites, which often look like online auction pages, more commonly provide identification details in more general terms, for instance offering templates of fake drivers licenses. In 2017 an independent review into Medicare card access recommended a number of changes to the Department of Human Services. More than 200,000 people across the country can potentially access Medicare card information for any Australian. Associate Professor Vanessa Teague at the University of Melbourne's school of computing systems said the specific reference to police officers' card details was "very disturbing", although the motivation of the Dark Web vendor was unclear. "I don't necessarily see it as evidence of particularly malicious activity directed necessarily against those police officers. It could just be showing off," she said. Ms Teague said that potentially any prominent person could have their Medicare card details accessed, because the system only required knowledge of a person's name and date of birth. "One possible explanation might simply be as a way of advertising, that they could get anybody's details, which evidently they can," she said. Department of Human Services general manager Hank Jongen told the ABC he was unable to comment on individual cases. "Since we first became aware of Medicare details being sold on the dark web in 2017, we have taken all necessary steps to ensure the security of Australians' health information," Mr Jongen told the ABC. The AFP's acting commander of cybercrime operations Chris Goldsmid said the agency was intently focused on investigating a range of criminal activities on Dark Web sites. "In terms of cybercrime operations, we see criminals and the people that we're investigating making a lot of use of dark net forums to sell identification documents, others types of personal information, credit card details, and essentially anything that can be used to facilitate access to accounts and theft of money," he told the ABC. The primary use of identification documents such as Medicare card details for criminal groups is to help them build a false identity that could then potentially be used to engage in identity fraud or commit other crimes. "The use criminals make of those details is really the profit motive, to either directly buy details that can be used to purchase items, or gain access to accounts to steal money," Mr Goldsmid said. He outlined a number of challenges around investigating dark web sites, including technical challenges and potentially jurisdictional ones. He said the AFP had recently conducted an investigation into an alleged fraud syndicate siphoning funds out of superannuation accounts. The syndicate had allegedly purchased identity information on dark web sites as part of its scheme. Mr Goldsmid did not have operational oversight of the Medicare investigation Operation Elaphiti, but was aware of its details. "I am aware that three former AFP commissioners may have had their details available on a dark web marketplace for purchase," he said. "What this does highlight is that anyone, even former commissioners of the AFP, can be the victim of identity fraud online." The AFP executed several search warrants following the initial reports about the sale of Medicare cards in July 2017, but no charges have been brought in relation to their sale. In September 2018 the Department of Human Services cyber team advised the AFP that a vendor on another dark web site was selling Medicare card credentials. The federal agent investigating the case said they were already aware of the issue, but were "reluctant to pursue due to resources". Operation Elaphiti was suspended in June 2018. Government agencies are acutely aware of the intense public scrutiny relating to the security of health related information after significant controversy over the Federal Government's My Health Record scheme. In a heading titled Political/Media Considerations, the federal agent noted that "with the changes earlier this year to My Health Record from an opt in to an opt out system, and the ensuing media coverage, vulnerabilities within the Medicare system are highly likely to attract significant political and media interest". Ms Teague said she had previously conducted a test that found that Medicare card credentials could potentially be used in conjunction with a "small amount" of additional personal information to potentially access a person's My Health Record. Mr Hongen said the department was "confident in the robust monitoring and fraud detection mechanisms we have in place to protect Medicare details". He added that the department had implemented 13 out of 14 recommendations from the independent review. The Alphabay website where at least 160 sales of Medicare card details occurred was brought down by US law enforcement in August 2017. In similar investigations, the AFP is heavily reliant on the provision of data from the United States and other countries by mutual assistance requests. But the progress of international requests for data can often be lengthy. An April 2019 case note outlined the investigation was still waiting for further information from overseas. "Case to remain in suspension at this time," the note read. "Once the material is received the case can be re-activated and investigators can begin assessment of the material to establish further lines of enquiry with the aim to identify the [dark web] vendor."

FIVE THINGS YOU MAY NOT KNOW ABOUT SECURITY AWARENESS TRAINING

The discipline of security awareness is chock-full of assumptions and misconceptions. As a side-effect, leaders often feel that programs are ineffective and that training humans is a lost cause. But those conclusions couldn’t be further from the truth. Time and time again — it has been proven that training humans isn’t a lost cause; in fact, your people are your last line of defense whenever all other technology-based security layers are circumvented. So, where’s the disconnect? Well, I’m glad you asked. I think there are five things that many leaders miss when it comes to security awareness. Let’s take a few moments to explore these.

1. The knowledge-intention-behavior gap : Many traditional security awareness programs fail to account for what is called the knowledge-intention-behavior gap. Simply stated, information alone doesn’t lead to behavior change. Information alone doesn’t lead to caring or the intent to act on the information. And even when someone cares and intends to act on the information that they’re received, there is no guarantee that they will act on that information at the moment of behavior. This gap exists because there are so many things that compete for our attention and behavioral direction at the point of behavior. And so we may act in ways that completely negate our knowledge and/or intentions. If you need to be convinced, just think about the last time you tried to keep a set of New Year's Resolutions. You had things that you knew were important. And you fully intended to act differently based on that knowledge. But it’s very likely that the behavior didn’t follow! I’m not trying to shame you, just to bring-up the reality of the situation. Out of the knowledge-intention-behavior gap flow three realities of security awareness: (1) Just because I’m aware doesn’t mean that I care. (2) If you try to work against human nature, you will fail. (3) What employees do is way more important than what they know.

2. Your Content is Your Face and Reputation to your Organization : As a business eader, your content is your brand. Let’s face it — if you are in a large organization, there is no way that you’ll have time to meet everyone and let them get to know you. And so, you will be known and judged by the quality and relatability of the materials that you put in front of your employees. Your security awareness program materials and methods will greatly influence how the rest of the organization views you and seeks to interact with you. That means that your content and the systems that you put in front of people need to be as good or better than anything else they interact with. If you go with substandard security awareness content, your people will feel that security (by extension) is not important and that you are irrelevant and out-of-touch. But relevant, relatable, and quality content will help build a sense of connectedness and community with your workforce.

3. It is a proven fact that frequent training has a demonstrable benefit to the resilience of your organization : I’ll call your attention to two great reports. First, Javvad Malik, recently took the time to do an analysis of 100 different industry threat intel reports in search of the most common causes of data breaches.

The two most common causes of data breaches are:

(1) human error/social engineering, and (

2) unpatched software.

So, if human error and falling victim to social engineering scams is the number one reason that organizations are breached, then what’s the answer. It’s security awareness training. And the good news is that security awareness training that includes frequent simulated social engineering attacks is a provable method for reducing an employee’s susceptibility to phishing. ( ‘Phishing’ is the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.) Here’s the data = Security awareness, coupled with simulated phishing attacks at least every 30 days will drastically increase an organization’s resilience to phishing. We’ve consistently seen organizations who’ve never conducted phishing tests begin with a baseline phish-prone percentage of nearly 30%. After 3 months of training, that percentage goes down by about half. And then, after 12 months, that percentage does down to around 2%. I was just presented with our updated numbers covering roughly 36 million email accounts, and the trends hold true.

4. At all times you are either building strength or allowing atrophy : Security awareness is all about building strength and motor memory. The only way that you can get consistent results that will help stop social engineering and employee error is through frequent and consistent training.The physical equivalent to this is going to the gym. You don’t get in shape by only excersising once. And, you also know that if you only exercise once per year, or even once per quarter, you aren’t going to see results. The only way to create long term change is to make excercise a part of your lifestyle. This is what traditional security awareness programs get wrong and why organizations that have a check-the-box approach to training get wrong. They implement programs that are the equivalent to going to the gym once per year. Lasting change requires lasting commitment. If you stop training, you regress. In the same way that if you stop excercising, your muscles begin to atrophy, your people’s awareness and security-related behavior patterns will slide from order to chaos if you aren’t constantly reinforcing the training. That’s the physics of the situation; as with all things, the law of entropy holds.

5. You are probably measuring and reporting the wrong things : Many organizations measure the success of their awareness programs by counting the number of employees who completed training. Or they look at average post-training test scores. Or they count page views for their newsletters, and so on. While these numbers may be interesting in that they are an indicator of engagement and reach, they say nothing about what really matters. Specifically, they don’t measure if the employees have adopted more secure behaviors. So, how do you measure this? One of the easiest behavior metrics that you can collect is related to the resillance of your employees to phishing attacks. That’s the phish-prone percentage that I mentioned earlier; and it’s important because it is a direct measure of your employee’s likelihood of either becoming the entry point for an attacker or serving as an effective last line of defense. You can and should also be measuring how many of your people are reporting your simulated attacks and suspected phishing emails. Reporting is a positive security behavior that leaders should seek to cultivate within their organizations. After all, the security industry mantra for years has been, “See something. Say something.” Having your employees report suspicious emails and activity makes each and every one of your employees a sentry. Because actions, not knowledge, will determine if your organization will be breached, I’m a big fan of measuring any security-related behavior that I’ve deemed important for my organization. That goes for both digital behaviors and physical behaviors. You can also measure security behaviors that are physical. For example, if you want to encourage your employees to consistently use the shredding bins in your office, then you can measure your initial behavioral baseline by weighing your shred bins for a few weeks before you introduce your shredding campaign. After that baseline measurement, release your campaign elements and weigh again. Continue to do so as you refine your campaign. That gives you a data-driven pre-campaign and post-campaign report.

170 MILLION CREDENTIALS (USERNAME/PASSWORDS) STOLEN Game developer Zynga has been one of the biggest names in mobile and social gaming since these things began a little over a decade ago, becoming an overnight sensation with Farmville and keeping that momentum going with a string of hits such as Words With Friends and Draw Something. Unfortunately, the company has also found a spot on the list of the largest data breaches of all time. A major breach of usernames and passwords that happened this past September has been confirmed by the company in January, and it has turned out to be nearly as big as the initial reports indicated. Over 170 million people appear to have been compromised. The password breach was first reported in September of 2019, when a Pakistani hacker by the name of “Gnosticplayers” reached out to The Hacker News. At the time, the hacker claimed to have gained access to the accounts of 218 million Zynga users including passwords and personal information. Gnosticplayers is a known quantity in the digital criminal underground, having been observed selling hundreds of millions of breached accounts on the dark web since early 2019. Zynga confirmed that the company had been breached in September, but declined to confirm the number of accounts or issue their own estimate until recently. It does not appear that Zynga users were notified when the original breach news broke. The data breach appears to exclusively affect mobile players who installed the Android or iOS version of Words With Friends, Draw Something or the long-defunct OMGPOP platform. Zynga did not specify a breach window. However, given that OMGPOP shut down in 2013 and the number of 170 million accounts is more than double Zynga’s current user base of about 68 million players, it is possible that all accounts dating back to the launch of each game have been compromised. The Hacker News confirmed that the stolen data included passwords, any password reset tokens that users might have requested, full names, email addresses, phone numbers and Facebook IDs. The passwords were secured with SHA-1 cryptography, which has been considered outdated and insecure since before Zynga was even founded. The hacker additionally claims that they were able to access plaintext passwords for about 7 million former users of the OMGPOP platform. The primary concern is the use of these username and password combinations in credential stuffing attacks to compromise accounts at other services that use the same information. However, the password breach also provides enough information for hackers to potentially create targeted phishing attacks made up to look as if they are an official communication from Zynga. Given the size of the breach, it would be wise for anyone with a Zynga account to change their password even if they did not play the affected mobile versions of these games. The amount of account records compromised would make this the 10th largest data breach of all time. Though Zynga issued a public statement admitting to a password breach back in September, some Zynga users are reporting that they received no notification of it from the company then and may still not have been notified. Oz Alashe, CEO of cyber security awareness platform and cloud data analytics platform CybSafe, observed that the amount of time that has passed makes it likely that these stolen passwords have been decrypted: “The disclosure of the full scale and nature of this breach, some three months after the initial announcement, is concerning. This delay, and the initial lack of information provided by Zynga to its users, has put victims at unnecessary risk. “Especially now that the extent of the breach is clear, users who think they may have registered to use one of Zynga’s products, such as Farmville and Words With Friends, should promptly act to change their passwords. “The details compromised in this breach are incredibly serious, including 7 million unprotected passwords. Based on Gnosticplayers’ previous behaviour following similar attacks, the group may well decide to sell these details on the dark web – if they haven’t already done so. “Buyers are likely to use these details as a central database to undertake credential stuffing attacks. Compromised pairs of emails and passwords could be injected into commercial websites like Amazon and Ebay in order to fraudulently gain access. The vast majority of email and password combos won’t work, but a few will. That’s because many people reuse the same credentials on multiple websites.” Since Gnosticplayers has already sold millions of breached accounts on the dark web in 2019 alone, there is no reason to believe these were not also passed on relatively quickly after the early September breach date. While the majority of the passwords stolen were hashed and salted, the outdated SHA-1 encryption has recently shown to be theoretically breakable with as little as about $100,000 USD in cloud computing resources. Criminals who already have local hardware in place could conceivably do it for quite a bit less. It should be assumed that all of these stolen passwords will be available in the wild at some point, if they are not already. Co-Founder and CTO Chris DeRamus of DivvyCloud sees the Zynga password breach as yet more evidence that end users have to take the lion’s share of data security responsibility upon themselves: “Zynga’s response to its breach demonstrates how some organizations tend to view proper security as an afterthought. Companies falsely believe that they are faced with a lose-lose choice of innovating in the cloud and remaining competitive, or prioritizing security but moving at a slower and harming their overall market share as a result. However, this is a false choice – organizations can innovate while remaining secure if they implement the proper security controls as they adopt cloud. An automated cloud security strategy can help organizations detect misconfigurations and other threats, then either alert the appropriate personnel of the issue or trigger an automated remediation – all in real-time.” Robert Prigge, President of Jumio, suggests that biometric authentication may be necessary to protect against password breach incidents like these in the future: “Zynga’s data breach exposing the usernames, emails and passwords of more than 200 million users further demonstrates that user data is never safe. Whether playing innocent games on your phone or ordering food from DoorDash, cybercriminals are looking for every opportunity possible to acquire user data. This exposed information is sure to find a home on the dark web, enabling fraudsters to log into user accounts and commit account takeover fraud. Because these games are often connected to user Facebook accounts, hackers can gain access to far more information under a forged identity. According to BuiltWith, there are over 190,000 websites that are Facebook Login Button customers and almost 40,000 live websites using Facebook Login Button. Logging in with this stolen information (including the 7 million Draw Something passwords left in clear text with this breach) makes it impossible to determine if the actual account holder is the one logging in. It’s apparent that these traditional authentication methods can no longer be trusted – companies must adopt biometric-based authentication to ensure a user’s data remains in the right hands.” Zynga appears to affect mobile players who installed Words With Friends, Draw Something or the long-defunct OMGPOP platform. Short of a sudden burst of enlightenment from all of the internet-based companies that collect user data, end users can expect major password breach incidents such as these to continue to crop up from time to time. Taking proactive steps to protect yourself from breaches that have been re sold on the Dark Web is prudent.

DATA ON 1.2 BILLION USERS FOUND IN ELASTICSEARCH SERVER:

An exposed Elasticsearch server was found to contain data on more than 1.2 billion people, Data Viper security researchers report. The server was accessible without authentication and it contained 4 billion user accounts, spanning more than 4 terabytes of data, security researchers Bob Diachenko and Vinny Troia discovered late last month. Analysis of the data revealed that it pertained to over 1.2 billion unique individuals and that it included names, email addresses, phone numbers, and LinkedIn and Facebook profile information. Further investigation led the researchers to the conclusion that the data came from two different data enrichment companies. Thus, the leak in fact represents data aggregated from various sources and kept up to date. Most of the data was stored in 4 separate data indexes, labeled “PDL” and “OXY”, and the researchers discovered that the labels refer to two data aggregator and enrichment companies, namely People Data Labs and OxyData. Analysis of the nearly 3 billion PDL user records found on the server revealed the presence of data on roughly 1.2 billion unique people, as well as 650 million unique email addresses. Not only do these numbers fall in line with the statistics the company posted on their website, but the researchers were able to verify that the data on the server was nearly identical to the information returned by the People Data Labs API. “The only difference being the data returned by the PDL also contained education histories. There was no education information in any of the data downloaded from the server. Everything else was exactly the same, including accounts with multiple email addresses and multiple phone numbers,” the researchers explain. Vinny Troia also found in the leak information related to a landline phone number he was given roughly 10 years back as part of an AT&T TV bundle. Although the landline was never used, the information was present on the researcher’s profile, and was included in the data set PeopleDataLabs.com had on him. The company told the researchers that the exposed server, which resided on Google Cloud, did not belong to it. The data, however, was clearly coming from People Data Labs. Some of the information on the exposed Elasticsearch, the researchers revealed, came from OxyData, although this company too denied being the owner of that server. After receiving a copy of his own user record with the company, Troia confirmed that the leaked information came from there. The researchers couldn’t establish who was responsible for leaving the server wide open to the Internet, but suggest that this is a customer of both People Data Labs and OxyData and that the data might have been misused rather than stolen. “Due to the sheer amount of personal information included, combined with the complexities of identifying the data owner, this has the potential to raise questions on the effectiveness of our current privacy and breach notification laws,” the researchers conclude. “From the perspective of the people whose information was part of this dump, this doesn’t qualify as a cut-and-dry data breach. The information ‘exposed,’ is already available on LinkedIn, Facebook, GitHub, etc. begging a larger discussion about how we feel about data aggregators who compile this information and sell it, because it’s a standard practice,” Dave Farrow, senior director of information security at Barracuda Networks, told SecurityWeek in an emailed comment. Jason Kent, hacker at Cequence Security, also commented via email, saying, “Here we see a new and potentially dangerous correlation of data like never before. […] if an attacker has a rich set of data, they can formulate very targeted attacks. The sorts of attacks that can result in knowing password recovery information, financial data, communication patterns, social structures, this is how people in power can be targeted and eventually the attack can work.”

US COAST GUARD ADMITS RANSOMWARE TOOK DOWN FACILITY:

The US Coast Guard (USCG) is the latest entity to hit by the modern day electronic scourge of ransomware. The USCG confirmed the “ransomware intrusion” when it published a marine safety alert last month to inform of a Ryuk ransomware attack that took down the entire corporate IT network of a Maritime Transportation Security Act (MTSA) regulated facility. It comes after ransomware forced the City of New Orleans just before Christmas to declare a state of emergency after all governmental computers were forced to shut down. The US Coast Guard did not identify the facility affected, but it is suspected to be a port as the ransomware managed to infiltrate cargo transfer industrial control systems. “Forensic analysis is currently ongoing but the virus, identified as “Ryuk”ransomware, may have entered the network of the MTSA facility via an email phishing campaign,” said the coast guard. “Once the embedded malicious link in the email was clicked by an employee, the ransomware allowed for a threat actor to access significant enterprise Information Technology (IT) network files, and encrypt them, preventing the facility’s access to critical files.” “The virus further burrowed into the industrial control systems that monitor and control cargo transfer and encrypted files critical to process operations,” the USCG said. “The impacts to the facility included a disruption of the entire corporate IT network (beyond the footprint of the facility), disruption of camera and physical access control systems, and loss of critical process control monitoring systems.”It said the infection forced it to “shut down the primary operations of the facility for over 30 hours while a cyber-incident response was conducted.” Security experts have warned that the scourge of ransomware is set to continue in 2020.“Ransomware was one of the most disruptive forms of cyber attack in 2019 and it seems that this will continue to be the case in 2020,” said Stuart Reed, VP Cyber Nominet. “With countless emails and links being sent across the network it is no small task to mitigate the risk of employees falling victim to an attack, and reminds us of the importance of a layered approach to security,” said Reed. “While access control should limit the path of an attacker and robust backups can restore systems as soon as possible, it is also important to have broad visibility of the network to identify and eliminate an attack quickly.” “Critical services and infrastructure will continue to be targeted by cyber criminals and it’s only with partnerships between security experts, risk specialists and those responsible for the build and protection of these highly important assets that we will be able to improve our overall security posture against attackers,” Reed concluded. Ryuk was also responsible for knocking offline government computers in the US state of Louisiana in November 2019. That was the second such attack on that particular US state. In July 2019 Louisiana Governor John Bel Edwards declared a state of emergency after school systems in Sabine, Morehouse, and Ouachita parishes in North Louisiana were hit by ransomware attacks. That July declaration was the first activation of Louisiana’s emergency support function relating to cybersecurity, which is newly created in Louisiana, in anticipation of the threat of cyber attacks. Two years ago it created the Louisiana Cybersecurity Commission to access cyber threats, a move that stands in marked contrast to a lack of action from other US cities and towns. Ransomware of course is a scourge of computer systems at the moment, and has impacted businesses and cities such as the City of Baltimore earlier this year.

THREAT FOCUS: Primus Realty - AUSTRALIA

https://www.watoday.com.au/national/western-australia/credit-card-and-other-details-of-perth-rental-applicants-may-have-been-public-for-21-months-20191224-p53mqi.html

Exploit: Accidental data sharing

Primus Realty: Real estate service provider

Risk to Small Business: 2 = Severe: A broad technological oversight allowed customer data acquired from tenancy applications to be published to the company’s website. This information was publicly available for more than a year, and, upon learning of the incident, customers took to the media to express their displeasure at the incident. In an era where data security is much more than just a footnote, this episode could cost Primus Realty, as it will certainly lead to brand erosion and customer defections. 

Individual Risk: 2 = Severe: The data breach included customers personal information, including their names, dates of birth, addresses, telephone numbers, driver license numbers, passport details, birth certificates, and Medicare numbers. In addition, various financial documents were made available online. Primus Realty is encouraging anyone impacted by the breach to notify their financial institutions of the episode and to enroll in identity monitoring services to ensure that their information isn’t being misused by hackers.

Customers Impacted: 750 Effect On Customers: Data breaches bring a flurry of negative consequences, so an unforced error is an especially egregious way to damage their bottom line and jeopardize long-term opportunities. Already, Primus Realty is experiencing the negative press coverage and customer complaints that often accompany a breach. Unfortunately, the negative consequences for the company are likely just beginning.

Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Avantia Cyber Security to the Rescue: It’s critical that SME’s understand the importance of cybersecurity. Pinpoint Cyber Audits™ are an expansion of our White Glove Support that includes a 3rd Party holistic Cyber Security Audit incorporating the “Essential 8” mitigation strategies (as defined by the Australian Cyber Security Centers) to evaluate our client’s Operational; Legal; Reputational & Recovery Risks with recommendations for remedies. Go to https://www.avantiacybersecurity.com/cyber-security-audit for more information.

THREAT FOCUS: The Heritage Company - UNITED STATES

https://www.scmagazine.com/home/security-news/ransomware/ransomware-shuts-down-the-heritage-company/

Exploit: Ransomware

The Heritage Company: Telemarketing firm

Risk to Small Business: 2.333 = Severe: A ransomware attack forced The Heritage Company to temporarily shutter its operations, even after making a ransom payment to release their critical IT infrastructure. IT admins were unable to use the decryption key to access company data, resulting in the company’s CEO notifying employees that they would not be able to return to work until at least January 2nd. The attack has already cost the company hundreds of thousands of dollars. If they can’t recoup their valuable information, it’s possible that this ransomware attack could permanently cripple their business.

Individual Risk: No personal information was compromised in the breach.

Customers Impacted: Unknown Effect On Customers: Ransomware can feel like an inevitability in today’s digital landscape, but SMBs have many tools at their disposal to protect their critical information. Notably, ransomware always requires a foothold to infiltrate a company, and this avenue is often achieved through known exploits in legacy systems or phishing scams that induce employees to grant network access to cybercriminals. By addressing these known flaws, companies can improve their defenses against this costly risk.

Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Avantia Cyber Security & ID Agent to the Rescue: BullPhish ID™ simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime. Click the link (https://www.avantiacybersecurity.com/overwatch) to find out more or call 07 3010 9711.

THREAT FOCUS: Ring Security Cameras - UNITED STATES

https://au.news.yahoo.com/over-1-500-ring-passwords-193629561.html

Exploit: Accidental data sharing

Ring: Video doorbell and security camera maker

Risk to Small Business: 2 = Severe: Security researchers discovered Ring users’ account credentials posted on the Dark Web. The information could provide hackers with front door access to customer accounts. Given the sensitive nature of their business, this type of access could be especially problematic for users. Moreover, the episode is the company’s second cybersecurity incident this year, which raises questions about their efficacy in an industry that demands excellence when it comes to data security and privacy.

Individual Risk: 2.285 = Severe: Usernames and passwords are often used to directly access user accounts where criminals can steal additional information or otherwise wreak havoc. While Ring told customers that they are actively monitoring for unusual account activity, users should update their passwords and enable two-factor authentication to ensure that hackers can’t deploy this readily available information to access their accounts.

Customers Impacted: 1,562 Effect On Customers: Ring is emblematic of the consequences of failing to embrace data security as a top priority. As a result of multiple data security instances and allegations of weak data privacy standards, Ring has endured significant brand erosion, and these episodes continue to degrade their competitive advantage. In an industry where customers have many options to choose from, this could be a serious factor in the company’s future financial success. Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Avantia Cyber Security & ID Agent to the Rescue: We go into the Dark Web to keep you out of it. Dark Web ID™ is the leading Dark Web monitoring platform in the Channel. The award-winning platform combines human and sophisticated Dark Web intelligence with search capabilities to identify, analyze and proactively monitor for an organization’s compromised or stolen employee and customer data. Schedule a demo today by calling 07 30109711 or go to : (https://www.avantiacybersecurity.com/overwatch) for more information.

THREAT FOCUS: Shaw Telecommunications - CANADA 

https://www.cbc.ca/news/canada/calgary/shaw-data-breach-1.5398324

Exploit: Stolen device

Shaw: Telecommunications provider

Risk to Small Business: 2.333 = Severe: This month, Shaw customers were notified of a data breach stemming from a stolen device that was taken on June 22. The company computer included customer data. Although the episode was reported to the police when it occurred, it’s unclear why the company waited so long to notify customers of the incident. The breach is unlikely to significantly impact customer security, but their poor response will heighten the reputational damage and customer blowback that always follows a data breach.

Individual Risk: 2.571 = Moderate: Some customers’ personally identifiable information was available on the employee’s laptop, including names, account numbers, and a list of subscription services. In response, the company is encouraging those impacted by the breach to change their account passwords and to enable two-factor authentication to secure their data.

Customers Impacted: Unknown Effect On Customers: There are many ways that company and customer data can make its way into the wrong hands. However, there are steps that every on organization can take to ensure that customer and employee accounts remain secure. For instance, by requiring strong, unique passwords and by enabling multi-factor authentication, SMBs can ensure that hackers don’t have easy access to critical information.

Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Avantia Cyber Security to the Rescue: It’s critical that SME’s understand the importance of cybersecurity. Pinpoint Cyber Audits™ are an expansion of our White Glove Support that includes a 3rd Party holistic Cyber Security Audit incorporating the “Essential 8” mitigation strategies (as defined by the Australian Cyber Security Centers) to evaluate our client’s Operational; Legal; Reputational & Recovery Risks with recommendations for remedies. Go to https://www.avantiacybersecurity.com/cyber-security-audit for more information.

THREAT FOCUS: Center for Healthcare Services - UNITED STATES

https://www.expressnews.com/business/health-care/article/Cyber-attack-shuts-down-computers-at-San-Antonio-14930383.php

Exploit: Ransomware

Center for Healthcare Services: Mental health and substance abuse services provider

Risk to Small Business: 2.111 = Severe: A ransomware attack disabled a server for the Center for Healthcare Services, and IT administrators brought the entire network offline to prevent information from spreading. The company was forced to put paper signs on the doors reminding employees not to turn on their computers, and services were mostly unavailable over the Christmas holiday. The healthcare services provider is soliciting support from the FBI and other agencies to help identify the attacker and restore their services.

Individual Risk: No personal information was compromised in the breach.

Customers Impacted: Unknown Effect On Customers: Unfortunately, once ransomware takes root, companies are guaranteed to pay a hefty sum to restore their services and operations. Whether paying hackers to decrypt information or hiring cybersecurity specialists to restore from backups, the price tag can be enormous. When coupled with the opportunity costs that accompany system outages, the ROI on preventative measures becomes obvious in the face of ransomware and other attack vectors. Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Avantia Cyber Security to the Rescue: It’s critical that SME’s understand the importance of cybersecurity. Pinpoint Cyber Audits™ are an expansion of our White Glove Support that includes a 3rd Party holistic Cyber Security Audit incorporating the “Essential 8” mitigation strategies (as defined by the Australian Cyber Security Centers) to evaluate our client’s Operational; Legal; Reputational & Recovery Risks with recommendations for remedies. Go to https://www.avantiacybersecurity.com/cyber-security-audit for more information.

THREAT FOCUS: PayPal Payments - UNITED STATES

https://www.bleepingcomputer.com/news/security/paypal-phishing-attack-promises-to-secure-accounts-steals-everything/

Exploit: Phishing attack

PayPal: Online payment platform

Risk to Small Business: 2.333 = Severe: Some PayPal users are receiving phishing emails purportedly notifying of unusual account activity and requiring users to verify their personal information to restore full account access. The hackers fabricate a sense of urgency by noting that user accounts will be disabled until they confirm their identity. Although the messages contain many tell-tale signs of a phishing scam, they pose a serious risk to PayPal customers and the company’s reputation.

Individual Risk: 2.428 = Severe: Although recipients have to provide their personal information to be at risk, anyone who responds to this email has compromised nearly all of their personally identifiable information. If that’s the case, they should immediately report the activity to PayPal, as well as to their other financial institutions. Unfortunately, this information can be used to perpetuate more than just financial crimes, and those who were compromised should also enroll in an identity monitoring services to ensure that their information isn’t being misused in other ways.

Customers Impacted: Unknown Effect On Customers: As we’ve reported on our blog, the latest phishing attack trends have adopted many of the hallmarks of internet security, including HTTPs encryption, to dupe unsuspecting recipients into compromising critical data. Although such attacks are difficult to spot, SMBs can ensure that their employees serve as the first-line of defense by implementing consistent awareness training that keeps employees abreast of the latest trends. Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Avantia Cyber Security & ID Agent to the Rescue: BullPhish ID™ simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime. Click the link (https://www.avantiacybersecurity.com/overwatch) to find out more or call 07 3010 9711.

THREAT FOCUS: Plenty Of Fish Dating - CANADA

https://www.techradar.com/uk/news/plenty-of-fish-leaks-private-user-information

Exploit: Accidental data sharing

Plenty of Fish: Dating website

Risk to Small Business: 1.888 = Severe: Plenty of Fish users experienced a stunning data privacy breach when the platform’s mobile app was discovered to be displaying information that users set to private. The breach not only includes digital details about their dating lives but also real-world information that could place their safety at risk. Although developers quickly repaired the flaw after being notified by security researchers, their efforts cannot recoup any information already exposed, and the oversight will inflict serious damage on the platform’s reputation.

Individual Risk: 2.285 = Severe: Personal details, including first names and postal codes, were openly available to anyone who knew where to look. Those impacted by the breach should be especially critical of communication on the platform, and they should always place their safety first when engaging with other users

Customers Impacted: Unknown Effect On Customers: Lax data security standards can undo the benefits of even the most prolific technological features. In this case, Plenty of Fish is operating in a competitive online space, and incidents like this will make it more difficult to attract users and preserve customer loyalty. With many options to choose from, customers are unlikely to work with platforms that can’t protect their data. Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Avantia Cyber Security to the Rescue: It’s critical that SME’s understand the importance of cybersecurity. Pinpoint Cyber Audits™ are an expansion of our White Glove Support that includes a 3rd Party holistic Cyber Security Audit incorporating the “Essential 8” mitigation strategies (as defined by the Australian Cyber Security Centers) to evaluate our client’s Operational; Legal; Reputational & Recovery Risks with recommendations for remedies. Go to https://www.avantiacybersecurity.com/cyber-security-audit for more information.

THREAT FOCUS: Frankfurt Local Government - GERMANY

https://www.zdnet.com/article/frankfurt-shuts-down-it-network-following-emotet-infection/

Exploit: Malware

Frankfurt: Local municipality

Risk to Small Business: 1.666 = Severe: A deep-seated ransomware attack has forced authorities to shut down the city’s entire IT network. The city was infected with Emotet ransomware, which generates revenue by overtaking networks and renting access to other malware groups, including ransomware distributors. Although the malware was ultimately contained, it cost companies in time and money since they were unable to access critical web services during the outage.

Individual Risk: No personal information was compromised in the breach.

Customers Impacted: Unknown Effect On Customers: Cyber attacks can cost companies and local councils in a myriad of ways. Not only is it expensive to repair damaged IT infrastructure, but the opportunity cost can be cascading, inflicting ever-growing costs on companies unlucky enough to fall victim to an attack. This reality should increase the impetus to review your organization’s defensive posture, as a failure in this regard can be incredibly expensive. Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Avantia Cyber Security & ID Agent to the Rescue: BullPhish ID™ simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime. Click the link (https://www.avantiacybersecurity.com/overwatch) to find out more or call 07 3010 9711.

POSTSCRIPT:

Too Many Businesses Are Paying Ransom Demands  Ransomware attacks have been one of the definitive cyber threats of 2019, and, despite their growing prominence, business leaders are still struggling to determine the most effective response.  Unfortunately, many organizations are bending to hackers’ demands by paying the ransom to retrieve their data. In fact, the number of organizations giving in to extortion demands have more than doubled this year. In total, nearly 40% of businesses breached by a ransomware attack are paying criminals to decrypt company data. This trend goes against the recommendations of law enforcement agencies and many cybersecurity experts who fear that ransom payments will embolden criminals to continue attacking businesses, schools, and government facilities. In addition, as we’ve noted in this week’s newsletter, making a ransom payment doesn’t guarantee that data will be recovered. Of course, even those that don’t pay the ransom will not escape unscathed, as the cost of recovery can be as steep as the ransom itself. However, SMBs do have the power to protect themselves. By ensuring that their software is up-to-date and that their accounts are secure through simple features like two-factor authentication, they can take away many of the footholds that hackers use to infect businesses with this costly malware.

Disclaimer*: Avantia Corporate Services Pty Ltd T/A Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, and up to 56 other countries who provide cyber breach and cyber security information to us in real time. Given their international focus and experience in the cyberspace arena we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the contents accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.

*COPYRIGHT 2019 Avantia Corporate Services - All Rights Reserved.

(20,070,000)