top of page
  • Writer's pictureAvantia Threat Update


This past week, Moodys Investment Services downgrade Equifax Inc from ‘stable’ to ‘negative’ due to the ripple effect of their 2017 Cyber Breach; hackers continue to phish for patient data from US healthcare providers, a British police website goes down, and Australians see a spike in credential stuffing attacks.

THIS PAST WEEK’S DARK WEB COMPROMISES: Top Source Hits: ID Theft Forum (99%) Top Compromise Type: Domain (99%) Top Industry: High-Tech & IT Top Employee Count: 11 - 50 Employees


Telecommunications Hits: 241 | Targets: TalkTalk Telecom Group, Huawei Technologies, AT&T, Comcast Cable Communications, LLC, Reliance Jio

Telecommunications Hits: 231 | Targets: TalkTalk Telecom Group, Comcast Cable Communications, LLC, Reliance Jio, SingTel Optus, Cox Communications

Business Services Hits: 230 | Targets: TalkTalk Telecom Group, Stack Overflow, Forbes, Accenture

Software Hits: 179 | Targets: Twitter, Google, Microsoft, GitHub, Yahoo

Information Technology Hits: 170 | Targets: Twitter, Google, Microsoft, Yahoo, Apple


APT28 Fancy Bear Hits: 29 | Targets: Democratic National Committee, United States, Democratic National Convention, Germany, United States Senate

Hezbollah Hits: 17 | Targets: Israel, Syria, Lebanon, Iran, United States

Shadow Brokers Hits: 6 | Targets: Microsoft Windows, Microsoft, Cisco Systems Inc, Iran, China

Lazarus Group Hits: 5 | Targets: Sony Corp, Cryptocurrency, South Korea, United States, Bitcoin

Magecart Hits: 5 | Targets: British Airways, Newegg, Ticketmaster Entertainment, Magento, Feedify


Wcry Hits: 40 | Targets: Boeing, Microsoft Windows, United Kingdom, Bitcoin, North Korea

WebShell Hits: 19 | Targets: Facebook, Hypertext Transfer Protocol, Web Server, Perl, WordPress

Zebrocy Hits: 18 | Targets: Democratic National Committee, Occidente, Visual Basic., Ukraine, Belarus

Mirai Hits: 15 | Targets: Internet of Things, Deutsche Telekom, Germany, United States, Home Router

LockerGoga Hits: 14 | Targets: United States, Norway, Altran Technologies SA, Hexion, Chemicals




Moody's has revised its Equifax outlook from “stable” to “negative”, citing the effect of the 2017 data breach. This is the first time that a cybersecurity incident has resulted in a Moody's outlook downgrading. Equifax Inc. is a data analytics and technology company that assists organizations and individuals in making informed business and personal decisions in addition to credit and demographic data and services to business, Equifax also sells credit monitoring and fraud-prevention services directly to consumers In September 2017, Equifax announced a breach that had led to the potential loss of personal information for approximately 145.5 million U.S. consumers, 19,000 Canadians, and 15 million Britons (for which it was fined the maximum possible £500,000 by the UK data protection regulator). The breach occurred in May, but wasn't discovered until July. The British fine is likely to be dwarfed by U.S. sanctions, and it is the combination of uncertain but sizable future costs against the background of a difficult market that has Moody's concerned. It expects the total legal and IT costs to Equifax to exceed $1.4 billion. This is more than earlier estimates, and contributes to the downgrading. On May 10, 2019, Equifax announced that it had taken a charge of $690 million in the fiscal quarter ending March 31, 2019. This represents the company's estimate for settling ongoing class-action litigation, and potential state and federal fines. A further $400 million this year, and $400 million next year will be spent on cybersecurity expenses and capital investments. While the negative rating from Moody's is not currently a fatal blow to Equifax, it is significant as being the first time Moody's has downgraded the financial outlook for a company based primarily on the effect of a cybersecurity incident. It demonstrates how damaging a major breach can be.


There’s no doubt that digital technology, in many of its forms, brings everyday tasks much closer-to-hand. From discovering breaking news, to online shopping, to keeping tabs on your home via security cameras—everything is within the touch of a button. Even so, with the growing reach of the Internet of Things (IoT), new and unsuspected threats are just around the corner—or are already here. One of the most alarming threats to emerge is the breach of privacy. In a number of high-profile cases, home surveillance cameras have been easily compromised and disturbing reports of hacked baby monitors are in the news. For example, in early January of this year, a Western Australian mother voiced her worries when she discovered that the baby monitor she recently purchased was compromised. The monitor allowed her to log in with a QR code and a generic password in order to watch her child through a camera. Though she followed the instructions for installation, upon opening the monitoring website she was greatly alarmed to see a vision of a stranger’s bedroom, rather than her child’s. This type of case isn’t isolated, as another report surfaced last year when a stranger allegedly hacked a baby monitor camera to watch a mother breastfeed. In yet another case, a Texas couple, whose devices were hacked, said they heard a man’s voice coming from their baby monitor threatening to kidnap their child. It doesn’t get much scarier than that. Though you might not have prepared for it, it’s increasingly clear you need to take steps to protect yourself, your children, your privacy, and your new smart devices from these kinds of emerging privacy threats, as well as others. As a first precaution, you should always remember to change the default passwords on all your networked devices, starting with your router, creating strong new ones and securing them safely whenever possible with a password manager. You should then pick the best endpoint and network security solutions you can find to protect all the networked devices in your home.

NEW BEC (Business Email Compromise) REELS UN THE UNWARY:

A new business email compromise (BEC) scheme, where the attacker tricks the recipients into rerouting pay checks by direct deposit, has emerged. According to CNBC’s report, this BEC scam has been growing; for instance, Kansas City-based KVC Health Systems, a non-profit agency for child welfare, receives such emails at an average of two or three times in a month. In the scheme, the attacker poses as a CEO, CFO, or payroll director and sends an email to human resources personnel, asking the latter to change an employee’s bank account and routing information so that pay checks are deposited directly to a fraudulent account. This new BEC scheme, along with other scams that don’t require high-skill technical methods, heavily relies on social engineering to succeed. Hacking into a legitimate email account using keyloggers or remote access tools isn’t a prerequisite. The attackers behind this new BEC scheme produced the socially engineered emails using free services like Gmail and crafted them in such a way that the fake email appears legitimate. As observed in other similar schemes, the attackers can play into an employee’s desire to be responsive to the high-ranking company members that were being impersonated. The emails that attackers sent to victims in this particular scheme were well-crafted; typically brief, polite, and lightly urgent. In one of the cited email samples, the recipient was asked to change direct deposit information before the next pay check. The attacker can also manipulate the recipients to prevent them from calling for verification. In one of the email samples, the attacker did this by writing “I am going into a meeting now.” The successful execution of email scams such BEC burdens both the company and the employee. The company should be responsible for reimbursing the stolen money due to fraud. TSB Bank plc, a U.K.-based retail and commercial bank, recently announced that that it will refund customers who were tricked into authorizing payments to fraudsters. This announcement comes on the heels of news about the bank losing millions last year due to several problems that include fraud. Meanwhile, email scams can inconvenience an employee due to a delayed pay check, and in extreme cases, it can be a trigger for an employee’s dismissal. Scams in the form of phishing, spear phishing ( Spear phishing is an email-spoofing attack that targets a specific organization or individual, seeking unauthorized access to sensitive information) and BEC emails are still on the rise. Experts predict that apart from high-ranking company members, attackers, such as the ones behind BEC scams, will target employees further down the company hierarchy. Usual cybersecurity best practices and solutions may not be enough to combat this scheme, but there are security technologies that can help users and organizations detect them. Some of these technologies use artificial intelligence (AI) to recognize the DNA of a user’s writing style based on past emails and then compares it to suspected forgeries. The technology verifies the legitimacy of the email content’s writing style through a machine learning model (ML) that contains the legitimate email sender’s writing characteristics. Apart from advanced email security solutions, ongoing cybersecurity awareness training and regular ‘penetration testing’ for staff vulnerabilities against email threats can also help stop scammers in their tracks.

HOW TO SPOT AND AVOID APPLE ID PHISHING SCAMS: You may be familiar with the concept of “phishing”, an increasingly complex form of cyber-attack. The tactics used involve sharing disguised links, usually included in emails, to trick you into providing sensitive information to malicious individuals. Phishing is one of the most common types of online attacks and embodies social engineering tactics. What’s even more frightening is that even people who lack advanced programming skills can access phishing kits on the dark web and as a result, they can easily target you. In this article, we are going to take a closer look at phishing attempts involving Apple IDs. Today there are over 1.4 billion active Apple devices, which require Apple IDs to gain access to Apple services like Apple Music, App Store, iCloud, FaceTime, iMessage, and others. Also, think about the fact that you don’t even require an Apple device to access Apple-related software or services, such as iTunes or log in to Apple’s official website, so imagine the number of people who can be targeted. Why are scammers trying to steal your Apple ID?

The reason is obvious – your Apple ID is your ticket to using anything Apple-related and stores a great deal of personal information. You use your Apple ID to log in to your Apple devices – think Mac, iPhone, iPad, iPod, Apple TV, and in the future you might even be using it for your Apple self-driving car, according to recent rumors.It includes your payment and shipping information for purchasing applications from the App Store and devices by logging in to the Apple ID you can access your security settings, subscriptions, and in-app purchases associated with it.Your Apple ID is used to access iCloud, where you can store your photos and any types of files and the theft of these can lead to blackmailing and even sextorsion.

How fraudsters trick you into visiting Apple ID phishing websites

1. Apple ID Receipt Order Email: In the subject line of this email, you will find included something like “Receipt ID”, “Receipt Order”, or “Payment Statement”. The purpose of this scam is to trick you into thinking a payment has been made using your credit card. As a result, you may hurry into cancelling the order, worried that your money has been taken. If the attached file is opened or if you click the link, most probably you will end up on a page where you will be asked to confirm your personal details, such as password, credit card details, address, etc.

2. Apple ID Phone Call Scams: Apple ID scams have also gone beyond fishy emails and crossed over to the illegal business of scam phone calls. Scammers have also tried to use spoofed phone numbers, which are displayed on your phone as a real Apple number, with Apple’s logo, official website, customer support number, and actual address. This way, the masquerade looks alarmingly real.

3. Apple ID Fake Text Message: Here is an example of an Apple ID scam you may receive on your phone, this time in the form of a text message. It would read something like “Your Apple account is now locked” and will lure you into accessing a link which supposedly unlocks your account. Another option aims to trick you into thinking your iCloud ID has been deactivated and that you now need to complete the activation process.

4. Temporarily disabled Apple ID Email: Similar to the “Your Apple ID Has been locked” text message we mentioned, the scammers will try to trick you into clicking the link to verify your account, which will lead to malicious websites trying to steal your data. According to the source, the link sends you to a webpage almost identical to Apple’s official site, but there are some misspelled words and you are not able to click on any of the icons on the top. The person who raised a flag on Apple’s Discussion page correctly identified this as a phishing attempt, noticing all the signs.

5. App Store pop-up trying to steal your Password: The last Apple ID phishing scam we are going to share is only a simulation – the good news is that it hasn’t been spotted in real life as far as we’re aware. Yet, it proves how easy it would be for a fraudster to create a fake pop-up that looks identical to the one in the App Store. Since users got used to entering their passwords every time they are asked to when interacting with an Apple app, they would do this by default whenever needed, without questioning if the pop-up is genuine or not. Who would suspect something like this, anyway? Especially when the screen looks identical to Apple’s.

So, you may be asking how you can protect yourself from spoofing emails. Felix Krause, the author of this proof of concept phishing attempt, advises us to press the home button to see if the app closes. If it does, this was clearly a phishing attack. If it doesn’t, this is a real system dialog and the explanation is that the system dialog runs on a different process and not as part of an app.

How to spot Apple ID phishing scams - We know that some phishing scams may be much more difficult to identify than others, but the signs will (almost) always be there. Below we’ve included a few warning signs that will help you spot phishing:

Spelling and grammar mistakes > Unprofessional email or website design> Suspicious email sender and recipient > Being asked to verify personal details via email or phone/text > Dubious links or shortened URLs > Shady email attachments

What security measures you should have in place ,Here are some actionable tips for you to keep in mind, which can apply both to your Apple ID and online security in general.

Stay informed. Find resources you can subscribe toUse browsers with built-in protection against phishing, such as Chrome. Also, consider using extensions that will increase your online safety.Hover your mouse over links before clicking on them. If the URL looks suspicious, just DO NOT click on it.Don’t open attachments from unknown senders.Always keep your software up to date.Protect every account that you can (including your Apple ID) with two-factor authentication.Use proactive anti-malware protection, which filters and blocks malicious links.


THREAT FOCUS: Equitas Health – USA

Exploit: Employee email account breach Equitas Health: Regional, a not-for-profit healthcare provider based in Ohio Risk to Small Business: 1.333 = Extreme: Company officials discovered abnormal email activity on two enterprise email accounts belonging to employees, ultimately concluding that a hacker was successful in accessing personally identifiable information (PII) and patient records. The organization hired a third-party forensics firm to better understand the breach, and they are reaching out to affected individuals. Although the organization took immediate steps to contain the incident, it will now face the tangible costs of offering free identity monitoring services to patients, along with the less quantifiable losses in reputational damage.

Individual Risk: 2 = Severe: While it appears that the scope of the attack is limited, the breadth of compromised information is extensive. It includes patient names, dates of birth, patient account and medical record numbers, prescription information, medical history, procedure information, physician names, diagnoses, health insurance information, social security numbers, and driver’s license numbers.

Customers Impacted: 569 affiliated members

Effect On Customers: This data breach demonstrates the potentially expansive consequences of a single vulnerability. Since healthcare companies are legally required to protect their patients’ data, they need to conduct regular security audits and employee training that can prevent this type of breach. At the same time, Equitas explicitly serves protected classes and marginalized patient groups, making this episode especially egregious. Therefore, it’s critical to continuously monitor protected information in order to understand what happens to patient data after it’s compromised.

Risk Levels: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

THREAT FOCUS: Oregon State Hospital - USA

Exploit: Spear phishing attack Oregon State Hospital: Public psychiatric hospital based in Salem, Oregon Risk to Small Business: 1.555 = Severe: An employee clicked on a phishing email, which allowed hackers to gain access to the employee’s email account. Fortunately, IT administrators were able to identify the breach just 40 minutes after it occurred, limiting the exposure of patient information. Although the investigation isn’t complete, the company did reveal that an undetermined amount of patient information was exposed during the breach.

Individual Risk: 2 = Severe: The phishing scam compromised names, dates of birth, medical record numbers, diagnoses, and treatment care plans. Although the company plans to notify impacted individuals in 4 to 6 weeks, anyone with records as the hospital should monitor their credentials for potential misuse.

Customers Impacted: Unknown

Effect on Customers: Phishing scams are entirely avoidable, and any data breach that results from a phishing scam is a self-inflicted wound for the company’s reputation. In addition to deploying robust security software, companies should conduct regular training to avoid unnecessary data breaches. MSPs should consider partnering with third-party cybersecurity services that provide robust employee training to avoid phishing scams.

Risk Levels: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

THREAT FOCUS: Pacers Sports & Entertainment - USA

Exploit: Employee email phishing campaign Pacers Sports & Entertainment: a Parent company of the Indiana Pacers, a professional basketball team in the NBA

Risk to Small Business: 1.555 = Severe: A phishing campaign against Pacers Sports & Entertainment (PSE) resulted in hackers gaining access to several employee accounts that contained sensitive personal information between October 15 and December 4 of last year. However, the company first learned of the incident almost six months ago, which begs the question: why are they just beginning to notify customers now? Along with the damaging outcomes of a customer and employee breach, the organization will now face media scrutiny and resulting customer attrition.

Individual Risk: 1.857 = Severe: PSE did not differentiate if the compromised data belonged to employees or customers, but it does include names, addresses, dates of birth, password numbers, health insurance information, driver’s license numbers, social security numbers, debit/credit card numbers, digital signatures, usernames, and account passwords

Customers Impacted: Unknown

Effect on Customers: It’s clear that PSE did not fully appreciate the scope of the data breach. Although the company has not received any reports of personal data misuse, the compromised information can be used to orchestrate fraud in the near future. Along with harming the reputation of their company, PSE will have to answer to the press and customers in the wake of the breach.

Risk Levels: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach

THREAT FOCUS: Southeastern Council on Alcohol and Drug Dependence - USA

Exploit: Ransomware Southeastern Council on Alcohol and Drug Dependence: Non-profit organization based in Norwich, Connecticut offering alcohol and substance abuse treatment

Risk to Small Business: 1.777 = Severe: The healthcare provider lost control of more than 25,000 patient records when a ransomware attack was discovered in its network. While they have procured cybersecurity assistance to deal with the issue, the company has been unable to eradicate the ransomware or secure patient records.

Individual Risk: 1.857 = Severe: The data breach compromised PII including patient names, addresses, social security numbers, medical history, and treatment information. Although affected individuals are being offered free credit monitoring services, they are encouraged to remain vigilant about potential financial or identity fraud.

Customers Impacted: 25,148

Effect on Customers: It is incredibly important for companies, especially those already dealing with a vulnerable client base, to ensure the integrity of their financials and identity after a data breach. In order to be vigilant and prepared at all times, every organization should partner with a security solution that can proactively monitor the Dark Web for customer and employee data

Risk Levels: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

THREAT FOCUS: Medical Oncology & Haematology Consultants - USA

Exploit: Phishing Scam Medical Oncology Hematology Consultants: Healthcare network offering cancer treatment solutions

Risk to Small Business: 1.555 = Severe: When an untrained employee inadvertently clicked on a phishing email, hackers gained access to the employee’s account, which contained sensitive data on an unknown number of patients. Although the data breach took place in June 2018, the healthcare network just reported the incident to the public, a problematic delay when personally identifiable information is involved. While the company has taken measures to secure their network, their delayed response and the preventable nature of the attack is a reminder that the greatest security risk to a company can be its own employees.

Individual Risk: 1.857 = Severe: Although just a single email account was compromised, it contained patient data including names, social security numbers, government-issued IDs, financial data, dates of birth, and medical records.

Customers Impacted: Unknown

Effect on Customers: The consequences of a data breach are amplified when companies are slow to respond. In the wake of a data loss event, companies have a responsibility to quickly react by both communicating with their customers and by repairing the technical vulnerability. Even though the company took important steps to shore up their cybersecurity by integrating things like malware blocking tools, suspicious email reporting, email encryption, and two-factor authentication, their slow response time is bad for business and bad for their customers. Not only do companies need to be proactive about prioritizing cybersecurity best practices before a breach occurs, but they must develop a strategy for communicating with their customers in a timely fashion

Risk Levels: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

THREAT FOCUS: British Transport Police – United Kingdom

Exploit: Website hack British Transport Police: National special police force charged with protecting the light-rail systems in England, Scotland, and Wales Risk to Small Business: 2.222 = Severe: A hack on the agency’s website, which is hosted by an external supplier, compromised the “latest news” section of its page. To continue providing timely updates to the public, officials redirected users to a Tumblr blog run by the police force. This informational website is not connected to the agency’s crime management or control systems, and operational capabilities were not diminished in any way.

Individual Risk: 2.142 = Severe: The agency indicated that a “small number” of staff details were made accessible during the breach, but they did not elaborate on the nature or scope of that information. Employees affiliated with the website should be vigilant about identity monitoring and credential use, as that information is the most likely to be compromised in such a breach.

Customers Impacted: Unknown

Effect on Customers: Having a response plan is an integral part of any cybersecurity initiative. Whether it’s backup information systems or other external solutions – like redirecting users to other controlled platforms – companies need to be able to remain effective in the wake of a website hack. At the same time, they should audit their security landscape to ensure that they are issuing the best defenses to address the most pertinent threats.

Risk Levels: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


Exploit: Unauthorized website access Singapore Red Cross: Humanitarian organization supporting blood drive initiatives, disaster relief, and emergency assistance

Risk to Small Business: 2 = Severe: A weak administrator password gave hackers access to the agency’s web form that allows potential blood donors to indicate their interest by supplying personal information, including blood type. The agency manually schedules donors using the provided information. In the wake of the attack, the organization brought the website offline and procured a third-party investigative firm to further examine the breach.

Individual Risk: 2 = Severe: Users who provided information to the Singapore Red Cross entered their names, contact number, email address, and blood type. Those impacted should procure identity monitoring services while also being mindful of their data’s potential misuse on the Dark Web

Customers Impacted: 4,297

Effect on Customers: The Singapore Red Cross had security software in place to prevent an incident like this, but human negligence allowed hackers to access the website anyway. It underscores the importance of security training since a company’s own employees can often be their more significant risk.

Risk Levels: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.




( European Privacy Laws related to Cyber Data Breach )

From the onset, it was clear that Europe’s expansive privacy law, the GDPR, would have drastic effects on the way companies approach data security and customer privacy. Now, the first report by the European Data Protection Board, an independent oversight committee established as part of GDPR, helps us understand the overall impact thus far. According to its first annual report, European authorities have received almost 65,000 data breach notifications in the first nine months that the law was in effect. Even worse, these data breaches each came with a hefty price tag. Regulations imposed $63 million in regulatory fines, demonstrating the importance of cybersecurity not just as a PR priority, but also as a matter of fiscal responsibility. The result, according to UK intelligence authorities, is that companies are taking unprecedented measures to protect their digital infrastructure, and they are crafting response plans to ensure that they prepared to address a data breach if it occurs. In summary, the future of cybersecurity will require an evolution in what is expected of businesses when it comes to protecting customer and employee data, along with continuous advancement in the capabilities of security providers.

Australia Sees a Spike in Credential Stuffing Attacks

If you’ve ever wondered what happens to the deluge of data stolen during a cybersecurity breach, Australia’s sudden spike in credential stuffing attacks will certainly provide some clarity. According to a recent cybersecurity report, Australians are now the fifth highest target for credential stuffing attacks, an incredible metric given their modest population. This form of cybercrime involves hackers using previously stolen information like usernames, email addresses, or passwords in an attempt to gain access on other platforms. Since people often use the same username and password combinations, it’s often possible to apply stolen credentials across multiple accounts. The report found a robust market for stolen credentials that are often sold in bulk on the Dark Web. Businesses are encouraged to deploy the latest security standards, like two-factor authentication, to help prevent these attacks. Moreover, it underscores the cascading consequences of a data breach, and it highlights the importance of keeping a pulse on customer and employee information.

*Disclaimer: Avantia Corporate Services Pty Ltd and Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, and up to 56 other countries who provide cyber breach information to us in real time. Given their international focus and experience in the cyberspace arena we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the contents accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions

bottom of page