NO XMAS HOLIDAYS FOR VIETNAMESE HACKERS
This Past Week: BMW targeted by Vietnamese Hackers; Hackers exploit Android Camera vulnerabilities; Second Ransomware attack on Local Government causes significant problems; Hackers gain front door access to company IT infrastructure, Ransomware cripples social services, and lax employee password security continues to present severe financial risk with major breaches occurring in AUSTRALIA, UNITED KINGDOM; CANADA & UNITED STATES.
Dark Web ID Trends:
Top Source Hits: ID Theft Forums Top Compromise Type: Domain Top Industry: Finance & Insurance Top Employee Count: 101 - 250 Employees
______________________________________________________________________________
BMW, HYUNDAI TARGETED BY VIETNAMESE CYBER SPIES; REPORT*
BMW and Hyundai have been targeted by a cyber-espionage group believed by many to be associated with the Government of Vietnam, German broadcaster Bayerischer Rundfunk (BR) reported last week. According to BR, hackers gained access to BMW systems in the spring of 2019, but the German carmaker decided to monitor the attackers’ activities and only took the impacted devices offline one week ago. There is no evidence that the hackers gained access to the company’s main data centre in Munich and it’s unlikely that they obtained any sensitive information. The attack reportedly involved a fake BMW Thailand website and the attackers leveraged Cobalt Strike, a popular tool used by red teams (a red team is a group of “ethical hackers,” - experts in compromising computer security systems who use their abilities for good, ethical, and legal purposes) that attack an organization's digital infrastructure as an attacker would in order to test the organization's defences - penetration testers. The same campaign also allegedly targeted South Korean carmaker Hyundai. There is less information about this attack, but it reportedly also involved a fake website. BR reported that the main suspect in the attacks on BMW and Hyundai is OceanLotus, a Vietnam-linked threat group also tracked as APT32. OceanLotus has been around since at least 2012 and it’s highly sophisticated. Many experts believe it’s likely operating on behalf of the Vietnamese government and it has been known to target the automotive industry. OceanLotus is known to have used ‘Cobalt Strike’ in its attacks. OceanLotus was also the primary suspect in an attack on Toyota Australia, which the company disclosed in February 2019. Toyota Australia claimed the hackers had not accessed employee or customer data, but admitted that the attack caused some disruptions to IT systems.
ANDROID CAMERA VULNERABILITIES COULD ALLOW AN ATTACKER TO SPY ON YOU*
Researchers at security testing firm Checkmarx have uncovered several alarming vulnerabilities in the camera apps of multiple Android smartphone vendors including Google and Samsung. They've since been fixed but you'll need to make sure you are running the latest app updates to mitigate your vulnerability. As Checkmarx Senior Security Researcher Pedro Umbelino explains, the team started their investigation by having a look at the Google Camera app on Pixel 2 XL and Pixel 3 handsets. They found multiple vulnerabilities relating to permission bypass issues which could allow an attacker to use the app to take photos and record videos via a rogue app. Attacks are even possible when a victim’s phone is locked, the screen is off and during voice calls. Other attack scenarios could allow a bad actor to access stored photos and videos and even garner GPS metadata to help track down the location of a user. This technique also applied to Samsung’s Camera app, Umbelino noted. To demonstrate the various vulnerabilities, the team at Checkmarx designed a proof-of-concept app meant to look like an ordinary weather app. With it, they were successfully able to snap photos and videos without a user’s knowledge, grab GPS data from photos and even record audio from both sides of a conversation during voice calls.
Umbelino said the Checkmarx team responsibly notified Google of their findings who confirmed that the issue wasn’t limited to their camera app but rather, extended into the general Android ecosystem. Google in a statement issued to Checkmarx said the issue was addressed on impacted Google devices via a Play Store update to the Google Camera app in July 2019, adding that a patch has been made available to all partners. Both Google and Samsung approved of Checkmarx’s sharing of the vulnerabilities after a fix was released. As a general best practice and to mitigate these specific issues, make sure you have the latest updates for each and every app on your mobile device.
SECOND MAJOR RANSOMWARE ATTACK IN LOUISIANA USA LOCAL GOVERNMENT CAUSES SIGNIFICANT PROBLEMS*
A good ransomware attack can cause significant problems. The city of Louisiana knows that all too well, as its problems have only just begun. The initial Ryuk ransomware attack against the Louisiana infrastructure dates back to November 18. Louisiana is a Ransomware Target. Nearly two weeks after being hit, very little progress has been made. Although some services are accessible once again, the vast majority of them are still offline. The targeted ransomware attack has proven to be quite a handful, and one that is very difficult to get rid of. Some crucial agencies still affected include the OMV, the state’s Department of Health, and the Department of Public Safety. Restoring services is hampered by the ransomware, as there are plenty of files missing and the overall backup management has been far from excellent. The culprits also took a deliberate approach by sending Ryuk to multiple agencies in the region in one campaign. While “only” 500 servers and 1,500 computers are affected, the recovery process has been slow going. Recovering the lost data will be virtually impossible, and combined with older backups, can create a very big administrative problem. It is also not the first time the Louisiana region has to deal with a cyber incident this year. In fact, it is the second wave of Ryuk ransomware making the rounds. The first incident took place in July and even resulted in the Governor declaring a state of emergency. It remains to be seen if that scenario will come into play once again.
______________________________________________________________________________
THREAT FOCUS: Academy Sports + Outdoors - UNITED STATES*
https://www.chron.com/business/article/Academy-Sports-notifies-online-customers-of-14887751.php
Exploit: Credential stuffing attack
Academy Sports + Outdoors: Sporting goods retailer
Risk to Small Business: 2 = Severe: Hackers used previously stolen, legitimate login credentials to access customer accounts. The company noticed the breach after unusual activity was detected on certain user logins. In response, Academy Sports + Outdoors is encouraging customers to reset their passwords. Unfortunately, the breach occurred during the busy holiday shopping season, and customers have increasingly shown that they are less willing to engage with platforms that have a track record of cybersecurity lapses. This could harm the company’s sales at a critical time for gaining traction.
Individual Risk: 2.428 = Severe: Academy Sports + Outdoors noted that customers’ financial data wasn’t compromised in the breach, but account information, including usernames and passwords, was impacted. Every Academy Sports + Outdoors customer should reset their login credentials while carefully scrutinizing their accounts for suspicious or unusual activity.
Customers Impacted: Unknown Effect on Customers: Customers are fed up with data breaches, and they are taking out their anger on companies that can’t secure their information. Therefore, a data breach is more than just a cyber incident. It’s a collapse in customer service of the highest magnitude, and a priority that retailers looking to succeed in today’s digital environment must immediately address. Risk Levels*: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
Avantia Cyber and ID Agent to the Rescue: Dark Web ID™ monitors the Dark Web to find out if your employee or customer data has been compromised. Avantia works with leading software & cyber risk mitigation suppliers to strengthen their customers security suite. Call +61 7 30109711 to find out more.
THREAT FOCUS: Complete Technology Solutions - UNITED STATES*
https://krebsonsecurity.com/2019/12/ransomware-at-colorado-it-provider-affects-100-dental-offices/
Exploit: Ransomware
Complete Technology Solutions: IT service provider
Risk to Small Business: 1.888 = Severe: A ransomware attack on Complete Technology Solutions, an IT service provider for dentistry practices, disrupted operations at more than 100 practices. When a company server was compromised, it allowed hackers to infect client computers with ransomware that disabled network security, data backups, and phone services. The attack began on November 25th and has continued to disrupt services more than two weeks later. Complete Technology Solutions declined to pay a $700,000 ransom to release the information, and decryption keys later provided by the hackers only unlocked some of the affected computers. As a result, the recovery process is incredibly complicated, and it will certainly have long-term repercussions for the company.
Individual Risk: No personal data was compromised in the breach.
Customers Impacted: Unknown Effect On Customers: Ransomware attacks always extract an expense from their victims, but the opportunity cost and reputational damage associated with a cybersecurity incident can be the most devastating. In this case, Complete Technology Solutions will almost certainly lose customers because of this incident, and their long-term business prospects are likely to be diminished. It underscores the importance of cybersecurity for any company that wants to remain competitive amidst an ominous threat landscape. Risk Levels*: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
Avantia Cyber and ID Agent to the Rescue: Dark Web ID™ monitors the Dark Web to find out if your employee or customer data has been compromised. Avantia works with leading software & cyber risk mitigation suppliers to strengthen their customers security suite. Call +61 7 30109711 to find out more.
THREAT FOCUS: Woolworths Supermarkets - AUSTRALIA*
Exploit: Phishing scam
Woolworths: Supermarket chain
Risk to Small Business: 2.111 = Severe: A Woolworths’ employee fell for a phishing scam that ultimately compromised customer login credentials to the company’s customer rewards system. Hackers repurposed this information to access user accounts using valid credentials and then siphoned off rewards money. Now, just weeks before Christmas, Woolworths is scrambling to identify compromised accounts and to rectify the situation with their customers, many of whom are taking to social media to complain about the missing funds. A data breach during the holidays can amplify customer blowback, which can have long-term reputational damage that negatively impacts the bottom line for years to come.
Individual Risk: 2.285 = Severe: Woolworths emphasized that this data breach is not a widespread episode, but an undisclosed number of accounts were compromised. While it appears that hackers used this access to steal rewards money, user credentials could also be compromised. Anyone identifying suspicious account activity should immediately report it to the company. In addition, they should be aware that personal details are often redeployed in other cybercrimes, like phishing attacks, that can compromise additional data. Therefore, continued vigilance is advised.
Customers Impacted: Unknown Effect On Customers: How it Could Affect Your Customers’ Business: Phishing scams are arriving in employees’ inboxes with regularity, and when acted upon, have the potential to wreak havoc on your company’s data. Not only does failure in this regard come with an immense cost, but the less quantifiable reputational damages and brand erosion invite an inevitable drag on future growth. In that sense, employee awareness training, which can equip employees to detect and report these scams, is a relative bargain compared to the total cost of a data breach. Risk Levels*: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
Avantia Cyber and ID Agent to the Rescue: BullPhish ID simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime. To find out more call +61 7 30109711
THREAT FOCUS: Landauer Technology - UNITED KINGDOM*
https://arstechnica.com/tech-policy/2017/03/hackers-steal-nhs-staff-data-landauer-server-breached/
Exploit: Unauthorized database access
Landauer: Radiation monitoring technology provider
Risk to Small Business: 1.888 = Severe: Late last year, Landauer’s UK-based servers were breached by hackers, exposing the personally identifiable information of employees from several of the company’s clients. Notably, the breach impacted hundreds of employees at the National Health Service who use the company’s radiation monitoring technology at many of their healthcare facilities. The delayed reporting time is especially alarming given that the company waited almost a near before publicly reporting the breach. Not only will industry regulators likely take issue with this timeline, customers are already expressing their displeasure to news outlets, construing the breach as “deeply disappointing.” Surely, the company has a long road to reputational recovery ahead.
Individual Risk: 2.285 = Severe: Fortunately, the data breach did not include patient data, but it did compromise employee information, including their names, dates of birth, National Insurance Numbers, and radiation dose records. Since this information can be used in spear phishing or other cyber attacks, those impacted by the breach should be especially critical of communications across all their digital channels.
Customers Impacted: 530 Effect On Customers: With customers and companies increasingly demonstrating an unwillingness to work with businesses that can’t protect data, a robust response plan is a must-have element to any cybersecurity strategy. A quick response and clear communication can go a long way toward rebuilding trust and beginning the often tedious journey toward full restoration. In contrast, lengthy response times and opaque messaging are a turnoff to consumers, and they compound the damage of any data breach. Risk Levels*: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
Avantia Cyber Security to the Rescue: It’s critical that SME’s understand the importance of cybersecurity. Pinpoint Cyber Audits™ are an expansion of our White Glove Support that includes a 3rd Party holistic Cyber Security Audit incorporating the “Essential 8” mitigation strategies to evaluate our client’s Operational; Legal; Reputational & Recovery Risks with recommendations for remedies. Go to https://www.avantiacybersecurity.com/cyber-security-audit for more information.
THREAT FOCUS: City of Woodstock - CANADA*
https://www.cbc.ca/news/canada/london/cyber-attack-woodstock-cost-1.5391680
Exploit: Ransomware
City of Woodstock: Local government organization
Risk to Small Business: 2.111 = Severe: A ransomware attack on the City of Woodstock has cost the municipality more than $667,000. Although the government declined to pay the ransom, they spent over $560,000 on cybersecurity assistance, $55,000 on overtime compensation for IT staff, and $31,000 on IT infrastructure upgrades. It took the city more than two months to fully recover from the ransomware attack, an extreme duration that underscores the long-term opportunity costs that often accompany a ransomware attack.
Individual Risk: No personal data was compromised in the breach.
Customers Impacted: Unknown Effect On Customers: This incident illustrates the fact that there are no affordable or advantageous response plans once a ransomware attack occurs. Instead, every organization needs to regularly review its cybersecurity standards to prevent ransomware from finding its way on networks. This form of malware always requires an access point and phishing scams are a prominent delivery vector, giving companies a tangible place to start for defending against ransomware attacks. Risk Levels*: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
Avantia Cyber Security to the Rescue: It’s critical that SME’s understand the importance of cybersecurity. Pinpoint Cyber Audits™ are an expansion of our White Glove Support that includes a 3rd Party holistic Cyber Security Audit incorporating the “Essential 8” mitigation strategies to evaluate our client’s Operational; Legal; Reputational & Recovery Risks with recommendations for remedies. Go to https://www.avantiacybersecurity.com/cyber-security-audit for more information.
THREAT FOCUS: Cheshire West County - UNITED KINGDOM*
Exploit: Accidental data exposure
Cheshire West: Local government organization
Risk to Small Business: 2.333 = Severe: Cheshire West inadvertently published the personal information of 50 foster caregivers on its website. The error was related to a government best practice standard requiring publication of all transactions over £500. Unfortunately, this oversight undermines a valuable social program, effectively punishing people who are doing important, selfless work.
Individual Risk: 2.428 = Severe: The published information included foster caregivers’ surnames and was made available online. In addition, information related to amounts paid for accommodation, mileage, and other expenses was shared. This data could be used by bad actors who are developing authentic-looking phishing campaigns or other scams, so those impacted by the breach should remain vigilant when assessing digital communications.
Customers Impacted: 50 Effect On Customers: While the error was quickly identified and corrected, the event illustrates a harsh reality: companies need to regularly revisit their data management standards and have provisions in place to protect sensitive information. These assessments should certainly include an overview of data management expectations, but they can extend to broader practices such as multi-factor authentication and Dark Web monitoring. Risk Levels*: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
Avantia Cyber Security & ID Agent to the Rescue: With AuthAnvil, you can protect your employees’ password integrity. We offer integrated multi-factor authentication, single sign-on, and identity management solutions to protect your credentials and your data. Find out more by phoning Avantia on +61 7 30109711
THREAT FOCUS: Alectra Utilities - CANADA*
https://www.cbc.ca/news/canada/hamilton/alectra-breach-1.5393106
Exploit: Unauthorized data access
Alectra Utilities: Electricity and utility distributor
Risk to Small Business: 1.666 = Severe: A data breach at Alectra Utilities compromised customers’ personally identifiable information. The data, which does not include financial information, was gleaned from customers’ water bills that were viewed by hackers. While the company notes that there is no evidence of data misuse, some of its third-party vendors may have had access to customer data without appropriate credentials, making this a near miss for what could have been a widespread data breach.
Individual Risk: 2.142 = Severe: Customers’ personal information, including names, addresses, water bill details were compromised in the breach. Alectra Utilities hasn’t identified instances of misuse, but it is encouraging all customers to scrutinize their accounts for unusual activity and ensure that their passwords are not being reused across other platforms.
Customers Impacted: Unknown Effect On Customers: Today’s businesses can’t afford to leave cybersecurity up to chance. The exposure at Alectra Utilities compromised sensitive data, and their lax cybersecurity standards could have made this incident much worse. Rather than waiting for a doomsday scenario to unfold, assess your cybersecurity vulnerabilities and take precautions to avoid a costly data loss event.
Avantia Cyber Security & ID Agent to the Rescue: We go into the Dark Web to keep you out of it. Dark Web ID is the leading Dark Web monitoring platform. The award-winning platform combines human and sophisticated Dark Web intelligence with search capabilities to identify, analyze and proactively monitor for an organization’s compromised or stolen employee and customer data. Schedule a demo today by phoning Avantia on +61 7 30109711
THREAT FOCUS: Prison Rehabilitative Industries & Diversified Enterprises - USA*
Exploit: Ransomware
Prison Rehabilitative Industries & Diversified Enterprises (PRIDE): Private, non-profit social services organization
Risk to Small Business: 2.111 = Severe: PRIDE was struck by a ransomware attack that crippled its website and brought its services offline. The attack, which first occurred on December 7th, continues to disrupt services nearly a week later. As a non-profit organization, PRIDE will have a difficult time procuring the resources to remove the malware, and the service outages are making it difficult or impossible to fulfill their mission and provide critical services to a client base in need.
Individual Risk: No personal data was compromised in the breach.
Customers Impacted: Unknown Effect On Customers: Ransomware attacks can feel ominous and inevitable. However, organizations can protect against these common, increasingly expensive malware attacks by ensuring that their IT infrastructure doesn’t provide a foothold for infiltration. For instance, securing employee accounts, guarding against phishing scams, and updating firewall protections can all ensure that ransomware doesn’t compromise your company’s mission or bottom line. Risk Levels*: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
Avantia Cyber Security to the Rescue: It’s critical that SME’s understand the importance of cybersecurity. Avantia Cyber Audits™ are an expansion of our White Glove Support that includes a 3rd Party holistic Cyber Security Audit incorporating the “Essential 8” mitigation strategies to evaluate our client’s Operational; Legal; Reputational & Recovery Risks with recommendations for remedies. Go to https://www.avantiacybersecurity.com/cyber-security-audit for more information.
POSTSCRIPT:
Third-Party Breaches Present a Serious Risk*
While everyone is well aware of the comprehensive threat landscape facing today’s companies, many forget that this threat is amplified when third-party partnerships are involved. As this week’s newsletter reminds us, these often necessary associations can place your company’s data at risk in a major way, and it’s a risk factor that every business should consider when exploring new collaborative opportunities. For instance, many vendors are so overwhelmed by data breaches that they struggle to bring their services back online, if they survive at all. In fact up to 60% of SME’s that suffer a successful cyber attack close their doors forever. Naturally, third-parties have a vested interest in pursuing what’s best for themselves, an inherent liability that every business should evaluate when making decisions. In today’s regulatory environment, organizations face intense scrutiny when a data breach occurs, even if it doesn’t originate at your company. That threat should give every company working with third parties a reason to carefully consider cybersecurity implications before signing the contract. To bring comfort to 3rd parties (your customers) businesses should consider an Independent Cyber security audit as plausable evidence of their cyber security status.
Too Many Employees Don’t Change Their Passwords*
Data breaches are a constant threat for any company, and a new survey by YouGov research found that many employees aren’t taking even the most basic steps to secure their accounts. According to the survey, which was specific to Ireland but likely represents a globally commonplace approach to password security, 39% of employees haven’t updated their passwords in more than a year. In part, the study found that convenience is a significant factor when determining standards, as many respondents expressed annoyances with security features like Captcha random image or one-time passcodes sent via text or email. However, with the number of compromised email accounts growing every day, strong password standards coupled with additional security features like two-factor authentication can significantly decrease the risk of a data breach. It’s an obvious and proactive step that everyone can take to protect their personal and professional data from falling into the wrong hands.
Disclaimer*: Avantia Corporate Services Pty Ltd T/A Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, and up to 56 other countries who provide cyber breach and cyber security information to us in real time. Given their international focus and experience in the cyberspace arena we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the contents accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.
*COPYRIGHT 2019 Avantia Corporate Services - All Rights Reserved.
(20,070,000)