Search
  • Avantia Threat Update

ONLINE FACEMASK SCAMS UP 400%

Updated: Apr 24


Criminal scum use COVID 19 Pandemic as golden business opportunity

This Past Week facemask scam escalates by phishing; Spyware tracker tracks users; Phishers target Health Care workers; Medical Imaging software outdated; ACSC Alert Bulletin; Cybercrime makes COVID-19 recovery more difficult; Unsecured databases give away millions of records; Resources you need to protect data during this challenging time and Major Breaches in SWITZERLAND; UNITED STATES; CANADA; GERMANY; ESTONIA & FRANCE.  


Dark Web ID Trends:

Top Source Hits: ID Theft Forums

Top Compromise Type: Domain

Top Industry: Media & Entertainment

Top Employee Count: 251 – 500

________________________________________________________________________


ONLINE FACE MASK SALES SCAMS ESCALATE CORONAVIRUS PHISHING ATTACKS.

British police are saying coronavirus-related fraud reports have spiked by 400 per cent over the past six weeks as the COVID-19 illness continues its inexorable march through humanity. Although absolute numbers of reports are low, perhaps kept that way because the public now knows Action Fraud is largely useless, the National Fraud Intelligence Bureau (NFIB) said there were a total of 200 reports of coronavirus scams made to them since 1 February. "The majority of reports are related to online shopping scams where people have ordered protective face masks, hand sanitiser, and other products, which have never arrived," said the NFIB in a statement. The police unit's chief, Superintendent Sanjay Andersen, added: "The majority of scams we are seeing relate to the online sale of protective items, and items that are in short supply across the country, due to the COVID-19 outbreak. We're advising people not to panic and to think about the purchase they are making. When you're online shopping it's important to do your research and look at reviews of the site you are buying from." This links into both private sector and public sector figures showing that coronavirus-related phishing messages are spreading like – well, like a global pandemic. Infosec biz Check Point said earlier this week it had seen an uptick in cybercrime forum activity, including criminals offering discounts to fellow crims for using coronavirus-themed bait in online scams and phishing attacks. Yaniv Balmas, the firm's head of cyber research, gloomily observed: "Furthermore, we are seeing hackers use the attention on COVID-19 to spread their harmful 'goods' in as many places as possible through COVID-19 specials and discounts on the dark net." Earlier this week the GCHQ-owned National Cyber Security Centre warned of "bogus emails with links claiming to have important updates, which once clicked on lead to devices being infected." Those scam emails included ones appearing to come from the US Centre for Disease Control and the World Health Organisation, offering paid-for access to a live map of nearby COVID-19 infection cases. Clicking the link in the email takes you to a credential-stealing webpage so cybercrooks can empty unwitting marks' bank accounts. Another common one doing the rounds, according to the police NFIB, is a variation on the old HM Revenue and Customs tax refund scam. These versions display the HMRC logo and feature bait text that looks reasonably convincing.


SPYWARE DISGUISED AS COVID-19 TRACKER APP KEEPS TRACK OF USERS:

Another malicious actor has weaponized an otherwise legitimate, interactive coronavirus tracking map created by Johns Hopkins University — this time to deliver Android spyware as part of a campaign that originates out of Libya and seemingly targets individuals within that country. The surveillanceware, known as SpyMax, comes packaged in a trojanized application named “corona live 1.1,” according to a blog post today from researchers at Lookout who discovered the scheme. It can access sensitive Android phone data and SMS messages, modify settings, provide a shell terminal, record audio, operate the camera and more. It can do all this because it first asks victims who downloaded the so-called virus tracker for a myriad of permissions. SpyMax is said to be in the same family as another piece of inexpensive commercially available surveillanceware called SpyNote, which carries similar functionality. Both programs contain a hard-coded address for C2 server communication. Earlier this month, cybersecurity researchers reported that the Johns Hopkins COVID-19 tracker was copied, weaponized and placed in malicious domains in a campaign to infect victims with a variant of the information-stealing AZORult malware. The real, safe version of the map is available.  The malicious corona live 1.1 app is part of a larger surveillanceware campaign that’s been operating since April 2019. This campaign has leveraged 30 unique APKs, all sharing the same infrastructure, Lookout reports. Only one other of these 30 apps, called Crona, shares a COVID-19 theme. Others claim to be media players or other types of apps. Three of the apps purport to be Libya Mobile Lookup, a service that enables users to find the customer name of a corresponding Libyan mobile number. “These trojanized apps belong to the SpyNote family and are the earliest samples ingested that communicate with the C2 infrastructure,” states the Lookout blog post, authored by security researcher Kristen del Rosso. “This indicates they were likely the first apps rolled out in this surveillance campaign, and offer insight into who the targeted demographic might be.” Furthermore, the malware’s C2 domain was found to previously resolve to various IP addresses operated by the ISP Libyan Telecom and Technology, suggesting a Libyan actor is targeting people within Libya. Lookout has found no evidence the campaign is state-sponsored, but cannot rule the possibility out either. “…[T]he commercialisation of ‘off-the-shelf’ spyware kits makes it fairly easy for these malicious actors to spin up these bespoke campaigns almost as quickly as a crisis like COVID-19 takes hold,” the blog post concludes. “That’s why, even in times of crisis, it’s important to avoid downloading apps from third-party app stores and clicking suspicious links for ‘informative’ sites or apps spread via SMS, especially from an unknown number.”


CRYPTOJACKING WEB MINING INFECTIONS DOWN 99% AFTER ‘COHIVE’ CLOSURE:

Cryptojacking, the theft of computing power to mine digital currency, has been around at least since 2013 – and has shrunk in use dramatically with the death of Monero-mining service Coinhive. Since Coinhive's closure last year, cryptojacking has been almost eliminated, according to a group of researchers from the University of Cincinnati in America, and Lakehead University in Canada, because online ads generate more revenue. Coinhive provided JavaScript code that websites could incorporate to make visitors' computers mine Monero, a cryptocurrency that happens to appeal to cybercriminals because it's difficult to trace. Though Coinhive's code was marketed as a monetization alternative to advertising, it was quickly abused – a mining script can When the service launched in September 2017, Monero could be exchanged for about $100 apiece. By early January, 2018, its price peaked at almost $500. On March 8, 2019, Coinhive shutdown because, the company said, the project was no longer economically viable. The price of Monero then was about $50 and today it's trading at around $35. In a paper distributed through ArXiv, "Is Cryptojacking Dead after Coinhive Shutdown?", presented earlier this month at the third International Conference on Information and Computer Technologies in Santa Clara, Calif., boffins Said Varlioglu, Murat Ozer, and Bilal Gonen (U. Cincinnati), and Mehmet F. Bastug (Lakehead U.) found that cryptojacking mostly vanished with the departure of Coinhive. The researchers used a cryptojacking detector known as CMTracker to look for cryptojacking code. They evaluated 2,770 websites, manually and automatically, that had been flagged by CMTracker before the Coinhive shutdown. And 99 per cent of them no longer run cryptojacking code. The remaining 1 per cent still do, using eight distinct mining scripts. These scripts were subsequently spotted on 632 websites in the wild. That's a significant decrease from 2017 when Coinhive code alone could be found on more than 30,000 websites. The researchers point to a 2019 research paper, "Truth in Web Mining: Measuring the Profitability and the Imposed Overheads of Cryptojacking," that found ads are 5.5x more profitable than web-based cryptocurrency mining and that mining-focused websites need to keep a visitor's mining tab open for at least 5.53 minutes to generate more revenue than online ads. That's based on a website with three ad slots priced at $1 per thousand impressions that receives 100,000 visitors a month. That same paper also noted the consequences of cryptojacking to victims: increasing device temperature by up to 52.8 per cent, decreasing performance by up to 57 per cent, and multiplying CPU usage up to 1.7x, all of which show up in the victim's electricity bill. Among those still carrying out cryptojacking operations, modern web technology like WebSockets, WebWorkers and WebAssembly commonly play a role. The researchers from U. Cincinnati and Lakehead U. observe that miscreants tend to place their code on free movie websites because victims will remain there on the same page for a long time. "It is still alive but not as appealing as it was before," the researchers explain in their paper. "It became less attractive not only because Coinhive discontinued their service, but also because it became a less lucrative source of income for website owners. For most of the websites, ads are still more profitable than mining." 


HEALTH WORKERS ARE TOP OF PHISHER’S TARGET LIST THANKS TO DATA VALUE

Nurses are among the groups most heavily targeted by email scammers because of the value of the data they can access, according to email security biz Proofpoint's Adenike Cosgrove. Cosgrove, an infosec strategist for Proofpoint, said told that not only are nurses and other frontline healthcare professionals at the top of phishing target lists, but that a healthcare worker asked her for advice on security best practice – rather than her own organisation's security team. Explaining how the worker had watched a video of a public talk she had given about infosec, Cosgrove says: "This lady personally had to call all of the patients affected by [a previous] incident. First time she'd ever engaged with security in any way. She reached out to me and said, 'We've got an annual meeting of our key clinicians across the country, meeting in London; we'd really appreciate it if you could speak to our nurses, doctors, dentists and all sorts, about cybersecurity." With today seeing the UK's GCHQ unit NCSC issue fresh warnings over phishers using the current coronavirus situation as fresh bait to lure targets into opening malware-laden email attachments, Cosgrove's description of this incident ought to have corporate infosec teams paying more attention to how approachable they are to their own colleagues. Making the point, Cosgrove says: "She didn't feel she could reach out to her security team and ask someone internally to deliver this presentation, and identify someone that was speaking in a language she could understand." Proofpoint, says Cosgrove, found that "for hospitals and for surgeries, nurses and A&E and all of that, nurses are the most targeted roles. Why? Again, they have access to all of the data. The first people you see in a hospital is a nurse. They're looking at your records, updating your records. They're then directing you where you need to go within the hospital." Proofpoint itself, an email security firm, has published research into phishing and some of its findings were rather topical. Cosgrove described one such incident: "One interesting threat that we've seen is criminals pretending to be a hospital in Nashville, Tennessee. There's an Excel document within the email, which says 'Here are your HIV results; open the Excel document to view the results'." She added: The vast majority of people who do blood tests on a regular basis are going "oh my god, I need my results". They download the spreadsheet, enable macros, etc. The user doesn't know they've compromised themselves; their organisation doesn't know they've downloaded a remote access trojan; they're not doing anything that's going to trigger any alerts just yet. It's quietly monitoring all the credentials of the user. When the criminals steal those creds, they now have legitimate access to that person's webmail, enabling internal phishing from a real email address. It's not just healthcare people either, Cosgrove told us: "Criminals are targeting HR professionals too. Their job is to open those emails, open those Word documents. Their job is to enable the macros so they can read the CVs!" Linking this with the earlier example of the healthcare organisation whose staffers didn’t feel they could talk to their own IT security team, she says: "We blanket-train people into saying don't enable macros, don't open Word documents, yet HR professionals get emails they're not expecting every single day. Their job is to open them! So now you're telling me that I shouldn't do my job? This is why security loses credibility with the business." "As a profession," she enthused, "we could get closer to the end user. We need to speak their language. We need to understand how they work. And we need to help them do their jobs securely. Again, telling HR not to open Word documents? That's pointless advice. But telling HR 'Hey, we've developed tech to ‘sandbox’ attachments so you can safely open that email', that's more realistic." . Keep your teams alert and your co-workers in the loop.


MOST MEDICAL IMAGING DEVICES RUN OUTDATED OPERATING SYSTEMS

You’d think that Mammography machines, Radiology systems, and Ultrasounds would maintain the strictest possible security hygiene. But new research shows that a whopping 83 percent of medical imaging devices run on operating systems that are so old they no longer receive any software updates at all. That issue is endemic to internet of things devices generally, many of which aren't designed to receive software improvements or offer only a complicated path to doing so. But medical devices are an especially troubling category for the issue to show up in, especially when the number of devices with outdated operating systems is up 56 percent since 2018. You can attribute most of that increase to Microsoft ending support for Windows 7 in January. As new vulnerabilities are found in the operating system, any device still running it won't get patches for them. The findings don't necessarily mean that 83 percent of medical imaging devices are in immediate danger of attack. It's possible to manage the risk by making sure vulnerable devices aren't exposed to the open internet, are protected behind a firewall, and are in a contained part of a network that can be monitored for unusual activity and access. But those measures take planning, and with so many medical imaging devices lurking in health care organizations around the world—and so many exposed by old operating systems—the chances are high that not all are adequately protected. "Windows 7 has been a stable operating system for a lot of people for a long time and that’s what folks look for when they’re building an IoT device," says Ryan Olson, vice president of threat intelligence at the enterprise security firm Palo Alto Networks, which produced the research. "It’s just that, eventually, operating systems go out of support. Windows 7 has been out in the market for a long time and people have known this was coming for a while, but updating IoT devices in general, including medical IoT devices, is challenging for a lot of organizations." Researchers at Palo Alto Networks found indications that health care providers are increasing aware of the need to separate medical devices from other computers on health care networks—a promising trend. They found that only 12 percent of hospitals maintained a significant number of sub-networks to separate devices in 2017, but that 44 percent were doing it in 2019. Olson emphasizes, though, that this still means a majority of hospitals, not to mention other types of health care facilities, have yet to take the step. Without it, attackers with a foothold into a health care network could access medical imaging devices with unpatched operating system bugs and exploit them to bore deeper into the system. Even if the malware isn't targeting medical devices in particular, operating system vulnerabilities still put devices at risk for infection by any indiscriminate worm that infects all manner of networked computers. Beyond the protective measures that health care providers can take, device manufacturers themselves should take steps to mitigate the potential damage. Some may design their products to run securely even when an operating system loses support, but given the track record of Internet of Things security overall and medical device security in particular, it's unlikely that many or even most manufacturers have been building their devices with a specific defense plan. And there’s a more basic issue at play, too, says Beau Woods, a cybersafety innovation fellow at the nonprofit Atlantic Council. Even when their operating systems are current and fully supported, many medical devices are not even receiving the available updates they could be getting. Retired operating systems only compound the problem. "The incremental risk is there," Woods says. "What the sunsetted operating systems mean, though, is if there were some type of an emergency and medical device makers had to issue a patch and hospitals had to apply the patch there’s an even less clear and clean pathway to patching."Products that are already in use are virtually impossible to retrofit with better update mechanisms, but health care providers can make updatability a major priority in procurement to push manufacturers toward more flexible designs. In the meantime, they need to take stock of the aging infrastructure in their midst.


ACSC THREAT UPDATE: COVID 19 MALICIOUS CYBER ACTIVITY

This update is designed to raise awareness of increasing COVID-19 themed malicious cyber activity, and provide practical cyber security advice that organisations and individuals can follow to reduce the risk of being impacted.  Malicious cyber actors are actively targeting individuals and Australian organisations with COVID-19 related scams and phishing emails. These incidents are likely to increase in frequency and severity over the coming weeks and months. This is due, in part, to the ease in which existing scam emails and texts can be modified with a COVID-19 theme. 

Opportunistic malicious actors are exploiting people’s concerns and desire for information about the COVID-19 pandemic by directing them towards websites designed to either install malicious software or steal personal information. In the last few weeks, the Australian Cyber Security Centre (ACSC) has observed thousands of COVID-19-related websites being registered. While the majority of these websites are legitimate, many are being created by malicious cyber actors seeking to exploit Australians during this difficult time. The malicious COVID-19 websites are designed to look legitimate or impersonate well-known organisations, making it difficult for individuals to detect. Cybercriminals use them to install computer viruses onto people’s devices, such as banking Trojans or different variants of ransomware, in order to generate profit. In other cases, they seek to harvest user credentials, such as personal identification, passwords and bank details, which are then used to gain access to the user’s networks, devices or online financial accounts.   The ACSC, with assistance from our law enforcement and industry partners, is engaged in efforts to disrupt or prevent these malicious COVID-19 themed cyber activities. Ongoing analysis of COVID-19 scams and phishing emails indicates the majority of them are quite sophisticated, often impersonating trusted entities such as the Australian Government. The methods used are constantly evolving, with malicious actors regularly adapting their tradecraft to circumvent attempts to stop them. Those engaged in cybercrime activity are not constrained by geographic borders and their actions can have far-reaching consequences. The ACSC is aware of reports that malicious actors based in Eastern and Western Europe, Asia and Africa have been responsible for launching COVID-19 themed malicious cyber activity, including against Australians. 

The ACSC strongly encourages organisations and individuals to remain vigilant against the threat of COVID-19 themed scams, phishing emails and malicious websites.   Since early March 2020, there has been a significant increase in COVID-19 themed malicious cyber activity across Australia. The Australian Competition and Consumer Commission’s Scamwatch has received more than 100 reports of scams about COVID-19 in the last three months, and the volumes continue to rise. Between 10 and 26 March, the ACSC has received over 45 cybercrime and cyber security incident reports from individuals and businesses, all related to COVID-19 themed scam and phishing activity. The true extent of this malicious activity is likely to be much higher, as these numbers only represent those cases reported to the ACSC and ACCC.  Malicious cyber actors are spreading phishing emails that pretend to be from reputable organisations, seeking to deceive recipients into visiting websites that host computer viruses or malware designed to steal their personal information. To increase the appearance of legitimacy, these phishing emails are sent from addresses that closely resemble the official organisations or entities, often adopting the official message format and including well-known branding and logos. 



Avantia Corporate Services is a Registered Partner with the Australian Cyber Securities Centers (A div. of the Australian Signals Directorate).



THREAT FOCUS: World Health Organization - SWITZERLAND

https://www.beckershospitalreview.com/cybersecurity/phishing-email-impersonating-who-chief-begins-to-circulate.html


Exploit: Phishing scam

World Health Organization: United Nations agency responsible for international public health  

Risk to Small Business: 1.888= Severe Hospital workers are receiving an email purportedly from Dr. Tedros Adhanom Ghebreyesus, director of the World Health Organization (WHO). The email contains a personalized message using the recipients’ valid username and an innocuous-looking attachment. Unfortunately, it’s a phishing attack –  when the attachment is opened, it installs malware capable of stealing credentials from the computer. According to cybersecurity researchers, the messages specifically prey on the altruism of recipients, by purporting to include information about novel, preventative drugs and COVD-19 cures.

Individual Risk: 2.571 = Moderate At this time, there are no reports of recipients falling for this scam. However, anyone who does click on the attachment has likely allowed malware to compromise their credentials. In that case, they should immediately take steps to remove the malware, reset account passwords, and notify their employers of the incident.   Customers Impacted: Unknown

Effect On Customers: In 2020, clever spear phishing emails are par for the course when it comes to anticipated attack vectors, and the bad guys are making them look more authentic all the time. Rather than allowing employees to fall for these scams, possibly compromising company and customer data along the way, keep them alert for trouble by providing regular phishing scam awareness training that accounts for the latest trends and encompasses all of the possible vulnerabilities.

Risk Levels: 1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

As we finished compiling this weeks THREAT ALERT, we learned that even more cyberattacks have been mounted against WHO during this crisis, easily double the usual number. A group of hackers known as DarkHotel is suspected in one of the most major recent live attacks. More than 2000 Corona-virus themed websites are being created each day as cybercriminals rush to take advantage of the opportunity to breach data and steal passwords that is presented to them by the chaos of this pandemic. Stay alert to what they’re up to by reading our weekly bulletin.


Avantia Cyber Security & Huntsman Digital Auditor to the Rescue: Helping SME’s to understand the importance of security is no easy task. With an ‘Essential8’ Digital Security Audit we offer a remote access, independent ‘real time’ audit of our clients critical operational infrastructure systems to determine where the gaps are with recommendations for remediation.

Its the first step to real cyber security. Call Avantia’s office on 07 30109711 or visit: https://www.avantiacybersecurity.com/cyber-security-audit

THREAT FOCUS: Open Exchange Rates - UNITED STATES

https://www.bleepingcomputer.com/news/security/open-exchange-rates-data-breach-affects-users-of-well-known-orgs/


Exploit: Unauthorized database access

Open Exchange Rates: Currency data provider

Risk to Small Business: 1.777= Severe While investigating a network misconfiguration, Open Exchange Rates discovered that an unauthorized user was accessing their network. Ultimately, it was determined that the hacker had been accessing their database for nearly a month, beginning on February 9, 2020, and ending on March 2, 2020. The company believes that hackers extracted sensitive user information. In response, Open Exchange Rates has disabled the passwords for all accounts created before March 2, 2020.

Individual Risk: 2.285= Severe A copious amount of personal data was compromised in the attack, including user names, addresses, encrypted and hashed passwords, IP addresses, country of residence details, and website addresses. In addition to resetting their account passwords and updating their credentials on any other website using the same information, Open Exchange Rates is warning customers that this information can be used to execute targeted spear phishing attacks. Therefore, those impacted by the breach should carefully monitor their online accounts for suspicious activity.

Customers Impacted: Unknown

Effect On Customers: Although it’s a relatively small operation, Open Exchange Rates provides an API that is used by several prominent financial service providers. As a result, the costs of repairing this breach will be compounded by reputational damage that could impact its relationship with these critical partners.

Risk Levels: 1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Avantia Cyber Security & ID Agent to the Rescue: BullPhish ID simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime. Find Out More by calling 07 3010 9711 (Office Hours)

THREAT FOCUS: TrueFire Music - UNITED STATES

https://www.infosecurity-magazine.com/news/guitar-tuition-website-suffers/


Exploit: Malware attack

TrueFire: Online music school

Risk to Small Business: 1.555= Severe On January 10th, TrueFire identified unauthorized access to its database by a mysterious user who was active for more than six months. It’s unclear why the company waited until March to disclose the incident to its customers. The breach compromised users who made online purchases between August 3, 2019, and January 14, 2020. Although the company didn’t explicitly categorize the breach, payment skimming malware is likely responsible for the theft, which included users’ personal and financial data from their online purchases of classes and services.      

Individual Risk: 2.571= Severe The breach compromised customers’ personal and financial data, including names, addresses, payment card numbers, card expiration dates, and security codes. TrueFire is encouraging victims to monitor their financial statements for unusual activity, but they should do much more. Those impacted by the breach should immediately notify their financial institutions of the incident, and they should strongly consider enrolling in a credit and identity monitoring service to provide long-term oversight of this critical information.  

Customers Impacted: Unknown Effect On Customers: Customers increasingly prefer shopping online rather than going to physical stores. Especially now, as the COVID-19 pandemic forces people to stay home, online stores are a vital lifeline for SMBs to continue generating revenue while people stay off the streets. Therefore, protecting the checkout process must be a top priority, as many customers will be gone for good if their personal or financial data is compromised through mishandled data on the merchant’s end when they make online purchases.

Risk Levels:

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & Huntsman Digital Auditor to the Rescue: Helping SME’s to understand the importance of security is no easy task. With an ‘Essential8’ Digital Security Audit we offer a remote access, independent ‘real time’ audit of our clients critical operational infrastructure systems to determine where the gaps are with recommendations for remediation.

Its the first step to real cyber security. Call Avantia’s office on 07 30109711 or visit: https://www.avantiacybersecurity.com/cyber-security-audit


THREAT FOCUS: College of Dupage  - UNITED STATES

https://www.infosecurity-magazine.com/news/illinois-college-suffers-data/


Exploit: Accidental data exposure 

College of Dupage: Academic institution 

Risk to Small Business: 1.555= Severe The College of Dupage accidentally exposed the 2018 W-2 forms of current and former employees. In a statement, the school identified the risk of data misuse as low. In reality, even one cybercriminal misusing this information could pose significant consequences for a potential victim. The breach occurred as the College of Dupage is preparing to move its services online due to the spread of COVID-19, forcing the cancellation of in-person classes – a  timely reminder that in uncertain times information security will still be top-of-mind for end-users, whether they are consumers, staffers, patients, or students. 

Individual Risk: 2.142= Severe W-2 forms contain personally identifiable information, including names, addresses, and Social Security numbers. College of Dupage is offering free identity monitoring services to those impacted by the breach, and victims should take advantage of it to ensure that their information remains secure both now and in the future.  

Customers Impacted: 1,775

Effect On Customers: In response to the incident, the College of Dupage is updating its data management standards to prevent a similar incident from occurring in the future. Unfortunately, these updated protocols will not undo the damage for the nearly 2,000 victims of this data breach. Rather than waiting until a cybersecurity incident occurs, companies should prioritize a reevaluation of their practices to ensure that customer and company data is secure before a breach occurs.

Risk Levels:

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & Huntsman Digital Auditor to the Rescue: Helping SME’s to understand the importance of security is no easy task. With an ‘Essential8’ Digital Security Audit we offer a remote access, independent ‘real time’ audit of our clients critical operational infrastructure systems to determine where the gaps are with recommendations for remediation.

Its the first step to real cyber security. Call Avantia’s office on 07 30109711 or visit: https://www.avantiacybersecurity.com/cyber-security-audit

THREAT FOCUS: Rogers Communications - CANADA

https://www.bleepingcomputer.com/news/security/rogers-data-breach-exposed-customer-info-in-unsecured-database/?&web_view=true


Exploit: Unsecured database 

Rogers Communications: Internet service provider

Risk to Small Business: 2.111= Severe A third-party vendor left an unprotected database exposed to the internet compromising customers’ personal information. The breach was discovered on February 26th, and it’s unclear why it took the company nearly a month to make a public statement about the incident. Although the company acted quickly to secure the data, its reactive measures will not undo the damage to victims, nor will it mitigate the reputational damage that will inevitably follow the breach.

Individual Risk: 2.142= Severe The exposed data includes customer addresses, account numbers, email addresses, and telephone numbers. Fortunately, financial information was not included in the breach. To support the victims, Rogers Communications is offering a free year of credit monitoring. In addition, those impacted by the breach are being should closely monitor their accounts for targeted phishing scams that could compromise additional data. 

Customers Impacted: Unknown

Effect On Customers: There are many ways that bad actors gain access to company IT. Whether they exploit a third-party vulnerability or acquire credentials in a phishing scam, every organization needs to be prepared to restrict access to critical account access. With simple security steps, like requiring strong, unique passwords and two-factor authentication across all accounts, you can keep cybercriminals away from user and employee information.   

Risk Levels:

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Avantia Cyber Security & ID Agent to the Rescue: With AuthAnvil, user credentials and passwords are protected. We offer integrated multi-factor authentication, single sign-on, and identity management solutions to protect your systems and your data. Find out more by phoning 07 3010 9711 (Office Hours).

THREAT FOCUS: Germany – Takeaway Food Delivery - GERMANY

https://www.bleepingcomputer.com/news/security/food-delivery-service-in-germany-under-ddos-attack/?&web_view=true


Exploit: DDoS attack 

Takeaway: Food delivery service 

Risk to Small Business: = 1.888 Severe As the spread of COVID-19 forces many restaurants to close or alter their offerings, Takeaway, a food delivery service that’s uniquely well-suited to assist during these times, experienced a DDoS attack that forced its website offline. Cybercriminals demanded a ransom payment of $11,000 in Bitcoin to stop the attacks to restore services. Some customers took to the internet to complain about slow website activity, and the service had to provide refunds for orders placed online that couldn’t be fulfilled due to the attack. 

Individual Risk: At this time, no personal information was compromised in the breach.  

Customers Impacted: Unknown

Effect On Customers: Cybercriminals often strive to take advantage of a crisis. As COVID-19 makes home delivery an especially prescient product, it’s unsurprising that bad actors would exploit the crisis in an attempt to make a profit. It’s clear that the COVID-19 pandemic will have long-lasting implications for businesses, but that can’t deter organizations to continue being proactive about protecting their critical data and digital platforms.

Risk Levels:

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the RescueWith BullPhish ID, we can provide a more complete picture of a company’s security posture and potential risk, transforming the weakest links of an organization into their strongest points of protection. Find out how you can get started with us by phoning 07 3010 9711

THREAT FOCUS: Blisk Web Brouser - ESTONIA

https://www.zdnet.com/article/browser-vendor-leaks-data-via-open-server/


Exploit: Unprotected database

Blisk: Web browser vendor

Risk to Small Business: 2.111 = Severe Blisk developers carelessly left a database exposed to the internet without a password. The database contained personal information for developers with registered Blisk profiles. This is the company’s second accidental data breach in a short time, which could undermine its credibility with the tech-savvy community that frequents its platform. Moreover, the incident could harm the browser’s adoption. Currently, it’s used by some of the most notable companies in tech, but those relationships can quickly change after repeated cybersecurity failures.    

Individual Risk: 2.285= Severe The breach impacts developers using Blisk services and includes email addresses and user-agent strings. While personal or financial information wasn’t included in the breach, the available information could be used by hackers to create specialized malware using their user-agent strings.   

Customers Impacted: Unknown.

Effect On Customers: In today’s regulatory environment, leaving a database unprotected is a foolish and costly mistake, often compromising thousands of records without any help from hackers – and it’s completely avoidable. To avoid hefty regulatory fines, less-quantifiable reputational damage, and burdensome recovery costs, every organization needs to develop workflow best practices that ensure that systems are password protected. It’s a simple step with outsized implications. 

Risk Levels:

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & Huntsman Digital Auditor to the Rescue: Helping SME’s to understand the importance of security is no easy task. With an ‘Essential8’ Digital Security Audit we offer a remote access, independent ‘real time’ audit of our clients critical operational infrastructure systems to determine where the gaps are with recommendations for remediation.

Its the first step to real cyber security. Call Avantia’s office on 07 30109711 or visit: https://www.avantiacybersecurity.com/cyber-security-audit

THREAT FOCUS: Marseille Municipality - FRANCE 

https://securityaffairs.co/wordpress/99658/malware/marseille-city-massive-attack.html


Exploit: Ransomware

Marseille: Local municipality   

Risk to Small Business: 2.111= Severe On March 15, a ransomware attack crippled more than 300 computers and left significant swathes of data inaccessible. In addition to the usual implications of a ransomware attack, this incident is particularly problematic because it took place just before a local election and as the government is orchestrating its response to the COVID-19 pandemic. What’s more, even though the government is able to restore systems from backups rather than paying the ransom, this attack will still be incredibly costly as the recovery and restoration expenses will quickly add up to a significant sum.

Individual Risk: At this time, no personal data was compromised in the breach. 

Customers Impacted: Unknown

Effect On Customers: How it Could Affect Your Customers’ Business: Ransomware attacks are uniquely disruptive costing companies time, resources, and money.  They’re especially problematic when business is disrupted by an emergency. What’s more, the opportunity cost and reputational damage are difficult to overcome, making the cost of a robust defensive posture look like a relative bargain.  Using smart practices, companies can protect their data in a quickly-shifting threat environment.   

Risk Levels:

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: With AuthAnvil, user credentials and passwords are protected. We offer integrated multi-factor authentication, single sign-on, and identity management solutions to protect your systems and your data. Find out more by phoning 07 3010 9711 (Office Hours).

______________________________________________________________________________

POSTSCRIPT.


Canadian Healthcare System Inundated by Cyberattacks  

The stress created by an emergency like the Coronavirus pandemic is a golden opportunity for hackers. As the Canadian healthcare system grapples with surging treatment demands related to COVID-19, their IT systems are also grappling with a significant uptick in cyberattacks from bad actors trying to steal data and breach systems at healthcare organizations in a critical time.   The threat is so severe that some organizations have called on the government to enact national cybersecurity standards and provide emergency funding to help defend patient data. We’ve reported on several Canadian health institutions impacted by data breaches this year, and in 2019, nearly half of all Canadian data breaches were healthcare-related. According to several officials, many Canadian healthcare providers are midway through their cybersecurity upgrade roadmaps. Their slow progress means that many of their defenses are outdated and inadequate to meet today’s quickly evolving threats to data and systems. Don’t wait for your organization’s Doomsday scenario to unfold. Get support now to prevent phishing scams, malware, and other cyber threats from compromising company data. Partnering with cybersecurity experts can help you get your defenses against cyberattacks up to speed faster before a breach occurs.


How to Avoid Data Breaches While Working From Home

The COVID-19 pandemic has reshaped the way we work practically overnight, as many people are working from home for the foreseeable future. Unfortunately, bad actors are taking advantage of these circumstances by increasing phishing attacks targeting home workers. Taking action now to secure your data and keep your staff alert about threats is the best way to protect your company’s data and systems from opportunistic cybercriminals.    According to a recent assessment, Italy saw a sharp spike in phishing scams as workers quickly shifted from in-office work to home-based arrangements. Around the globe, more than 40% of all workers are currently working from home, a significant jump even in just the past week. In addition to phishing scams, cybersecurity researchers identified a spike in malicious remote access attempts.  Cybercriminals are taking advantage of the jump in employees teleworking to mask their activity and gain access to company data. The US Department of Homeland Security recommends that organizations remain vigilant about equipping employees to identify phishing scams and that they enable two-factor authentication to protect accounts from unauthorized access. 

At Avantia Cyber Security and 0n behalf of all our Cyber Partners, we recognize that this is a uniquely challenging time for your organization and your employees. To address your data security concerns in these quickly changing times, we’ve compiled several resources to help your data stay safe. (See Our Cyber Partners) If we can be of service, don’t hesitate to reach out. Throughout this crisis, we are committed to keeping your company and customer information secure. 


______________________________________________________________________________


Disclaimer*:

Avantia Corporate Services Pty Ltd T/A Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, and up to 56 other countries who provide cyber breach and cyber security information to us in real time. Given their international focus and experience in the cyberspace arena we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the contents accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.

*COPYRIGHT 2020* Avantia Corporate Services - All Rights Reserved.

32,100

Subscribe below to receive our weekly Threat Updates straight to your inbox.

Call (07) 3010 9711 

info@avantiacorp.com.au

 

Avantia Corporate Services Pty Ltd,                    Level 7, 320 Adelaide Street

Brisbane, Queensland 4000

AUSTRALIA.

  • LinkedIn Social Icon
  • Facebook Social Icon

DISCLAIMER*: Avantia Corporate Services Pty Ltd and Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, and up to 56 other countries who provide cyber breach and cybersecurity information to us in real-time. Given their international focus and experience in the cyberspace arena, we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the content's accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.

*COPYRIGHT 2020* Avantia Corporate Services  PTY LTD - All Rights Reserved.

© 2020 by Avantia CORPORATE SERVICES . All Rights Reserved.