top of page
  • Avantia Threat Update


This past week, Facebook & Google Credentials (Username/Passwords) stolen using Google Translate for cover; ‘Go Daddy’, the world’s largest domain name registrar gets hijacked, employees snoop on taxpayers in Canada, web hosting services in Australia come under attack, and a New Zealand cryptocurrency exchange continues to get hacked.*

This Past Week’s Top Dark Web Compromises*:

Top Source Hits: ID Theft Forums (99%) Top Compromise Type: Domains Top Industry: Legal Top Employee Count: 11 - 50 Employees (53%)

This Past Week’s Top Targeted Industries*:

Software Hits: 222 | Targets: Google, Houzz, Visma, GitHub, Twitter

Information Technology Hits: 153 | Targets: Google, Sony Corp, Twitter, LinkedIn, Facebook

Social network Hits: 122 | Targets: Google, Twitter, Facebook, LinkedIn, Tumblr

Bar and Restaurant Hits: 100 | Targets: Huddle House, Chipotle Mexican Grill

Transportation Hits: 55 | Targets: Airbus, British Airways, Uber, Cathay Pacific, FedEx

This Past Week’s Top Threat Actors*:

Inj3ct0r Team Hits: 55 | Targets: WordPress, Joomla, Twitter, Apache HTTP Server, SCADA and ICS Products and Technologies

Hezbollah Hits: 21 | Targets: Israel, Syria, Iran, Lebanon, United States

Communications Security Establishment Hits: 11 | Targets: Canada, Richard Mosley, Canadian Security Intelligence Service, National Research Council of Canada, CBC

Ministry of State Security (China) Hits: 6 | Targets: HP, United States, Australia, Marriott International, IBM Corporation

APT28 Fancy Bear Hits: 5 | Targets: Democratic National Committee, Democratic National Convention, United States, Germany, United States Senate

This Past Week’s Top Malware Compromises*:

Shellbot Hits: 82 | Targets: Linux Servers, Linux, Android, Monero, Microsoft Windows

SpeakUp Hits: 53 | Targets: Linux, Mac OS, Linux Servers, Python, Linux & Mac

ExileRAT Hits: 46 | Targets: Tibet Autonomous Region, Microsoft Office Powerpoint

AZORult Hits: 26 | Targets: Dark Web, Cryptocurrency, Adobe Flash Player, Microsoft Internet Explorer, Magento

Infostealer Hits: 15 | Targets: Google, Russia, Mozilla Firefox, Microsoft Windows, Google Chrome


In Other News:

Phishing using Google Translate as cover disgorges Google and Facebook Credentials to Criminals*.

Recently-discovered phishing emails scoop up victims’ Facebook and Google credentials (Username & Password) and hides its malicious landing page via a novel method – Google Translate. The phishing campaign uses a two-stage attack to target both Google and Facebook usernames and passwords, according to researchers at who posted an analysis this past week. In a tricky twist of events, the scam also evades detection through burying its landing page in a Google Translate page – meaning that victims sees a legitimate Google domain and are more likely to input their credentials (Username & Password). When it comes to phishing, criminals put a lot of effort into making their attacks look legitimate, while putting pressure on their victims to take action. This attack is interesting as it uses Google Translate, and targets multiple accounts in one go. A researcher said that he first noticed the attack on Jan. 7 when an email notification on his phone informed him that his Google account had been accessed from a new Windows device. The message, titled “Security Alert,” features an image branded with Google that says “A user has just signed in to your Google Account from a new Windows device. We are sending you this email to verify that it is you.” Then, there’s a “Consult the activity” button below the message. Upon closer look at the email, the researcher found that the “security alert” was sent from a suspicious email address, That triggered two suspicions: Firstly, the email is from a Hotmail account, raising red flags – but also, the entire address had nothing to do with Google, instead referencing Facebook. Taking advantage of known brand names is a common phishing trick, and it usually works if the victim isn’t aware or paying attention. Criminals conducting phishing attacks want to throw people off their game, so they’ll use fear, curiosity, or even false authority in order to make the victim take an action first, and question the situation later. When clicking on the “Consult the activity” button, the researcher was brought to a landing page that appeared to be a Google domain, prompting him to sign into his Google account. However, one thing stuck out about the landing page – it was loading the malicious domain via Google Translate, Google’s service to help users translate webpages from one language to another. Using Google Translate helps the Cyber Criminal hide any malicious attempts through several ways: Most importantly, the victim sees a legitimate Google domain which “in some cases… will help the criminal bypass endpoint defences,” said the researcher. Using Google Translate also means the URL bar is filled with random text. Upon further inspection of that text, victims could see the real, malicious domain, “mediacity,” being translated. Luckily, “while this method of obfuscation might enjoy some success on mobile devices (the landing page is a near-perfect clone of Google’s older login portal), it fails completely when viewed from a computer,” said the . For those who fail to notice red flags regarding the landing page, their credentials (username and password) are collected – as well as other information including IP address and browser type – and emailed to the attacker. “We are aware of the phishing attempts and have blocked all sites in question, on multiple levels,” a Google spokesperson said.

However, the attack didn’t stop there. The attacker then attempts to hit victims twice, by forwarding them to a different landing page that purports to be Facebook’s mobile login portal as part of the attack. These type of two-stage attacks appear to be on the rise as Cyber Criminals look to take advantage of victims who already fell for the first part of the scam. Like the Google page, this Facebook landing page has some red flags. It uses an older version of the Facebook mobile login form, for instance. This suggests that the kit is old, and likely part of a widely circulated collection of kits commonly sold or traded on various underground forums. Despite these mistakes, the two stages of the phishing attack suggest a certain level of sophistication on the part of the attacker. Phishing attacks have continued to grow over the past year – and this particular scam is only one example of how Cyber Criminals behind the scams are updating their methods to become trickier. According to a recent report - “State of the Phish,” 83 percent of respondents experienced phishing attacks in 2018 – up 5 percent from 2017. That may not come as a surprise, as in the last year phishing has led to several massive hacks – whether its hacking Spotify users accounts or large data breaches from major organisations effecting millions of users. Other methods of phishing have increased as well. Up to 49 percent of respondents said they have experienced “voice phishing” (when bad actors use social engineering over the phone to gain access to personal data) or “SMS/text phishing” tactics (when social engineering is used via texts to collect personal data) in 2018. That’s up from the 45 percent of those who experienced these methods in 2017.

Go Daddy gets hijacked in a major breach*:

Godaddy the world’s largest domain name registrar, recently addressed an authentication weakness that cybercriminals were using to blast out spam through legitimate, dormant domains. Several more recent malware spam campaigns suggest GoDaddy’s fix hasn’t gone far enough, and that scammers likely still have a sizable arsenal of hijacked GoDaddy domains at their disposal. Published research shows that Cyber Criminals were behind a series of massive sextortion and bomb threat spam campaigns throughout 2018 — an adversary that’s been dubbed “Spammy Bear” — achieved an unusual amount of inbox delivery by exploiting a weakness at GoDaddy which allowed anyone to add a domain to their GoDaddy account without validating that they actually owned the domain. Spammy Bear targeted dormant but otherwise legitimate domains that had one thing in common: They all at one time used GoDaddy’s hosted Domain Name System Service (DNS). Researchers discovered that Spammy Bear was able to hijack thousands of these dormant domains for spam simply by registering free accounts at GoDaddy and telling the company’s automated DNS service to allow the sending of email with those domains from an Internet address controlled by the spammers. GoDaddy said it had put in place a fix for the problem, and had scrubbed more than 4,000 domain names used in the spam campaigns that were identified in the January 22nd story. But on or around February 1, a new spam campaign that leveraged similarly hijacked domains at GoDaddy began distributing Gand Crab, a potent strain of ransomware. The Gand Crab campaign used a variety of lures, including fake DHL shipping notices and phony AT&T e-fax alerts. The domains documented all had their DNS records altered between Jan. 31 and Feb. 1 to allow the sending of email from Internet addresses tied to domains identified in the January alert. my “What makes these malware laden emails much more likely to be delivered is the fact that the sending domains all have a good reputation,” MyOnlineSecurity observed. “There are dozens, if not hundreds of domains involved in this particular campaign. Almost all the domains have been registered for many years, some for more than 10 years.” In a statement, GoDaddy said the company was confident the steps it took to address the problem were working as intended, and that GoDaddy had simply overlooked the domains abused in the recent GandCrab spam campaign. “The domains used in the Gand Crab campaign were modified before then, but we missed them in our initial sweep,” a GoDaddy spokesperson said. “While we are otherwise confident of the mitigation steps we took to prevent the dangling DNS issue, we are working to identify any other domains that need to be fixed. “We do not believe it is possible for a person to hijack the DNS of one or more domains using the same tactics as used in the Spammy Bear and Gand Crab campaigns,” they continued. “However, we are assessing if there are other methods that may be used to achieve the same results, and we continue our normal monitoring for account takeover. In January 2018, a PayPal phishing scam was posted in Twitter as a promoted tweet targeting users’ financial data through a lucky draw scam. The scam said, to be in with a chance of winning, you must log in to your accounts and verify your details. The phishing scam from @PayPalChristm promoted a new year sweepstake event. While it didn’t explicitly say what the prizes were, the poster holds images of a new car and an iPhone. The phishing scam left behind few minor clues that confirmed it to be a fake scam.

The URL misspelled ‘PayPal’ as ‘PayPall’The Twitter account that posted the phishing scam had less than 100 followers. The image on the promoted tweet wasn’t coinciding and consistent with PayPal’s distinctive branding.Upon clicking the phishing link, users will be redirected to a page which did not have HTTPS and URL. However, the page appeared to look like a legitimate PayPal site. A journalist from Liverpool, England logged in with fake login credentials. Upon login, the page redirected to another legitimate looking page which asked to confirm payment card details such as debit/credit card holder name, card number, card expiry date, CSC number, and billing address. This confirms that the PayPal phishing scam was not just keen on accessing PayPal accounts but also aims to target victims financial details and sensitive information. This kind of scam is becoming popular and is used to promote tweets as a part of their campaign.

Two Factor Authentication (2FA) – Is it still relevant?*

A penetration testing tool published by Polish security researcher Piotr Duszyński can bypass login protections for accounts protected by two-factor authentication (2FA). Modlishka is a reverse-proxy tool that Duszyński has released on GitHub. It sits between a user and whatever website that user is logging into, be it webmail, e-commerce, utility accounts, what have you. It allows the legitimate website content to display for the user – and then intercepts all of the traffic flowing back and forth. So, an attacker in real time can not only observe the victim’s credentials, but also whatever 2FA code he or she inputs. Acting quickly, the malefactor can then log into the account themselves and make cybercrime hay from there. Any passwords are also automatically logged in the Modlishka backend panel, so even if an adversary is not sitting there waiting in front of the terminal, they can still scrape credentials passively. “With the right reverse proxy targeting your domain over an encrypted, browser-trusted, communication channel one can really have serious difficulties in noticing that something is seriously wrong,” said Duszyński in his posting. “Add to the equation different browser bugs, that allow URL bar spoofing, and the issue might be even bigger…include lack of user awareness, and it literally means giving away your most valuable assets to your adversaries on a silver plate.” He added that the only way to address the issue from a technical perspective is to “entirely rely on 2FA hardware tokens, that are based on U2F protocol.”

2FA Problems: In December, word came of an APT attack dubbed the ‘Return of Charming Kitten’. The campaign was tailored to get around two-factor authentication in order to compromise email accounts and start monitoring communications. It uses a similar basic premise but requires more manual work on the part of the attackers. On a fake but convincing phishing page, users are asked to enter their credential details, which the attackers enter into the real log-in page in real time. If the accounts are protected by two-factor authentication, the attackers redirect targets to a new page where victims can enter the one-time password; the attackers can then take that, enter it into the real page, and are off to the races. Earlier in December, an Android Trojan was uncovered that steals money from PayPal accounts even with 2FA on. Posing as a battery optimization tool, it asks for excessive accessibility permissions, which allow it to observe activity on other apps. Then it lurks on the phone and waits for someone to open PayPal and log in. “Because the malware does not rely on stealing PayPal login credentials and instead waits for users to log into the official PayPal app themselves, it also bypasses PayPal’s two-factor authentication (2FA),” explained researchers at ESET at the time. “Users with 2FA enabled simply complete one extra step as part of logging in, – as they normally would – but end up being just as vulnerable to this Trojan’s attack as those not using 2FA.” There have been other incidents too that lead us to question the efficacy of 2FA. In August, hackers compromised a few of Reddit’s accounts with cloud and source-code hosting providers by intercepting SMS 2FA verification codes. That too was likely a phishing gambit, which Lee Munson, security researcher at Comparitec said is increasingly effective at thwarting 2FA. “While 2FA is a very good secondary line of defence, it is not infallible,” he said. “Typically, it can be circumvented via phishing – either tricking someone into revealing the 2FA identifier or, far more likely, my getting them to login to a fake version of the site they were intending to visit.”

Which brings us to the question of how much confidence should anyone really have in 2FA? Sure, these incidents were high-profile in the security community, but are they indicative of a more widespread problem where 2FA is compromised regularly? And if so, what should be next? “While two-factor authentication is a step in the right direction, it falls short in addressing today’s threat landscape,” said Stephen Cox, Vice President and chief security architect at SecureAuth. “From fake login pages for popular email services to the high-profile breaches in 2018 with Yahoo and LinkedIn, there are plenty of examples of attackers who have defeated an organization’s basic two-factor authentication methods. The new reality is, basic methods such as knowledge-based questions and SMS-based one-time passwords can be evaded by attackers using simple phishing attacks and social engineering. Attackers have proven that they can intercept SMS codes or hijack users through social engineering to redirect where the texts are sent.”

Australian Government Workers Hacked*:

Hackers accessed a limited amount of about information on 30,000 Australian government workers when a local directory was accessed and downloaded. The partial directory contained work emails, job titles and work phone numbers and the person’s mobile phone number if it is part of the staffer’s profile, reported Australian ABC News. Victoria government officials have issued a warning on the hack, which they said, could lead to a higher level of email and phone-based phishing attacks.There is also the possibility the personal data involved could be used as part of an influence campaign by either a commercial interest or nation-state, Suelette Dreyfus, a researcher in cybersecurity and privacy at the University of Melbourne, told ABC. “Whether that’s for commercial reasons about winning a contract or whether you were an international state player who might have an interest — financial or policy-wise — all of these types of people could be advantaged by the information that was actually hacked,” she said. No financial information was disclosed.



Exploit: User data exposure. Houzz: Home improvement and interior decorating start-up Risk to Small Business: 1.555 = Severe Customers Impacted: To be determined Risk to Small Business: 1.555 = Severe: On Friday, the company issued a notice to customers stating that an “unauthorized third party” had accessed user data including usernames, passwords, and IP addresses. Although financial information was not exposed, Houzz became aware of the breach in in late December of 2018, yet the investigation is still ongoing and it is still not clear how many users were impacted. Individual Risk: 2.258 = Severe: When combined with the internal data that was compromised, public information such as first and last name, city, state, country, profile description, can be packaged together to sell on the Dark Web and commit cyber fraud. Additionally, users who logged into the app via Facebook would have their IDs exposed as well.

Effect on Customers: In the event that an organization has to disclose a breach to its users, it is essential to be clear on “who, what, when, and where”. Even though Houzz discovered the leak in late December of 2018 and was compelled to disclose in a timely manner in accordance with new GDPR laws, they are still unsure on the number of users impacted or the origin of the cyberattack. Aside from dispelling vigilant customers who want to protect their data going forward, the incident may trigger fines to be levied.

Risk Levels: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

THREAT FOCUS: Colorado CCPSA Practice – USA*

Exploit: Employee phishing attack. Colorado CCPSA: Private physician practice in Lakewood, CO. Risk to Small Business: 1.333 = Severe Customers Impacted: 23,377 patients. Risk to Small Business: 1.333 = Severe: The Colorado-based clinic recently discovered a phishing attack affecting 23,377 patients between August 14th and November 23rd of 2018. A hacker gained access to an employee email account and sent phishing emails via contact list to steal payment data. Officials could not determine exactly what was viewed or copied, but it’s quite possible that personal and protected health information was compromised. Along with being forced to offer one year of free credit monitoring services and install mandatory cybersecurity awareness training for employees, further investigations will ensue. Individual Risk: 2.000 = Severe: A wide spectrum of data could have been compromised, ranging from names, addresses, dates of birth, social security numbers, and license numbers to diagnoses, conditions, medications, and more. Payment information was not involved, but the compromised details can be leveraged for far more nefarious schemes such as insurance fraud.

Effect On Customers: It’s not secret that phishing attacks originating from employee email accounts are becoming more and more prevalent. Companies must prioritize security by partnering up with service providers that can prevent, detect, and mitigate data breaches. Without proper detection solutions in place, the resources and time allocated to containing a breach grow exponentially and detract from the bottom line.

Risk Levels: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

THREAT FOCUS: Quinte Health Care – CANADA*

Exploit: Privacy breach by rogue employee. Quinte Health Care: Health care services provider for Prince Edward and Hastings Counties as well as the southeast portion of Northumberland County. Risk to Small Business: 1.555 = Severe Customers Impacted: To be determined. Risk to Small Business: 1.555 = Severe: A privacy breach was recently reported by Belleville General Hospital, part of the Quinte Health “system of care”. This past September, a routine check on staff browsing history uncovered that a nurse had been accessing hundreds of patient records unrelated to her work. Although the investigation is currently in progress, the company maintains that the breach was an isolated incident and has fired the employee in question. Individual Risk: 2.285 = Severe: Information that was exposed may have contained names, home addresses, birth dates, health card numbers, and other protected health information. Even more concerning is the fact that the exact number and identities of the patients compromised is yet to be understood.

Effect on Customers: In the emerging era of cyber vigilance, companies are held more accountable for the behaviours of their employees than ever. So far, the QHC privacy breach is being considered as one of mere “curiosity”, yet the company may still lose loyal patients and face hefty fines. Companies that store consumer, patient, or employee data must focus on modern solutions that offer detection and meet hackers where they live: in the Dark Web.

Risk Levels: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

THREAT FOCUS: Canada Revenue Agency – CANADA*

Exploit: Privacy breach by rogue tax workers Canada Revenue Agency: Tax law administrator for the government of Canada Risk to Small Business: 1.777 = Severe Customers Impacted: 41,631 Canadians Risk to Small Business: 1.777 = Severe: Thousands of Canadians had their personal incomes and other tax information compromised by employees working at the CRA. Of the 264 workers who inappropriately accessed information, 182 were disciplined, 36 face a pending decision, and 46 have left the organization. Along with having to augment on their prexisting investment of $10M on prevention from 2017, CRA will remain under fire and must answer to disgruntled citizens. Individual Risk: 2.428=Severe: As conservative national revenue critic Pat Kelly commented, “it’s unacceptable that information like a person’s information was accessed inappropriately”. Given that 264 of these privacy breaches occurred between a span of 4 years (November 4th, 2015 to November 27th, 2018), it is safe to say that no one’s tax data is safe.

Risk Levels: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

THREAT FOCUS: Kwik Fit – United Kingdom*

Exploit: Malware attack Kwik Fit: Car service specialist Risk to Small Business: 1.777 = Severe Customers Impacted: Unknown Risk to Small Business: 1.777 = Severe: Over the weekend, the car garage chain confirmed that its IT network had been compromised with malware, causing continued disruptions in customer service. After going offline and initially believing that the problem was fixed, issues persisted for days after. The company has been dealing with numerous customer complaints that will inflict reputational damage but has reassured customers that no financial information or customer data was exposed. Individual Risk: 2.714 = Moderate: This situation highlights how important it is to use unique passwords for different websites. Since the malware brought systems down, users were not able to reset or protect their passwords on their own. A cybercriminal could potentially use the infected back-end repository to track down login credentials and test them on other platforms until they strike gold.

Effect On Customers: In many cases, it is difficult to determine whether malware resulted in a data breach. With hackers growing in sophistication, it’s completely possible for them to infiltrate systems without leaving a trace of a breach. Companies must deploy advanced password encryption, and work with detection solutions to immediately understand if malware is being used to breach customer data and sell to the highest bidder on the Dark Web.

Risk Levels: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

THREAT FOCUS: Airbus Industries – FRANCE*

Exploit: Breach of business information systems Airbus: Aircraft manufacturer and world's second largest aerospace group Risk to Small Business: 2.111 = Severe Customers Impacted: To be determined Risk to Small Business: 2.111 = Severe: On January 30th, the company detected a cyber-attack impacting business information systems, resulting in unauthorized access to data. They claim that most of the data was professional contact and IT and identification details of employees in Europe, but experts are saying that threat actors may have actually been after intellectual property.

Individual Risk: 3.000=Moderate: With an investigation underway, it remains to be seen if customer information or other valuable data was exposed. The manufacturer has consulted its own experts to determine its origins and overall impact, but thus far there is limited risk for customers.

Effect On Customers: If we examine data breaches from a bird’s-eye view, the shift from consumer data to employee and intellectual property becomes very clear. Hackers have their eyes on the prize, and they are targeting information that can be sold on the Dark Web for profit. Businesses must take precautions by installing safeguards and working with security providers to ensure that their priceless assets are not being put in the wrong hands.

1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

THREAT FOCUS: Web Hosting Providers – AUSTRALIA*

Exploit: "Manic Menagerie" malware attack Web Hosting Providers: Australian companies that provide web hosting services Risk to Small Business: 2.000 + Severe Customers Impacted: Unknown Risk to Small Business: 2.000 = Severe: A recent report by the Australian Cyber Security Centre (ACSC) revealed that eight different web hosting companies in Australia had been hacked in 2018. By abusing security flaws within web applications, cyber criminals deployed malware techniques that were able to steal passwords, monitor activity, and even take over via remote access when desired. Two of the providers also hosted cryptocurrency, resulting in losses of 3,868 Australian dollars. Additionally, the hackers were able to use Black hat SEO to redirect legitimate sites to their fraudulent ones. Individual Risk: 2.142 = Severe: Given that hackers were able to gain complete control of these web hosting companies, it is safe to say that any associated data was completely compromised. Websites that worked with any of the providers are likely affected, with credentials ranging from usernames and passwords to authentication certificates.

Effect On Customers: Many businesses rely on web hosting services to build websites that accept payments, inadvertently placing themselves and their customers at risk. However, what’s worse is that a full-scale takeover using sophisticated malware can make it difficult to pinpoint what information was stolen and how it will be used. B2B platforms must take added precautions since they are the gatekeepers to invaluable data for multiple stakeholders.

Risk Levels: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

THREAT FOCUS: Cryptiopia Cryptocurrency Exchange – NEW ZEALAND*

Exploit: Payment fraud Cryptopia: Online cryptocurrency exchange. Risk to Small Business: 1.555 = Severe Customers Impacted: 17,000 cryptocurrency wallets Risk to Small Business: 1.555 = Severe: After initially reporting the cyberattack over two weeks ago, the Cryptopia exchange is still being hacked. According to Elementus, hackers have stolen another 1,675 ETH ($175,875) from 17,000 wallets, siphoning and transferring the funds to a private address. 5,000 of these wallets were already emptied out and then “auto-refilled” by mining pools, which means that users are continuing to deposit funds despite the hack announcement.

Individual Risk: 1.857 = Severe: User wallets continue to become compromised, signalling that the cyber criminals have access to the private keys of the exchange and can withdraw funds from any Cryptopia account of their choosing.

Effect On Customers: The only incident that is scarier than a compromise is a subsequent attack or inability to contain the breach. Companies should take notice and fortify their security solutions to prevent, detect, and mitigate breaches. Even more importantly, they must create protocols and manual controls in the event of such a widespread hack.

Risk Levels: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.



Receiving endless robocalls on your cell phone? You’re not alone.

US consumers received 26.3 billion robocalls in 2018, a 46% year-over-year increase. Estimates show that the average person receives 10 unwanted calls per month, with 25% of them being scams. Most consumer complaints can be categorized into general spam, fraud, and telemarketing particularly in the lead up to Elections.

However, in the US this year there is the promise of significantly reducing robocalls, with the Federal Communications Commission (FCC) calling for the implementation of a call-authentication system by the end of the year. This approach would combat caller ID spoofing by requiring carriers to author a signature on calls from their network that would then be validated by other carriers.

Currently, robocalls are the leading source of consumer complaints in the US according to both the FCC and Federal Trade Commission (FTC). In 2017, the FTC received 71 million unique grievances even though 200 million US consumers were registered to a Do Not Call list.

Australians should brace themselves for an onslaught with a Federal Election soon to be called.


* Disclaimer: Avantia Corporate Services Pty Ltd and Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, and up to 56 other countries who provide cyber breach information to us in real time. Given their international focus and experience in the cyberspace arena we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the contents accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.

bottom of page