Search
  • Avantia Threat Update

PHISHING ATTACKS TARGET SOCIAL MEDIA


Social Media is increasingly being abused for Phishing attacks.

This Past Week Social Media Phishing attacks escalate; Australian Passports sold on the Dark Web; US SHIELD ACT signed into Legislation; Department of Homeland Security issues a Security Hacking Alert for small planes: customer loyalty programs are compromised, employees continue to fall for phishing scams, data breach costs continue to increase and significant breaches in Australia, Lithuania, Germany , United Kingdom & USA*.

This Weeks Top Dark Web ID Trends*:

Top Source Hits: ID Theft Forums  Top Compromise Type: Domain  Top Industry: Education & Research Top Employee Count: 501+ Employees



Why Social Media is increasingly Abused for Phishing Attacks:*

Today, social media is a daily medium for communication for much of the modern world, and adoption only continues to grow. Because of this, much like how threat actors started to target mobile users, they have begun to abuse social media, too. And, while marketing teams have been known to monitor social media to protect their brand and communicate on their behalf, they are not equipped to handle the advances in social media that are becoming increasingly prevalent. Much like the issues email security faces in the face of missing social engineering-based attacks, so do the tools typically used to monitor social media. Phishing is defined as social engineering using digital methods for malicious purposes. In the case of social media, there are numerous forms of phishing that occur: Infrastructure hacking; Impersonation; Credential theft; Propagating attacks; Data dumps; Romance scams; 419 Scams (Nigerian prince); Intelligence gathering (for account takeover and spear phishing) and many more. In 2018 the abuse of social media increased by near 200%, and that number only continues to rise. In total, more than 5% of phishing attacks are associated with social media. Unfortunately, these platforms still offer only minimal controls to prevent the further propagation of account takeovers, and because social accounts typically need to be approved prior to connecting with people, they offer a stronger sense of trust. Each day, there is a good chance you’ll run across a YouTube video, an embedded tweet in a news article, or even scroll through cute puppies on Instagram. However, the threats posed to social media as a whole are significantly larger than just the biggest social media sites. Blogs, forums, news sites, paste and doc sites, and even gripe sites are all part of the social media ecosystem. Take for example your organization. As a brand, there is a good chance there are set profiles on the largest networks; however, what about your users and employees? The more prevalent and engaged a digital medium, the greater the likelihood that a threat actor will attempt to abuse it.


Phishing methodologies Used by Cyber Criminals:

C2 Infrastructures: Abusing short URLs is nothing new when it comes to phishing attacks, but it is becoming more prevalent on Twitter. Threat actors use a combination of Twitter’s  URL’s shortner to hide malicious links, while other threat actors (and “pentesters” : Pentesters are the penetration testers having permission to penetrate a system.) even host their  C2 infrastructure on the platform. (C2 Infrastructures are: Command-and-control servers, also called C2, are used by attackers to maintain communications with compromised systems within a target network.) Impersonation: Because phishing is the malicious use of social engineering, impersonation plays a huge role in the success of an attack. By posing as someone with any kind of authority, it’s easy to damage that person, the brand associated with them, and trick users into taking a specific action. This doesn’t include parody accounts, which are commonly labeled, but more so incidents that negatively impact users. One of the most common examples is when a celebrity posts a Twitter, a threat actor replies to it, posing as that user, saying they are giving away free bitcoins etc........... they aren’t. Credential Theft and Propagation: Not only are threat actors sending phishing attacks right on social platforms, they also trick users into logging into fake landing pages, which in turn hands over their credentials. When this happens, a threat actor can gain access to the user’s account, and further, propagate attacks to trick new users into handing over their credentials or act more like a BEC attack and ask for a wire transfer. Once they have exploited the stolen credentials they can re-sell the credentials on the Dark Web for others to exploit. Without a password change this can happen over and over. Data Dumps: It’s not uncommon for dumps of breached databases and critical credentials (Usernames/Passwords) to make the rounds on the Dark Web. This can happen on dumpsites, forums, and even sold on the dark web or other marketplaces. Estimates are that there are currently 1.5 billion Usernames/Passwords for sale at any one time. Data Gathering: Quick, what was the name of your first pet? It was fluffy, wasn’t it? Well, that post you shared on social media 10 years ago just happens to contain the information you also use use to reset your passwords. How about personal information about your life beyond the basics? A threat actor can find that too, and then use that information to build a sophisticated spear phishing campaign custom-designed for you.


Passports on the Dark Web: how much is yours worth?*

In late September 2018, ‘Comparitech’ searched listings on several illicit marketplaces to find out how much passports are worth on the Dark Web. Those black markets include Dream Market, Berlusconi Market, Wall Street Market, and Tochka Free Market. Here are the key findings: The average price of a digital passport scan is $14.71; If proof of address or proof of identification — with a selfie, utility bill and/or driver’s license holding the open passport - is added to a passport scan, the average price jumps to $61.27; Australian passport scans were the most common, and yet, the most expensive ($32) ; The average price of a real, physical passport is $13,567; The average price of a counterfeit, physical passport is $1,478. Passport scans, be they forged or real, are often accompanied by other forms of identification, typically a utility bill, selfie of the ID card owner holding up their ID, and/or a driver’s license. These add-ons are reflected in the price—they cost significantly more than just a digital scan. The reason for this is because multiple forms of ID are usually required to pass proof-of-address and proof-of-identification checks on websites. These checks are often part of the account recovery process in which a user has somehow lost access to their account and must prove who they are to regain access. The bulk of the analysis focused on digital scans and images of real passports. In total, 48 unique listings for real passports scans were found, 38 of which were not sold with any accompanying proof of ID or address. Those 48 spanned 20 countries and vary in price depending on the Dark Web Vendor used eg.:

>Australia US$10.40 includes driver's license; >Australia US$37.65; >Australia US$7.91 >Australia US$36.40 ; >Australia US$37.99; >Australia US$27.36; >Australia US$20.34 >Australia US$94.21



Australia and UK passport scans were the most frequently listed, and Australian scans were the most expensive on average (US$32). ‘Comparitech’ no consistent pattern to the prices according to country; they did not seem to be based on scarcity or the power of a country’s passport.


Passports SOLD on the Dark Web come in a few forms:

Editable Photoshop templates used for making fake passport scans. These cost very little and are available for almost any Western country. They make up the majority of marketplace listings when searching for “passport”.

Digital passport scans. These real scans of actual passports cost around US$10 each and are often sold in bulk. They are available for several countries and are fairly common.

Physical passport forgeries. We found listings for counterfeit passport forgeries for a handful of European countries. They typically cost north of $1,000.

Real, physical passports. These are the real deal (according to the listing), so they are not common nor cheap. Most of them cost more than $12,000.

All of these are sold on the dark web for cryptocurrency, typically Bitcoin or Monero. The prices in the table were accessed on September 24 and 25, 2018.


How do criminals use passport scans? Some of the most common targets for criminals who purchase passport scans include cryptocurrency exchanges, payment systems, and betting websites. While a company may be referred to in a marketplace listing, it does not necessarily imply that it is vulnerable or that accounts have been compromised Bank drops: Some banks and other financial institutions only require two pieces of identification to open a new account. With a stolen passport and driver’s license, for example, fraudsters can open accounts and collect the signup rewards in the victim’s name, or use the account as a mule to cash out on other illegal transactions. This is called a “bank drop” scam, and it can implicate the victim in other crimes. It is surmised that real scans are more effective than Photoshopped counterfeits for bank drop scams. Account recovery scams and bypassing 2FA In this scam, hackers use impersonation and social engineering to bypass two-factor authentication and abuse the account recovery process used on many sites. Account recovery often requires scanning or taking a photo of a physical ID, such as a passport. Scammers can modify ID scans to impersonate account holders on a number of websites that require photo ID for account verification and recovery. Here’s an example of how a passport scan might be used in an account recovery scam:

The target has an account with a cryptocurrency exchange. They’ve set up two-factor authentication on their account, so a code is sent to an app on their phone to verify logins.

Through some other means, the scammer steals the user’s password (perhaps through phishing or a data breach or simply buying it from a vendor on the Dark Web). But because 2FA is enabled on the account, they can’t get in.

Instead, the scammer poses as the victim and approaches the cryptocurrency exchange, saying they’ve lost access to their phone and cannot get the authentication PIN, and thus cannot log in.

The cryptocurrency exchange requests the account holder send a scan of their ID to prove their identity before resetting the 2FA on the account. In many cases, companies will require the person take a selfie while holding the ID, hence the higher price for passport scans with selfies.

The scammer modifies the scans from the Dark Web as necessary to match the victim’s personal details, then sends it to the exchange, still posing as the victim.

Upon receipt of proof of identity, the cryptocurrency exchange resets or removes the 2FA on the account, allowing the hacker to access and drain the victim’s crypto assets. Hackers routinely change the passwords and email addresses associated with accounts to make it harder for the account owner to regain control.

Many black market vendors offer to alter the information shown in these documents, scans, and selfies to match whatever name and other details are provided by the buyer.The buyer can sometimes request passports of people with a certain sex, hair color, skin color, eye color, and approximate date of birth. When using Photoshop templates, criminals simply enter in the info they want and drop in their own photo. Passport numbers are sequential and thus not hard to guess a legitimate one, and most companies who request proof of ID won’t actually verify whether the passport number matches the passport holder. Physical Passports: All of the physical passports ‘Comparitech’ found for sale on the Dark Web were for European countries. Physical passports sold on the dark web come in two forms: genuine and forgeries. They can be used as identification for any number of fraud-related crimes as well as illegal immigration, human trafficking, and smuggling. Authentic, state-issued passports are hard to come by and cost a lot, ranging from US$8,216 (Germany) to US$17,116 (UK). The average price of the eight supposedly genuine passports was US$13,567. At least one vendor claims these passports came from “our corrupt immigration police contacts,” though ‘Comparitech’ indicate that they have no way of verifying this. In many cases buyers are given the option to specify what details are included in the passport, including stamps for specific countries. Forged Passports: These cost about one-tenth of the price, but they still cost in excess of US$1,000. The average price of the six vendors selling forgeries was US$1,478. Buyers submit the information and headshot to be used in the counterfeit when making the purchase. How to protect your passport: Protecting your passport is difficult because travellers are required to show them on so many occasions while traveling. Passports are required at immigration checkpoints, hotel check-ins, and when applying to jobs and schools abroad. Passports are often scanned and stored on computers that may not be sufficiently secure. Someone with access to those scans might be fencing them on the dark web. It’s easy to imagine a receptionist at a cheap hostel flipping scans of their clientele on the dark web for some pocket cash.

You should do what you can to protect your passport so it’s not abused by criminals. Here are a few tips:

In many cases, you can provide your own copy of your passport rather than having a stranger scan it. Make black-and-white scans ahead of your trip, because most criminals want color copies.

Don’t post photos of the inside of your passport on social media.

Dispose of old passports by destroying them, don’t just throw them away.

Don’t store your passport in checked luggage on a plane, train, or bus.

Watch out for pickpockets, and consider an anti-theft bag.

Don’t leave your passport lying out when you’re not around, such as in a hotel room. Lock it up when possible.

Don’t store scans of your passport on your device in case it’s stolen or hacked. Encrypt and store the scans on a separate hard drive or in the cloud instead.

Don’t store your passport with other identifying documents that could be used to steal your identity

‘Comparitech’ Notes:

Passport scans are a lot cheaper if bought in bulk, but there’s no guarantee those scans haven’t been used before, that the information in them hasn’t expired, or that they aren’t Photoshopped forgeries. Some of the listings examined look like duplicates from different vendors, suggesting multiple vendors might be selling the same scans. We tried to avoid listing duplicates in the table above. While it’s always possible that some listings are scams, all of the vendors whose products we included in our analysis had positive buyer feedback. All of the marketplaces we searched use English as their primary language. Marketplaces in other languages, such as Russian, could well produce different results. A 2014 Study revealed a 15 percent error rate in matching the person to the passport photo they were displaying among passport-issuing immigration officials in Australia. There’s no shortage of fake ID generator apps on the web that don’t require buying stolen scans off the dark web, but we’re not sure how they compare in terms of quality, customization, and accuracy.

About Comparitech: First and foremost Camparitech is a pro-consumer website providing information, tools, and comparisons to help consumers in the US, UK, Australia and further afield to research and compare tech services. Founded in 2015, Comparitech is now a remote team of 30 researchers, writers, developers, and editors covering a wide range of online services.


Electronic Data Security - or SHIELD - Act signed into Legislation in USA*

New York state is strengthening a law requiring companies that handle consumers' personal data to notify them about any data breaches. Gov. Andrew Cuomo, a Democrat, on Thursday signed legislation that expands the law to cover any company holding personal data belonging to a New Yorker, and not just companies doing business in the state. The new law, which takes effect in 240 days, will also add email addresses and passwords and biometric data to the list of information covered by the law. The measure aims to ensure consumers know if personal data such as Social Security numbers are obtained by hackers. Cuomo also signed a bill Thursday that requires credit reporting agencies to provide identify theft prevention services to consumers when their data is exposed during a breach.


US Department of Homeland Security issues a Security Hacking Alert for small planes*

The warning confirms that modern flight systems are vulnerable to hacking if someone manages to gain physical access to the aircraft. An alert from the DHS critical infrastructure computer emergency response team, recommends that plane owners ensure they restrict unauthorized physical access to their aircraft until the industry develops safeguards to address the issue, which was discovered by a Boston-based cybersecurity company and reported to the US Federal Government.

Most airports have security in place to restrict unauthorized access and there is no evidence that anyone has exploited the vulnerability. But a DHS official told The Associated Press that the agency independently confirmed the security flaw with outside partners and a national research laboratory, and decided it was necessary to issue the warning. The cybersecurity firm, ‘Rapid7‘ found that an attacker could potentially disrupt electronic messages transmitted across a small plane's network, for example by attaching a small device to its wiring, that would affect aircraft systems. Engine readings, compass data, altitude and other readings "could all be manipulated to provide false measurements to the pilot," according to the DHS alert. The warning reflects the fact that aircraft systems are increasingly reliant on networked communications systems, much like modern cars. The auto industry has already taken steps to address similar concerns after researchers exposed vulnerabilities. The Rapid7 report focused only on small aircraft because their systems are easier for researchers to acquire. Large aircraft frequently use more complex systems and must meet additional security requirements. The DHS alert does not apply to older small planes with mechanical control systems. But Patrick Kiley, Rapid7's lead researcher on the issue, said an attacker could exploit the vulnerability with access to a plane or by bypassing airport security. "Someone with five minutes and a set of lock picks can gain access (or) there's easily access through the engine compartment," Kiley said. Jeffrey Troy, president of the Aviation Information Sharing and Analysis Center, an industry organization for cybersecurity information, said there is a need to improve the security in networked operating systems but emphasized that the hack depends on bypassing physical security controls mandated by law. With access, "you have hundreds of possibilities to disrupt any system or part of an aircraft," Troy said. The Federal Aviation Administration said in a statement that a scenario where someone has unrestricted physical access is unlikely, but the report is also "an important reminder to remain vigilant" about physical and cybersecurity aircraft procedures. Aviation cybersecurity has been an issue of growing concern around the world. In March, the U.S. Department of Transportation's inspector general found that the FAA had "not completed a comprehensive, strategy policy framework to identify and mitigate cybersecurity risks." The FAA agreed and said it would look to have a plan in place by the end of September. The UN's body for aviation proposed its first strategy for securing civil aviation from hackers that's expected to go before the General Assembly in September, said Pete Cooper, an ex-Royal Air Force fast jet pilot and cyber operations officer who advises the aviation industry. The vulnerability disclosure report is the product of nearly two years of work by Rapid7. After their researchers assessed the flaw, the company alerted DHS. Tuesday's DHS alert recommends manufacturers review how they implement these open electronics systems known as "the CAN bus" to limit a hacker's ability to perform such an attack. The CAN bus functions like a small plane's central nervous system. Targeting it could allow an attacker to stealthily hijack a pilot's instrument readings or even take control of the plane, according to the Rapid7 report obtained by The AP. "CAN bus is completely insecure," said Chris King, a cybersecurity expert who has worked on vulnerability analysis of large-scale systems. "It was never designed to be in an adversarial environment, (so there's) no validation" that what the system is being told to do is coming from a legitimate source. Only a few years ago, most auto manufacturers used the open CAN bus system in their cars. But after researchers publicly demonstrated how they could be hacked, auto manufacturers added on layers of security, like putting critical functions on separate networks that are harder to access externally. The disclosure highlights issues in the automotive and aviation industries about whether a software vulnerability should be treated like a safety defect — with its potential for costly manufacturer recalls and implied liability — and what responsibility manufacturers should have in ensuring their products are hardened against such attacks. The vulnerability also highlights the reality that it's becoming increasingly difficult to separate cybersecurity from security overall. "A lot of aviation folks don't see the overlap between information security, cybersecurity, of an aircraft, and safety," said Beau Woods, a cyber safety innovation fellow with the Atlantic Council, a Washington think tank. "They see them as distinct things" The CAN bus networking scheme was developed in the 1980s and is extremely popular for use in boats, drones, spacecraft, planes and cars — all areas where there's more noise interference and it's advantageous to have less wiring. It's actually increasingly used in airplanes today due to the ease and cost of implementation, Kiley said. Given that airplanes have a longer manufacturing cycle, "what we're trying to do is get out ahead of this. "The report didn't name the vendors Rapid7 tested, but the company alerted them over a year ago, the report states.



THREAT FOCUS: TGI Fridays - AUSTRALIA*

Exploit: Exposed database

TGI Fridays: Restaurant chain operating as a unit of the Sentinel Capital Partners and TriArtisan Capital Partners

Risk to Small Business: 2.111 = Severe Risk: A database for TGI Fridays’ Australia customer loyalty program was left exposed to the internet, revealing sensitive customer data. The database included back-up files that contained personally identifiable information but did not include payment elements. The company is encouraging users to change their passwords, and they are partnering with cybersecurity experts to prevent similar problems in the future. However, those efforts won’t be able to reclaim customer data, and the company will face an uphill battle to restore customer confidence.

Individual Risk: 2.857 = Moderate Risk: TGI Fridays has not disclosed the specific information exposed in the breach, but users should assume that some degree of personally identifiable information was exposed to the internet. Previous breaches of similar programs saw usernames and passwords compromised, and that information was used to facilitate credential stuffing attacks. Therefore, those impacted by this event should be especially careful to monitor their personal accounts for suspicious activity.

Customers Impacted: Unknown

Effect On Customers:When it comes to protecting customer data, companies are at a significant disadvantage. Hackers can try innumerable approaches to steal personal information, and businesses are tasked with protecting their infrastructure against all of them. However, rather than waiting for a breach to identify vulnerabilities, businesses should prioritize regular cybersecurity assessments to spot problems before they are exploited by bad actors.

Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


THREAT FOCUS: Hostlinger IT - LITHUANIA*

Exploit: Unauthorized database access

Hostlinger: Employee-owned web hosting provider and internet domain registrar

Risk to Small Business: 2 = Severe Risk: Unauthorized database access was detected on one of Hostinger’s servers, prompting the platform to reset all of its user passwords. Hackers obtained an access token that allowed them to view customer data without entering a username or password. The customer data was scrambled using the SHA-1 algorithm, an outdated approach that the company has since updated. In total, the breach impacts nearly half of the company’s customers, and they face an uphill battle to repair the IT infrastructure and to restore their customers’ confidence.

Individual Risk: 2.571 = Moderate Risk: Sensitive data, including usernames, email addresses, and passwords, was exposed in the breach. Fortunately, financial data was spared in the breach, but that doesn’t mean that victims are safe. Personal information like this can be used to perpetuate additional cybercrimes, and those impacted by the breach need to be especially vigilant about examining digital communications and monitoring their accounts for suspicious activity.

Customers Impacted: 14,000,000

Effect On Customers: Among the many repercussions of a data breach, companies have to manage the blowback that inevitably comes from customers impacted by the breach. In the case of Hostlinger, customers are already waging a social media campaign against the company, which is worsening the company’s recovery efforts. Companies can help mitigate this type of PR disaster by identifying what happens to their data after it is hacked and by providing supportive services for customers and employees.

Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


THREAT FOCUS: Mastercard Priceless Specials Loyalty Program - GERMANY*

Exploit: Unauthorized database access

Mastercard Priceless Specials Loyalty Program: Customer loyalty program for Mastercard users

Risk to Small Business: 1.667 = Severe Risk: Two extensive spreadsheets containing customer data were published online, an event that led Mastercard to uncover a data breach of its loyalty program. The Priceless Specials loyalty program is managed by a third-party, but this data breach will have profound implications for the credit company. Notably, because the incident falls under the purview of GDPR regulators, Mastercard could be responsible for fines and penalties that will directly impact their bottom line. In addition, Mastercard has taken its loyalty program completely offline, which could erode their reputation. Along with incurring the immediate costs of trying to remove customer data from the internet and for providing credit monitoring services to those impacted by the breach.

Individual Risk: 2.429 = Severe Risk: Although the data breach did not impact customers payment details, it did expose significant amounts of personally identifiable information. This data includes names, payment card numbers, email addresses, home addresses, phone numbers, gender, and dates of birth. Mastercard is providing free credit monitoring services to those impacted by the breach. Since this information can quickly spread on the Dark Web, everyone should be especially careful to monitor online correspondences and accounts for unusual activity.

Customers Impacted: Unknown

Effect on Customers: Mastercard is working diligently to have the information removed from the internet, an approach that is unlikely to yield long-term success. However, that doesn’t mean that companies can’t strive to locate their customers’ information after it’s stolen. In doing so, they can help ensure that it is not sold on the Dark Web nor being used to promulgate additional cybercrimes. At the same time, these initiatives can help restore customer confidence and affinity, which can help businesses recover from brand erosion and customer attrition.

Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


THREAT FOCUS: Teletext Holidays - UNITED KINGDOM*

Exploit: Exposed database

Teletext Holidays: Travel company offering short- and long-term beach vacation planning services

Risk to Small Business: 1.778 = Severe Risk: In a data breach that is relatively unprecedented in today’s digital environment, Teletext Holidays exposed their customers’ personal information collected from recorded call center interactions. The calls, which took place on April 10, 2016, were exposed on an unsecured database, and they include information from customers speaking with service representatives with recorded dialogue while customers were on hold. The breach will likely spark customer backlash, and Teletext Holidays must work to improve its cybersecurity stance even as they navigate the negative customer dynamics that will almost certainly accompany the breach.

Individual Risk: 2.571 = Moderate Risk The recordings revealed customer data including names, dates of birth, partial payment information, and other sensitive details. In addition, recordings that were made of customers on hold contain personal conversations that constitute a serious breach of privacy for Teletext Holidays’ customers. This data can be used to compile more comprehensive profiles that can proliferate even more extensive cyber crimes, and those impacted need to guard themselves against the risk of identity or financial fraud.

Customers Impacted: 212,000

Effect On Customers: Privacy is becoming a prominent concern for many consumers, and they are demonstrating an unwillingness to work with companies that can’t protect their data. Especially when data breaches reveal private details, every business will face an uphill battle to restore their customers’ confidence. Therefore, preparing a robust response effort can help curtail some of the reputational costs that negatively impacts businesses’ bottom line.

Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


THREAT FOCUS: Wisconsin Diagnostic Laboratories - UNITED STATES*

Exploit: Unauthorized database access

Wisconsin Diagnostic Laboratories: Medical laboratory and testing service provider

Risk to Small Business: 1.556 = Severe: A June 2019 data breach at one of the company’s partners has compromised the personal information of patients at Wisconsin Diagnostic Laboratories. The company has severed the relationship with their third-party vendor, and they are taking steps to retrieve and secure compromised patient data. Of course, retrieving information once it reaches the web is extremely difficult, and Wisconsin Diagnostic Laboratories will certainly face regulatory scrutiny that will cost time and resources. Individual Risk: 2.857 = Moderate Risk: The data breach revealed personal data including patient names, dates of birth, dates of service, and other medical information. In some cases, payment information, including credit card numbers and bank account details, was exposed. Social Security numbers and payment data were excluded in the breach. Since this type of information is frequently exchanged on the Dark Web, those impacted by the breach should monitor their accounts closely.

Customers Impacted: 114,985

Effect On Customers: Today’s business environment often requires partnering with third-parties to provide the best experiences for your customers. Unfortunately, this also increases your company’s exposure to various cybersecurity risks, and every business needs to have effective recovery protocols in place to respond to these incidents. In this way, companies can benefit from relationships with strategic partners with cybersecurity expertise in order to proactively secure sensitive information.

Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


THREAT FOCUS: Oregon Judicial Department - UNITED STATES*

Exploit: Phishing scam

Oregon Judicial Department: Judicial branch of the state of Oregon

Risk to Small Business: 1.444 = Extreme Risk: A phishing campaign effectively duped five employees into opening malicious emails that compromised the personal information of thousands of people. The attack occurred on July 15th, and it left affected accounts exposed for four hours before IT admins could disable access to personal data. Consequently, the department is responsible for providing credit monitoring services to impacted individuals, an expense that will hinder the efforts of an already cash strapped organization.

Individual Risk: 2.286 = Severe: The data breach exposed personally identifiable information, including names, full and partial dates of birth, financial information, health data, and Social Security numbers. Anyone impacted by the breach should enroll in the provided credit monitoring services to keep tabs on their financial data. Meanwhile, they should be vigilant about monitoring their personal accounts for suspicious or unusual activity.

Customers Impacted: 6,607

Effect on Customers: Phishing scams may be incredibly prevalent, but they are also entirely preventable. Despite the best efforts of automated detection services, businesses should assume that some phishing emails will make their way to your employees’ inboxes, making comprehensive awareness training a critical component of holistic data security. By training employees to spot and respond to phishing campaigns, it’s possible to mitigate persistent attacks while demonstrating cybersecurity prowess.

Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


THREAT FOCUS: Presbyterian Health Services - UNITED STATES

Exploit: Phishing scam

Presbyterian Healthcare Services: Private not-for-profit healthcare system and provider

Risk to Small Business: 1.555 = Severe: An employee unwittingly opened a phishing email that provided hackers with access to a treasure trove of patients’ personally identifiable information. The breach occurred on or before May 9th, and it wasn’t discovered for nearly a month. While the healthcare provider began notifying those impacted by the breach in early August, the latest accounting reveals even more extensive damage than originally identified. Moreover, Presbyterian Healthcare Services expects that they still have to understand the full scope of the breach. Healthcare is a highly regulated industry, so Presbyterian Healthcare Services will endure a significant repair cost, along with increased scrutiny from regulatory bodies.

Individual Risk: 2.571 = Moderate Risk: While hackers didn’t have access to electronic health records or billing information, they were able to access patient names, dates of birth, Social Security numbers, and health plan information. Although Presbyterian Healthcare Services hasn’t found the data on the Dark Web yet, those impacted by the breach should assume that it will be exploited for fraud in the near future.

Customers Impacted: 183,000

Effect On Customers: Companies that store copious amounts of sensitive personal information are sitting ducks for data thieves and have an obligation to take necessary precautions to protect their customers’ data. Fortunately, phishing scams are entirely defensible, and comprehensive awareness training can render such attacks useless. With phishing attacks on the rise, this training should be mandatory for every company storing personal data of employees or customers.

Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


THREAT FOCUS: Lyons Insurance - UNITED STATES*

Exploit: Unauthorized email account access

Lyons Insurance: Independent insurance broker and employee benefits firm

Risk to Small Business: 1.333 = Extreme Risk: An unauthorized party gained access to two employee email accounts that contained customers’ personally identifiable information. The data from one account was available between February 4th and March 12th, and information from the second account was available for several hours on March 12th. The company hired a third-party cybersecurity firm to audit their security standards, and they’ve made changes to prevent a similar breach in the future. However, it’s unclear why the company waited so long to notify customers, and future reparations will not be able to recover the damage of the data that’s already stolen.

Individual Risk: 2.143 = Severe: Impacted email accounts contained personal information, including customers’ names, dates of birth, contact information, drivers’ license information, financial information, medical record numbers, patient identification numbers, and treatment-related information. In addition, some users had their Social Security numbers compromised in the breach. Lyons is providing free credit monitoring and identity restoration services for everyone impacted by the breach. Since this information is incredibly valuable to cybercriminals on the Dark Web, breach victims should take advantage of these services to help ensure the integrity of their data.

Customers Impacted: Unknown

Effect on Customers: Few things can cripple a business like a data breach, and post-breach security initiatives can’t help those whose personal information is already available on underground marketplaces. Consumers and employees are increasingly unwilling to associate with companies that cannot protect their information, making cybersecurity a bottom-line problem for every business. Identifying and addressing vulnerabilities before a breach occurs offers tangible benefits over waiting until after a data disaster to make changes.

Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.



POSTSCRIPT


Data Breaches Expected to cost Businesses US$ 5 Trillion by 2024*

By now, every business should be aware of the costs associated with a data breach. Unfortunately, such damages are not being contained. Instead, they are rising steadily, culminating in a $5 trillion price tag by 2024, according to the latest report from Juniper Research. 

A recent report, “The Future of Cybercrime & Security,” found that regulatory fines and lost business will be the primary drivers of this expense. 

Consumers continually demonstrate a disdain for platforms that can’t protect their data, making opportunity cost one of the most arduous, often immeasurable consequences of a data breach.

At the same time, the report notes that cybercrimes are likely to accelerate as hackers deploy increasingly sophisticated technology, like AI, to perpetuate even more disruptive cybercrimes.

However, Juniper Research found that cybersecurity-related expenditures are only expected to increase by 8% over the next four years, meaning that enterprises are turning to other methodologies to protect their data. Most prominently, the report concluded, employee awareness training is seen as the most efficient and cost-effective way to protect a company’s data.

Regardless of the technique, one truth is certain. The cybersecurity landscape will not look the same in four years, and every business needs to be prepared to adapt and meet the shifting challenges of its time.

Ransomware Attacks Have Doubled in 2019* 

The scourge of ransomware attacks around the world are well documented, appearing in front-page headlines and disrupting everything from SME’s to Local Councils. 

Even so, the scope of the problem is even more extensive than many people realise. The latest McAfee Labs Threat Report found a 118% rise in ransomware attacks in the first quarter of 2019. 

The precipitous increase follows years of decline for malware as it appeared to fall out of vogue with cybercriminals. However, in 2019, the practice has been monetized by targeting SME’s and Local Governments, soft targets that don’t often have the resources to effectively update their defenses against Ransomware.

The report found that three Ransomware strains – Dharma, Ryuk, and GandCrab – are used in the vast majority of attacks, and McAfee notes that a large number of organizations are willing to pay six-figure payments to help ensure that such strategies will continue to adapt and remain relevant well into the future.

Given the high cost of recovering from a ransomware attack, the cybersecurity services that can fortify a company’s defences are a relative bargain. Especially for SME’s, a strong defensive posture comes with the cost of doing business, and it’s more affordable than cybersecurity failure. 





Disclaimer*: Avantia Corporate Services Pty Ltd and Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, and up to 56 other countries who provide cyber breach and cyber security information to us in real time. Given their international focus and experience in the cyberspace arena we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the contents accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.

Subscribe below to receive our weekly Threat Updates straight to your inbox.

Call (07) 3010 9711 

info@avantiacorp.com.au

 

Avantia Corporate Services Pty Ltd,                    Level 7, 320 Adelaide Street

Brisbane, Queensland 4000

AUSTRALIA.

  • LinkedIn Social Icon
  • Facebook Social Icon

DISCLAIMER*: Avantia Corporate Services Pty Ltd and Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, and up to 56 other countries who provide cyber breach and cybersecurity information to us in real-time. Given their international focus and experience in the cyberspace arena, we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the content's accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.

*COPYRIGHT 2020* Avantia Corporate Services  PTY LTD - All Rights Reserved.

© 2020 by Avantia CORPORATE SERVICES . All Rights Reserved.