Subscribe below to receive our weekly Threat Updates straight to your inbox.

Call (07) 3010 9711 

info@avantiacorp.com.au

 

Avantia Corporate Services Pty Ltd,                    Level 7, 320 Adelaide Street

Brisbane, Queensland 4000

  • LinkedIn Social Icon
  • Facebook Social Icon

© 2019 by Avantia Cyber Security. All Rights Reserved.

Disclaimer*: Avantia Corporate Services Pty Ltd and Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, and up to 56 other countries who provide cyber breach and cybersecurity information to us in real-time. Given their international focus and experience in the cyberspace arena, we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the content's accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.

Search
  • Avantia Threat Update

PRIVACY COMMISSIONER NAILS FACEBOOK


This Past Week: Australian Privacy Watchdog nails Facebook; European Sim hacking gangs dismantled; Social Media Platforms remove dodgy Covid-19 information; Microsoft ransomware warning; Whats App used by British Army; Ransomware attack impacts COVID-19 care; Companies ignore basic cybersecurity standards; Latest risk report finds both reasons for hope and opportunities for improvement in many companies and Major Breached in AUSTRALIA; FRANCE; UNITED STATES; CANADA & UNITED KINGDOM.


Dark Web ID Trends:

Top Source Hits: ID Theft Forums

Top Compromise Type: Domain

Top Industry: Finance & Insurance

Top Employee Count: 1-10

________________________________________________________________________

AUSTRALIAN PRIVACY WATCHDOG LAUNCHES COURT ACTION AGAINST FACEBOOK OVER CAMBRIDGE ANALYTICA ACCESS:


Social media giant Facebook is being taken to the Australian Federal Court over alleged privacy breaches relating to the Cambridge Analytica scandal.

Key points:

The Australian Information Commissioner alleges Facebook committed "serious and/or repeated interferences" with privacy

The allegations relate to an app that shared data with notorious data analysis firm Cambridge Analytica

Facebook has already been fined in the UK, among other countries, over the data misuse scandal

The charges concern the personality quiz application This is Your Digital Life, which shared data with the now-notorious British data analysis firm. In 2018, Cambridge Analytica made global headlines after its leaders claimed to use "psychological and political" information harvested on Facebook to target people with political advertising during the 2016 US presidential election. The Australian Information Commissioner alleges Facebook disclosed the personal information of Australians unlawfully when it shared their data with the app in 2014 and 2015. "We claim these actions left the personal data of around 311,127 Australian Facebook users exposed to be sold and used for purposes including political profiling, well outside users' expectations," Australian information commissioner Angelene Falk said in a statement. The This is Your Digital Life app was able to collect not only the data of people who downloaded it, but also friends in their Facebook network. Although around 53 Australians installed it, according to the Commissioner, the data of more than 300,000 Australians was also requested by the app. More than 86 million Facebook users were affected globally. A Facebook spokesperson said the company "actively engaged" with the Office of the Australian Information Commissioner (OAIC) during its investigation. "We've made major changes to our platforms, in consultation with international regulators, to restrict the information available to app developers, implement new governance protocols and build industry-leading controls to help people protect and manage their data," she said. "We're unable to comment further as this is now before the Australian Federal Court." Facebook failed 'to take reasonable steps to protect personal information' The Commissioner also alleges that Facebook breached privacy laws when it did not take reasonable steps to protect its users' personal information from unauthorised disclosure. According to the OAIC's filing, the "opacity" of Facebook's privacy settings made it difficult for affected Australians to understand their data was shared with the app, and the site's design at the time left them "unable to exercise consent or control" over how their personal information was disclosed. It also claims Facebook still has not provided the agency with "a precise record" of the personal information Facebook shared with the developers of the This is Your Digital Life app. "All entities operating in Australia must be transparent and accountable in the way they handle personal information, in accordance with their obligations under Australian privacy law," Commissioner Falk said. "Facebook's default settings facilitated the disclosure of personal information, including sensitive information, at the expense of privacy." Facebook boss Mark Zuckerberg was grilled multiple times by US politicians following the Cambridge Analytica revelations, and the company came under extensive scrutiny for its privacy practices. In 2018, Facebook was fined 500,000 pounds (A$998,000) by the UK's data protection watchdog over the Cambridge Analytica data misuse scandal. It also paid $US5 billion ($7.64 billion) in the US over allegations it "deceived" users about their ability to control personal information, following an investigation by the Federal Trade Commission. According to the OAIC, the Federal Court can impose a fine of up to $1,700,000 for each serious and repeated interference with privacy. The Australian Information Commissioner announced it was investigating Facebook over the scandal in April 2018.


EUROPEAN AUTHORITIES DISMANTLE 2 SIM HIJACKING GANGS:

European authorities managed to crack down on two cybercrime gangs responsible for stealing millions by employing SIM hijacking. Also referred to as SIM swapping, this identity theft technique is used to take over a victim’s mobile phone number to then intercept their phone calls and SMS messages and attempt to access their bank account.To perform SIM hijacking, hackers trick the victim’s wireless operator into swapping the mobile phone number to a SIM card the attackers control. This allows the hackers to receive any banking one-time-passwords that are sent to the victim. Using online banking credentials obtained through other techniques, and the hijacked SIM, the attackers can then authorize fraudulent transactions to steal funds from the victim’s account. Europol announced on Friday that two cybercriminal groups engaged in SIM hijacking were dismantled after tens of individuals were arrested in Spain and Romania. In Spain, 12 suspects believed to have stolen over €3 million ($3.3 million) were arrested in Benidorm, Granada, and Valladolid. Aged 22 to 52, the individuals were of Italian, Romanian, Colombian, and Spanish nationality. They supposedly launched over 100 attacks, stealing between €6,000 and €137,000 per attack. Using banking Trojans or other techniques, the hackers managed to obtain online banking credentials from the victims and then presented fake documents to the victim’s mobile service provider to obtain a duplicate of their SIM card. This allowed them to receive second factor authentication codes from banks and authorize fraudulent money transfers to the accounts of money mules, all within a one- to two-hour period of time, to ensure the victim didn’t have time to realize their phone number was no longer working. In Romania, authorities arrested 14 members of a crime gang when warrants were executed simultaneously at their homes in Bucharest, Constanta, Mures, Braila, and Sibiu. The cybercriminals emptied multiple bank accounts in Austria in early 2019. Using stolen credentials and hijacked phone numbers, the attackers logged into mobile banking applications to generate withdrawal transactions they then validated with a one-time password sent by the bank via SMS. Thus, the hackers were able to withdraw money at cardless ATMs. Using this technique, the attackers supposedly stole over half a million euros. “Fraudsters are always coming up with new ways to steal money from the accounts of unsuspecting victims. Although seemingly innocuous, SIM swapping robs victims of more than just their phones: SIM highjackers can empty your bank account in a matter of hours. Law enforcement is gearing up against this threat, with coordinated actions happening across Europe,” said Fernando Ruiz, acting head of Europol’s European Cybercrime Centre.


FACEBOOK JOINS GOOGLE, LINKEDIN, MICROSOFT, REDDIT, TWITTER & YOU TUBE TO CLEAN OUT DODGY COVID -19 INFO ON THEIR PLATFORMS:

Facebook, Google, LinkedIn, Microsoft, Reddit, Twitter and YouTube have issued a joint statement in which they promise to disinfect their platforms of contagiously incorrect COVID-19 content. “We are working closely together on COVID-19 response efforts," the statement says. "We’re helping millions of people stay connected while also jointly combating fraud and misinformation about the virus, elevating authoritative content on our platforms, and sharing critical updates in coordination with government healthcare as we work to keep our communities healthy and safe.” Details of the joint effort have not been detailed, but the big social networks are known to collaborate on content signatures to help identify content that doesn’t deserve a platform. Whatever its nature, the combined action is surely welcome. But it is also problematic because most of the platforms listed above have previously allowed all sorts of other toxic content to circulate freely Facebook has infamously continued to allow egregiously false political advertising, been accused of ignoring its role in genocide and ruled that images of breast feeding is sexual content worthy of deletion. Reddit admits that some of its larger communities flaunt its rules but keeps them up anyway behind a flimsy reg-wall that it calls “quarantine” (but has been decent enough to not place ads on such subreddits). YouTube hosts all manner of junk, while Twitter has often been oddly friendly to extremists. LinkedIn’s endless parade of self-promoting self-help gurus passing off the bleeding obvious as business wisdom is just plain offensive. That all are now making an effort to ensure misinformation does not poison the body politic is nonetheless welcome. But the extra focus on nasty content will also have consequences: Google has warned that it is prioritising certain support chores – including content filtering – with the result that other matters may take longer to resolve. And YouTube has advised that some videos may not be reviewed or surfaced with usual speed.


NEXT-GEN RANSOMWARE PACKS A “HUMAN PUNCH” WARNS MICROSOFT.

Researchers are warning that “human operated” ransomware campaigns are growing more sophisticated, adopting new infection tactics and lateral movement techniques that traditional defense teams aren’t equipped to handle. Researchers said that “auto-spreading” ransomware – like WannaCry and NotPetya – are making headlines due to the crippling downtimes that these attacks cause. However, “human operated” ransomware – like REvil, Bitpaymer, and Ryuk – are adopting new techniques that are enabling them to operate unfettered in networks. For instance, “human operated” ransomware attacks focus on compromising accounts with high privileges. They are exhibiting extensive knowledge of systems administration and common network security misconfigurations. Researchers said hey are also able to adapt once they’ve initially infected a system and establish a foothold on machines. That allows these next-gen ransomware attackers to continue unabated in infiltrating target environments, said researchers with Microsoft’s Threat Protection Intelligence Team. “These attacks are known to take advantage of network configuration weaknesses and vulnerable services to deploy devastating ransomware payloads,” said researchers on Thursday. “And while ransomware is the very visible action taken in these attacks, human operators also deliver other malicious payloads, steal credentials, and access and exfiltrate data from compromised networks.”  Microsoft said one trend it has observed is a “smash-and-grab monetisation” technique, where attackers infiltrate a system via brute force, and proceed with deploying the ransomware, credential theft, and other attacks – all in less than an hour, decreasing the chances of affected victims to intervene. Researchers tracked one popular ransomware group leveraging this method, which they call Parinacota (which deploy the ransomware also known as Dharma) for 18 months. Over time, the group has grown to now impact three to four organizations weekly; as well as evolved its tactics and goals to “use compromised machines for various purposes, including cryptocurrency mining, sending spam emails, or proxying for other attacks. Parinacota employs the smash-and-grab method. They first brute force their way into vulnerable Remote Desktop Protocol (RDP) servers exposed to the internet and then rapidly scan for other vulnerable systems within the network. They then perform RDP brute force attacks against new targets within the network, allowing them to move laterally.  Finally, they perform credential theft, deploy cryptomining malware, and deliver the final ransomware payload. Parinacota operators also exhibit in-depth knowledge about their targets, often changing the ransom payment that they ask for (which can vary from 0.5 to 2 Bitcoin) based on the likelihood of what the victim would pay due to impact to their company or the perceived importance of the target. “Other malware families like GandCrab, MegaCortext, LockerGoga, Hermes, and RobbinHood have also used this method in targeted ransomware attacks,” said researchers. “Parinacota, however, has also been observed to adapt to any path of least resistance they can utilize. For instance, they sometimes discover unpatched systems and use disclosed vulnerabilities to gain initial access or elevate privileges.” Another characteristic of human-operated ransomware campaigns is that they often start with “commodity malware,” like banking trojans. These attack vectors are viewed as “unsophisticated” and tend to be triaged as unimportant and therefore not thoroughly investigated and remediated, researchers said – allowing the ransomware operators to evade defenders. This technique has proved successful for the Ryuk ransomware, most recently seen in an attack this past weekend hitting Epiq Global, which caused the legal services company to take its systems offline globally, according to a report this week by legal news site LawSites.  Media reports said that the attack started with the TrickBot malware infecting a computer on Epiq’s system in December. After TrickBot was installed, it reportedly opened a reverse shell to the Ryuk operators, allowing them to access the network devices and encrypting files on infected computers. The DoppelPaymer ransomware (recently seen in attacks that have stolen data from a supplier to SpaceX and Tesla) also makes use of commodity malware as an initial infection vector, using the Dridex malware in early attack stages (via fake updaters, malicious documents in phishing email) and later delivering Doppelpaymer on machines in affected networks. The Dridex banking trojan, which has  been around since 2011, comes equipped with obfuscation capabilities, helping it skirt anti-virus detection. “Investigators have in fact found artifacts indicating that affected networks have been compromised in some manner by various attackers for several months before the ransomware is deployed, showing that these attacks (and others) are successful and unresolved in networks where diligence in security controls and monitoring is not applied,” said researchers. Researchers said that preventing these types of ransomware attacks requires a shift in mindset. Defense teams need to focus on “comprehensive protection required to slow and stop attackers before they can succeed,” they said.  “Human-operated attacks will continue to take advantage of security weaknesses to deploy destructive attacks until defenders consistently and aggressively apply security best practices to their networks,” they said. To keep up, defense teams need to better integrate IT pros into security teams, because attackers are preying on settings and configurations that many IT admins manage and control. Security teams need to also address the infrastructure weakness that initially let attackers in, because ransomware groups routinely hit the same targets multiple times. Also, security teams need to understand that seemingly rare, isolated or commodity malware alerts can indicate new dangerous attacks unfolding. “If these alerts are immediately prioritized, security operations teams can better mitigate attacks and prevent the ransomware payload,” said researchers. “Commodity malware infections like Emotet, Dridex, and Trickbot should be remediated and treated as a potential full compromise of the system, including any credentials present on it.”


BRITISH ARMY ADOPTS ‘WhatsApp’ FOR FORMAL ORDERS AS CORONAVIRUS ISOLATION KICKS IN:

The British Army has made a coronavirus-related tech U-turn after telling soldiers that commands issued over WhatsApp are now legally binding. In written orders posted to a Ministry of Defence intranet site, an Army unit told its soldiers that from now on, orders delivered over WhatsApp are to be treated just as seriously as written instructions delivered through the usual chain of command. The move is controversial because only last year, the Army's top sergeant major stated WhatsApp is not an acceptable way to distribute formal military demands. For years soldiers complained that it wasn't clear if WhatsApp messages were a proper substitute for written orders (or disciplinary measures) delivered by email or hard copy. The order itself, part of which has been seen said: All personnel are to be contactable at all times via their mobile phone. Orders and Sqn direction will now be passed directly through WhatsApp and all work related information passed across this means is to be considered an order. Barely a year ago, the army's top enlisted soldier stated that WhatsApp was not to be used for delivering formal orders. Army Sergeant Major Gavin Paton, the most senior sergeant major of them all, told military social media personality, insurance salesman and dressing gown model Alfie Usher in a video interview: "You can't tell people off over WhatsApp; it just doesn't work… If you want to give orders or direction, WhatsApp is not the place to do that." Usher, an ex-soldier who posted a screenshot of the order on his Forces Compare insurance website, today said: "It has always been Army policy to not give orders via any instant messenger services. Now we're living in different times. This new direction seems to be a direct reaction to dealing with coronavirus, having soldiers spread thin across the country but still keeping those in self-isolation in the loop." ‘The Register’ verified from the full screenshot (not published) that the WhatsApp order was posted on the internal Defence Gateway intranet. Use of remote comms tech has soared over the past few days as Britain goes into self-imposed lockdown following government advice to halt the spread of the novel coronavirus that causes COVID-19. This has had an impact on those platforms as demand jumps through the roof thanks to home working - and some services, such as Microsoft's Teams, evidently weren't prepared for the leap in traffic. We were unable to contact the Ministry of Defence for comment, perhaps because its press office are all working from home and one unlucky staffer currently has the red-hot office mobile phone. Sadly we don't have their number to send them a WhatsApp message. 

______________________________________________________________________________

THREAT FOCUS: Whisper messenger - UNITED STATES

https://www.zdnet.com/article/whisper-an-anonymous-secret-sharing-app-failed-to-keep-messages-profiles-private/?&web_view=true

Exploit: Unsecured database.

Whisper: Privacy-focused messaging app.  

Risk to Small Business: 2.111 = Severe: Developers overlooked basic security protocols when they left a database containing customer information unprotected by even a password, and hackers pounced. As a result, 900 million files dating back to the company’s launch in 2012 were made available online. Although the company was quick to secure the database, its reactive efforts will do little to assuage the doubts and concerns of its privacy-minded customer base.   Individual Risk: 2.571 = Moderate: Users’ names were not stored in the exposed database, but nicknames, ages, ethnicities, genders, hometowns, group memberships, and location data were all available. Some personal information was highly sensitive and could be used to execute spear phishing campaigns or targeted ransomware attacks. 

Customers Impacted: Unknown.

Effect On Customers: Ransomware attacks not only negatively impact productivity and manufacturing, they also negatively impact growth. Companies like Visser Precision have many high-profile and mission-critical clients. Cybersecurity incidents can put those organizations at risk, making them less likely to do business with companies that have data security issues

Risk Levels: 1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & Huntsman Digital Auditor to the Rescue: Helping SME’s to understand the importance of security is no easy task. With an ‘Essential8’ Digital Security Audit we offer a remote access, independent ‘real time’ audit of our clients critical operational infrastructure systems to determine where the gaps are with recommendations for remediation.

Its the first step to real cyber security. Call Avantia’s office on 07 30109711 or visit: https://www.avantiacybersecurity.com/cyber-security-audit

THREAT FOCUS: Champaign-Urbana Public Health District - UNITED STATES

https://statescoop.com/amid-coronavirus-scare-ransomware-targets-public-health-agency-illinois/


Exploit: Ransomware.

Champaign-Urbana Public Health District: Healthcare service provider.  

Risk to Small Business: 2.111 = Severe: A ransomware attack disabled the healthcare provider’s website as concerns over Coronavirus are reaching a fever pitch. While the incident spared the provider’s email accounts, health records, and patient records, it limited the agency’s ability to communicate with patients. The Champaign-Urbana Public Health District has begun using its social media accounts to communicate with the public, and they’ve launched a backup website to replace the disabled page. This is an expensive and potentially harmful incident at a time when quickly communicating information can be a matter of life and death. 

Individual Risk: At this time, no personal information was compromised in the breach

Customers Impacted: Unknown.

Effect On Customers: The particular malware strain that infected the Champaign-Urbana Health District targets enterprises running Windows 10. It’s a reminder that ransomware is on the rise and companies can take simple steps to ensure that malware doesn’t enter their system through outdated software, phishing attacks, or other vulnerabilities

Risk Levels:

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: BullPhish IDTM simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime. Phone Avantia on 07 30109711 for more information.


THREAT FOCUS: EVRAZ Manufacturing - CANADA

https://www.zdnet.com/article/one-of-roman-abramovichs-companies-got-hit-by-ransomware/


Exploit: Ransomware. 

EVRAZ: Steel manufacturer.  

Risk to Small Business: 2 = Severe: A ransomware attack crippled the company’s North American operations, including production at its Canadian steel plants. This attack complicates the company’s financial outlook at a time when it is already experiencing a significant drop in share price. Now, EVRAZ will have to grapple with the high cost of recovery, diminished productivity, and making significant improvements to its IT infrastructure – expenses no company needs during a time of worldwide uncertainty.    

Individual Risk: At this time, no personal information was compromised in the breach.

Customers Impacted: Unknown

Effect On Customers: Few cyberattacks wreak as much havoc as ransomware attacks. Not only are they one of the most expensive attacks to recover from, but they are uniquely disruptive, creating many obstacles on the road to recovery. Every organization can protect itself from possible ransom attacks and other malware by securing accounts and otherwise safeguarding critical IT.

Risk Levels:

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & Huntsman Digital Auditor to the Rescue: Helping SME’s to understand the importance of security is no easy task. With an ‘Essential8’ Digital Security Audit we offer a remote access, independent ‘real time’ audit of our clients critical operational infrastructure systems to determine where the gaps are with recommendations for remediation.

Its the first step to real cyber security. Call Avantia’s office on 07 30109711 or visit: https://www.avantiacybersecurity.com/cyber-security-audit

THREAT FOCUS: Koodo Wireless - CANADA

https://www.itworldcanada.com/article/koodo-admits-february-data-breach-data-already-being-sold-on-dark-web/428249


Exploit: Unauthorized database access.

Koodo: Wireless carrier

Risk to Small Business: 1.88 = Severe: On February 13th, hackers used compromised credentials to access Koodo’s database. Once inside, they stole sensitive user data from August and September 2017. Hackers were not able to access phone numbers, which would have allowed them to receive two-factor authentication codes and further compromise user accounts. In response, Koodo has disabled some features to prevent hackers from misusing customer accounts.  

Individual Risk: 2.428 = Severe: Customer account details, including account numbers and identifying information, were obtained by the thieves and are now for sale on the Dark Web. It’s possible that hackers can use customer data to change user account information or receive two-factor authentication codes, which would further compromise personal data. Those impacted by the breach should take steps to ensure that their accounts are secure and that they are not vulnerable to additional attacks. 

Customers Impacted: Unknown Effect On Customers: Data breaches have profound implications for companies and customers. In this instance, a customer-focused data breach could have undermined the company’s network integrity, allowing hackers to further infiltrate Koodo’s IT infrastructure. Rather than waiting to discover a data breach, use responsive monitoring tools to take preemptive steps to identify stolen credentials and to prevent a breach before it occurs.  

Risk Levels:

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: We go into the Dark WebTM to keep you out of it. Dark Web ID is the leading Dark Web monitoring platform in the world. The award-winning platform combines sophisticated human and Dark Web intelligence with search capabilities to identify, analyze and proactively monitor for an organization’s compromised or stolen employee and customer data. Schedule a demo today by calling 07 30901711 (Office Hours)

THREAT FOCUS: Lise Charmel - FRANCE

https://www.telegraph.co.uk/news/2020/03/04/huge-ransomware-attack-laid-bare-french-lingerie-firm-cost-millions/?&web_view=truee


Exploit: Ransomware.

Lise Charmel: Retailer.

Risk to Small Business: 2 = Severe: A ransomware attack devastated the high-end lingerie retailer, costing it millions and forcing it into receivership. The attack, which first began on November 8, 2019, encrypted the company’s entire IT infrastructure, including employee workstations and data stores. As a result, all company employees were rendered unable to work with dire consequences for the 70-year-old business. 

Individual Risk: At this time, no personal data was compromised in the breach.  

Effect On Customers: Ransomware attacks have been ramping up and they can have serious consequences. Businesses must be prepared to defend their infrastructure and to orchestrate a comprehensive recovery process. This incident is a reminder that cybersecurity is a bottom-line issue that has real implications for a company’s viability in today’s dangerous digital landscape.

Risk Levels:

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & Huntsman Digital Auditor to the Rescue: Helping SME’s to understand the importance of security is no easy task. With an ‘Essential8’ Digital Security Audit we offer a remote access, independent ‘real time’ audit of our clients critical operational infrastructure systems to determine where the gaps are with recommendations for remediation.

Its the first step to real cyber security. Call Avantia’s office on 07 30109711 or visit: https://www.avantiacybersecurity.com/cyber-security-audit

THREAT FOCUS  Anteus Tecnologia  - UNITED KINGDOM

https://www.dailymail.co.uk/sciencetech/article-8100805/Employee-ID-firm-leaves-76-000-fingerprints-exposed-online-email-addresses-phone-numbers.html?&web_view=true


Exploit: Exposed database.

Anteus Tecnologia: Developer and distributor of fingerprint identification systems

Risk to Small Business: 1.888 = Severe: A cyberattack on February 20, 2020, compromised customers’ personal data and payment information but didn’t impact customer funds. The company admitted that the breach occurred because of a known vulnerability, raising questions about the priority of data security at the fintech startup. Now Loqbox is poised to experience significant customer blowback and regulatory scrutiny as it falls under the purview of Europe’s GDPR.

Individual Risk: 2.142 = Severe: In addition to precise fingerprint data, the database also contained the email addresses and phone numbers of employees who store their information with the company. Those impacted by the breach should take every precaution to secure their data and beware of potential instances of fraud resulting from this compromised information. 

Customers Impacted: 76,000. 

Effect On Customers: Today’s regulatory landscape promises steep penalties for companies that fail to protect customer information. In this environment careless errors, like failing to password protect a database, are especially egregious to regulators and customers – and all companies need to ensure that data security is a day-one, top-down priority. 

Risk Levels:

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & Huntsman Digital Auditor to the Rescue: Helping SME’s to understand the importance of security is no easy task. With an ‘Essential8’ Digital Security Audit we offer a remote access, independent ‘real time’ audit of our clients critical operational infrastructure systems to determine where the gaps are with recommendations for remediation.

Its the first step to real cyber security. Call Avantia’s office on 07 30109711 or visit: https://www.avantiacybersecurity.com/cyber-security-audit

THREAT FOCUS: Melbourne Polytechnic  - AUSTRALIA

https://www.itnews.com.au/news/melbourne-tafe-data-breach-exposes-55k-student-staff-files-539180


Exploit: Unauthorized database access.

Melbourne Polytechnic: Academic institution.  

Risk to Small Business: 1.555 = Severe: Melbourne Polytechnic has updated its data breach notification to reflect an incident that occurred between September and December 2018. The school didn’t identify the breach until October 2019 and has since been conducting an IT investigation to assess the damage. In response, the institution has issued an apology to staff and students impacted by the breach. However, users are still in danger of further compromise because the stolen data puts them at serious risk for fraud and other cybercrimes.    

Individual Risk: 1.857 = Severe: The compromised data is limited to staff and student information between September and December 2018. However, it includes highly sensitive personal details, including PII, healthcare-related data, and financial information. In addition, some victims had their usernames, email addresses, and passwords stolen. Although the culprit has been apprehended, this information has a long shelf life on the internet, and those impacted by the breach should carefully monitor their accounts and credentials for potential misuse.  

Customers Impacted: 90,000.

Effect On Customers: Consumers and employees are increasingly unwilling to work with companies that can’t protect their information. While recovery costs and regulatory fines make a data breach an expensive pitfall, the damage to a company’s reputation can never be fully repaired, ensuring that any breach will have cascading consequences that outlive the initial incident. 

Risk Levels:

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: Dark Web ID monitors the Dark Web to find out if your employee or customer data has been compromised, allowing companies to quickly act to mitigate the effects of a data breach. We work with MSSPs to strengthen their security suite with the leading Dark Web monitoring and reporting tool in the world. Schedule a No Obligation Discovery Search in real time by calling 07 30109711 (Office Hours)

THREAT FOCUS: Manheim Auctions - AUSTRALIA 

https://www.smh.com.au/business/consumer-affairs/major-company-with-perth-office-faces-30-million-ransom-demand-after-cyber-attack-20200310-p548lo.html?&web_view=true


Exploit: Ransomware. Manheim Auctions: Car auction house. 

Risk to Small Business: 2 = Severe: The world’s largest wholesale auction house for cars got a surprise it didn’t want on Valentine’s Day- ransomware. Hackers accessed and encrypted the network of the Australian branch of Manheim Auctions, demanding a head-turning $30 million ransom to release the company. The company was forced to post a message to customers on its Facebook page noting the diminished functionality while promising not to pay the ransom. Even without paying the ransom, the company won’t emerge unscathed. Recovery efforts will be incredibly expensive, and the productivity loss and reputational cost incurred will have long-lasting implications.

Individual Risk: At this time, no personal data was compromised in the breach. 

Customers Impacted: 1,100,000

Effect On Customers: Recovering from a ransomware attack is an expensive proposition. Regardless of whether or not companies choose to pay the ransom, these attacks have a profound impact on the victim’s bottom line. Rather than rewarding bad actors, every company should invest in a robust ransomware defense for protection from these costly incidents.   

Risk Levels:

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: The most common way that ransomware is delivered is phishing. Designed to protect against human error, Bullphish ID simulates phishing attacks and manages security awareness training campaigns to educate employees, making them the best defense against this kind of cybercrime. Learn more by calling 07 30109711 (Office Hours)

______________________________________________________________________________

POSTSCRIPT

Hackers Collect Millions from Stolen Payment Card Records  

In an increasingly digital-first world, payment card skimming malware has been a growing threat to both customers and retailers – and a profitable business for the bad guys. Unfortunately, that trend is unlikely to abate anytime soon. According to cybersecurity researchers, hackers recently hauled in $1.6 million from selling 239,000 stolen payment cards on the Dark Web.   The card information was stolen throughout 2019 from as thousands of retailers fell victim to malware. In this web-skimming incident, attackers used malicious JavaScript to steal payment data at checkout from stores hosted on the Volusion cloud platform. Unfortunately, the high yield is likely to incentivize other cybercriminals to pursue payment card skimming, creating a serious liability for companies and customers processing payments online.   Customers routinely demonstrate an unwillingness to shop at online retailers after a data breach. Making cybersecurity at the point of sale a top priority could be the difference between a flourishing online store and a floundering operation. Any business planning to implement online sales needs to have a strong cybersecurity strategy that works mitigate some of the risk of this means of attack including regular malware assessments.


DEFENSE GRADE CYBER AUDIT SERVICES NOW AVAILABLE FOR SME'S

The Essential 8 Auditor program is a ‘defense grade’ digital online auditing system that provides an objective, quantitative measure of an organisation’s cybersecurity maturity level to determine and highlight any gaps in their key cyber defense strategies. It is a system used by many Federal Government Departments and Large Private Companies as part of their compliance protocol. By partnering with Huntsman Security to address the needs of the SME marketplace, Avantia Cyber Security are now able to utilise the Essential 8 Auditor software program to remotely measure an organisations cyber security risk in real time and generate a detailed cyber audit report for SME's to document their cyber 'maturity' measured against the 'Essential8' framework with guidance of what needs to be fixed to be compliant without disruption to operations. All reports are Certified and ‘Confidential’ for the client only and require access to their server’s (physical or cloud based) active directory running on Windows platform.


The Essential8 (E8) Framework was developed by the Australian Signals Directorate (ASD).  It is a prioritised list of practical security controls  that organisations can implement to make their organisation’s information more secure.  They have been found to mitigate up to 85% of cyber attacks.


Avantia Cyber Security partners with Huntsman Security to address the needs of Australian Small to Medium Enterprises (SME). Developers of the Essential8 Auditor program, Huntsman Security , is the trading name of Tier-3 Pty Ltd whose technology heritage lies in delivering a key foundation stone of the cyber security risk management, monitoring and response capability in some of the most secure and sensitive environments within the intelligence, defense and criminal justice networks across the world, where Huntsman Security solutions are deployed and accredited to the highest security levels.



Disclaimer*:

Avantia Corporate Services Pty Ltd T/A Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, and up to 56 other countries who provide cyber breach and cyber security information to us in real time. Given their international focus and experience in the cyberspace arena we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the contents accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.

*COPYRIGHT 2020* Avantia Corporate Services - All Rights Reserved.

(10,502,610)