PUTTING RUSSIAN MILITARY CYBER OPERATIONS INTO CONTEXT
This Past Week: Report highlights ‘Risk‘ in State Sponsored (Russian) Cyber Attacks; Covid-19 blamed for 238% surge in cyber attacks on Banks; Anti Coronavirus masks may thwart facial recognition cameras in London; A Cybercrime store is selling access to more than 42,000 open records from hacked server’s on the Open Web; Docusign Phishing Scam and the Parallels between Coronavirus and cybercrime; International Data Breaches and cyber attacks in April 2020 total 216 Million records breached - IT Governance Report; Ransomware disrupts remote work; Accidental data sharing compromises customer data; Cybersecurity events reach an all-time high as well as major breaches in GERMANY; SPAIN; UNITED KINGDOM; AUSTRALIA; FRANCE & UNITED STATES
Dark Web ID Trends:
Top Source Hits: ID Theft Forums
Top Compromise Type: Domain
Top Industry: Education & Research
Top Employee Count: 501+
________________________________________________________________________
REPORT ANALYSES RISK IN STATE SPONSORED CYBER ATTACKS.
If you can figure out why a cyber attack may have occurred, you can better predict what’s next and act deliberately to manage risk to your organization. That’s a key takeaway from Booz Allen’s comprehensive new report, Bearing Witness: Uncovering the Logic Behind Russian Military Cyber Operations. The report details how the timing, targets, and impacts of Russia’s military intelligence agency—the GRU—has been linked to more than 200 espionage, disruption, and disinformation incidents and campaigns between 2004 and 2019. Many organisations view cyber attacks as indiscriminate threats, but from financially driven “pray-and-spray” attacks to highly targeted attacks by state-aligned adversaries, there’s a motivated threat actor for every attack—even if it’s not immediately obvious to the victims. In this case, the report illustrates how GRU-linked operations directly responded to Russia’s concerns about specific geopolitical events and developments often by shaping beliefs and perceptions. In this Q&A with the report’s authors, you’ll gain insights into GRU cyber operations, how to better understand the drivers behind those operations, and the value of “threat-centric risk management.” What are some examples of how GRU attacks were influenced by specific events and larger strategic priorities?
From 2015 to 2017, the GRU repeatedly unleashed malware that wiped hard drives and twice disrupted local power distribution in Ukraine. According to Booz Allen’s assessment, these attacks were likely, in large part, a GRU response to Ukraine’s refusal to repay a geopolitically significant 2013 energy loan, compounded by a December 2015 IMF policy ruling that enabled Ukraine’s default. This contextual analysis better explains the motivating factors behind the attack than previous theories and directly ties to Russia’s strategic interest in enforced compliance with international agreements. Also, in late 2016, the GRU repeatedly leaked documents from prominent U.S. democracy promotion groups. The spy agency’s personas and Russian state-linked media claimed the documents showed a vast illicit U.S. conspiracy to undermine elections in Russia and Eastern Europe. Our analysis showed the GRU sought to weaken then-emergent U.S. denunciations of Russia’s attempts to influence the 2016 U.S. presidential election. The leaks were framed to suggest a normative equivalence of all forms of foreign-linked political activity. Who are the primary targets of the GRU’s cyber operations, and why?
The GRU’s immediate targets vary greatly, from sports organizations and religious figures to diplomats and critical infrastructure operators. Ultimately, the GRU seeks to influence specific groups (including cultural, ethnic, religious and national groups), policy elites (such as military and political leaders), and countries to be more open to—or at least less likely to oppose—Russian interests and policies. They do this through data leaks, disinformation campaigns, and targeted attacks against individuals or infrastructure intended to sway confidence and influence discourse. “Whether by for-profit criminals or 'hacktivists' advancing an ideology, cyber activities are goal-oriented.”
Recognizing this risk, how should organizations change and evolve their cybersecurity approaches? Cybersecurity teams need to track more overt state-linked actions, such as statements by diplomats and state-linked media and disinformation campaigns. These can signal a government’s goals, positions, and points of friction. For instance, in February 2020, several governments blamed the GRU for conducting cyber attacks on the Republic of Georgia. At the time of the attacks in October 2019, Booz Allen observed concurrent social media campaigns amplifying false narratives about hacktivist perpetrators and NATO’s relationship with Georgia, early public indications of the attribution, and likely motivations. In addition, organizations should expand their focus beyond tracking easily measurable harms to larger strategic impacts. Consider how the GRU disrupted Ukraine’s first post-revolution presidential election in 2014. On election day, they leaked emails suggesting a conspiracy to help certain candidates, defaced the national election commission’s website with fake vote counts, and wiped associated systems. Russia’s cyber operations delayed the release of accurate vote totals for more than a day. Moreover, these tactics—and the amplification of fraudulent results by Russian media—introduced confusion and threatened public confidence in the legitimacy of the newly elected government. Although public confidence is difficult to measure, the results of such a campaign can be significant. Imagine, for example, the impact of these kinds of coordinated cyber information operations on the November 2020 U.S. presidential election. On a smaller scale, we recently saw firsthand how the U.S. public and news media reacted to delays in Iowa’s Democratic Caucus results. How can organizations protect themselves considering rapidly changing geopolitical circumstances and cyber responses?
Whether by for-profit criminals or “hacktivists” advancing an ideology, cyber activities are goal-oriented. The goal for state actors conducting cyber operations is to bolster their national security and advance national interests. One approach to protect yourself is threat-centric risk management. It considers how operations against your organization would advance your adversary’s interests, with security strategies tailored to this understanding. To implement threat-centric risk management, first create an organizational “profile.” It details your location(s), partners, customers, the information you possess, and so forth. Then consider your potential adversaries: Who are they? What do they want? How likely are they going to act on their objectives?
Once you’ve established those parameters, risk management activities can include
Internal and external threat hunts focused on expected adversaries
Playbooks and security controls based on expected attacks
Tracking metrics to measure the impact of larger organizational decisions on your risk profile, including new lines of business, delivery models, and partnerships, or changes in your operating environment, such as political and social shifts
COVID-19 BLAMED FOR 238% SURGE IN CYBERATTACKS AGAINS BANKS
The coronavirus pandemic has been connected to a 238% surge in cyberattacks against banks, new research claims. Simple steps can make the difference between losing your online accounts or maintaining what is now a precious commodity: Your privacy - Recently, VMware Carbon Black released the third edition of the Modern Bank Heists report, which says that financial organizations experienced a massive uptick in cyberattack attempts between February and April this year -- the same months in which COVID-19 began to spread rapidly across the globe. The cybersecurity firm's research, which includes input from 25 CIOS at major financial institutions, adds that 80% of firms surveyed have experienced more cyberattacks over the past 12 months, an increase of 13% year-over-year. VMware Carbon Black data already indicates that close to a third -- 27% -- of all cyberattacks target either banks or the healthcare sector. An interesting point in the report is how there appears to have been an uptick in financially-motivated attacks around pinnacles in the news cycle, such as when the US confirmed its first case of COVID-19. In total, 82% of chief information officers contributing to the report said that alongside a spike in attacks, techniques also appear to be improving -- including the use of social engineering and more advanced tactics to exploit not only the human factor but also weak links caused by processes and technologies in use by the supply chain. The use of Kryptik and Emotet malware families is frequent, as well as Obfuse, CoinMiner, and Tiggre. Ransomware attacks against the financial sector increased roughly 9x from the beginning of February to the end of April 2020. Those surveyed said that attempts at destruction, not just information theft, are becoming more common. Wipers, too, are becoming more commonplace. Island-hopping has also been experienced by 33% of those surveyed. This form of attack involves threat actors moving through a supply chain -- starting at a weak link -- with the overall goal of reaching a connected financial institution. This may be achieved by methods such as compromising and then moving through networks, watering hole attacks, or business email compromise (BEC). In addition, 64% of organizations have reported a 17% increase in wire fraud attempts. "When combined with a steady commercial growth of mobile devices, cloud-based data storage and services, and digital payment systems, cybercriminals today have an ever-expanding host of attack vectors to exploit," commented Jonah Force Hill, senior cyber policy advisor and CIAB executive director. "Every organization -- providers of financial services, in particular -- must remain vigilant in the face of these evolving threats.
ANTI-CORONAVIRUS MASKS MAY THWART FACE RECOGNITION CAMERAS IN LONDON
Counter-coronavirus masks may thwart London police plans to deploy facial-recognition cameras across the capital, senior managers have admitted. Two London Assembly members, Caroline Pidgeon (Lib Dem) and Sian Berry (Green Party), wrote to Metropolitan Police commissioner Cressida Dick, asking whether the "unreliable, unregulated" technology would be withdrawn during the COVID-19 pandemic. In a letter published on the London Assembly website, the two elected representatives said: "We both believe that the way in which LFR [live facial recognition] is being rolled out as an operational tool in London is ill-advised, and that this technology will have a chilling effect on civil liberties if it is not used with clarity, accountability and with full democratic consent." On top of that, masks are a potential problem for the technology anyway. London's deployment of Neoface tech supplied by NEC Global relies on people's full faces being visible – something not possible when most Britons will be wearing masks during the coming months. A Scotland Yard spokeswoman told the Evening Standard, which asked the question about masks: "We are looking at any potential issues to establish how it may impact on future LFR deployments." Facial-recognition technology in London is seen by police as a high-tech solution to their woes – and managers are determined to roll it out regardless of public opposition to the China-style surveillance. Earlier this year NEC told the nation's press that its internal trials showed an accuracy rate of 70 per cent, though the Met's own trial deployments showed a shocking 98 per cent inaccuracy rate, complete with false-positive matches. Commander Mark McEwan confirmed in January that if the NEC-supplied black box flags up a match, police will use that as grounds to arrest and search passers-by, saying: "Yes, it [an AFR match] does start that journey of building reasonable ground [for stop and search or arrest] in the same way if I had looked on my laptop, on the briefing pages, before I went out on the street." Police want the public to believe that the tech is the same as having frontline workers looking at photos of wanted suspects before going out on patrol. The truth is that unmarked facial-recognition CCTV vans are loaded with lists of up to 10,000 suspects, as NEC told us in January – and, according to Pidgeon and Berry, "police do not accept" that only "serious crimes" should be included on watch-lists. For now, there's a temporary reprieve – though police eyes may be turning to recent Chinese developments to work around public health and safety measures
A CYBERCRIME STORE IS SELLING ACCESS TO MORE THAN 42,000 HACKED SERVERS ON THE OPEN WEB.
MagBo, a shadowy online marketplace where hackers sell and buy hacked servers, is doing better than ever and has soared in popularity to become the largest criminal marketplace of its kind since its launch in the summer of 2018. Two years later, the MagBo portal has grown more than 14 times in size and is currently selling access to more than 43,000 hacked websites, up from the 3,000 sites listed in September 2018. Today, MagBo has become the de-facto go-to marketplace for many cybercrime operations. Some groups register on the MagBo platform to sell hacked servers, while others are there just to buy. Those who buy, do it either in bulk (for black-hat SEO or for malware distribution) or selectively, for intrusions at high-value target (e-commerce stores for web skimming, intranets for ransomware). All in all, the MagBo platform cannot be ignored anymore, as it appears to be here to stay, and is placing itself at the heart of many of today's cybercrime operations. This article is based on a report from threat intelligence firm KELA on MagBo's recent evolution. Last week, KELA provided access to its threat-hunting platform in order to search through MagBo's listings. Before we delve into what KELA found, readers will need an intro today's cybercrime landscape and MagBo's place in the underground economy.
THE CURRENT STATE OF THE CYBERCRIME ECONOMY
The sale of hacked data has been around for decades. What most users don't know is that the underground economy has evolved in a nearly identical pattern to how modern e-commerce has evolved. In the early days, hackers used IRC channels and instant messaging clients to peddle hacked information. Things then evolved into ads posted on forums and then criminal gangs began creating and running their own online shops. For the past decade, the underground market has caught up with the real world, and we now have "marketplaces" similar to Amazon or eBay, where hackers register accounts to sell and buy products at the same time, fueling a supply and demand market in the process. Today, we have marketplaces that sell access to hacked servers, marketplaces for selling access to hacked computers (compromised by botnet malware), marketplaces for stolen payment card details, and marketplaces for selling personal information stolen during data breaches -- each more professional than the next. WHAT IS MAGBO? MagBo is today's top marketplace for hacked servers. The site runs on the public internet, but access is restricted to approved members. You need an invitation to be able to register a profile on MagBo, and to get an invite, you need to be referred by a site member. The site launched around June 2018, and it initially started just like any other cybercrime service -- namely, by advertising itself on various hacking forums. According to several ads, the site heavily advertised itself as a portal where other cybercrime groups could buy access to web servers that were hacked and had a web shell installed on their filesystem. Web shells are malicious programs that hackers install on web servers. They provide a visual interface that hackers can use to interact with the hacked server and its filesystem. Most web shells come with features to let hackers rename, copy, move, edit, or upload new files on a server. They can also be used to change file and directory permissions, or archive and download (steal) data from the server. Initially, the service launched with a collection of more than 1,500 web shells; however, by September 2018, Flashpoint reported that this number had grown to 3,000 systems, as other hackers flocked to create accounts and sell their own "web shell inventory." MagBo tried to diversify its initial web shell listings by adding support for selling other types of access -- such as access to a server's CMS account, access to a server's hosting panel account, access to a server's SSH account, and access to a site's SQL database. However, today, web shells remain MagBo's top product, accounting for 90% of the site's listings, according to KELA. Over the years, the site has boomed, to put it lightly. Since it launched in 2018, KELA says the site has sold access to more than 150,000 sites, with 43,000 still being up for sale as of this week. KELA product manager Raveed Laeb says they've tracked 190 different threat actors selling hacked servers on the site. Based on historical server listings and their associated prices, Laeb believes MagBo operators might have made more than $750,000 in revenue from selling hacked servers on the site. But MagBo is not unique. Other stores like it have existed before, and are still being created and launched, with little to no success. Laeb believes the reason that MagBo has cornered the market is that unlike many other similar marketplaces, the store doesn't hide details about the hacked servers. While other stores hide domain names to avoid other hackers from taking over the same servers/systems, MagBo lists unredacted URLs and site titles, so buyers can get an idea of exactly what they're getting. In addition to this, MagBo also shows the level of access and permissions the web shell has, which helps other criminal gangs identity servers they can use for their particular type of operations. For example, MagBo lists if the web shell has access to the server's mail feature, allowing spam operators to rent servers they can put to work immediately. Further, MagBo also lists hacked servers where the web shell can edit files, a feature that web skimming (Magecart) and black-hat SEO gangs often require. Such level of granularity is what has contributed to MagBo's rise to prominence, is what helped keep the site's customers happy, and has drawn new ones through referrals. But KELA says the site's success can also be attributed to a steady supply of new inventory. Between 200 and 400 new sites are being added on a daily basis, with around 200 being sold off.Most of the MagBo listings that ZDNet reviewed are from WordPress sites. Some of the WordPress sites listed on MagBo run on outdated versions and used outdated plugins, according to basic scans performed by ZDNet. This is no surprise as old and outdated WordPress sites have been under constant attacks for years, primarily due to the WordPress CMS' popularity. Over the past few years, there have been reports from several cyber-security firms about attacks on WordPress sites where the intruders didn't do anything. Hackers would just break into a site, leave a web shell, and then leave. Knowing what we know now about MagBo's rise in popularity, it is very likely that some of these hacked sites were most likely listed on MagBo, waiting for a buyer. While ZDNet could not review all MagBo listings, primarily due to the store's size, we have seen compromised websites from all types of websites. This includes official government websites, portals for education institutions, sites for small businesses, and even sites for insurance and financial institutions. KELA says that the selling price for these sites usually varies based on the website's type. For example, a small-business website that nobody heard of would go for something as small as a few cents, while an official government ministry portal will go for up to $10,000.What we're seeing here with MagBo is similar to xDedic, another cybercrime marketplace, but one specialized in selling access to hacked RDP endpoints. Just like MagBo, xDedic grew from a small portal to ballooned at around a 85,000 inventory and become a central piece of the cybercrime landscape. The site became widely used by ransomware gangs, which bought access to hacked RDP servers from xDedic, infiltrated corporate networks, and ransomed companies for huge sums of money. Once xDedic became a central piece in the cybercrime world, the site was targeted by a law enforcement investigation and shut down in January 2019. MagBo may not be as popular as xDedic, but the site is rising in popularity. Furthermore, with the rise of web skimming (Magecart) attacks and the financial losses these attacks cause to banks and consumers, sites like MagBo, which sell access to WordPress-based online stores, might soon find their way in the crosshairs of law enforcement officials.
‘DOCUSIGN’ PHISHING SCAM AND THE PARALLELS BETWEEN CORONAVIRUS AND CYBER CRIME
It’s been a promising few days, with the death toll slowing, lockdown easing and the government extending its furlough scheme. But for those who have been able to work from home throughout the coronavirus pandemic, not much will change. You will still be advised to stay at home, communicate with your colleagues remotely, home school your kids and socially distance yourself from others. Unfortunately, the same can’t be said when it comes to cyber crime. Scammers are constantly finding new ways to exploit the pandemic – as we explore in our latest round-up of news and advice on how to stay safe. It’s gone from bad to worse for Madonna. After being ridiculed for posting a video in which she somberly declared that coronavirus is “the great equaliser” while sitting in a petal-filled bath, she has now become one of many celebrities whose information was stolen in a ransomware attack. Variety reported that the entertainment and media law firm Grubman, Shire, Meiselas & Sacks suffered a cyber attack in which 756 gigabytes of its clients’ contracts, nondisclosure agreements, phone numbers, email addresses and personal correspondence was comprised. The incident demonstrates that cyber criminals, if not viruses, are an equalling force and an indiscriminate scourge. Among the other celebrities affected are Lady Gaga, Nicki Minaj, Bruce Springsteen, Ella Mai, Mary J. Blige, Christina Aguilera, Mariah Carey, Cam Newton, Bette Midler, Jessica Simpson, Priyanka Chopra, Idina Menzel, John Oliver and Run DMC. DocuSign, a service that allows people to send and sign electronic copies of contracts, has become crucial for organisations during the lockdown – so, naturally, cyber criminals have attempted to exploit it. The scam is relatively simple; it’s nothing more than a mock-up of a DocuSign email asking the recipient to follow a link to review the document. However, the link goes to a bogus site. However, despite – or perhaps because of – the simplicity of the scam, it’s very hard to detect. The message does a good job reproducing the layout of DocuSign’s emails and contains almost no grammatical errors (except the capitalised ‘You’ in ‘Thank You’, which many recipients may not even read). However, there are two ways you can tell that this is a scam. The first is that you presumably wouldn’t be expecting to receive a document from the sender that the scammer was imitating – in this case Newman Law Solicitors. In general, any unexpected email containing an attachment should raise your suspicions. Take this opportunity to ask your colleagues if they knew anything about the subject referenced in the message. You might also decide to email the person or organisation that sent the message – using an email address you know is genuine (either because you’ve corresponded through it before or you’ve found it on their website). The second way you can tell that this is a scam is that the destination URL in the link doesn’t go to a DocuSign-related email address. Instead, it goes to an address that contains a string of letters and numbers followed by ‘sendgrid.net’. SendGrid is a firm that enables organisations to send automated marketing messages. The scammers are using this service with a bogus DocuSign email address and template to trick victims into downloading infected attachments. Dr Wendy Ng might be one of the only people on the planet who is an expert on both COVID-19 and cyber security. She gained a PhD from Oxford University in Medical Genetics and now works as a senior security advisor at Experian, where she is a subject matter expert for the company’s global DevSecOps transportation initiative. Ng recently spoke to Dan Lohrmann about the ways security and technology professionals can learn from the pandemic. In the interview, she notes some of the parallels between the current pandemic and the threats organisations face. In particular, she refers to the need to invest heavily in “electronic healthcare” that is flexible enough to deal with everyday issues and crises. The biggest challenge for many of us during the pandemic is remaining productive. With so many distractions, not to mention the toll that the lockdown is having on our mental health, it’s natural that we won’t be at peak performance. But how can we make sure the necessary work gets down? James Houghton, 29, from Cambridgeshire UK, said that he sets himself a goal to start and finish at specific times, which he believes helps him to focus during the day. “I also set targets down the night before, like a to-do list with boxes to tick. I get annoyed at myself if I don’t do it.” He adds: “I also find trying to avoid food helps. At the beginning of this, I would be in the kitchen too much just snacking. So I set myself one snack time a day as opposed to grazing continuously.” As the coronavirus pandemic continues, cyber criminals are finding new ways to target organisations, so don’t let the good work you’ve done so far be in vain – one virus is enough to contend with. There are plenty of ways organisations can make costly mistakes without the involvement of a criminal hacker. For example, failing to implement appropriate business continuity plans could cause major delays and employees who struggle with social isolation are prone to mistakes that could jeopardise the security of their organisation’s sensitive data.
______________________________________________________________________________
THREAT FOCUS: Sparboe - UNITED STATES
https://www.infosecurity-magazine.com/news/maze-claims-ransomware-attack-on-us/
Exploit: Ransomware
Sparboe: Egg producer
Risk to Small Business: 2.351 = Severe Cybercriminals have targeted a vulnerable food supplier with ransomware that encrypted files and exfiltrated data. In addition to product-related information, cybercriminals also obtained personal data on current and former employees. Now, the company faces an arduous recovery process that will involve resuscitating its reputation as it grapples with the high cybersecurity costs associated with ransomware attacks.
Individual Risk: 2.829 = Moderate Although it’s unclear what data was compromised, current and former employees should assume the worst. Since companies collect and store employees’ most sensitive personal and financial data, all of this information could be available to bad actors. Those impacted should notify their financial institutions while taking care to monitor their accounts and communications for unusual or suspicious activity.
Customers Impacted: Unknown
Effect On Customers: A cybersecurity incident is a permanent stain on an organization’s reputation that can impact customer loyalty, employee retention, and future capability. Cybersecurity has implications for every facet of a business, as the investment in defensive capabilities will far outweigh the collective costs of a data loss event.
Risk Levels*:
1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk *Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.
Avantia Cyber Security & Passly to the Rescue: With Passly, get the secure identity and access management solutions that you need to protect your systems and data in today’s remote work landscape at a price that you can afford, including multi-factor authentication, single sign-on, and secure password storage. Find out more by phoning Avantia on 07 30109711 or Click the link to get started: https://www.avantiacybersecurity.com/overwatch
THREAT FOCUS: Grubman Shire Meiselas & Sacks - UNITED STATES
https://www.infosecurity-magazine.com/news/celebrity-data-stolen-in/
Exploit: Ransomware
Grubman Shire Meiselas & Sacks: Law firm
Risk to Small Business: 1.409 = Extreme A ransomware attack has compromised the highly sensitive personal data of dozens of high profile clients including tech giants, A-List celebrities, and sports stars. The law firm lost 756GB of client data in the attack. Cybercriminals are threatening to release the information in nine installments unless the firm pays a ransom, believed to exceed $20 million. This attack reflects a ransomware trend: hackers steal company data and demand payment. Until now, many were content to simply encrypt an organization’s network in hopes of being paid for a decryption key. Unfortunately, this new methodology is much more expensive, which could undermine the organization’s long-term reputation and viability.
Individual Risk: 1.560 = Extreme Cybercriminals obtained extremely detailed private information about high-profile clients including names, contract details, phone numbers, email addresses, personal correspondence, legal filings, and non-disclosure agreements. This information is often used to perpetuate blackmail, spear phishing attacks, identity theft, and other crimes. Those impacted by the breach should enroll in credit and identity monitoring services. In addition, Dark Web monitoring offers insights into the spread of personal information, bolstering their ability to respond to misuse.
Customers Impacted: Unknown
Effect On Customers: Ransomware attacks are increasingly becoming data loss events, as cybercriminals steal data before encrypting critical IT. This compounds the cost and consequences of an attack, and it should encourage every organization to assess its defensive posture in relation to this threat.
Risk Levels*: 1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk *Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.
Avantia Cyber Security & ID Agent to the Rescue: Dark Web ID monitors the Dark Web to find out if your employee or customer data has been compromised. We work with our partners MSSPs to strengthen their customers security suite by offering industry-leading detection. Discover more and get a FREE Real Time Dark Web search for compromised Usernames/Passwords by calling Avantia on 07 30109711 today.
THREAT FOCUS: Orchard Villa - CANADA
https://www.infosecurity-magazine.com/news/significant-privacy-breach-at/
Exploit: Unauthorized data release
Orchard Villa: Retirement community
Risk to Small Business: 1.975 = Severe Orchard Villa, a retirement community that’s been ravished by COVID-19, endured a data breach after employees inadvertently released residents’ personal details and protected health information. The breach has brought continued blowback from residents and families already frustrated by a lack of transparency and communication. Now, the facility is enduring harsh media scrutiny and a data privacy investigation from Ontario’s privacy commission, both of which could have costly repercussions for the care facility.
Individual Risk: 2.177 = Severe Although Orchard Villa didn’t provide a comprehensive disclosure of compromised data, the facility indicated that personal data and protected healthcare information was shared. Those impacted by the breach should carefully monitor their accounts and communications, as this information could be used to facilitate spear phishing campaigns or other forms of fraud.
Customers Impacted: Unknown.
Effect On Customers: Customers are more ready than ever to walk away from companies that can’t protect their personal data. In 2020 and beyond, it’s clear that every organization’s competitive advantage is predicated on its ability to protect customer data. When they fail, customers are more than happy to find an alternative platform for their business. Risk Levels*:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.
Avantia Cyber Security & ID Agent to the Rescue: We go into the Dark Web to keep you out of it. Dark Web ID is the leading Dark Web monitoring platform in the channel. The award-winning platform combines human and sophisticated Dark Web intelligence with search capabilities to identify, analyze, and proactively monitor for an organization’s compromised or stolen employee and customer data. Schedule a demo today: Call Avantia on 07 30109711 today.
THREAT FOCUS: Workers’ Compensation Board of Nova Scotia - CANADA
Exploit: Accidental data exposure
Workers’ Compensation Board of Nova Scotia: Province-level workplace safety organization
Risk to Small Business: 2.027 = Severe An employee inadvertently posted unredacted claims online, exposing personal information from several compensation claims made to the board. The organization was notified of the privacy breach by the media and removed the documents from the internet. However, the information was readily available online, making it unclear who could have accessed this information and what they will do with the data. This isn’t the organization’s first data privacy breach, making its inability to guard against a data breach especially problematic.
Individual Risk: 2.201 = Severe The breach exposed the names, personal information, and case details for an unknown number of claimants. Since these filings often include information that could be embarrassing or problematic if exposed to the public, and the information could be used in future fraud attempts. Those affected should carefully monitor their accounts for unusual or suspicious communications.
Customers Impacted: Unknown
Effect On Customers: Insider threats frequently pose a risk to data security. Both accidental and malicious data misuse can have steep consequences for companies and consumers, making internal data management standards an essential component of your cybersecurity strategy. The Workers’ Compensation Board has promised to update their practices to eliminate this threat in the future, and organizations should learn from their mistakes by guarding against insider threats before an incident occurs.
Risk Levels*:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.
Avantia Cyber Security and Cyber Hawk to the Rescue: More than 70% of all cybersecurity incidents today are the result of internal security issues that no firewall or anti-virus could have prevented. Cyber Hawk combines machine learning and intelligent tagging to identify anomalous activity, suspicious changes and threats caused by misconfigurations. It is uploaded remotely on your Windows based Endpoints (Desktops/Laptops/Tablets) and keeps you posted of any potential internal security issues going on inside your network. To find out more, call Avantia on 07 30109711 now.
THREAT FOCUS: Mobifriends Dating - SPAIN
Exploit: Unauthorized database access
Mobifriends: Dating app
Risk to Small Business: 2.313 = Severe Customer data has been uploaded to the Dark Web after cybercriminals compromised the data app in January 2019. Fortunately, the data doesn’t include private messages, images, or sexual-related content, but users’ personal information and account passwords are readily available. In addition to the logistical and PR implications of the breach, Mobifriends could face regulatory penalties under Europe’s General Data Protection Regulation.
Individual Risk: 2.091 = Severe Users’ personal details, including names, email addresses, phone numbers, dates of birth, gender information, user names, passwords, and app activity, were compromised. This information can be used to craft targeted spear phishing campaigns or to execute other forms of fraud. Those impacted by the breach should immediately update their Mobifriends account information and any other accounts using the same credentials. In addition, they should consider enrolling in an identity monitoring service to ensure the long-term integrity of their information.
Customers Impacted: 3,688,060
Effect On Customers: Thousands of account credentials are compromised every day. Businesses that are serious about protecting company and customer data will add an extra level of defense against bad actors by requiring strong, unique passwords and enabling two-factor authentication on all accounts.
Risk Levels*:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.
Avantia Cyber Security & Passly to the Rescue: With Passly, get the secure identity and access management solutions that you need to protect your systems and data in today’s remote work landscape at a price that you can afford, including multi-factor authentication, single sign-on, and secure password storage. Find out more by phoning Avantia on 07 30109711 or Click the link to get started: https://www.avantiacybersecurity.com/overwatch
THREAT FOCUS: Ruhr University - GERMANY
Exploit: Ransomware
Ruhr University: Academic institution
Risk to Small Business: 1.652 = Severe A ransomware attack forced the academic institution to take most of its IT infrastructure offline. Consequently, staff can’t access email or the VPN tunnel, which is required for accessing remote services. Now, the university is warning students not to open any email attachments and to limit the usage of Windows-based applications. This disruption is a significant inconvenience for students and staff who are already working remotely because of the COVID-19 pandemic.
Individual Risk: At this time, no personal information was compromised in the breach. However, these events frequently result in data exfiltration. Students and staff should look for updates as the situation evolves.
Customers Impacted: Unknown
Effect On Customers: Ransomware attacks are always costly, but the implications are enhanced as many people work and learn remotely during the COVID-19 outbreak. Not only does ransomware come with costly recovery costs, but inaccessible networks can bring productivity to a veritable standstill, further exacerbating the crisis.
Risk Levels*:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.
Avantia Cyber Security & Passly to the Rescue: With Passly, get the secure identity and access management solutions that you need to protect your systems and data in today’s remote work landscape at a price that you can afford, including multi-factor authentication, single sign-on, and secure password storage. Find out more by phoning Avantia on 07 30109711 or Click the link to get started: https://www.avantiacybersecurity.com/overwatch
THREAT FOCUS: Localsearch Marketing - AUSTRALIA
Exploit: Accidental data exposure
Localsearch: Internet marketing service
Risk to Small Business: 1.363 = Extreme Localsearch published a directory of unlisted numbers, running afoul of the country’s data privacy laws. The move resulted in a formal warning from the Australian Communications and Media Authority (ACMA) after it conducted an investigation into the mishap, which occurred when the company failed to remove unlisted numbers when culling information from the Integrated Public Number Databases. It was the first warning issued by the ACMA, and it serves as a reminder that businesses that don’t comply with data privacy standards can expect that there will be repercussions for their actions.
Individual Risk: 1.602 = Severe An unspecified amount of unlisted phone numbers were published in the company’s directory. Although Localsearch has taken steps to remove this information, it’s possible that private information is already in the hands of bad actors. Those impacted should carefully scrutinize unexpected or unusual communications, as this information could be used in phishing scams or other fraud attempts.
Customers Impacted: Unknown
Effect On Customers: Adhering to the growing list of data privacy standards can be challenging, even for companies with vast financial and personnel resources to address the problem. However, now more than ever, it’s clear that businesses will need to adopt policies and practices to secure sensitive or regulated data as a part of their day-to-day operations and watch carefully for Dark Web threats to that data.
Risk Levels*:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.
Avantia Cyber Security & Huntsman Digital Auditor to the Rescue: Helping SME’s to understand the importance of security is no easy task. With an ‘Essential8’ Digital Security Audit we offer a remote access, independent, ‘real time’ audit of our clients critical operational infrastructure systems to determine where the gaps are with recommendations for remediation. Its the first step to real cyber security. Call Avantia’s office on 07 30109711 or visit: https://www.avantiacybersecurity.com/cyber-security-audit
THREAT FOCUS: The West Australian Newspaper - AUSTRALIA
Exploit: Phishing scam
The West Australian: News organization
Risk to Small Business: 1.809 = Severe Several employees fell for a phishing scam that compromised subscribers’ personal information. The attack, which occurred on March 23rd, wasn’t identified until April 21st. Unfortunately, it took the company months to complete its investigation, costing victims critical time to secure their information. The news organization has apologized for the breach, but many consumers have little patience for these overtures, preferring instead that companies take steps to protect their information before a breach occurs.
Individual Risk: 2.541 = Moderate Hackers accessed customer’s names, phone numbers, and email and home addresses for anyone who contacted the newspaper through its subscriptions.admin@wanews.com.au email address. Those impacted by the breach should carefully scrutinize incoming messages, as this information is often used in spear phishing attacks that compromise even more sensitive information.
Customers Impacted: Unknown
Effect On Customers: The number of phishing scams has exploded since the COVID-19 pandemic began. These easy-to-execute attacks carry little risk for cybercriminals, but they can have enormous implications for companies that fall for these scams. It’s clear that cybercriminals will continue to rely on this attack methodology as an easy way to steal company data, making employee awareness training a critical component of every organization’s defensive posture.
Risk Levels*:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.
Avantia Cyber Security & BullPhish to the Rescue: BullPhish ID simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime – now with COVID-19 scam awareness kits. Call 07 30109711 (office Hours) to find out how you can get started.
______________________________________________________________________________
POSTSCRIPT:
2/3 of Consumers Reuse Their Passwords on Multiple Platforms
Despite years of advocacy for strong, unique passwords for each digital service, most people continue to reuse their credentials across various online platforms, a risk that is warned against in our password security information package. It looks to be more attributable to a desire for convenience than ignorance – a recent consumer survey found that 91% of consumers recognize the risk of reusing their passwords across multiple platforms, but 66% continue to use the same passwords anyway. People are still making weak and easily guessed passwords in popular categories too. At the same time, 53% have not changed their passwords in the past year, leaving multiple platforms vulnerable to the treasure trove of login credentials available on the Dark Web. Users who reuse passwords are primarily concerned with the hassle of a reset – 60% are worried about forgetting their login credentials, and 52% want more control over their passwords. Today’s businesses need to understand that this trend impacts their employees and their customers, putting their critical IT at risk along the way. Using tools and services that support good password hygiene, offering things like single sign-on, two-factor authentication, and other password-oriented enhancements, and enforcing stricter password reuse and sharing policies can help mitigate the risk of password compromise through password reuse and weakness.
COVID-19 Leads to Record-Breaking Cybercriminal Activity
As the world grapples with the far-reaching implications of the COVID-19 pandemic, cybercriminals are capitalizing on the chaos to unleash an unprecedented number of attacks against businesses and individuals. Bad actors have unleashed an onslaught of phishing scams, 30% of which are directly related to COVID-19. These malicious messages are joined by 854,411 phishing or counterfeit websites, four million suspicious websites, and an unprecedented surge in corporate cyberespionage, especially in healthcare. In addition, cybercriminals are hawking unproven cures, fraudulent charities, and other troubling trends. For instance, researchers found 1,092 websites pushing hydroxychloroquine as a cure for COVID-19. Experts note that cybercriminals are relying on peoples’ desire for insight in an unstable information landscape, concerns about economic instability, and generalized anxiety as prominent factors that make these scams so effective. In response, every organization needs to prepare its employees for this new reality, making employee awareness training an essential defensive strategy in today’s rapidly changing digital ecosystem.
Disclaimer*:
Avantia Corporate Services Pty Ltd T/A Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, and up to 56 other countries who provide cyber breach and cyber security information to us in real time. Given their international focus and experience in the cyberspace arena we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the contents accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.
*COPYRIGHT 2020* Avantia Corporate Services - All Rights Reserved.
(3,688,060)