Search
  • Avantia Threat Update

QUANTUM COMPUTING - THE COMING EXISTENTIAL THREAT


This Past Week: Quantum Computers - Help or Hinderance: The Next Ten Years; Windows 10 Password Problems: Microsoft says its fixing their “Bad Password Amnesia’ bug; Robot Soldiers in the UK could soon make up 1/4 of the Army; New Hacker-For-Hire Mercenary group discovered; Chain-analysis launches program to manage cryptocurrency seized by Law Enforcement; Capcom discovers Ransomware isn’t a game; Magecart hackers strike gold from JM Bullion, healthcare cyberattack - warnings come to fruition and Major Breaches in UNITED STATES; CANADA; UNITED KINGDOM; SWEDEN; SPAIN; ITALY; BRAZIL; INDIA and JAPAN.


Dark Web ID’s Top Threats This Week

Top Source Hits: ID Theft Forum

Top Compromise Type: Domain

Top Industry: Finance & Insurance

Top Employee Count: 501+


______________________________________________________________________________


QUANTUM COMPUTERS - HELP OR HINDERANCE: THE NEXT 10 YEARS.

Although the threat is at least ten years off, governments and businesses are readying security for the quantum age.

A fully-fledged quantum computer that can be used to solve real-world problems. For many computer scientists, the arrival of such a device would be their version of the Moon landings: the final achievement after many decades of research -- and the start of a new era. For companies, the development could unlock huge amounts of wealth, as business problems previously intractable for classical computers are resolved in minutes. For scientists in the lab, it could expedite research into the design of life-saving drugs. But for cryptographers, that same day will be a deadline -- and a rather scary one. With the compute power that they will be capable of, large-scale quantum devices effectively pose an existential threat to the security protocols that currently protect most of our data, from private voice notes all the way to government secrets. The encryption methods that are used today to transform data into an unreadable mush for anyone but the intended recipients are essentially a huge maths problem. Classical computers aren't capable of solving the equation in any useful time frame; add some quantum compute power, though, and all of this carefully encoded data could turn into crystal-clear, readable information. The heart of the problem is public key encryption -- the protocol that's used to encode a piece of data when it is sent from one person to another, in a way that only the person on the receiving end of the message can decode. In this system, each person has a private cryptography key as well as a public one, both of which are generated by the same algorithm and inextricably tied to each other. The publicly-available key can be used by any sender to encrypt the data they would like to transmit. Once the message has arrived, the owner of the key can then use their private key to decrypt the encoded information. The security of the system is based on the difficulty of figuring out a person's private key based on their public one, because solving that problem involves factoring huge amounts of numbers. Convenient video conferencing does not have to mean compromising security With the COVID-19 crisis forcing the closure of many offices, the world has witnessed a massive increase in people working from remote locations. Inconveniently, if there's one thing that quantum computers will be good at, it's crunching numbers. Leveraging the quasi-supernatural behavior of particles in their smallest state, quantum devices are expected to one day breeze through problems that would take current supercomputers years to resolve. That's bad news for the security systems that rely on hitherto difficult mathematics. "The underlying security assumptions in classical public-key cryptography systems are not, in general, quantum-secure," says Niraj Kumar, a researcher in secure communications from the school of informatics at the University of Edinburgh. "It has been shown, based on attacks to these keys, that if there is quantum access to these devices, then these systems no longer remain secure and they are broken." Researchers have developed quantum algorithms that can, in theory, break public-key cryptography systems. But as worrying as it sounds, explains Kumar, the idea that all of our data might be at risk from quantum attacks is still very much theoretical. Researchers have developed quantum algorithms, such as Shor's algorithm, that can, in theory, break public-key cryptography systems. But they are subject to no small condition: that the algorithms operate in a quantum computer with a sufficient number of qubits, without falling to noise or decoherence. In other words, a quantum attack on public-key cryptography systems requires a powerful quantum computer, and such a device is not on any researcher's near-term horizon. Companies involved in the field are currently sitting on computers of the order of less than 100 qubits; in comparison, recent studies have shown that it would take about 20 million qubits to break the algorithms behind public-key cryptography. Kumar, like most researchers in the field, doesn't expect a quantum device to reach a meaningful number of qubits within the next ten or 20 years. "The general consensus is that it is still very much a thing of the future," he says. "We're talking about it probably being decades away. So any classical public-key cryptography scheme used for secure message transmission is not under imminent threat." NIST, the US National Institute of Standards and Technology, for its part estimates that the first quantum computer that could pose a threat to the algorithms that are currently used to produce encryption keys could be built by 2030. Don't let the timeline fool you, however: this is not a problem that can be relegated to future generations. A lot of today's data will still need to be safe many years hence -- the most obvious example being ultra-secret government communications, which will need to remain confidential for decades. This type of data needs to be protected now with protocols that will withstand quantum attacks when they become a reality. Governments around the world are already acting on the quantum imperative: in the UK, for example, the National Cyber Security Centre (NCSC) has accepted for several years now that it is necessary to end reliance on current cryptography protocols, and to begin the transition to what's known as 'quantum-safe cryptography'. Similarly, the US National Security Agency (NSA), which currently uses a set of algorithms called Suite B to protect top-secret information, noted in 2015 that it was time to start planning the transition towards quantum-resistant algorithms. As a direct result of the NSA's announcement five years ago, a global research effort into new quantum-safe cryptography protocols started in 2016, largely led by NIST in the US. The goal? To make classical public-key cryptography too difficult a problem to solve, even for a quantum computer -- an active research field now called 'post-quantum cryptography'. NIST launched a call for help to the public, asking researchers to submit ideas for new algorithms that would be less susceptible to a quantum computer's attack. Of the 69 submissions that the organization received at the time, a group of 15 was recently selected by NIST as showing the most promise. There are various mathematical approaches to post-quantum cryptography, which essentially consist of making the problem harder to crack at different points in the encryption and decryption processes. Some post-quantum algorithms are designed to safeguard the key agreement process, for example, while others ensure quantum-safe authentication thanks to digital signatures. The technologies comprise an exotic mix of methods -- lattices, polynomials, hashes, isogenies, elliptic curves -- but they share a similar goal: to build algorithms robust enough to be quantum-proof. The 15 algorithms selected by NIST this year are set to go through another round of review, after which the organisation hopes to standardise some of the proposals. Before 2024, NIST plans to have set up the core of the first post-quantum cryptography standards. NCSC in the UK and NSA in the US have both made it clear that they will start transitioning to post-quantum cryptography protocols as soon as such standards are in place. But government agencies are not the only organisations showing interest in the field. Vadim Lyubashevsky, from IBM Research's security group, explains that many players in different industries are also patiently waiting for post-quantum cryptography standards to emerge. "This is becoming a big thing, and I would say certainly that everyone in the relevant industries is aware of it," says Lyubashevsky. "If you're a car manufacturer, for example, you're making plans now for a product that will be built in five years and will be on the road for the next ten years. You have to think 15 years ahead of time, so now you're a bit concerned about what goes in your car." For IBM's Vadim Lyubashevsky, many players in different industries are patiently waiting for post-quantum cryptography standards to emerge. Any product that might still be in the market in the next couple of decades is likely to require protection against quantum attacks -- think airplanes, autonomous vehicles and trains, but also nuclear plants, IoT devices, banking systems or critical telecommunications infrastructure. Businesses, in general, have remained quiet about their own efforts to develop post-quantum cryptography processes, but Lyubashevsky is positive that concern is mounting among those most likely to be affected. JP Morgan Chase, for example, recently joined research hub the Chicago Quantum Exchange, mentioning in the process that the bank's research team is "actively working" in the area of post-quantum cryptography. That is not to say that quantum-safe algorithms should be top-of-mind for every company that deals with potentially sensitive data. "What people are saying right now is that threat could be 20 years away," says Lyubashevsky. "Some information, like my credit card data for example -- I don't really care if it becomes public in 20 years. There isn't a burning rush to switch to post-quantum cryptography, which is why some people aren't pressed to do so right now." Of course, things might change quickly. Tech giants like IBM are publishing ambitious roadmaps to scale up their quantum-computing capabilities, and the quantum ecosystem is growing at pace. If milestones are achieved, predicts Lyubashevsky, the next few years might act as a wake-up call for decision makers. Consultancies like security company ISARA are already popping up to provide businesses with advice on the best course of action when it comes to post-quantum cryptography. In a more pessimistic perspective, however, Lyubashevsky points out that it might, in some cases, already be too late. "It's a very negative point of view," says the IBM researcher, "but in a way, you could argue we've already been hacked. Attackers could be intercepting all of our data and storing it all, waiting for a quantum computer to come along. We could've already been broken -- the attacker just hasn't used the data yet." Lyubashevsky is far from the only expert to discuss this possibility, and the method even has a name: 'harvest and decrypt'. The practice is essentially an espionage technique, and as such mostly concerns government secrets. Lyubashevsky, for one, is convinced that state-sponsored attackers are already harvesting confidential encrypted information about other nations, and sitting on it in anticipation of a future quantum computer that would crack the data open. For the researcher, there is no doubt that governments around the world are already preparing against harvest-and-decrypt attacks -- and as reassuring as it would be to think so, there'll be no way to find out for at least the next ten years. One thing is for certain, however: the quantum revolution might deliver some nasty security surprises for unprepared businesses and organisations.


WINDOWS 10 PASSWORD PROBLEMS: MICROSOFT SAYS ITS FIXING THEIR ‘BAD PASSWORD AMNESIA’ BUG.


Microsoft says it has a workaround and is developing a fix for a bug in Windows 10 version 2004 that makes PCs forget the username and passwords for installed apps, including Outlook.

Microsoft has posted a new support note about Outlook and other apps forgetting passwords after users installed Windows 10 version 2004, aka the May 2020 Update. "After installing Windows 10 Version 2004 Build 19041.173 and related updates, you find that Outlook and other applications do not remember your password anymore," Microsoft notes. That build was released in preview in April, and users have been complaining ever since about Windows 10 devices being unable to remember credentials after the upgrade. Microsoft points to a user complaint on its Answers forum from April. An owner of a Microsoft Surface Pro 5 said after upgrading to Windows 10 version 2004 that the device suffered from "system-wide password amnesia", creating what sounds like login hell for the user. "Every time I log in, I have to sign into both OneDrive personal and OneDrive business," Windows 10 user TMagritte wrote. Other symptoms include Outlook persistently asking the user to log in to Office 365 every few hours; Adobe Acrobat constantly nagging for Adobe logins every time a PDF is loaded; and the Windows 10 Settings app periodically requiring users to fix their Windows Insider account configuration by re authenticating with Windows 10 Hello biometric authentication. Additionally, the LastPass password manager extension in Firefox keeps asking users to enter their password despite being configured to only require a fingerprint. Borncity reported on the issue in August following an account by an individual who'd upgraded to Windows 10 version 2004 in June and found that Credential Manager was broken. "It's driving me crazy," the Windows 10 user wrote on Windows Ten Forums. "Is anybody else having problems with savings passwords. I'm using Edge Chromium. They were OK before the 2004 upgrade. I kept thinking I am doing something wrong. "I've checked Edge settings, and although I just logged on for the umpteenth time to this forum I see that it doesn't show as saved in Edge passwords. I do not have it optioned to clear passwords on exit, and I am checking save password at the logins. Doesn't look like it's anything to do with Edge Chromium, as my email (Outlook Express) is doing the same thing: forgetting my password. "Should Windows credentials startup be starting automatic? Optioned Credentials startup to auto, and it looks like my problem is cured. It's driving me crazy. Thought I had it fixed. Looks like it worked for one restart, now it not saving passwords again." Microsoft says the issue occurs when some Windows 10 Task Scheduler Tasks are "configured in a certain way." To avoid the password amnesia issue, Microsoft recommends disabling these tasks in Task Scheduler. One task that appears to cause the issue is the HP Customer participation utility task, Microsoft notes, pointing to the advice from a volunteer moderator on the Answers forum. Per BleepingComputer, Google security researcher Tavis Ormandy in September was so annoyed with the Windows 10 2004 bug he spent an entire weekend debugging the issue. He eventually discovered the root cause of the bug and was in discussions with Microsoft engineers to get the problem resolved. "I've been experiencing a really bad Windows 10 bug since the 2004 update," wrote Ormandy. "I got so annoyed I spent my weekend debugging it. A specific type of scheduled task can break CryptUnprotectData(). If you've seen apps losing state, eventid 8198, or NTE_BAD_KEY_STATE, could be this. "The bug is the RPC [that] UBPM (Unified Background Process Manager) uses to create the S4U (Services For User) Token for task scheduler will sometimes clobber your saved credentials in LSASS. That is used to derive your DPAPI User Encryption Key, so it changes and no longer works." Until Microsoft delivers a fix, its recommended workaround involves right-clicking the Windows 10 Start Button and selecting Windows PowerShell (Admin). Microsoft then recommends:

Copy and paste the command below into Windows PowerShell and press Enter.

Get-ScheduledTask | foreach { If (([xml](Export-ScheduledTask -TaskName $_.TaskName -TaskPath $_.TaskPath)).GetElementsByTagName("LogonType").'#text' -eq "S4U") { $_.TaskName } }

If you see any Tasks listed from the PowerShell output, make a note of them.

Next, go to Windows Task Scheduler and disable any tasks you found from the above command. Follow these steps:

In the Windows 10 Search box, type Task Scheduler and then open the Task Scheduler app.

Locate the task in the Window (HP Customer participation), or other task from the Windows PowerShell output.

Right-click the task and choose Disable.

After you disable the task, restart Windows. Microsoft notes that users may need to re-enter missing passwords one more time before it is saved again.


ROBOT SOLDIERS COULD SOON MAKE UP A QUARTER OF THE ARMY


The UK's chief of the defense staff predicted a rise in the military use of robotics and autonomous systems. In the age of artificial intelligence, robots will soon represent a large part of the armed forces, according to the UK's chief of the defense staff Nick Carter, who predicted that up to a quarter of the army could be made up of autonomous systems in the near future. Speaking on Remembrance Day, the General speculated that as cyber and space join the more traditional army domains of land, air, and maritime, so will AI systems become an integral part of the armed forces' modernization effort. Carter warned that decisions haven't been taken yet, and insisted that his predictions were not based on firm targets. He nevertheless shared his visions for an armed force that is "designed for the 2030s". "You'll see armed forces that are designed to do (cyber and space). And I think it absolutely means we'll have all manner of different people employed because those domains require different skill sets, and we will absolutely avail ourselves with autonomous platforms and robotics wherever we can," said Carter. "I suspect we could have an army of 120,000, of which 30,000 might be robots, who knows," he said. The current trained strength of the country's armed forces is just under 74,000. The UK Ministry of Defense (MoD) is still scoping the opportunities that robotic and autonomous systems might open up for the army. The MoD has shown interest in the potential that AI-powered vehicles have to facilitate the logistics of convoy operations, for example. Drones have received particular attention, and many research projects are already underway to understand how unmanned systems might assist soldiers in a variety of different operations. Equipped with cameras and sensors, and potentially even weapons, drones could carry out military work in the most challenging settings while keeping human operators safe. Earlier this year, the MoD launched an innovation call for drone technology that can assist in "challenging and complex urban operations". The department said that innovations in this space could remove service personnel and military dogs from dangerous urban warfare situations where their lives might be at risk. "We are looking for ideas that reduce the mental strain on operators and improve performance," reads the call, "but solutions must ensure that they remain under full human control at all times." The prospect of using fully autonomous weapons has been at the heart of heated debate over the past years and has given rise to activist campaigns such as the Campaign to Stop Killer Robots. In 2018, concerns with the military use of robotic systems prompted Google employees who were working on drone video analysis software for the US Pentagon to leave the company, citing fear that their work might be used to kill people. After 4,000 staff petitioned for Google to quit the deal, the tech giant backtracked and announced the contract with the Pentagon wouldn't be renewed. Since then, the US Department of Defense (DoD) has published a 65-page long document detailing guidelines for an ethical use of AI in warfare, which determines that the technology should be used in a "lawful and ethical manner". Despite the ethical challenges, countries around the world are racing to develop AI-capable military forces. "Modernization essentially means that you're going to park some capabilities that are perhaps from the industrial age, and want to look forward to the capabilities you need for an information age," said Carter. He mentioned the need for long-term investment in order to equip the UK army with cutting-edge technology – a topic that was at the heart of an integrated review launched by the government earlier this year, which set out to plan defense investment for the next five years. The integrated review had to be postponed as a result of the COVID-19 crisis. While acknowledging the difficulties posed by the global pandemic, Carter maintained that long-term investment in robotic and autonomous systems would be key to sustain the army's modernization efforts.


NEW HACKER-FOR-HIRE MERCENARY GROUP DISCOVERED.


BlackBerry's security team has published details today about a new hacker-for-hire mercenary group they discovered earlier this year, and which they tied to attacks to victims all over the world. The group, which BlackBerry named CostaRicto, is the fifth hacker-for-hire group discovered this year after the likes of:

BellTrox (aka Dark Basin)

DeathStalker (aka Deceptikons)

Bahamut

Unnamed group

CostaRicto's discovery also comes to retroactively confirm a Google report from May, when the US tech giant highlighted the increasing number of hacker-for-hire mercenary groups, and especially those operating out of India. However, while BellTrox has been linked to an Indian entity and Bahamut is suspected of operating out of India as well, details about CostaRicto's current origins and whereabouts still remain unknown. What is currently known is that the group has orchestrated attacks all over the globe across different countries in Europe, the Americas, Asia, Australia, and Africa. However, BlackBerry says the biggest concentration of victims appears to be in South Asia, and especially India, Bangladesh, and Singapore, suggesting that the threat actor could be based in the region, "but working on a wide range of commissions from diverse clients." As for the nature of the targets, the BlackBerry Research and Intelligence Team said in a report today that "the victims' profiles are diverse across several verticals, with a large portion being financial institutions." Furthermore, BlackBerry says that "the diversity and geography of the victims doesn't fit a picture of a campaign sponsored by a particular state" but suggests that they are "a mix of targets that could be explained by different assignments commissioned by disparate entities." BlackBerry also adds that while the group is using custom-built and never-before-seen malware, they are not operating using any innovative techniques. Most of their attacks rely on stolen credentials or spear-phishing emails as the initial entry vector. These emails usually deliver a backdoor trojan that BlackBerry has named Sombra or SombRAT. The backdoor trojan allows CostaRicto operators to access infected hosts, search for sensitive files, and exfiltrate important documents. This data is usually sent back to CostaRicto command-and-control infrastructure, which BlackBerry says it is usually hosted on the dark web, and accessible only via Tor. Furthermore, the infected hosts usually connect these servers via a layer of proxies and SSH tunnels to hide the malicious traffic from the infected organizations. All in all, BlackBerry says these practices "reveal better-than-average operation security," when compared to your usual hacking groups. All the CostaRicto malware samples that BlackBerry discovered have been traced back to as early as October 2019, but other clues in the gang's servers suggest the group might have been active even earlier, as far back as 2017. Furthermore, researchers said they also discovered an overlap with past campaigns from APT28, one of Russia's military hacking units, but BlackBerry believes the server overlap may have been accidental. HACKER-FOR-HIRE GROUPS — THE NEW LANDSCAPE

For many years, most hacking groups have operated as stand-alone groups, carrying out financially-motivated attacks, stealing data, and selling for their own profit. The public exposures of BellTrox, DeathStalker, Bahamut, and CostaRicto this year show a maturing hacker-for-hire scene, with more and more groups renting their services to multiple customers with different agendas, instead of operating as lone wolfs. The next step in investigating these groups will need to look at who their clients are. Are they private corporations or foreign governments. Or are they both?


CHAIN-ANALYSIS LAUNCHES PROGRAM TO MANAGE CRYPTOCURRENCY SEIZED BY LAW ENFORCEMENT


Chainalysis has launched a program designed to manage and store cryptocurrency seized during criminal investigations. The blockchain analysis firm said the "asset realization program" will handle, hold, and track seized assets, which could include cryptocurrencies such as Bitcoin (BTC), Ethereum (ETH), and alternative tokens. While traditional bank accounts can be frozen when criminal conduct is suspected, cryptocurrencies represent more of a challenge. There is a gray area when it comes to virtual coins -- usually stored in either hot wallets with online connectivity or cold wallets, offline -- and how to both seize and secure funds until an investigation is complete. This is the niche business opportunity that Chainalysis is attempting to enter. "When law enforcement discovers and investigates illicit cryptocurrency assets, they need to seize and store them until they can be legally forfeited," the company says. "As such, government agencies and insolvency practitioners -- licensed professionals who advise on insolvency matters -- need a safe way to track, store, and ultimately sell seized cryptocurrency assets for fiat currency." Chainalysis is also partnering with Asset Reality to develop advisory services for clients in how to sell seized funds, as well as provide training and education to officers in cryptocurrency matters. "As cryptocurrencies become more mainstream, they will increasingly be used by good and bad actors alike," said Jason Bonds, CRO of Chainalysis. "Chainalysis is dedicated to building trust in digital assets, and that means helping to detect and investigate illicit activity. As our government partners become more successful in rooting out bad actors, assisting them with asset recovery and realization is a natural next step." The announcement was made a week after the US government announced the seizure of BTC worth $1 billion in the largest confiscation of digital coins recorded. The cryptocurrency was allegedly stolen by an unnamed threat actor from Ross Ulbricht, the operator of the underground Silk Road marketplace, prior to his arrest. Operating from 2011 to 2013, Silk Road generated an estimated revenue of 9.5 million Bitcoin, together with 600,000 BTC in commission. The US Department of Justice (DoJ) is seeking forfeiture of the seized cryptocurrency. Chainalysis says the company assisted law enforcement during this investigation, as well as in other recent probes into North Korean hacking activities and terrorism financing.

______________________________________________________________________________


THREAT FOCUS: JM Bullion Dealer - UNITED STATES

https://www.bankinfosecurity.com/precious-metal-trader-jm-bullion-admits-to-data-breach-a-15294


Exploit: Skimming (Magecart)

JM Bullion: Precious Metals Dealer

Risk to Business: 1.772 = Severe - This Texas precious metals trader discovered that someone was cashing in on their clients’ transactions and it wasn’t them. In a recent regulatory filing, the company disclosed that malicious payment skimming code was present and active on their website from February 18, 2020, to July 17, 2020. Individual Risk: 1.624 = Severe - The information stolen in this attack includes customers’ names, addresses, and payment card information, including the account number, expiration date, and security codes. Customers should be alert to potential identity theft and spear phishing attempts.

Customers Impacted: Unknown

How it Could Affect Your Business: Failing to notice a payment card skimmer operating on your site for 6 months does not speak well to your company’s commitment to keeping client data secure. Guide to Our Risk Scores

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: No business can afford to overlook regular cybersecurity awareness training and risk mitigation. Our digital risk protection platform has the solutions that you need to provide strong security for your business at a great price. Call Avantia on +61 7 30109711 (Business Hours) to find out more.

THREAT FOCUS: University of Vermont Medical Center - UNITED STATES

https://www.idagent.com/passly-digital-risk-protection


Exploit: Ransomware

University of Vermont Medical Center: Hospital System

Risk to Business: 1.402 = Extreme - In the wake of recent warnings from US government agencies about increased ransomware risk for healthcare targets, University of Vermont Medical Center (UVM) has landed in that trap. A ransomware attack has led to significant, ongoing tech problems for the University of Vermont Health Network, affecting its six hospitals in Vermont and New York. The Vermont National Guard and the FBI have been working with the tech team at UVM to restore service since the attack first began affecting systems on October 30th. Damage assessment and recovery are ongoing, and some systems are still offline. The hospital says that urgent patient care was not impacted. Individual Risk: No personal or consumer information was reported as impacted in this incident.

Customers Impacted: Unknown

How it Could Affect Your Business: Healthcare targets are in increasing danger from money-hungry cybercriminals who know that medical targets don’t have time for a long, complex recovery procedure, but they do have money. Guide to Our Risk Scores 1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: Ransomware is typically delivered as the nasty cargo of a phishing attack. Improve your staff’s phishing resistance to fight back against ransomware threats. For more info please call Avantia on +61 7 30109711.

THREAT FOCUS: GrowDiaries - UNITED STATES

https://www.zdnet.com/article/configuration-snafu-exposes-passwords-for-two-million-marijuana-growers/


Exploit: Misconfiguration

GrowDiaries: Industry Blogging Platform

Risk to Business: 2.237 = Severe Leading cannabis industry blogging platform GrowDiaries may need to clear its head after a configuration error in Kibana apps left two Elasticsearch databases unlocked and leaking data. Those open gates allowed attackers to dive into two sets of Elasticsearch databases, with one storing 1.4 million user records and the second holding more than two million user data points.

Individual Risk: 2.612 = Moderate -One open database exposed usernames, email addresses, and IP addresses for platform users, and the other exposed user articles posted on the GrowDiaries site and users’ account passwords. Users should be aware of spear phishing and blackmail risks.

Customers Impacted: 1.4 million

How it Could Affect Your Business: Cyberattacks can have cascading consequences, with information stolen in cyberattacks coming back to haunt businesses months or years later. Data like login credentials can live on in Dark Web data dumps to haunt you later.

Guide to Our Risk Scores

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: Dark Web ID helps keep credentials safe with 24/7/365 human and machine monitoring using real-time data analysis. to find compromised credentials and alert you fast. For more info call Avantia on +61 7 30109711

THREAT FOCUS: Mattel Toys - UNITED STATES

https://www.bleepingcomputer.com/news/security/leading-toy-maker-mattel-hit-by-ransomware/


Exploit: Ransomware

Mattel: Toymaker

Risk to Business: 2.327 = Severe - In a recent regulatory filing, Mattel told regulators that it suffered a ransomware attack in July 2020 that shut down some systems but did not include a significant data loss. Only business systems were impacted, production and distribution were not affected. Experts believe that TrickBot ransomware was used in the incident. Individual Risk: No personal or consumer information was reported as impacted in this incident.

Customers Impacted: Unknown

How it Could Affect Your Business: Cybersecurity awareness starts with phishing resistance. It’s the most likely delivery system for ransomware, but training only sticks if it’s refreshed at least every 4 months. Guide to Our Risk Scores

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: Don’t get caught in cybercriminal nets by ransomware lures. BullPhish ID had more than 80 plug-and-play phishing simulation campaigns ready to train your staff to spot and stop phishing now, with 4 new ones added every month. Call Avantia on +61 7 30109711 for more information.

THREAT FOCUS: GEO Group - UNITED STATES

https://www.natlawreview.com/article/geo-group-hit-ransomware-attack


Exploit: Ransomware

GEO Group: Private Prison Developer

Risk to Business: 2.066 = Severe - GEO Group has begun informing impacted individuals and facilities that the Florida-based prison developer was struck by ransomware in July 2020. The company notes that some personally identifiable information and protected health information for some inmates and residents was exposed in the incident. The impacted people connected to the South Bay Correctional and Rehabilitation Facility in Florida, a youth facility in Marienville Pennsylvania, and an unnamed defunct facility in California. Employee data was also obtained in the incident. Individual Risk: 2.221 = Severe - Residents and former residents of the impacted facilities should be alert to spear phishing, identity theft, or blackmail attempts using the stolen data. Employees of GEO group should also be on the lookout for similar activity.

Customers Impacted: Unknown

How it Could Affect Your Business: failure to stop ransomware attacks from landing on your business is a fast track to a long, messy, and expensive recovery.

Guide to Our Risk Scores

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: Don’t set yourself up for disaster by failing to train everyone in your organization. From interns to the C-suite, everyone’s a potential phishing target. BullPhish Id uses fast, effective training tools like engaging videos to make sure everyone is up to speed. Phone Avantia on 0730109711 now.

THREAT FOCUS: Saskatchewan Polytechnic - CANADA

https://globalnews.ca/news/7450319/saskatchewan-polytechnic-cyberattack-online-classes/


Exploit: Ransomware

Saskatchewan Polytechnic: Institution of Higher Learning

Risk to Business: 1.317 = Extreme - Classes were canceled for a week at Saskatchewan Polytechnic after a suspected ransomware attack on October 30th rocked the school’s systems. Students and staff lost access to O365 functions, Zoom, and learning platforms. Online classes have been partially restored, but the recovery for impacted systems is ongoing with law enforcement involved. Saskatchewan Polytechnic operates campuses in 4 locations.

Individual Risk: No personal or consumer information was reported as impacted in this incident so far, but it is still being remediated.

Customers Impacted: 14,176 students, unknown staff

How it Could Affect Your Business: Ransomware isn’t just about capturing data anymore, it can also be intended to shut down your business. Security awareness training prevents up to 70% of cybersecurity incidents. Guide to Our Risk Scores

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: Phishing resistance training is one of the most important ways that businesses can protect their systems and data. Not only does it improve your staff’s phishing resistance, but it also boosts their overall cybersecurity awareness too. Call Avantia on +61 7 30109711 today