Search
  • Avantia Threat Update

QUANTUM COMPUTING - THE COMING EXISTENTIAL THREAT


This Past Week: Quantum Computers - Help or Hinderance: The Next Ten Years; Windows 10 Password Problems: Microsoft says its fixing their “Bad Password Amnesia’ bug; Robot Soldiers in the UK could soon make up 1/4 of the Army; New Hacker-For-Hire Mercenary group discovered; Chain-analysis launches program to manage cryptocurrency seized by Law Enforcement; Capcom discovers Ransomware isn’t a game; Magecart hackers strike gold from JM Bullion, healthcare cyberattack - warnings come to fruition and Major Breaches in UNITED STATES; CANADA; UNITED KINGDOM; SWEDEN; SPAIN; ITALY; BRAZIL; INDIA and JAPAN.


Dark Web ID’s Top Threats This Week

Top Source Hits: ID Theft Forum

Top Compromise Type: Domain

Top Industry: Finance & Insurance

Top Employee Count: 501+


______________________________________________________________________________


QUANTUM COMPUTERS - HELP OR HINDERANCE: THE NEXT 10 YEARS.

Although the threat is at least ten years off, governments and businesses are readying security for the quantum age.

A fully-fledged quantum computer that can be used to solve real-world problems. For many computer scientists, the arrival of such a device would be their version of the Moon landings: the final achievement after many decades of research -- and the start of a new era. For companies, the development could unlock huge amounts of wealth, as business problems previously intractable for classical computers are resolved in minutes. For scientists in the lab, it could expedite research into the design of life-saving drugs. But for cryptographers, that same day will be a deadline -- and a rather scary one. With the compute power that they will be capable of, large-scale quantum devices effectively pose an existential threat to the security protocols that currently protect most of our data, from private voice notes all the way to government secrets. The encryption methods that are used today to transform data into an unreadable mush for anyone but the intended recipients are essentially a huge maths problem. Classical computers aren't capable of solving the equation in any useful time frame; add some quantum compute power, though, and all of this carefully encoded data could turn into crystal-clear, readable information. The heart of the problem is public key encryption -- the protocol that's used to encode a piece of data when it is sent from one person to another, in a way that only the person on the receiving end of the message can decode. In this system, each person has a private cryptography key as well as a public one, both of which are generated by the same algorithm and inextricably tied to each other. The publicly-available key can be used by any sender to encrypt the data they would like to transmit. Once the message has arrived, the owner of the key can then use their private key to decrypt the encoded information. The security of the system is based on the difficulty of figuring out a person's private key based on their public one, because solving that problem involves factoring huge amounts of numbers. Convenient video conferencing does not have to mean compromising security With the COVID-19 crisis forcing the closure of many offices, the world has witnessed a massive increase in people working from remote locations. Inconveniently, if there's one thing that quantum computers will be good at, it's crunching numbers. Leveraging the quasi-supernatural behavior of particles in their smallest state, quantum devices are expected to one day breeze through problems that would take current supercomputers years to resolve. That's bad news for the security systems that rely on hitherto difficult mathematics. "The underlying security assumptions in classical public-key cryptography systems are not, in general, quantum-secure," says Niraj Kumar, a researcher in secure communications from the school of informatics at the University of Edinburgh. "It has been shown, based on attacks to these keys, that if there is quantum access to these devices, then these systems no longer remain secure and they are broken." Researchers have developed quantum algorithms that can, in theory, break public-key cryptography systems. But as worrying as it sounds, explains Kumar, the idea that all of our data might be at risk from quantum attacks is still very much theoretical. Researchers have developed quantum algorithms, such as Shor's algorithm, that can, in theory, break public-key cryptography systems. But they are subject to no small condition: that the algorithms operate in a quantum computer with a sufficient number of qubits, without falling to noise or decoherence. In other words, a quantum attack on public-key cryptography systems requires a powerful quantum computer, and such a device is not on any researcher's near-term horizon. Companies involved in the field are currently sitting on computers of the order of less than 100 qubits; in comparison, recent studies have shown that it would take about 20 million qubits to break the algorithms behind public-key cryptography. Kumar, like most researchers in the field, doesn't expect a quantum device to reach a meaningful number of qubits within the next ten or 20 years. "The general consensus is that it is still very much a thing of the future," he says. "We're talking about it probably being decades away. So any classical public-key cryptography scheme used for secure message transmission is not under imminent threat." NIST, the US National Institute of Standards and Technology, for its part estimates that the first quantum computer that could pose a threat to the algorithms that are currently used to produce encryption keys could be built by 2030. Don't let the timeline fool you, however: this is not a problem that can be relegated to future generations. A lot of today's data will still need to be safe many years hence -- the most obvious example being ultra-secret government communications, which will need to remain confidential for decades. This type of data needs to be protected now with protocols that will withstand quantum attacks when they become a reality. Governments around the world are already acting on the quantum imperative: in the UK, for example, the National Cyber Security Centre (NCSC) has accepted for several years now that it is necessary to end reliance on current cryptography protocols, and to begin the transition to what's known as 'quantum-safe cryptography'. Similarly, the US National Security Agency (NSA), which currently uses a set of algorithms called Suite B to protect top-secret information, noted in 2015 that it was time to start planning the transition towards quantum-resistant algorithms. As a direct result of the NSA's announcement five years ago, a global research effort into new quantum-safe cryptography protocols started in 2016, largely led by NIST in the US. The goal? To make classical public-key cryptography too difficult a problem to solve, even for a quantum computer -- an active research field now called 'post-quantum cryptography'. NIST launched a call for help to the public, asking researchers to submit ideas for new algorithms that would be less susceptible to a quantum computer's attack. Of the 69 submissions that the organization received at the time, a group of 15 was recently selected by NIST as showing the most promise. There are various mathematical approaches to post-quantum cryptography, which essentially consist of making the problem harder to crack at different points in the encryption and decryption processes. Some post-quantum algorithms are designed to safeguard the key agreement process, for example, while others ensure quantum-safe authentication thanks to digital signatures. The technologies comprise an exotic mix of methods -- lattices, polynomials, hashes, isogenies, elliptic curves -- but they share a similar goal: to build algorithms robust enough to be quantum-proof. The 15 algorithms selected by NIST this year are set to go through another round of review, after which the organisation hopes to standardise some of the proposals. Before 2024, NIST plans to have set up the core of the first post-quantum cryptography standards. NCSC in the UK and NSA in the US have both made it clear that they will start transitioning to post-quantum cryptography protocols as soon as such standards are in place. But government agencies are not the only organisations showing interest in the field. Vadim Lyubashevsky, from IBM Research's security group, explains that many players in different industries are also patiently waiting for post-quantum cryptography standards to emerge. "This is becoming a big thing, and I would say certainly that everyone in the relevant industries is aware of it," says Lyubashevsky. "If you're a car manufacturer, for example, you're making plans now for a product that will be built in five years and will be on the road for the next ten years. You have to think 15 years ahead of time, so now you're a bit concerned about what goes in your car." For IBM's Vadim Lyubashevsky, many players in different industries are patiently waiting for post-quantum cryptography standards to emerge. Any product that might still be in the market in the next couple of decades is likely to require protection against quantum attacks -- think airplanes, autonomous vehicles and trains, but also nuclear plants, IoT devices, banking systems or critical telecommunications infrastructure. Businesses, in general, have remained quiet about their own efforts to develop post-quantum cryptography processes, but Lyubashevsky is positive that concern is mounting among those most likely to be affected. JP Morgan Chase, for example, recently joined research hub the Chicago Quantum Exchange, mentioning in the process that the bank's research team is "actively working" in the area of post-quantum cryptography. That is not to say that quantum-safe algorithms should be top-of-mind for every company that deals with potentially sensitive data. "What people are saying right now is that threat could be 20 years away," says Lyubashevsky. "Some information, like my credit card data for example -- I don't really care if it becomes public in 20 years. There isn't a burning rush to switch to post-quantum cryptography, which is why some people aren't pressed to do so right now." Of course, things might change quickly. Tech giants like IBM are publishing ambitious roadmaps to scale up their quantum-computing capabilities, and the quantum ecosystem is growing at pace. If milestones are achieved, predicts Lyubashevsky, the next few years might act as a wake-up call for decision makers. Consultancies like security company ISARA are already popping up to provide businesses with advice on the best course of action when it comes to post-quantum cryptography. In a more pessimistic perspective, however, Lyubashevsky points out that it might, in some cases, already be too late. "It's a very negative point of view," says the IBM researcher, "but in a way, you could argue we've already been hacked. Attackers could be intercepting all of our data and storing it all, waiting for a quantum computer to come along. We could've already been broken -- the attacker just hasn't used the data yet." Lyubashevsky is far from the only expert to discuss this possibility, and the method even has a name: 'harvest and decrypt'. The practice is essentially an espionage technique, and as such mostly concerns government secrets. Lyubashevsky, for one, is convinced that state-sponsored attackers are already harvesting confidential encrypted information about other nations, and sitting on it in anticipation of a future quantum computer that would crack the data open. For the researcher, there is no doubt that governments around the world are already preparing against harvest-and-decrypt attacks -- and as reassuring as it would be to think so, there'll be no way to find out for at least the next ten years. One thing is for certain, however: the quantum revolution might deliver some nasty security surprises for unprepared businesses and organisations.


WINDOWS 10 PASSWORD PROBLEMS: MICROSOFT SAYS ITS FIXING THEIR ‘BAD PASSWORD AMNESIA’ BUG.


Microsoft says it has a workaround and is developing a fix for a bug in Windows 10 version 2004 that makes PCs forget the username and passwords for installed apps, including Outlook.

Microsoft has posted a new support note about Outlook and other apps forgetting passwords after users installed Windows 10 version 2004, aka the May 2020 Update. "After installing Windows 10 Version 2004 Build 19041.173 and related updates, you find that Outlook and other applications do not remember your password anymore," Microsoft notes. That build was released in preview in April, and users have been complaining ever since about Windows 10 devices being unable to remember credentials after the upgrade. Microsoft points to a user complaint on its Answers forum from April. An owner of a Microsoft Surface Pro 5 said after upgrading to Windows 10 version 2004 that the device suffered from "system-wide password amnesia", creating what sounds like login hell for the user. "Every time I log in, I have to sign into both OneDrive personal and OneDrive business," Windows 10 user TMagritte wrote. Other symptoms include Outlook persistently asking the user to log in to Office 365 every few hours; Adobe Acrobat constantly nagging for Adobe logins every time a PDF is loaded; and the Windows 10 Settings app periodically requiring users to fix their Windows Insider account configuration by re authenticating with Windows 10 Hello biometric authentication. Additionally, the LastPass password manager extension in Firefox keeps asking users to enter their password despite being configured to only require a fingerprint. Borncity reported on the issue in August following an account by an individual who'd upgraded to Windows 10 version 2004 in June and found that Credential Manager was broken. "It's driving me crazy," the Windows 10 user wrote on Windows Ten Forums. "Is anybody else having problems with savings passwords. I'm using Edge Chromium. They were OK before the 2004 upgrade. I kept thinking I am doing something wrong. "I've checked Edge settings, and although I just logged on for the umpteenth time to this forum I see that it doesn't show as saved in Edge passwords. I do not have it optioned to clear passwords on exit, and I am checking save password at the logins. Doesn't look like it's anything to do with Edge Chromium, as my email (Outlook Express) is doing the same thing: forgetting my password. "Should Windows credentials startup be starting automatic? Optioned Credentials startup to auto, and it looks like my problem is cured. It's driving me crazy. Thought I had it fixed. Looks like it worked for one restart, now it not saving passwords again." Microsoft says the issue occurs when some Windows 10 Task Scheduler Tasks are "configured in a certain way." To avoid the password amnesia issue, Microsoft recommends disabling these tasks in Task Scheduler. One task that appears to cause the issue is the HP Customer participation utility task, Microsoft notes, pointing to the advice from a volunteer moderator on the Answers forum. Per BleepingComputer, Google security researcher Tavis Ormandy in September was so annoyed with the Windows 10 2004 bug he spent an entire weekend debugging the issue. He eventually discovered the root cause of the bug and was in discussions with Microsoft engineers to get the problem resolved. "I've been experiencing a really bad Windows 10 bug since the 2004 update," wrote Ormandy. "I got so annoyed I spent my weekend debugging it. A specific type of scheduled task can break CryptUnprotectData(). If you've seen apps losing state, eventid 8198, or NTE_BAD_KEY_STATE, could be this. "The bug is the RPC [that] UBPM (Unified Background Process Manager) uses to create the S4U (Services For User) Token for task scheduler will sometimes clobber your saved credentials in LSASS. That is used to derive your DPAPI User Encryption Key, so it changes and no longer works." Until Microsoft delivers a fix, its recommended workaround involves right-clicking the Windows 10 Start Button and selecting Windows PowerShell (Admin). Microsoft then recommends:

Copy and paste the command below into Windows PowerShell and press Enter.

Get-ScheduledTask | foreach { If (([xml](Export-ScheduledTask -TaskName $_.TaskName -TaskPath $_.TaskPath)).GetElementsByTagName("LogonType").'#text' -eq "S4U") { $_.TaskName } }

If you see any Tasks listed from the PowerShell output, make a note of them.

Next, go to Windows Task Scheduler and disable any tasks you found from the above command. Follow these steps:

In the Windows 10 Search box, type Task Scheduler and then open the Task Scheduler app.

Locate the task in the Window (HP Customer participation), or other task from the Windows PowerShell output.

Right-click the task and choose Disable.

After you disable the task, restart Windows. Microsoft notes that users may need to re-enter missing passwords one more time before it is saved again.


ROBOT SOLDIERS COULD SOON MAKE UP A QUARTER OF THE ARMY


The UK's chief of the defense staff predicted a rise in the military use of robotics and autonomous systems. In the age of artificial intelligence, robots will soon represent a large part of the armed forces, according to the UK's chief of the defense staff Nick Carter, who predicted that up to a quarter of the army could be made up of autonomous systems in the near future. Speaking on Remembrance Day, the General speculated that as cyber and space join the more traditional army domains of land, air, and maritime, so will AI systems become an integral part of the armed forces' modernization effort. Carter warned that decisions haven't been taken yet, and insisted that his predictions were not based on firm targets. He nevertheless shared his visions for an armed force that is "designed for the 2030s". "You'll see armed forces that are designed to do (cyber and space). And I think it absolutely means we'll have all manner of different people employed because those domains require different skill sets, and we will absolutely avail ourselves with autonomous platforms and robotics wherever we can," said Carter. "I suspect we could have an army of 120,000, of which 30,000 might be robots, who knows," he said. The current trained strength of the country's armed forces is just under 74,000. The UK Ministry of Defense (MoD) is still scoping the opportunities that robotic and autonomous systems might open up for the army. The MoD has shown interest in the potential that AI-powered vehicles have to facilitate the logistics of convoy operations, for example. Drones have received particular attention, and many research projects are already underway to understand how unmanned systems might assist soldiers in a variety of different operations. Equipped with cameras and sensors, and potentially even weapons, drones could carry out military work in the most challenging settings while keeping human operators safe. Earlier this year, the MoD launched an innovation call for drone technology that can assist in "challenging and complex urban operations". The department said that innovations in this space could remove service personnel and military dogs from dangerous urban warfare situations where their lives might be at risk. "We are looking for ideas that reduce the mental strain on operators and improve performance," reads the call, "but solutions must ensure that they remain under full human control at all times." The prospect of using fully autonomous weapons has been at the heart of heated debate over the past years and has given rise to activist campaigns such as the Campaign to Stop Killer Robots. In 2018, concerns with the military use of robotic systems prompted Google employees who were working on drone video analysis software for the US Pentagon to leave the company, citing fear that their work might be used to kill people. After 4,000 staff petitioned for Google to quit the deal, the tech giant backtracked and announced the contract with the Pentagon wouldn't be renewed. Since then, the US Department of Defense (DoD) has published a 65-page long document detailing guidelines for an ethical use of AI in warfare, which determines that the technology should be used in a "lawful and ethical manner". Despite the ethical challenges, countries around the world are racing to develop AI-capable military forces. "Modernization essentially means that you're going to park some capabilities that are perhaps from the industrial age, and want to look forward to the capabilities you need for an information age," said Carter. He mentioned the need for long-term investment in order to equip the UK army with cutting-edge technology – a topic that was at the heart of an integrated review launched by the government earlier this year, which set out to plan defense investment for the next five years. The integrated review had to be postponed as a result of the COVID-19 crisis. While acknowledging the difficulties posed by the global pandemic, Carter maintained that long-term investment in robotic and autonomous systems would be key to sustain the army's modernization efforts.


NEW HACKER-FOR-HIRE MERCENARY GROUP DISCOVERED.


BlackBerry's security team has published details today about a new hacker-for-hire mercenary group they discovered earlier this year, and which they tied to attacks to victims all over the world. The group, which BlackBerry named CostaRicto, is the fifth hacker-for-hire group discovered this year after the likes of:

BellTrox (aka Dark Basin)

DeathStalker (aka Deceptikons)

Bahamut

Unnamed group

CostaRicto's discovery also comes to retroactively confirm a Google report from May, when the US tech giant highlighted the increasing number of hacker-for-hire mercenary groups, and especially those operating out of India. However, while BellTrox has been linked to an Indian entity and Bahamut is suspected of operating out of India as well, details about CostaRicto's current origins and whereabouts still remain unknown. What is currently known is that the group has orchestrated attacks all over the globe across different countries in Europe, the Americas, Asia, Australia, and Africa. However, BlackBerry says the biggest concentration of victims appears to be in South Asia, and especially India, Bangladesh, and Singapore, suggesting that the threat actor could be based in the region, "but working on a wide range of commissions from diverse clients." As for the nature of the targets, the BlackBerry Research and Intelligence Team said in a report today that "the victims' profiles are diverse across several verticals, with a large portion being financial institutions." Furthermore, BlackBerry says that "the diversity and geography of the victims doesn't fit a picture of a campaign sponsored by a particular state" but suggests that they are "a mix of targets that could be explained by different assignments commissioned by disparate entities." BlackBerry also adds that while the group is using custom-built and never-before-seen malware, they are not operating using any innovative techniques. Most of their attacks rely on stolen credentials or spear-phishing emails as the initial entry vector. These emails usually deliver a backdoor trojan that BlackBerry has named Sombra or SombRAT. The backdoor trojan allows CostaRicto operators to access infected hosts, search for sensitive files, and exfiltrate important documents. This data is usually sent back to CostaRicto command-and-control infrastructure, which BlackBerry says it is usually hosted on the dark web, and accessible only via Tor. Furthermore, the infected hosts usually connect these servers via a layer of proxies and SSH tunnels to hide the malicious traffic from the infected organizations. All in all, BlackBerry says these practices "reveal better-than-average operation security," when compared to your usual hacking groups. All the CostaRicto malware samples that BlackBerry discovered have been traced back to as early as October 2019, but other clues in the gang's servers suggest the group might have been active even earlier, as far back as 2017. Furthermore, researchers said they also discovered an overlap with past campaigns from APT28, one of Russia's military hacking units, but BlackBerry believes the server overlap may have been accidental. HACKER-FOR-HIRE GROUPS — THE NEW LANDSCAPE

For many years, most hacking groups have operated as stand-alone groups, carrying out financially-motivated attacks, stealing data, and selling for their own profit. The public exposures of BellTrox, DeathStalker, Bahamut, and CostaRicto this year show a maturing hacker-for-hire scene, with more and more groups renting their services to multiple customers with different agendas, instead of operating as lone wolfs. The next step in investigating these groups will need to look at who their clients are. Are they private corporations or foreign governments. Or are they both?


CHAIN-ANALYSIS LAUNCHES PROGRAM TO MANAGE CRYPTOCURRENCY SEIZED BY LAW ENFORCEMENT


Chainalysis has launched a program designed to manage and store cryptocurrency seized during criminal investigations. The blockchain analysis firm said the "asset realization program" will handle, hold, and track seized assets, which could include cryptocurrencies such as Bitcoin (BTC), Ethereum (ETH), and alternative tokens. While traditional bank accounts can be frozen when criminal conduct is suspected, cryptocurrencies represent more of a challenge. There is a gray area when it comes to virtual coins -- usually stored in either hot wallets with online connectivity or cold wallets, offline -- and how to both seize and secure funds until an investigation is complete. This is the niche business opportunity that Chainalysis is attempting to enter. "When law enforcement discovers and investigates illicit cryptocurrency assets, they need to seize and store them until they can be legally forfeited," the company says. "As such, government agencies and insolvency practitioners -- licensed professionals who advise on insolvency matters -- need a safe way to track, store, and ultimately sell seized cryptocurrency assets for fiat currency." Chainalysis is also partnering with Asset Reality to develop advisory services for clients in how to sell seized funds, as well as provide training and education to officers in cryptocurrency matters. "As cryptocurrencies become more mainstream, they will increasingly be used by good and bad actors alike," said Jason Bonds, CRO of Chainalysis. "Chainalysis is dedicated to building trust in digital assets, and that means helping to detect and investigate illicit activity. As our government partners become more successful in rooting out bad actors, assisting them with asset recovery and realization is a natural next step." The announcement was made a week after the US government announced the seizure of BTC worth $1 billion in the largest confiscation of digital coins recorded. The cryptocurrency was allegedly stolen by an unnamed threat actor from Ross Ulbricht, the operator of the underground Silk Road marketplace, prior to his arrest. Operating from 2011 to 2013, Silk Road generated an estimated revenue of 9.5 million Bitcoin, together with 600,000 BTC in commission. The US Department of Justice (DoJ) is seeking forfeiture of the seized cryptocurrency. Chainalysis says the company assisted law enforcement during this investigation, as well as in other recent probes into North Korean hacking activities and terrorism financing.

______________________________________________________________________________


THREAT FOCUS: JM Bullion Dealer - UNITED STATES

https://www.bankinfosecurity.com/precious-metal-trader-jm-bullion-admits-to-data-breach-a-15294


Exploit: Skimming (Magecart)

JM Bullion: Precious Metals Dealer

Risk to Business: 1.772 = Severe - This Texas precious metals trader discovered that someone was cashing in on their clients’ transactions and it wasn’t them. In a recent regulatory filing, the company disclosed that malicious payment skimming code was present and active on their website from February 18, 2020, to July 17, 2020. Individual Risk: 1.624 = Severe - The information stolen in this attack includes customers’ names, addresses, and payment card information, including the account number, expiration date, and security codes. Customers should be alert to potential identity theft and spear phishing attempts.

Customers Impacted: Unknown

How it Could Affect Your Business: Failing to notice a payment card skimmer operating on your site for 6 months does not speak well to your company’s commitment to keeping client data secure. Guide to Our Risk Scores

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: No business can afford to overlook regular cybersecurity awareness training and risk mitigation. Our digital risk protection platform has the solutions that you need to provide strong security for your business at a great price. Call Avantia on +61 7 30109711 (Business Hours) to find out more.

THREAT FOCUS: University of Vermont Medical Center - UNITED STATES

https://www.idagent.com/passly-digital-risk-protection


Exploit: Ransomware

University of Vermont Medical Center: Hospital System

Risk to Business: 1.402 = Extreme - In the wake of recent warnings from US government agencies about increased ransomware risk for healthcare targets, University of Vermont Medical Center (UVM) has landed in that trap. A ransomware attack has led to significant, ongoing tech problems for the University of Vermont Health Network, affecting its six hospitals in Vermont and New York. The Vermont National Guard and the FBI have been working with the tech team at UVM to restore service since the attack first began affecting systems on October 30th. Damage assessment and recovery are ongoing, and some systems are still offline. The hospital says that urgent patient care was not impacted. Individual Risk: No personal or consumer information was reported as impacted in this incident.

Customers Impacted: Unknown

How it Could Affect Your Business: Healthcare targets are in increasing danger from money-hungry cybercriminals who know that medical targets don’t have time for a long, complex recovery procedure, but they do have money. Guide to Our Risk Scores 1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: Ransomware is typically delivered as the nasty cargo of a phishing attack. Improve your staff’s phishing resistance to fight back against ransomware threats. For more info please call Avantia on +61 7 30109711.

THREAT FOCUS: GrowDiaries - UNITED STATES

https://www.zdnet.com/article/configuration-snafu-exposes-passwords-for-two-million-marijuana-growers/


Exploit: Misconfiguration

GrowDiaries: Industry Blogging Platform

Risk to Business: 2.237 = Severe Leading cannabis industry blogging platform GrowDiaries may need to clear its head after a configuration error in Kibana apps left two Elasticsearch databases unlocked and leaking data. Those open gates allowed attackers to dive into two sets of Elasticsearch databases, with one storing 1.4 million user records and the second holding more than two million user data points.

Individual Risk: 2.612 = Moderate -One open database exposed usernames, email addresses, and IP addresses for platform users, and the other exposed user articles posted on the GrowDiaries site and users’ account passwords. Users should be aware of spear phishing and blackmail risks.

Customers Impacted: 1.4 million

How it Could Affect Your Business: Cyberattacks can have cascading consequences, with information stolen in cyberattacks coming back to haunt businesses months or years later. Data like login credentials can live on in Dark Web data dumps to haunt you later.

Guide to Our Risk Scores

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: Dark Web ID helps keep credentials safe with 24/7/365 human and machine monitoring using real-time data analysis. to find compromised credentials and alert you fast. For more info call Avantia on +61 7 30109711

THREAT FOCUS: Mattel Toys - UNITED STATES

https://www.bleepingcomputer.com/news/security/leading-toy-maker-mattel-hit-by-ransomware/


Exploit: Ransomware

Mattel: Toymaker

Risk to Business: 2.327 = Severe - In a recent regulatory filing, Mattel told regulators that it suffered a ransomware attack in July 2020 that shut down some systems but did not include a significant data loss. Only business systems were impacted, production and distribution were not affected. Experts believe that TrickBot ransomware was used in the incident. Individual Risk: No personal or consumer information was reported as impacted in this incident.

Customers Impacted: Unknown

How it Could Affect Your Business: Cybersecurity awareness starts with phishing resistance. It’s the most likely delivery system for ransomware, but training only sticks if it’s refreshed at least every 4 months. Guide to Our Risk Scores

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: Don’t get caught in cybercriminal nets by ransomware lures. BullPhish ID had more than 80 plug-and-play phishing simulation campaigns ready to train your staff to spot and stop phishing now, with 4 new ones added every month. Call Avantia on +61 7 30109711 for more information.

THREAT FOCUS: GEO Group - UNITED STATES

https://www.natlawreview.com/article/geo-group-hit-ransomware-attack


Exploit: Ransomware

GEO Group: Private Prison Developer

Risk to Business: 2.066 = Severe - GEO Group has begun informing impacted individuals and facilities that the Florida-based prison developer was struck by ransomware in July 2020. The company notes that some personally identifiable information and protected health information for some inmates and residents was exposed in the incident. The impacted people connected to the South Bay Correctional and Rehabilitation Facility in Florida, a youth facility in Marienville Pennsylvania, and an unnamed defunct facility in California. Employee data was also obtained in the incident. Individual Risk: 2.221 = Severe - Residents and former residents of the impacted facilities should be alert to spear phishing, identity theft, or blackmail attempts using the stolen data. Employees of GEO group should also be on the lookout for similar activity.

Customers Impacted: Unknown

How it Could Affect Your Business: failure to stop ransomware attacks from landing on your business is a fast track to a long, messy, and expensive recovery.

Guide to Our Risk Scores

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: Don’t set yourself up for disaster by failing to train everyone in your organization. From interns to the C-suite, everyone’s a potential phishing target. BullPhish Id uses fast, effective training tools like engaging videos to make sure everyone is up to speed. Phone Avantia on 0730109711 now.

THREAT FOCUS: Saskatchewan Polytechnic - CANADA

https://globalnews.ca/news/7450319/saskatchewan-polytechnic-cyberattack-online-classes/


Exploit: Ransomware

Saskatchewan Polytechnic: Institution of Higher Learning

Risk to Business: 1.317 = Extreme - Classes were canceled for a week at Saskatchewan Polytechnic after a suspected ransomware attack on October 30th rocked the school’s systems. Students and staff lost access to O365 functions, Zoom, and learning platforms. Online classes have been partially restored, but the recovery for impacted systems is ongoing with law enforcement involved. Saskatchewan Polytechnic operates campuses in 4 locations.

Individual Risk: No personal or consumer information was reported as impacted in this incident so far, but it is still being remediated.

Customers Impacted: 14,176 students, unknown staff

How it Could Affect Your Business: Ransomware isn’t just about capturing data anymore, it can also be intended to shut down your business. Security awareness training prevents up to 70% of cybersecurity incidents. Guide to Our Risk Scores

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: Phishing resistance training is one of the most important ways that businesses can protect their systems and data. Not only does it improve your staff’s phishing resistance, but it also boosts their overall cybersecurity awareness too. Call Avantia on +61 7 30109711 today

THREAT FOCUS: Flagship Group - UNITED KINGDOM

https://www.theregister.com/2020/11/06/revil_sodinokibi_ransomware_gang_flagship_group_housing/


Exploit: Ransomware

Flagship Group: Rental Housing Facilitator

Risk to Business: 1.862 = Severe - Social housing platform Flagship Group got an unwelcome visitor – REvil ransomware. The company announced that one of their data centers was infected by the ransomware, “compromising some personal staff and customer data”. Operations were not impacted. The attack took place on November 1, 2020, and authorities are investigating as recovery continues.

Individual Risk: 1.613 = Severe - Clients and employees should be aware of the possibility that their personally identifiable or financial data was compromised and be alert to spear phishing and identity theft attempts. Customers Impacted: Unknown

How it Could Affect Your Business: As the company noted in their report, REvil came calling as part of a phishing email, the biggest cybersecurity threat your business is facing in 2020.

Guide to Our Risk Scores

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: Don’t just hope that you’re not next – fight back against ransomware threats with our eBook “Ransomware 101”. See why you’re at risk and how to protect your business fast. Call Avantia on +61 7 30109711 for more info.

THREAT FOCUS: Folksam Insurance Group - SWEDEN

https://www.pymnts.com/news/security-and-risk/2020/sweden-folksam-insurance-data-breach-big-tech/


Exploit: Accidental Data Sharing

Folksam Insurance Group: Insurance Company

Risk to Business: 2.801 = Moderate - Swedish insurer Folksam made a misstep last week, when employees accidentally shared access to sensitive client data with Facebook, Google, Microsoft, LinkedIn, and Adobe. There are no indications that the data was used. The data was generated as part of an internal marketing analysis. Individual Risk: 2.654 = Moderate - Folksam has not said precisely what data was shared, but data they maintain includes financial, personal, and professional information about clients.

Customers Impacted: 1,000,000

How it Could Affect Your Business: Accidental data sharing is often a result of sloppy data handling and security practices. Clients will lose trust in companies that promise to secure their sensitive data and fail. Guide to Our Risk Scores

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: Passly adds extra protections between outsiders and your data with a robust suite of secure identity and access management tools at a price that’s also sweet. Please call Avantia on +61730109711 for more info.

THREAT FOCUS: Prestige Software - SPAIN

https://www.hackread.com/hotel-reservation-platform-data-leak-online-booking-sites/


Exploit: Misconfiguration

Prestige Software: Travel Industry Software Developer

Risk to Business: 1.613 = Severe - International booking software provider Prestige is in hot water for a misconfiguration incident that led to the exposure of personally identifiable data for potentially millions of travelers worldwide. An AWS S3 bucket was left open with free access to 24.4 GB of information, about 10 million files. Clients of Prestige Software include Booking.com, Expedia, Agoda, Amadeus, Hotels.com, Hotelbeds, Omnibees, Sabre, and several others. Credit card data for businesses including travel agents and hotel customers was also stored in this database without any security measures. Individual Risk: 1.624 = Severe - Travelers from as far back as 2013 who have used Booking.com, Expedia, Agoda, Amadeus, Hotels.com, Hotelbeds, Omnibees, Sabre, and smaller service providers may be impacted. The information exposed includes travelers’ full names, NIC numbers, email addresses, phone numbers, hotel reservation number, date and duration of stay, credit card numbers including owner’s name, CVV code, and card expiration date.

Customers Impacted: Unknown, 10 million files were exposed

How it Could Affect Your Business: This egregious data handling and security error isn’t just a PR disaster – it’s also going to cost a pretty penny in fines and penalties once regulators get finished, including an anticipated large GDPR bill. Guide to Our Risk Scores

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: Compliance is a major concern in many industries. Are you checking off the boxes on your industry’s compliance checklist? We can help make sure that you’re on the ball. Phone Avantia Corporate Services on +61 7 30109711 for more information.

THREAT FOCUS: Campari Group - ITALY

https://www.zdnet.com/article/italian-beverage-vendor-campari-knocked-offline-after-ransomware-attack/


Exploit: Ransomware

Campari Group: Beverage Vendor

Risk to Business: 2.607 = Severe - The Ragnar Locker ransomware gang stopped by Italian beverage maker Campari Group, leaving a sticky situation in its wake. The company, creators of brands including Campari, Cinzano, and Appleton, had a large part of its IT systems encrypted leading to a business disruption. Campari has announced that it was able to restore affected systems and no sensitive data was impacted. The ransom demand is currently set for $15 million

Individual Impact: No personal or consumer information was reported as impacted in this incident

Customers Impacted: Unknown

How it Could Affect Your Business: Backup and restoration is an important tool in ransomware recovery – but training your staff to not be fooled by the phishing email that launches a ransomware attack is an effective mitigation strategy. Guide to Our Risk Scores

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: BullPhish ID is available in 8 languages to keep worldwide staff up to date to spot and stop the latest phishing threats, including COVID-19 scams. Call Avantia on +61 7 3010 7911 to get more info.



THREAT FOCUS: Lupin Pharmaceuticals - INDIA

https://www.businesstoday.in/sectors/pharma/lupin-hit-by-cyberattack-threat-increases-for-pharma-firms-amid-covid-19/story/421348.html


Exploit: Ransomware

Lupin: Drugmaker

Risk to Business: 1.806 = Severe - As the race to find a vaccine or treatment for COVID-19 heats up, Mumbai-based Lupin became the second major Indian pharmaceutical company to be hit by a suspected ransomware attack in the last few weeks. The company was forced to shut down operations and production at several of its facilities for a brief period, but systems have been restored.

Individual Impact: No personal data was exposed in this incident.

Customers Impacted: Unknown

How it Could Affect Your Business: Snarling systems and impacting production are two goals that we’re seeing on the rise on cybercriminal hit lists, and frequently ransomware is the tool that they prefer to shut down businesses. Guide to Our Risk Scores

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: Don’t get locked out of your business by ransomware. Phishing resistance training with BullPhish ID transforms your staffers from your largest attack surface to your largest defensive asset. Call Avantia on 07 30109711 for more info.

THREAT FOCUS: Capcom Inc. Ltd - JAPAN

https://www.bleepingcomputer.com/news/security/capcom-hit-by-ragnar-locker-ransomware-1tb-allegedly-stolen/


Exploit: Ransomware

Capcom Inc. Ltd.: Videogame Company

Risk to Business: 2.070 = Severe - Ragnar Locker ransomware is on the case again, this time in an incident at legendary Japanese game company Capcom. The gang claims to have scored 1TB of sensitive data from Capcom, including data from corporate networks in the US, Japan, and Canada. Industry sources report that Ragnar Locker claims to have encrypted 2,000 devices on Capcom’s networks and are demanding $11,000,000 in bitcoins for the key.

Individual Risk: No individual information was reported as impacted in this incident, although the extent and type of the stolen data is still unclear.

Customers Impacted: Unknown

How it Could Affect Your Business: Even giant corporations can become victims of the humble phishing attack, and huge amounts of data like what was captured here help fuel the spear phishing attacks that often lead to ransomware events. Guide to Our Risk Scores

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: Information from attacks like this frequently makes its way to Dark Web data markets and dumps, including stolen password lists. Make sure your employee credentials are protected from unexpected risk when you have them monitored with Dark Web ID. Call Avantia now to see if your employees credentials are secure - Phone +61 7 30109711.

THREAT FOCUS: Superior Court of Justice - BRAZIL

https://www.hackread.com/ransomware-attack-brazil-top-court-encrypts-backups/


Exploit: Ransomware

Superior Court of Justice: Judiciary Body

Risk to Business: 1.227 = Extreme - A ransomware attack savaged the Brazilian judiciary system last week, encrypting or disrupting all major services including the official website. Outlets are also reporting that the system cannot be easily restored because the backups have also been encrypted, which squares with the demands made by cybercriminals for a ransom payment. The Court is collaborating with the Brazilian Army’s Cyber Defense Command and other relevant authorities for investigations. Court actions are suspended pending the restoration of required services. Individual Risk: While it’s clear that a great deal of information has been stolen or encrypted, there are no specifics on the type.

Customers Impacted: Unknown

How it Could Affect Your Business: Ransomware is also becoming a favored weapon of nation-state hackers, and is being more frequently used to disrupt government and essential service operations. Guide to Our Risk Scores

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: Are nation-state hackers a threat to your business? Many essential services are at risk, especially in healthcare. Find out more about what they’re going after and how to protect your business. Phone Avantia on +61 7 30109711 now.

______________________________________________________________________________

POSTSCRIPT:


Credential Stuffing Attacks Disproportionately Target Certain Industries

Many types of cyberattacks are more common in some industries than others, while ransomware has been a consistently dangerous across-the-board offender, things like business email compromise scams and corporate espionage tend to cluster. That seems to be the case with credential stuffing attacks in 2020, as certain industries have seen more than their share. In recent reporting, cybersecurity researchers have uncovered a trend that doesn’t bode well for three already beleaguered industries. In the analysis period, July 1 2018 to June 30, 2020, researchers counted over 100 billion credential stuffing attempts against myriad targets. and discovered that cybercriminals are playing favorites. More than 60% of the credential stuffing attacks recorded in the last 12 months have targeted businesses in the retail, hospitality, and travel sectors, led by 64 billion attempts at cracking open user accounts in just those verticals. While every company carries some risk for credential stuffing, retail is the clear favorite of cybercriminals, with more than 80% of credential stuffing attacks directed at retail targets. Analysts suspect that additional online shopping traffic spurred on by worldwide COVID-19 lockdowns added as an extra incentive to go after retailers this year. That explosion in shopping brought some users who hadn’t been shopping online much back into the fold, enabling cybercriminals to get new mileage out of old lists of compromised credentials in Dark Web data dumps. So, how can you secure your clients and your business against credential stuffing threats? It turns out that a few simple tools pave the way to enhanced protection from this growing threat:

Find exposed credentials that could put you at risk. Millions of passwords from millions of sources are easily acquired on the Dark Web, even for free. Make sure that employee credentials aren’t floating around on any of those lists with Dark Web ID. Our 24/7/365 Dark Web monitoring uses real-time, validated data and real human analysts as well as machine intelligence to spot compromised protected credentials and alert you to trouble immediately.

Eliminate flimsy barriers that let cybercriminals walk right in. One of the universally recommended mitigations for credential stuffing risk is multi-factor authentication for a good reason – it works. Add Passly to your arsenal to give your clients enhanced access point protection that goes to work in days, not weeks – without the enhanced price point.

Protecting your business from credential stuffing attacks isn’t a magic trick, and it’s not an expensive proposition. It’s a smart move that will prevent data breaches By adding efficient, affordable protection you can have confidence that you’re making sure you have a shield in place against credential stuffing.


Compliance Essentials Save You Money in More Ways Than One

As we head into the last weeks of 2020 (finally!), businesses are starting to take stock of what they’ve accomplished this year and what they need to get done in Q1 2021. When you’re making your review list, don’t forget to include “compliance”, because failing to maintain data and system security is a nasty misstep that no business can afford. Take a moment to review how compliance requirements may have changed in your industry. Japan’s 2005 Protection of Personal Information law received a major update in 2020. Plus, new European GDPR updates and clarifications can add additional complications and additional penalties for failure. India and Hong Kong are also set to enact and enforce updated data privacy regulations. In the US, data privacy bills were put before legislatures in at least 30 states and Puerto Rico in 2020, and new regulations were enacted in Virginia and Michigan. The newly enacted California Consumer Privacy Act could also impact your business, California voters also just passed Proposition 24 on November 3, 2020, allowing consumers to stop businesses from selling or sharing their personal information, including race, religion, genetic details, geographic location, and sexual orientation. One data security best practice that is required or encouraged in many industry compliance regulations is multi-factor authentication (MFA), and Passly is an ideal choice. Protect your data with more than one lock: a password and MFA. With Passly’s MFA feature, a separate code or token is also needed to gain access to your systems and data, guarding you from the impact of a compromised employee password. Compliance is a tricky field, and it’s always best to consult with an expert to ensure that you’re safe. Avantia Cyber Security can help you find out exactly what you need to do to ensure that your company’s data handling and storage are on track with industry best practices and compliance requirements, giving you peace of mind as you head into the end of a challenging year.

AVANTIA CYBER SECURITY - PARTNER FOCUS



TrustGraph®: Advanced, Patented AI Technology. TrustGraph® analyzes over 50 different attributes of your employees’ communications, including the devices they use, who they message most, what time of day they communicate, and so on. The powerful AI uses this data to create profiles of trusted relationships. TrustGraph® then compares incoming communications to these profiles to detect and prevent sophisticated phishing, spear phishing, and business email compromise attacks.

FOR MORE INFORMATION ON GRAPHUS AI DEFENSE GRADE CYBER SECURITY, PLEASE CONTACT AVANTIA CYBER SECURITY

ON +61 7 30109711 / info@avantiacorp.com.au

DISCLAIMER*

Avantia Corporate Services Pty Ltd T/A Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, other members of the 5 Eyes Alliance, the Australian Cyber Security Centers, and other sources in 56 countries who provide cyber breach and cyber security information in real time. Given their international focus and experience in the cyberspace arena we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the contents accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.


*COPYRIGHT 2020* Avantia Corporate Services - All Rights Reserved.

0 comments