Search
  • Avantia Threat Update

RACCOON NAMESAKE SET FREE TO CREATE HAVOC ON COMPUTER NETWORKS*.

Updated: Nov 25, 2019


This Past Week*, Ransomware As A Service Sold on the Dark Web; Managing 3rd Party Cyber Risk; BEC Email Scam takes down 80 suspects; The spying danger from Google Home & Amazon Echo; Supermarket employee sells 100,000 employee details; Healthcare providers struggle to protect Personal Identifiable Information (PII), Data breaches officially reach an all-time high; Threat actor impersonates Government Agents and significant Data Breaches in AUSTRALIA; UNITED KINGDOM; CANADA & UNITED STATES.

Known Customers Effected by Data Breaches reported in this Briefing

this past 4 weeks: 3,086,802*


Dark Web ID Trends: Severe* Top Source Hits: ID Theft Forums

Top Compromise Type: Domain 

Top Industry: Education & Research

Top Employee Count: 1 - 10 Employees 


RACCOON MALWARE-AS-A-SERVICE GAINS MOMENTUM.*

Raccoon is a malware-as-a-service (MaaS) info-stealer that appeared in early 2019, and was aggressively marketed on underground forums from April 2019. Since then, its popularity and use has grown dramatically. It has become one of the top ten most referenced malware in the underground economy, and has infected hundreds of thousands of endpoints across individuals and organisations in North America, Europe and Asia. Code within Raccoon checks the victim machine's local settings, and the malware immediately aborts if the language is Russian, Ukrainian, Belorussian, Kazakh, Kyrgyz, Armenian, Tajik, or Uzbek. This is common practice for malware originating in CIS countries (The Commonwealth of Independent States {or CIS} is an intergovernmental organisation made up of post-Soviet nations throughout Eurasia. ... These CIS states are: Armenia, Azerbaijan, Belarus, Kazakhstan, Kyrgyzstan, Moldova, Russia, Tajikistan, and Uzbekistan) and is one clue that it comes from Russia. A second is that MaaS support is provided in Russian and English; but an English typo suggests that English is not the developers' native language. Raccoon, say researchers from cyber researchers ‘Cybereason’ Nocturnus, is "sold as a MaaS with features like an easy-to-use automated backend panel, bulletproof hosting, and 24/7 customer support in both Russian and English. As of this writing, it costs US$200 per month to use." The primary methods of Raccoon delivery used by the Maas customers is through exploit kits, via phishing attacks, and through bundled malware. The exploit kit used is ‘Fallout’, which is used to spawn a PowerShell pipeline (In PowerShell, the word pipeline generally refers to a series of commands that have been joined together. Individual commands are separated from one another by using the pipe symbol - hence the name pipeline) from Internet Explorer. This subsequently downloads the info-stealer payload. Phishing is done with an attached Office document containing malicious macro code. If the attachment is opened and the macro allowed to run, it connects to a malicious server and downloads the payload. As part of bundled software, write the researchers, "the attackers use legitimate software bundled with the main payload of the info-stealer to infect unsuspecting users. Raccoon installs itself behind-the-scenes, hidden from the user." Raccoon is not the most sophisticated info-stealer. It is relatively simple, but does its job well. The analysis by the Nocturnus researchers (who have been monitoring the malware since April 2019) shows that any data it steals is first stored locally in the Temp folder. This includes screen captures, system information (such as username, IP address, language settings, OS version, information on installed apps, and CPU and memory information); user login details, cookies, autofill data -- which may include credit card data -- from 33 different browser types; registry content such as local username/password couplings; and cryptocurrency wallets. All the stolen data is gathered together into a zip file and sent to the malware's C2 server. One feature currently missing is a key-logger. Although this confirms the malware as possibly not the 'best' info-stealer available, it also indicates why the product is proving so successful. "Several users in the underground community are asking for this feature," say the researchers, "and the Raccoon team has suggested it may be available in the future." Given the experience of other users, this implied promise of a future key-logger will probably be fulfilled -- the developers have an excellent reputation for courtesy and response to their customers. In one instance, a user took a free trial period but complained to the developers that there was a bug in the control panel's search engine: "Had an issue with the control panel's search engine," he reported. "Problem was solved immediately, on the fly." Another user wrote on the underground channels, "What surprised me is the support that treats you as a VIP class client, they will do whatever you demand and with expressing gratitude, etc. it is very nice and I have never seen experienced it anywhere else." The underground businessman is clearly learning from and adopting the best business behavioral habits of legitimate business. Malware As A Service -- or the consumerisation of malware -- is a growing phenomenon. The Nocturnus researchers do not know who is behind Raccoon. However, snippets of information found on the underground, and sometimes from what may be termed concerned competitors, suggest that the primary mover is known as ‘gladOff’. If this is true, and if it is the same gladOff, he "is," say the researchers, "a long-time threat actor responsible for developing malware like the Decrux and Acrux crypto-miners, the Mimosa RAT and the ProtonBot loader." His specialty is to develop less sophisticated but easy-to-use, end-to-end solutions -- just like Raccoon. He doesn't seem to be working alone, but possibly with a loose group of co-workers rather than a tightly knit specific gang. There have been fallings-out within that group -- including one person who stole and leaked the Raccoon customer database and another who stole $900 from the Raccoon community balance. In the latter case, the Raccoon team posted an explanation: "The aforementioned user had access to the intra-team test API (dock), had all the links, had a password from the admin account... Yes, our mistake was that after the reorganisation of the team, we did not react quickly enough, no one expected such meanness." It seems that even cyber criminals fall foul of rookie security errors like not adequately managing their privileged accounts. Raccoon can be seen as a sign of the times. Malware does not have to be incredibly sophisticated; it must just be sophisticated enough to get the job done. The volume of infected endpoints in just a few months of operation suggests that Raccoon is sophisticated enough. Backed by the new and responsive malware-as-a-service business paradigm, it allows wannabe criminals with low technical ability to become successful cybercriminals for just US$200 per month. "We expect this trend to continue into 2020 and push the evolution of MaaS forward," say the researchers.


MOST COMPANIES DON’T PROPERLY MANAGE THIRD PARTY CYBER RISK.*

It’s been established that good cybersecurity requires not just an internal assessment of an organisation’s own security practices, but also a close look at the security of the partners that businesses rely upon in today’s modern, interconnected world. As such, developing a Third-Party Cyber Risk Management (TPCRM) strategy is becoming more common with every news headline regarding a major breach that stemmed from a company’s relationship with a third-party. There are several different approaches to TPCRM strategies on the market today. While the goals are the same, it is important for organisations to create a program that allows them to execute on actionable insight, meaning the insights and value provided should result in informed decision making that reduces risk for the lead organisation and for the third party that posed it.  Two common approaches used today are security rating tools and spreadsheet assessments. The problem is, you can’t make an informed decision about the risk a vendor brings to your organisation based on a surface scan that looks solely at public domain data or an annual spreadsheet-based questionnaire that was conducted months ago. To be truly effective, third party cyber risk management programs need to go beyond an initial scan and evaluate your third party’s security from the inside out, with validated and dynamic data, so you can identify with confidence, what security gaps exist. And your program should help you identify what those risks are at both the individual and portfolio level, so you can make informed decisions about what to prioritise and mitigate throughout your ecosystem. Spreadsheet assessments present their own issues, ranging from a static point in time view that can’t keep up with the evolving threat landscape, or a legacy customized bespoke assessment that acts more as a security blanket than a source of information and action.  A recent study by Ponemon found that 54% of organisations feel their assessments ultimately provide little value, and worse yet, only 8% of those assessments results in action. If you aren’t able to identify control gaps in your third party’s security or even the third parties you should not be partnering with, then what is the point of assessing them? Third-party cyber risk management should enable you to do just that, manage risk. Getting to the root of most third-party cybersecurity problems requires the ability to identify which third parties pose you the most risk, prioritise them accordingly and then apply the right level of due diligence in an ongoing manner to monitor them. This requires identifying your third parties, scoping out how you work with them to uncover your inherent risk, and then assessing them via dynamic and validated assessments to determine if there are any critical security control gaps. Analytics should be able to guide you on how to prioritise those controls gaps so you and your third parties can focus your mitigation efforts on the gaps with the most yield. The assessment process itself can be greatly streamlined by employing delivery models like an Exchange. An exchange not only serves as a central hub where the assessment data lives dynamically, but it enables a one-to-many relationship so multiple users can leverage the same data set, providing cost efficiencies for the customers and time efficiencies for third parties. These efficiencies only work, however, if organisations are willing to let go of their customised assessment and employ a comprehensive assessment. Knowing the difference between the various types of assessment techniques used to evaluate third-parties is critical in making the right investments of time and money. Outside-in scans give a quick indicator of potential risk that can be used to help prioritise a program but should not be used alone for critical TPCRM decisions. Bespoke and static assessments can provide a deep review, but are often hard to glean insights from and therefore don’t result in action. A dynamic, validated approach that provides you actionable insights will provide a deep and continuous understanding of third-parties’ control gaps that can easily inform your security program.  Given today’s cost of a data breach, which can climb well into the millions, an investment in a TPCRM program will more than make up for itself in a very short period of time.


EIGHTY SUSPECTS ARRESTED IN MASSIVE BUSINESS EMAIL SCAM (BEC) TAKEDOWN *

A successful Business Email Compromise (BEC) scam operation in which management was impersonated has been tackled by law enforcement through a series of arrests in Spain.  BEC scams involve crafted phishing messages, often tailored through social engineering techniques and email address spoofing, to impersonate high-value targets. Fraudsters may also compromise business accounts through malicious links or attachments to directly send messages from trusted email addresses.  This practice, unfortunately, has proven to be lucrative for cybercriminals. According to insurance firm AIG, BEC incidents have surpassed ransomware and data breaches as a need to file cyber insurance claims in the EMEA region. On Tuesday, the Spanish Civil Guard said that over ten million euros (A$16.4Million) have been stolen in the latest major BEC scam to be uncovered, and at least 12 companies in 10 countries have fallen prey to the group responsible. This particular scam involved cyber attacker’s masquerading as managers from victim companies after they had managed to compromise their accounts. To make the fraudulent messages appear legitimate, fake money requests were made through Pro-forma invoice attachments making use of company letterheads and branding.  To remain undetected, the scammers created a complex web containing 83 fake companies and 185 bank accounts for laundering proceeds. The money would constantly flow between these accounts and some of the funds were directly invested into real estate. So far, 1,290,000 euros have been recovered.  Victims have been traced back to the UK, US, Germany, Bulgaria, and Luxembourg, among other countries.  Three arrests have been made in Spain on the basis of computer fraud under the "Lavanco operation." A fourth individual is currently under investigation. Law enforcement says that the suspects are between 34 and 67 years of age.  Each suspect faces charges relating to "belonging to a criminal organisation, scamming, money laundering, discovery and disclosure of secrets, documentary falsehood and usurpation of marital status," according to the Civil Guard. The Lavanco operation began in 2016 and involved the participation of Europol, Interpol, and law enforcement agencies including the FBI.  Last month, law enforcement agencies revealed the arrest of 281 individuals suspected of being part of a BEC scam responsible for the theft of millions of dollars. Under Operation “rewired”, investigators were also able to seize close to US$3.7 million and recover roughly US$118 million in fraudulent wire transfers.


BEWARE OF EXPLOITS ATTACKING GOOGLE HOME AND AMAZON ECHO FOR SPYING AND PHISHING ON END USERS. *

The Google Home and Amazon Echo like smart speakers are indeed useful devices; however, they come accompanied with several security concerns. Researchers on cyber-security have issued an alert about a pair of exploits, which target Amazon Echo and Google Home appliances, as their creators employ them for either phishing Internauts off their personal information or eavesdropping on people online. Security Research Labs situated in Berlin thoroughly enumerates the two exploits within an extensive report posted onto its site. It has named the twin exploits "Smart Spies" hacks, while the lab has created some apps for demonstrating the attacks' execution as well as how apps and dexterity employed for effective working of the exploits can counteract the approval processes of Google and Amazon.  Through one set of videos, SRLabs' researcher team depicts the working of the hacks. According to one method, a move on Google Home enables end-users to request the generation of an arbitrary number. And as the move actually happens, the software, however, keeps on listening over an overtly lengthy period even after it has given its first commands. The other method involves an apparently harmless horoscope skill to operate Alexa as it bypasses a 'halt' command from the end-users while keeps on quietly listening. For each of the cases, the researchers managed abusing vulnerability within the two voice assistants that let the team continue listening for an unusually long time. For this, the researchers fed the assistants several characters that the assistants couldn't pronounce, implying they remain mute, and still go on listening for more commands. Evidently, mediums for eavesdropping and phishing in the cases can be abused through the backend which Google as well as Amazon provide to custom app developers for Google Home and Alexa devices. The backend enables accessing utilities which developers can resort to for tailoring the commands that any smart assistant would accept as also respond to, including the manner of replying. The bottom line: end-users should handle software of intermediate voice assistants with caution such as to allow software to enter their homes that solely come from trustworthy companies.


MORRISONS SUPERMARKETS TELL TOP UK COURT IT’S NOT LIABLE FOR STAFFER WHO NICKED PAYROLL DATA OF 100,000 EMPLOYEES.*

British supermarket Morrisons is arguing in the Supreme Court that it shouldn't be held vicariously liable for the actions of a rogue employee who stole and leaked the company's payroll. In a world where nobody's quite sure where data protection law ends and traditional civil law torts begin, the outcome of the case may well determine for years to come whether companies should be blamed and made to pay compensation if one of their employees breaks the law. Morrisons is fighting off a lawsuit from around 5,000 current and former employees as it tries to overturn an earlier Court of Appeal ruling. Arguing on Morrisons behalf yesterday, Lord Pannick QC, the UK Supreme Court's favourite barrister, said: "In relation to vicarious liability, we say the legal test is whether there is a sufficiently close connection between the wrongful conduct of the employee and what he was employed to do, assessed by reference to job function, time, when did he carry out the acts, the geography, where did he carry out the acts and motive." At the heart of the case is a deceptively simple question: was former Morrisons auditor Andrew Skelton acting "in the course of his employment" when he copied nearly 100,000 people's payroll data to a USB stick and dumped it on a hidden Tor site? The supermarket, naturally, argues that he wasn't – and therefore shouldn't be held liable for his actions. If Skelton's actions formed an "unbroken thread", as Lord Pannick put it, between what he was authorised to do as an employee and things that were not part of his job description, that will be enough to hold the supermarket liable for his criminal actions – prompting a hefty series of payouts. "It's not sufficient for the claimants to show that the employment provided the opportunity for the wrongdoing," insisted the barrister, who went on to describe a number of past cases where employees had done wrong and their employers hadn't been held liable. Broadly, he was saying, this is what other courts found in similar circumstances so why should Morrisons be held vicariously liable now? "When Mr Skelton downloaded the data onto his personal USB he had metaphorically taken off his uniform. He wasn't acting or purporting to act on behalf of his employer or for the purpose of his employment," added Lord Pannick, who also argued that the Data Protection Act 1998 (which applied when the original incident happened) excludes vicarious liability for Morrisons in this case. Lady Hale, president of the Supreme Court – wearing a purple jumper with a poppy brooch – commented: "There was a series of thefts from judges' rooms in the Royal Courts of Justice some years ago. That was an employee of the RCJ using the pass that he had in order to get into the judges' rooms and steal things. I don't think anybody's suggesting the courts and tribunals service was vicariously liable." Up against Lord Pannick is barrister Jonathan Barnes of legal chambers 5RB. He will argue that the Data Protection Act 1998 doesn't exclude vicarious liability for Morrisons and will say that the Court of Appeal's previous findings should be upheld in full. The case continues today and The Register will be covering the claimants' legal arguments in full. Lord Pannick was the lawyer who convinced the Supreme Court to rule that Prime Minister Boris Johnson had broken the law by advising the Queen to dissolve Parliament.


THREAT FOCUS: Florida Blue - UNITED STATES *

https://www.beckershospitalreview.com/cybersecurity/florida-blue-alerts-members-of-data-breach.html

Exploit: Phishing attack

Florida Blue: Health insurance provider

Risk to Small Business: 2.2 = Severe: A phishing attack at one of Florida Blue’s third-party vendors successfully duped an employee into compromising patients’ personally identifiable information (PII). The event included less than 1% of Florida Blue’s members, but it shines a spotlight on the underlying cybersecurity vulnerabilities within third-party partnerships. Now, because of an event outside of their immediate control, Florida Blue will face intense regulatory scrutiny and suffer from less-quantifiable reputational damage in the wake of breach.

Individual Risk: 2 = Severe: Patients’ PII was exposed in the breach, including names, dates of birth, and prescription information. Florida Blue is offering free credit monitoring and identity theft protection for anyone impacted by the breach. Although Florida Blue doesn’t believe that patient data has been misused, these services will provide long-term oversight to ensure that patients’ credentials remain secure.

Customers Impacted: Unknown Effect On Customers: In today’s digital environment, cybersecurity needs to be a central component of any third-party partnership. Unprotected companies place your data at risk, potentially undermining your best efforts to secure infrastructure. In contrast, strong cybersecurity standards can serve as a competitive advantage, allowing companies to market their strong defensive posture as a reason to subscribe to their services. Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Avantia Cyber Security & ID Agent to the Rescue: Designed to protect against human error, BullPhish ID™ simulates phishing attacks and manages security awareness training campaigns to educate employees, making them the best defense against cybercrime. Learn more by phoning 07 30109711 (Office Hours)


THREAT FOCUS: SmartASP.NET Web Hosting - UNITED STATES*

https://www.zdnet.com/article/major-asp-net-hosting-provider-infected-by-ransomware/

Exploit: Ransomware attack

SmartASP.NET: Web hosting platform

Risk to Small Business: 2 = Severe: Hackers encrypted the web hosting platform’s data, crippling both its IT infrastructure and customer data. After the attack, the company’s phones and website were both inaccessible, and SmartASP.NET was forced to notify customers that their data was encrypted. In addition to encrypting customer-facing infrastructure, a common target for ransomware attacks, the attack locked up significant amounts of back end data and delayed recovery efforts considerably.

Individual Risk: No personal information was compromised in the breach.

Customers Impacted: Unknown Effect On Customers: Ransomware attacks inevitably have significant financial repercussions, and this is only compounded by the reputational damage that follows such a newsworthy incident. However, hackers need an avenue to deploy this malware, and companies can protect themselves by ensuring that their defensive posture is sufficient to repel today’s most prescient threats. Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Avantia Cyber Security & ID Agent to the Rescue: Monitoring the Dark Web for stolen credentials is critical for organisations who want to provide comprehensive security BullPhish ID compliments that data with simulated phishing attacks and security awareness training campaigns to educate employees, making them the best defence against cybercrime: Call 07 3010 9711 (Office Hours) to find out more.


THREAT FOCUS: Starling Physicians - UNITED STATES*

https://www.nbcconnecticut.com/news/local/Starling-Physicians-Warns-Patients-of-Data-Breach-564814302.html

Exploit: Phishing attack

Starling Physicians: Connecticut-based healthcare group

Risk to Small Business: 1.555 = Severe: Three employees fell for a phishing scam, providing hackers with access to their email accounts which contained patients’ personally identifiable information. The breach originally occurred on February 8th but wasn’t discovered until September. It’s taken the company two months to identify those impacted by the breach and send notifications. This lengthy response time will make it more difficult for patients to protect their information, while also opening the company up to increased regulatory scrutiny that could result in fines or penalties that will compound the financial implications of the breach.

Individual Risk: 2.142 = Severe: The compromised email accounts contained a limited number of patient data. Starling Physicians estimate that less than 1% of their patients are impacted, but the personal data includes patients’ names, addresses, dates of birth, passport numbers, Social Security numbers, and medical information. Starling Health is offering free credit and identity monitoring for patients whose Social Security numbers were exposed, and they are encouraging all victims to contact their financial institutions and to monitor their accounts for unusual activity.

Customers Impacted: Unknown Effect On Customers: Despite the best efforts of cybersecurity software, some phishing emails will inevitably make their way into your employees’ inboxes. Fortunately, these emails aren’t malicious until acted upon by employees. Comprehensive awareness training can equip all employees to identify and neutralise possible threats. It’s a low level of effort, high impact form of defence that can make a significant impact on your company’s data security efforts and ultimately, your bottom line. Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Avantia Cyber Security & ID Agent to the Rescue: BullPhish ID simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime. Call 07 20109711 (Office Hours) for a Demonstration.


THREAT FOCUS: Boardriders Retailer - UNITED STATES*

https://www.bleepingcomputer.com/news/security/quiksilver-and-billabong-affected-by-ransomware-attack/

Exploit: Ransomware

Boardriders: Action sports retailer

Risk to Small Business: 2.222 = Severe A ransomware attack crippled Boardriders’ operations, forcing several of their online stores to close and preventing employees from accessing any of the company’s IT. The event occurred during the last week of October, leaving the business with nearly two weeks of lost sales, productivity, and inventory. Until the ransomware was cleared from the network, employees were asked not to even turn on their computers. This productivity loss is one of the many hidden costs of ransomware attacks that are becoming increasingly prevalent as hackers look to extract large, single-payment sums from their victims.

Individual Risk: No personal information was compromised in the breach.

Customers Impacted: Unknown Effect On Customers: The costs of a ransomware attack are enormous. Whether companies pay the ransom or restore a system from backups, the immediate expense can cripple a business, and the long-term repercussions are a serious deterrent to profitability. In this case, Boardriders offered consumers deep discounts to entice them to return to the store, and their inventory and productivity losses will further erode profitability. Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Avantia Cyber Security & ID Agent to the Rescue: Monitoring the Dark Web for stolen credentials is critical for managers who want to provide comprehensive security for their business.to their BullPhish ID compliments that data with simulated phishing attacks and security awareness training campaigns to educate employees, making them the best defence against cybercrime: Call 07 30109711 to discuss how our suite of Cyber Security Services can help you.


THREAT FOCUS: Nunavut Local Government - CANADA*

http://www.digitaljournal.com/tech-and-science/technology/government-services-in-nunavut-caught-in-ransomware-cyberattack/article/561203

Exploit: Ransomware

Nunavut: Local government

Risk to Small Business: 2 = Severe: A comprehensive ransomware attack has crippled the government’s ability to provide standard services. In total, the attack disabled medical services, family and education offerings, the finance department, and the territory’s legal system. In addition to the immediate price of restoring functionality, opportunity costs and reputational damage will further erode revenue. This episode reflects the total consequence of ransomware attacks, which bring uniquely troubling financial and technological repercussions for any business unlucky enough to be victimized.

Individual Risk: No personal information was compromised in the breach.

Customers Impacted: Unknown Effect On Customers: How it Could Affect Your Customers’ Business: Once a ransomware attack strikes, there is no good or affordable response plan. Therefore, businesses need to have a laser-like focus on defense. In this case, an employee fell for a phishing attack containing a malicious attachment that ultimately infected the entire system. Simply put, ransomware attacks are often avoidable, and every business has millions of reasons to ensure that they are prepared to prevent their execution. Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Avantia Cyber Security & ID Agent to the Rescue: With with a BullPhish ID penetration testing campaign, organisations can provide a more complete picture of their company’s security posture and potential risk, transforming the weakest links of an organization into their strongest points of protection. Find out how you can get started with us by phoning 07 30109711


THREAT FOCUS: University of Hertfordshire - UNITED KINGDOM*

https://www.bbc.com/news/uk-england-beds-bucks-herts-50333367

Exploit: Accidental data exposure

University of Hertfordshire: UK-based academic institution

Risk to Small Business: 2.555 = Moderate: In an email promoting an upcoming lecture, the university accidentally attached a file that included the recipients’ names and email addresses. Although the data breach is relatively restrained, it is another reminder that organizations of all sizes in every sector are charged with protecting their customers’ data, and this is a task that no organization can afford to take lightly.

Individual Risk: 2.857 = Moderate: The list was only provided to those attending the lecture, and it included students’ names and email addresses. However, this information can quickly spread beyond the immediate circulation, increasing the risk of data exposure. Those impacted by the breach should be mindful that this information can be used to perpetrate phishing scams or other forms of fraud, so they should be especially critical of their digital communications.

Customers Impacted: 2,000 Effect On Customers: How it Could Affect Your Customers’ Business: In a digital environment full of cybercriminals looking to exploit your organization’s vulnerabilities, a self-inflicted wound can be especially frustrating. Whether employees are accidentally sharing the personal data of customers or falling for phishing attacks, preparing your team to protect your customers’ information is one of the best ways to ensure that criminals have less opportunity to compromise your users’ data. Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Avantia Cyber Security & ID Agent to the Rescue: Dark Web ID™ monitors the Dark Web to find out if your employee or customer data has been compromised. We work with our international partners to strengthen their security suite by offering industry-leading detection. Discover more by calling 07 30109711


THREAT FOCUS: Monash Hospital IVF - AUSTRALIA*

https://kirbyidau.com/2019/11/06/incident-monash-ivf-patients-receive-bogus-emails-after-malicious-cyber-attack-on-fertility-company-abc-news-australia/

Exploit: Compromised email server

Monash IVF: IVF Clinic and fertility program

Risk to Small Business: 1.777 = Severe: Cybercriminals breached the Monash IVF’s email server, and they used their access to send malicious emails to patients. Since the company stores protected health information (PHI), there is concern about potential privacy violations resulting from the infiltration. To make matters worse, customers are complaining to the media, which will exacerbate the reputational damage that compounds the consequences of a data breach.

Individual Risk: 2.428 = Severe: Since hackers have such intimate access to the company's IT infrastructure, it’s possible that patient information was exposed. However, the fraudulent emails being sent to patients represent a more potent data security threat, as unsuspecting patients could unwittingly provide personal data or account credentials to bad actors. In response, every patient should be especially vigilant to assess the veracity of incoming messages, while also being scrupulous about the information that they provide in response to digital communications.

Customers Impacted: Unknown Effect On Customers: It’s never good for business when your brand is used to facilitate cybercrime. Not only can the costs of a data breach have far-reaching repercussions, but the loss in trust that follows can impact profitability for years to come. A data breach is one of the top causes of brand erosion, and every business needs to take steps to ensure that their technological capabilities improve the user experience without compromising their information. Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Avantia Cyber Security & ID Agent to the Rescue: Designed to protect against human error, BullPhish ID™ simulates phishing attacks and manages security awareness training campaigns to educate employees, making them the best defense against cybercrime. Learn more by phoning 07 30109711 (Office Hours)

THREAT FOCUS: (Name Withheld) Property Settlement Agent - AUSTRALIA*

https://www.perthnow.com.au/news/consumer-protection/scammers-target-perth-settlement-agent-in-email-scam-worth-70000-ng-b881376125z

Exploit: Compromised email account

Property Settlement: Perth, Capital of Western Australia

Risk to Small Business: 2.111 = Severe: Hackers cloned a Perth settlement agent’s email address, and they leveraged the vulnerability to scam consumers out of $70,000. Hackers simply changed one character in the email address before sending authentic-looking invoices to unsuspecting clients. At least two recipients thought the invoice was genuine, and they sent funds to the fraudulent account. As a result, the government is urging home and business buyers to be on high alert during the buying process. This problem will likely interrupt revenue-generating business activities, as the recovery effort will require both cybersecurity updates and reputation repair.

Individual Risk: 2.142 = Severe: Due to the personalized nature of this data breach, anyone conducting a personal or business real estate transaction is encouraged to be highly critical of digital funding requests. Perth officials are asking consumers to make a phone call verification of money requests and to be highly critical of digital communications from agents.

Customers Impacted: Unknown Effect On Customers: It’s unclear exactly how hackers gained access to the agent’s information, but it’s evident that hackers were able to use transactional-specific information to dupe recipients into thinking the invoice was legitimate. When it comes to protecting account integrity, simple steps, like enabling two-factor authentication, can ensure that criminal activity doesn’t go unnoticed. Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Avantia Cyber Security & ID Agent to the Rescue: With with a BullPhish ID penetration testing campaign, organisations can provide a more complete picture of their company’s security posture and potential risk, transforming the weakest links of an organization into their strongest points of protection. Find out how you can get started with us by phoning 07 30109711


POSTSCRIPT:

Data Breaches Reach New Highs 

2019 has been a notorious year for data breaches, a reality that is playing out in front page headlines and major industry studies. According to Risk Based Security’s Q3 2019 Data Breach Report, it’s the worst ever recorded in history.  The year’s third quarter saw a year-over-year increase of 112% in the total records exposed. Unfortunately, this isn’t all attributable to the high-volume data breaches at major corporations. This year, SMBs, government agencies, and educational institutions are also seeing an uptick in cybersecurity incidents, together creating a 33.3% increase in the total number of breaches for the year. Notably, many of these data breaches were avoidable. From misconfigured databases to phishing attacks, businesses have many options at their disposal for proactively protecting their most sensitive information. There is no indication that this recent data breach trend is likely to abate anytime soon, so businesses of every size have plenty of reasons to ensure that negligence isn’t the cause of yet another data catastrophe.

New Threat Actor Impersonates Government Agencies 

Cybersecurity researchers are warning consumers of a new threat actor impersonating government email accounts in the US and EU. To date, researchers have discovered hoax emails from the US Postal Service, the German Federal Ministry of Finance, and the Italian Revenue Agency. The emails are delivering malicious payloads containing ransomware to a variety of recipients.  While researchers found that cybercriminals are targeting a broad audience with their messages, they concluded that most are heavily skewed toward businesses, which offer higher payouts and more robust data sets when attacks are successful. Fortunately, malicious emails rely on user response, so businesses can protect themselves by training their employees to spot fraudulent emails. This particular attack might be new, but the strategy is well-established, and today’s employees need to be aware of the threats that are potentially lurking in their inboxes.


Disclaimer*: Avantia Corporate Services Pty Ltd and Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, and up to 56 other countries who provide cyber breach and cyber security information to us in real time. Given their international focus and experience in the cyberspace arena we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the contents accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.

*COPYRIGHT 2019 Avantia Corporate Services - All Rights Reserved.

2,000

Want The Information  Cyber Criminal's  Don't Want You To Know?

Subscribe below to receive our weekly Threat Updates straight to your inbox.

Call (07) 3010 9711 

info@avantiacorp.com.au

 

Avantia Corporate Services Pty Ltd,                    Level 7, 320 Adelaide Street

Brisbane, Queensland 4000

AUSTRALIA.

  • LinkedIn Social Icon
  • Facebook Social Icon

DISCLAIMER*: Avantia Corporate Services Pty Ltd and Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, and up to 56 other countries who provide cyber breach and cybersecurity information to us in real-time. Given their international focus and experience in the cyberspace arena, we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the content's accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.

*COPYRIGHT 2020* Avantia Corporate Services  PTY LTD - All Rights Reserved.