Avantia Threat Update
ROBINHOOD SEEN OUTSIDE SHERWOOD FOREST
Updated: Nov 1, 2019

This Past Week*, Robin Hood (the ransomware virus) shows his true colours; Cloud leaks keep on keeping on; FBI warns of vulnerabilities even with Multi Factor Authentication (MFA); advice on 3 types of Network attack to be wary off and major Data Breaches in NEW ZEALAND, AUSTRALIA, FRANCE; UNITED KINGDO; CANADA and USA where ransomware will cost companies critical revenue, repeat offenders put customer loyalty at risk, and businesses fail to account for the risks of compromised employee credentials.
Known Customers Effected by Data Breaches reported in this Bulletin:
268,735,409 (Past 4 Weeks)
This Past Week’s Dark Web Trends*: Top Source Hits: ID Theft Forums
Top Compromise Type: Domain
Top Industry: Finance & Insurance
Top Employee Count: 1-10 Employees
‘ROBBINHOOD’ RANSOMWARE USES INFAMY TO “PRICE GOUGE” VICTIMS*
Back in May, the city of Baltimore in the USA was brought to a standstill. All of the city hall’s systems were infected with a new ransomware variant called RobbinHood. The cyberattacker demanded a 13 bitcoin (US$76,000; €68.9612) ransom to decrypt the systems. This same variant was first seen in an attack on the city of Greenville, North Carolina in April this year. These two incidents made headlines when they were made public, mainly due to the scale and severity of the attacks. Now the attackers behind RobbinHood seem to be using this fact for their own gain. Joakim Kennedy, a US cybersecurity researcher, has discovered a new variant of the malware. In this version, the ransom note suggests that the victim understands how serious their situation is and removes all hope of decrypting the affected files for free. The note also lets the victim know that the attacker has been on their network for some time, investigating its weak points, and that they must pay the ransom within four days. “…if you don’t pay in the specified duration, the price increases $10,000 each day after that period… Don’t call FBI [sic] or other security organizations.” As well as boasting about their past success, the attackers also highlight the fact that there is no public decryption tool to recover the affected files; this means that it is impossible to recover them without the attackers’ private key. When we take a look at the damage that a RobbinHood attack can cause, it is not surprising that the incident in Baltimore got so much attention, or that the attackers want to use the incident to try to get more money. Although the ransom demanded was US $76,000, the city ended up spending US $4.6 million on recovering all the data on the affected computers, and the systems were out of service for nearly a month. However, the city hall estimates that, by the end of the year, it will have spent $5.4 million more, bringing the total to $10 million. And this figure doesn’t include potential loss of revenue due to non-payment of fines, taxes and other fees when the systems were out of action which could take the ‘event’ loss to US$18 million dollars. While it is true that RobbinHood caused a lot of damage in the city’s systems, it is also true that the city’s actions, both before and after the incident, have been criticized and contributed to the increased costs. The first criticism was the about the fact that the city—unlike Atlanta, which suffered a ransomware attack in 2018—didn’t have any insurance to cover the costs of a cyberattack, in spite of warnings from the head of security. Nor did the city have a cybersecurity training plan for its employees, and, although backups had been made, it is unclear whether they were enough to be able to recover the system. What’s more, the Mayor refused to confirm the existence of a disaster recovery plan to help deal with ransomware attacks. Unfortunately, the attackers’ claims are true: for the time being, there is no public decryption key for RobbinHood. However, this doesn’t mean that paying the ransom is the solution to a ransomware attack In fact, cybersecurity experts agree that paying the ransom only adds to the problem, encouraging and funding cybercriminals to keep carrying out attacks, and the funds are used to carry out more criminal activities. Experts agree with this stance and also remind you that paying the ransom in no way guarantees that you’ll recover your data. One of the most important protection measures is to create backups in order to return to normality as soon as possible. It is also imperative to have an incident response plan in order to know how to act if your company or organisation is affected a threat of this kind. Along with this advice, it is worth remembering that ransomware has a wide range of TTPs to get onto organizations’ IT systems. TTP’s are:- 1.- Tactics. Generally speaking, tactics are the vectors used by cybercriminals to carry out their activities, that is, the strategy in the most general terms. For example, accessing and using confidential information, gaining access to a website, or making lateral movements. 2.- Techniques. Techniques are the methods (not necessarily specific) that will be used by the attacker to help achieve their goal. For example, if the goal is to steal confidential information, the technique could be phishing, although each tactic can be made up of several techniques. 3.- Procedures. With procedures, we move out of the abstract and into the specific. These are the specific, preconfigured steps to be used by a cybercriminal in their efforts to ensure that they achieve their aims. Continuing with the example of information theft and phishing, the procedures could include developing a plan, installing a malware file, sending this file, and so on. This is why it is vital to know exactly what is happening on the system at all times, thus reducing the attack surface. When the Baltimore incident began, many news outlets reported that the ransomware had got onto the systems via the vulnerability EternalBlue, although this was later refuted by some researchers. Whatever the cause was, the fact remains that many ransomware attacks leverage vulnerabilities to access corporate networks. Uploading patch vulnarabilities as soon as they are released is critical to defend your network systems.
WHY DO CLOUD DATA LEAKS KEEP HAPPENING*?
The ongoing rash of data leaks caused by misconfigured clouds is the result of companies having virtually no visibility into how their cloud instances are configured, and very little ability to audit and manage them. This less-than-sunny news comes courtesy of the team at McAfee, which said in its latest Infrastructure as a Service (IaaS) risk report that 99% of exposed instances go unnoticed by the enterprises running them. Such unsecured instances (usually storage buckets or databases left accessible to the general public) have been responsible for many of the largest data leaks in recent years after researchers or, in some cases, hackers, stumbled upon the exposed servers and made off with their contents. McAfee's study, based on a sample of 1,000 enterprises in 11 countries as well as anonymized customer data, suggests that most businesses are woefully unaware of what data they have facing the internet. Customers told the security house they had, on average, around 37 instances of misconfigured systems and folders arise per month. In reality, McAfee places this number closer to 3,500 incidents per month as databases, storage buckets and cloud servers are inadvertently left open or exposed by a vulnerable web application. The problem, said McAfee, is most enterprises have little way to actually see what is exposed and where. The study reckons just 26 per cent of the firms it polled have the ability to audit their cloud configurations. Additionally, companies usually end up running a greater variety of services than execs and IT admins realise. Of those surveyed, 76 per cent thought they used multiple cloud vendors, when McAfee's study found the actual number was more "It's possible the speed of cloud adoption is putting some practitioners behind," McAfee said in the paper. "Infrastructure changes rapidly in the cloud, opening the door for mistakes as code is released in continuous integration/continuous delivery (CI/CD) practices." While such findings are not particularly new (we have known for a while that most enterprises keep poor track of where their clouds are running and what data is being shared), the sheer number of companies vulnerable has to be more than a little alarming, especially after years of major incidents that collectively should have served as a wake-up call. "We hypothesize that there is a practitioner-leadership disconnect at work here," McAfee added. "Ninety per cent of companies told us they'd experienced some security issue in IaaS, misconfiguration or otherwise. But twice as many manager-level IT personnel, those closest to the IaaS environment, thought they'd never experienced an issue compared to their leadership." As for what can be done, McAfee noted a number of strategies, including the regular use of auditing tools and security frameworks to make sure your cloud platforms aren't spitting out VMs with the wrong settings.
FBI WARNS ABOUT ATTACKS THAT BYPASS MULTI - FACTOR AUTHENTICATION* (MFA)
Last month, the FBI sent a special alert called a Private Industry Notification (PIN) to industry partners about the rising threat of attacks that bypass their multi-factor authentication (MFA) solutions. "The FBI has observed cyber actors circumventing multi-factor authentication through common social engineering and technical attacks," the FBI wrote. And they are right, at the moment there are multiple ways to bypass MFA protections. Practically all of them can be broken somehow or another. The FBI alert pointed at things like SIM swapping and using flawed proxies. They gave some examples of recent incidents where MFA protections were bypassed, and money was stolen from individuals and organizations. The FBI made it very clear that its alert should be taken only as a precaution, and not an attack on the efficiency of MFA, which the agency still recommends. The FBI still recommends that organizations use MFA. However, they do want you to know that there now are ways the bad guys can bypass this type of protection. "Multi-factor authentication continues to be a strong and effective security measure to protect online accounts, as long as users take precautions to ensure they do not fall victim to these attacks," the FBI said.
Using multi-factor authentication (MFA) can decrease your cybersecurity risk, and certainly is a much stronger defense compared to using traditional passwords alone. Did you know, however, that all multi-factor authentication (MFA) mechanisms can be hacked, and in some cases, it's as simple as sending a phishing email to compromise your users’ accounts? In fact, according to a Deloitte’s Cyber Threats report, 48% of cybersecurity breaches are NOT preventable by strong multi-factor authentication. It’s crucial to understand the exact security risks your MFA solution has and how your users may be compromised so you can take action to mitigate those risks and educate and train your users.
3 TYPES OF NETWORK ATTACKS TO WATCH OUT FOR*.
Cybersecurity is becoming more of a common tongue term in today’s industry. It is being passed around the executive meetings along with financial information and projected marketing strategies. Here are some common attack vectors plaguing the industry when it comes to network infrastructure. It does not really matter the infrastructure type you have. If there is value to the data you are transferring within, someone wants to get it.
Reconnaissance Attacks: Reconnaissance attacks are general knowledge gathering attacks. These attacks can happen in both logical and physical approaches. Whether the information is gathered via probing the network or through social engineering and physical surveillance, these attacks can be preventable as well. Some common examples of reconnaissance attacks include packet sniffing, ping sweeping, port scanning, phishing, social engineering and internet information queries. We can examine these further by breaking them into the two categories of logical and physical. Logical Reconnaissance refers to anything that is done in the digital spectrum and doesn’t require a human on the other side to complete the reconnaissance attack. Ping sweeps and port scans, for example, are two methods of discovering both if the system is there and what it is looking for on the network. An example of a return on a port scan would be discovering that an IP address was listening on port 443 for HTTPS traffic. That allows the hacker to know that they can attempt exploitation geared towards HTTPS. Additionally, here we see information queries over the internet. These are sometimes called whois queries. All domains registered to independent companies belong to a domain provider somewhere, as regulation of these domains must occur. The problem is like patenting a product name where company A wants to use a specified domain and company B already owns that domain. These domain management platforms handle the exchanges and maintenance of domain names from conception to expiration. These domain hosting services typically offer a lot of information relative to an organization to include points of contact and contact information. All of this makes the information gathering that much easier when you contact a company having legitimate information of persons of interest. Physical Reconnaissance crosses the lines of what a network admin has control of. There are elements that will never be protected fully like locations as well as security elements like cameras, mantraps, door locks or guards. However, these can play into physically securing a network. For example, bank security may be limited in the ability to stop an extremely well-orchestrated heist attempt to what that security team has prepared for, but the simple fact that a bank has security in place creates the potential to deter most lower to mid-level criminals who would make the attempt. That is the same idea that goes into most physical security measures for network protection. Reconnaissance, as we have established, is the collection of information from any available sources. If the surveyor cannot access the information easily, it can deter the collection altogether or force them into a more logical realm. Either of these options from the surveyor would be beneficial to the network team, as it drives the reconnaissance into a more controllable atmosphere. For these kinds of attacks, there is really a limited effort that can be done, as some details and company information absolutely need to be out there. However, through training and simple steps at the developmental level, mitigation steps can be taken to prevent this from compounding into a bigger issue. Try to limit the information posted about a company’s contact information. Edit banner returns for banner-grabbing attacks so the information is limited to the attacker. If all the information for contacting the network admin or company representative is required, be sure those personnel are trained up on how to spot social engineering attacks. This training needs to be extended out to all employees, as anyone is a risk of sharing company secrets if a social engineer is charismatic enough. Additionally, a company can outsource red teams and pen testers. Doing so can greatly inform an organization leader what shortcomings exist. Most red teams achieve access by any means necessary, and this can truly highlight what an attacker is capable of. Be sure to also conduct audits of both the logical information as well as the physical security in place. If badges are being used, check logs and be sure personnel are following the guidelines of the access agreement.
Access Attacks: Access attacks require some sort of intrusion capability. These can consist of anything as simple as gaining an account holder’s credentials to plugging foreign hardware directly into the network infrastructure. The sophistication of these attacks ranges just as far. Often these access attacks can be compared to reconnaissance in being either logical or physical, logical being over the net and physical usually leaning more towards social engineering. Logical access attacks like exploitation through brute force attacks or testing passwords on the net by rainbow tables or dictionary attacks tend to create a ton of traffic on the network and can be easily spotted by even a lower experienced level network monitor. It is for this reason that most of the logical access attacks are usually put forward after enough reconnaissance or credentials have been obtained. There is also a tendency to lean on the passive side of attacking like man in the middle attacks to try to gather more information before becoming overly suspicious. Physical access is really either access to the hardware or access to the people. Social engineering is very dangerous and hard to defend against simply because your users are usually the weakest link in cybersecurity. The easiest type of social engineering attack involves sending out phishing emails designed to hook someone that way or getting a key logger on a person inside’s computer to gain credentials that may escalate privileges of the attacker. Even the best of cybersecurity can fall subject to these types of attacks simply because they play on humanity as it exists, and we are not perfect begins without mistakes. This type of attack really comes down to network hardening. Most companies are limited to the capabilities of their equipment, so if your Cisco router is vulnerable to attack, then the best course of action is to know that attack, look for it and set rules on your network IDS/IPS for it. Update often and regularly. This cannot be stressed enough in the computer industry. Additional steps include monitoring the probing from any recently recognized reconnaissance attacks. If hackers are researching you, there is a greater possibility of future attack attempts. Again, bring in outsourced teams to test and audit current security standings.
Denial of Service Attacks: Denial of service means that the network cannot move traffic in any capacity. This can happen from power failure or flooding the network with junk traffic that clogs the network’s ability to function. Both historically have happened without any malicious intent, and both can be prevented with physical and logical blockers. To achieve a denial of service against an entire network, the attacker usually needs ample computer power on their end as well and often achieves this from a comparable network of devices that may or may not know they are involved. This would be referred to as a botnet, and it can bring swift devastation to a network without any warning through a process called the distributed denial of service. Essentially, the linked computers all fire off packets into the network simultaneously. A computing resource may seem superior to humankind, but like us, a computer can only perform one action at a time, so flooding the network with these packets generates a need to respond, and if the network cannot keep up with the responses, then the network simply cannot function. Another type of denial of service attack would be a crash to the system. This system crash can cause temporary or permanent damage to a network. The idea is like a flood where the attacker simply wants to render the network inoperable. The permanent damage would be considered a destructive denial of service where the temporary denial of service is just a crasher. DoS and DDoS attack defense walk in parallel with access attack defense ideology. Protecting against these attacks can include a few options from maximizing bandwidth allocation to network isolation based on traffic types. If your web server is attacked, you do not want that to affect the mail server or back end network management devices. Combine this effort with limiting privileges and roles. Hardening network devices is always a best practice as previously mentioned. Ensuring all systems hardware and software is updated and patched regularly is a good habit for an organization. Controlling traffic flows is a great way to stop these attacks. Also, know the vulnerabilities that can affect you.
Conclusion:
It is a pipe dream to believe a network infrastructure is invulnerable; however, the possibility of being protected is within grasp. Fundamentally, it comes down to knowledge of what can happen to your network, knowing your equipment and training up the staff.
THREAT ALERTS: Alphabroder Products - UNITED STATES*
Exploit: Ransomware attack
Alphabroder: Promotional product supplier
Risk to Small Business: 1.555 = Severe: A ransomware attack temporarily halted Alphabroder’s processing and shipping platform. Since the ransomware prevented the company from executing orders, Alphabroder was forced to make a statement on social media and interrupt most business processes. Alphabroder did subscribe to cybersecurity insurance to help offset the costs, but the reputational damage and long-term infrastructure costs can be difficult to quantify and are capable of significantly dampening the company's financial prospects in the near term.
Individual Risk: No personal information was compromised in the breach.
Customers Impacted: Unknown Effect On Customers: Cybercriminals are always looking for new ways to profit from businesses’ IT vulnerabilities. Unfortunately, these bad actors only have to execute their strategy once to inflict incredible long-term damage on a company. This complicated threat landscape makes it especially important that businesses regularly assess their cybersecurity stance to ensure that they are ready to defend whatever comes their way. Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
Avantia Cyber Security & ID Agent to the Rescue: With BullPhish ID™, our tailored simulated ‘spear phishing’ campaigns can provide a more complete picture of a company’s security posture and potential risk, transforming the weakest links of an organization into their strongest points of protection. Call Avantia on 07 30109711 (Office Hours) to schedule a demonstration.
THREAT FOCUS: Stripe Payments - UNITED STATES*
Exploit: Phishing attack
Stripe: Online payment processing company
Risk to Small Business: 1.888 = Severe: Hackers are deploying fake and invalid Stripe support alerts to engage customers and procure user credentials. After clicking on the fictitious support alert, users are prompted to enter their bank account information and user credentials on a fake customer login page. This isn’t the first time that Stripe customers have been targeted in phishing attacks, and such attacks are becoming increasingly sophisticated and prevalent.
Individual Risk: 2.428 = Severe: Given that Stripe is an online financial platform, users can easily be tricked into providing their most sensitive personal data to cybercriminals. It’s unclear if any Stripe customers have fallen for this phishing scam, but any users who responded to one of these malicious messages had their personal data compromised. They should immediately report this to Stripe and their other financial institutions, and they should take steps to ensure their data’s long-term integrity.
Customers Impacted: Unknown Effect On Customers: Cybersecurity has taken center stage among customers and employees, and both are demonstrating an unwillingness to work with companies that can’t protect their information. Especially for companies operating in a crowded and competitive market, top-shelf cybersecurity standards are a prerequisite to a thriving business model. Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
Avantia Cyber Security & ID Agent to the Rescue: Designed to protect against human error, BullPhish ID simulates phishing attacks and manages security awareness training campaigns to educate employees, making them the best defense against cybercrime.
Call Avantia on 07 30109711 (Office Hours) to schedule a demonstration.
THREAT FOCUS: Pitney Bowes Inc - UNITED STATES*
https://www.zdnet.com/article/pitney-bowes-claims-customer-data-safe-following-malware-attack/
Exploit: Malware attack
Pitney Bowes Inc.: Mail management company
Risk to Small Business: 2.111 = Severe: A malware attack prevented Pitney Bowes’ employees and customers from accessing critical services. The company, which specializes in mail management, lost business directly as a result of the attack. Customers were unable to refill postage or upload transactions on their mailing machines. In addition, news of the announcement sent the company’s shares down 4%, which underscores the many ways that a cybersecurity incident can negatively impact a company’s bottom line.
Individual Risk: No personal information was compromised in the breach.
Customers Impacted: Unknown Effect On Customers: Regardless of the attack methodology, cybersecurity events are incredibly costly for companies. In this case, Pitney Bowes was punished by investors, lost revenue opportunities, and endured reputational damage that will have long-term implications for the company. Given the high cost of recovery, pursuing robust cybersecurity services is a bargain. Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
Avantia Cyber Security & ID Agent to the Rescue: Helping our SME Customers understand the importance of security is no easy task. Training campaigns to educate employees, making them the best defense against cybercrime can have a marked impact on enterprise security. Call Avantia on 07 30109711 (Office Hours) for a no obligation explanation of how we can help you.
THREAT FOCUS: The Canada Post - CANADA*
Exploit: Credential stuffing attack
The Canada Post: Primary postal operator in Canada
Risk to Small Business: 2.444 = Severe The Canada Post recently acknowledged that it discovered a data breach from 2017. The credential stuffing attack relied on redundant username and password credentials obtained from previous hacks to access user accounts. The postal provider was unable to identify the scope of the attack, so Canada Post is resetting all user account passwords.
Individual Risk: 2.571 = Moderate: The postal operator did not provide specific insights into compromised data, but the lengthy gap between intrusion and identification increases the likelihood that compromised accounts ended up on the Dark Web or leveraged for fraud. All users should review account credentials to ensure that they are not using similar passwords across accounts, or double-dipping, which would make them vulnerable to future threats.
Customers Impacted: Unknown Effect On Customers: Credential stuffing attacks are a natural consequence of years of data breaches that have compromised billions of records. Since many customers reuse the same username and password combinations across multiple accounts, it can be an easy way for hackers to infiltrate other accounts and access even more user data. In response, businesses should do a better job of encouraging strong, two-factor passwords, while also identifying compromised credentials before they are reused in a credential stuffing attack. Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
Avantia Cyber Security & ID Agent to the Rescue: With AuthAnvil™, you can protect your employees’ password integrity. We offer integrated multi-factor authentication, single sign-on, and identity management solutions to protect your credentials and your data.
Call Avantia on 07 30109711 (Office Hours) for a no obligation explanation of how we can help you.
THREAT FOCUS: Sonic Jobs - UNITED KINGDOM*
https://www.cisomag.com/recruitment-sites-exposes-250000-resumes-online/
Exploit: Exposed database
Sonic Jobs: Job recruitment website
Risk to Small Business: 2.111= Severe: An exposed database revealed the personal information of thousands of job seekers. Sonic Jobs, which partnered with Amazon Web Services for its database, failed to change the database configuration to private, meaning that all users could view the details of job applicants and anyone who knew the locations of the servers could have downloaded the information.
Individual Risk: 2= Severe: The exposed data was provided by job seekers, and it includes their names, addresses, contact information, and work experience. This information can quickly be sold on the Dark Web, where it can be used to facilitate other cyber crimes including phishing and identity scams. To protect themselves, anyone impacted by the breach should enroll in identity monitoring services while also being especially critical of unusual or unexpected communications.
Customers Impacted: 29,202 Effect On Customers: In its response, Sonic Jobs cited its limited resources as one reason that the database’s configuration went undetected. Unfortunately for the company, consumers and global regulators don’t look at this metric when deciding how to respond to a data breach. Given the enormous financial and reputational costs of a data breach, acquiring the services to assess and secure your cybersecurity landscape is a no brainer. Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
Avantia Cyber Security & ID Agent to the Rescue: Dark Web ID monitors the Dark Web to find out if your employee or customer data has been compromised. We work with our Partners to strengthen their security suite by offering industry-leading detection and Staff education.
Call Avantia on 07 30109711 (Office Hours) to schedule a demonstration.
THREAT FOCUS: M6 Multimedia Group - FRANCE*
https://www.zdnet.com/article/m6-one-of-frances-biggest-tv-channels-hit-by-ransomware/
Exploit: Ransomware attack
M6 Group: Privately owned multimedia group
Risk to Small Business: 1.777 = Severe: Cybercriminals attempted to bring M6’s TV and radio channels offline using a ransomware attack. However, employees’ rapid identification and response time prevented the malware from disrupting programming. The company’s email and phone services did not escape the attack, remaining offline for several days after the attack. Several media outlets have been targeted with costly ransomware attacks this year, but M6 was able to sidestep more sinister consequences.
Individual Risk: No personal information was compromised in the breach.
Customers Impacted: Unknown Effect on Customers: When it comes to cybersecurity, a company’s employees can either be a vulnerability or an asset. In almost every case, this distinction is forged through training and preparedness. In this case, employees’ quick detection and response prevented an even more catastrophic ransomware attack. Rather than leaving cybersecurity up to chance, provide your employees with comprehensive cybersecurity training so that they can serve as an extra layer of protection against a litany of threats. Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
Avantia Cyber Security & ID Agent to the Rescue: BullPhish ID simulates phishing attacks and manages security awareness training campaigns to educate employees, making them the best defense against cybercrime.
Call Avantia on 07 30109711 (Office Hours) to schedule a demonstration.
THREAT FOCUS: CSL Biotherapy - AUSTRALIA*
Exploit: Insider data theft
CSL: Biotherapy provider
Risk to Small Business: 1.333 = Extreme Risk: A former high-level company executive stole a treasure trove of company details that he used to procure a job with a competitor. In addition to millions of pages of trade secrets, sales information, research, and testing information, the former executive procured the information on 800 doctors working with the company. These people are contracted by the company to influence other doctors and industry members and losing these contacts could prevent CSL from capitalizing on the exclusive thought leadership of these members.
Individual Risk: 1.857 = Severe: Although the doctors’ data was stolen for business purposes, those impacted by the breach should be aware that their information was used in an unethical and illegal manner by CSL’s former employee.
Customers Impacted: 800 Effect on Customers: CSL’s data breach is a reminder that customer data isn’t the only thing at risk in today’s digital environment. Trade secrets, intellectual property, and valuable industry contracts are all up for grabs, and this information can quickly be deployed by your competitors to undercut your advantage or to short-circuit your strategies. Therefore, when considering your cybersecurity strategy, devise a holistic plan to protect all of your valuable company data.
Avantia Cyber Security & ID Agent to the Rescue: Helping our SME Customers understand the importance of security is no easy task. Training campaigns to educate employees, making them the best defense against cybercrime can have a marked impact on enterprise security. Call Avantia on 07 30109711 (Office Hours) for a no obligation explanation of how we can help you.
THREAT FOCUS: NZ First Political Party - NEW ZEALAND*
Exploit: Database exposure
NZ First: Political party in New Zealand
Risk to Small Business: 1.555 = Severe: A bad actor shared confidential information on a political party’s members with reporters. The incident is being described as “deliberate and malicious.” The data breach follows recent complaints about the party’s internal candidate selection process. Members whose data was distributed were furious, speaking with the media about their frustration over the party’s data management.
Individual Risk: 1.857 = Severe: The compromised data reveals personally identifiable information, including names, addresses, email addresses, phone numbers, and party member due status. This information can quickly spread on hacker forums or the Dark Web where it is often used to execute additional cyber crimes. Therefore, those impacted by the breach should be especially vigilant about monitoring their accounts, and they should consider enrolling in identity monitoring services to ensure that their information isn’t being misused.
Customers Impacted: 800 Effect on Customers: Beyond the obvious political ramifications, the incident underscores the importance of holistic data security at a time when personal data can be either an asset or a liability. This breach could discourage people from formally affiliating themselves with the party through membership. Similarly, businesses that fail to protect user data in one instance almost always endure long-term consequences that are even more significant than the initial breach. Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
Avantia Cyber Security & ID Agent to the Rescue: Dark Web ID monitors the Dark Web to find out if your employee or customer data has been compromised. We work with our Partners to strengthen their security suite by offering industry-leading detection and Staff education.
Call Avantia on 07 30109711 (Office Hours) to schedule a demonstration.
POSTSCRIPT*:
Canadian Companies Victimised by Uptick in Ransomware*
2019 has seen a precipitous increase in the number of ransomware attacks reaching SMEs, Government Agencies, and Educational Institutions. These attacks, which consist of encrypting a company’s files and then demanding a ransom payment, are becoming especially common among institutions that lack the resources to continually defend against the devastating attack vector.
Now, that reality is hitting Canadian businesses especially hard, a noteworthy development for a country that has often managed to avoid being victimised by such threats.
According to a recent survey, 88% of Canadian organizations experienced some type of data breach in the past year, and 82% noted an increased attack volume during that period. However, in that survey, ransomware only accounted for 14% of these breaches. Since then, a string of Canadian Healthcare Companies, Small Businesses, and Government Organizations have been targeted. Some are speculating that the malware’s success in other countries, including the U.S., has encouraged cybercriminals to broaden their horizons.
Regardless of the intention, with ransomware widely available for Rent/Lease on the Dark Web, businesses shouldn’t expect these attacks to abate any time soon. Rather, they should continually review and update their cybersecurity posture to ensure that their infrastructure is capable of defending against the latest ransomware strains.
Businesses Underestimate the Threat of Stolen Employee Data*
While every business is busy finding ways to protect their customers’ data, a recent survey found that many are not paying attention to the threat posed by stolen employee data. Only 11% of respondents reported believing that compromised employee credentials like usernames and passwords pose high risk. However, the reality is that years of extensive data breaches have resulted in employee information being readily available on the Dark Web. Even more, hackers are leveraging tactics like credential stuffing attacks to access company networks undetected.
By failing to account for the entire threat landscape, businesses are opening themselves up to additional data exposure vulnerabilities that involve customer information.
Fortunately, companies can be proactive about identifying compromised credentials. Dark Web monitoring services alert businesses when their employee information is available for sale, providing them the opportunity to safeguard information before it is used against them.

Disclaimer*: Avantia Corporate Services Pty Ltd and Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, and up to 56 other countries who provide cyber breach and cyber security information to us in real time. Given their international focus and experience in the cyberspace arena we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the contents accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.