Search
  • Avantia Threat Update

PROLIFIC RUSSIAN HACKER - NAILED



This Past Week in Cybersecurity: 

Russian Hacker found guilty of Dropbox, Linkdin; Formspring breaches; Beginners guide to Security in Windows 10 - a user friendly interface; Malicious insiders strike gambling with security doesn’t pay off for a gambling app and Major Breaches in PORTUGAL, CANADA; UNITED KINGDOM, INDIA, NEW ZEALAND & UNITED STATES.


Dark Web ID’s Top Dark WebThreats

Top Source Hits: ID Theft Forum

Top Compromise Type: Domain

Top Industry: Hospitality

Top Employee Count: 1-10

________________________________________________________________________

RUSSIAN HACKER FOUND GUILTY OF DROPBOX, LINKDIN AND FORMSPRING BREACHES:

A jury found Russian hacker Yevgeniy Nikulin guilty for breaching the internal networks of LinkedIn, Dropbox, and Formspring back in 2012 and then selling their user databases on the Dark Webb. The jury verdict was passed recently during what was the first trial to be held in California since the onset of the coronavirus (COVID-19) pandemic. According to court documents and evidence presented at the trial, Nikulin hacked all three companies in the spring of 2012. The hacker first breached LinkedIn between March 3 and March 4, 2012, after he infected an employee's laptop with malware that allowed Nikulin to abuse the employee's VPN and access LinkedIn's internal network. From here, the hacker stole roughly 117 million user records, data that included usernames, passwords, and emails. Nikulin then used the LinkedIn data to send spear-phishing emails to employees at other companies, including people working at Dropbox, where he was able to breach an employee account, and then invite himself to a Dropbox folder holding company data.

This intrusion lasted from May 14, 2012, to July 25, 2012, and authorities say Nikulin was able to make off with a trove of information on 68 million Dropbox users, including usernames, emails, and hashed passwords. Nikulin was also able to phish his way into the employee account of a Formspring engineer, from where, between June 13, 2012, and June 29, 2012, he is believed to have gained access to the company's internal user database, consisting of 30 million user details. Nikulin then sold the data on the Dark Web underground hacker market to other cyber-criminals. The data surfaced online in 2015 and 2016, as various data traders put the data for sale on publicly-accessible forums and criminal e-commerce stores. Authorities started an investigation after the three companies filed criminal complaints in California, in 2015. Nikulin was arrested a year later, in October 2016, while vacationing in Prague with his girlfriend. A Radio Free Europe editorial published in 2016 highlighted Nikulin's extravagant lifestyle financed by his hacking activities. This included several luxury cars, expensive watches, and travels around Europe. In an interview with Russia site AutoRambler, Nikulin admitted to owning a Lamborghini Hurricane, a Bentley, a Continental GT, and a Mercedes-Benz G-Class. Despite attempts to fight his extradition in the Czech Republic, the hacker was eventually sent to the US in the summer of 2017, where he was arraigned in front of a judge. Since 2017, the hacker remained incarcerated. During all of this, Nikulin changed lawyers several times, refused to cooperate with the investigation or reach a plea deal, was moved through multiple jails, and was examined by psychologists under the court's order amid concerns for his mental health from the judge after Nikulin refused to talk with councils and appear in front of the court. Nikulin was found to be mentally apt for a trial. The actual trial was initially set for early 2020 but was delayed twice due to the coronavirus pandemic. During the trial, which took place under special circumstances and protective measures, Nikulin pled not guilty. US prosecutors proved their case, but they also tried to pin him to other hacks and criminal conspiracies. The judge supervising the case called the prosecution's efforts into question just days before the trial ended, describing their efforts and evidence as "mumbo jumbo," wondered if the prosecutors were wasting the jury's time, and also asked out loud if the prosecutors had any real evidence against Nikulin besides private messages sent between two nicknames on internet chats. However, despite the judge critiquing the prosecutors for their handling of the case, the jury found Nikulin guilty after only six hours of deliberations. Nikulin's sentencing is scheduled for September 29, 2020.


BEGINNERS GUIDE TO SECURITY ON WINDOWS 10 - USER FRIENDLY INTERFACE

Windows Security is a built-in app available on Windows 10 that provides a user-friendly interface and tools to manage common security features. For example, the experience includes the Microsoft Defender Antivirus, which offers real-time protection for your computer and data against viruses and many other kinds of malware. Also, you can manage the Microsoft Defender Firewall to block intruders from sneaking in. You can monitor the device's performance and health as well as your identity with the account protection settings, and even more advanced features to keep everything a little more secure. In this Windows 10 guide, we'll walk you through the steps to get started and perform everyday tasks with the Windows Security app to keep your system and data safe.

How to adjust notifications for Windows Security

Before you dive into this guide, you need to understand the difference between "Microsoft Defender Antivirus" and "Windows Security." Windows Security is the application that provides a unified experience to view status and manages security features, such as antivirus, firewall, performance, and other security features. On the other hand, Microsoft Defender Antivirus is the default anti-malware engine that offers real-time protection against may forms of malware, including viruses, spyware, ransomware, and hackers. Installing a third-party antivirus will disable the Microsoft Defender Antivirus automatically, but it'll not affect the functionality of Windows Security. In the same way, disabling Microsoft Defender Antivirus or Microsoft Defender Firewall won't disable Windows Security.

How to navigate Windows Security

Windows Security is a straightforward application. You can open it from the Start menu or double-clicking the shield icon from the notification area in the taskbar. Windows Security home - Source: Windows Central: In the Home page, you can view the security status of the different protection features available by default on Windows 10. You can also see alerts of any action that needs to be taken to keep your computer secure. The shield icon in the notification area can also alert you when an action needs to be taken. If there is more than one alert, only the most severe warning will appear. Also, if you right-click the app icon, you'll have access to actions, such as quick scan, download updates, adjust notifications, and access the dashboard. Windows Security icon in the taskbar - Source: Windows Central

Windows Security includes seven areas of protection that you can manage and monitor:

Virus & threat protection – houses the Microsoft Defender Antivirus settings. It allows you to monitor the malware protection, scan the device for threats, launch an offline scan, and set up the advanced anti-ransomware feature.

Account protection – allows you to see how to protect your identity on Windows 10.

Firewall & network protection – lets you monitor network connections, and you can configure various Microsoft Defender Firewall settings.

App & browser control – helps you protect your device and data from malicious code hidden on apps, files, and websites.

Device security – provides hardware-level security features, such as Core isolation and Security processor, to protect your computer from certain attacks.

Device performance & health – display the health and performance report of your computer.

Family options – offers easy access to manage your devices and kids' online experience using a Microsoft account.

How to scan computer for malware using Microsoft Defender Antivirus:

Windows 10 automatically updates and scans the device for malware regularly, but you can perform different scans manually.

Quick virus scan: A quick scan happens fast, and it only scans the parts of the system where malware is known to hide. To start a virus scan with Microsoft Defender, use these steps:

Open Windows Security.

Click on Virus & threat protection.

Click the Quick scan button.

Microsoft Defender Antivirus quick scan - Source: Windows Central

Once you complete the steps, under the Current threats section, you'll see any detected threats, as well as the time it took to complete the scan and the number of scanned files. If you suspect that a virus is still on your computer, you should try to perform a full scan.

Full virus scan: A full virus scan takes longer, but it makes sure to check every file, folder, and application. To start a full virus scan with Microsoft Defender, use these steps:

Open Windows Security.

Click on Virus & threat protection.

Under the "Current threats" section, click the Scan options link.

Microsoft Defender scan options - Source: Windows Central

Select the Full scan option. Microsoft Defender Antivirus full scan option

Source: Windows Central - Click the Scan now button.

After you complete the steps, you can continue using the device, while the antivirus will perform a full scan to detect any potential malware.

Custom virus scan - If you only want to scan a particular folder or location, the Windows 10 antivirus includes an option to complete a custom scan.

To perform a custom virus scan, use these steps:

Open Windows Security.

Click on Virus & threat protection.

Under the "Current threats" section, click the Scan options link.

Microsoft Defender scan options - Source: Windows Central

Select the Custom scan option. Microsoft Defender Antivirus custom scan option

Source: Windows Central

Click the Scan now button.

Select the location to be scanned.

Click the Select Folder button.

Alternatively, you can just right-click a drive, folder, or file and select the Scan with Microsoft Defender option from the context menu to perform a custom scan.

Offline virus scan: Sometimes if you're dealing with a tough virus or another type of malware, the antivirus may not be able to remove it while Windows 10 is running. If this is the case, you can use Microsoft Defender to perform an offline scan. When using this feature, the computer will restart automatically in the recovery environment, and it'll perform a full scan before Windows 10 starts.

To start an offline virus scan, use these steps:

Open Windows Security.

Click on Virus & threat protection.

Under the "Current threats" section, click the Scan options link.

Microsoft Defender scan options - Source: Windows Central

Select the Microsoft Defender Offline scan option.

Microsoft Defender Offline Scan Option - Source: Windows Central

Click the Scan now button.

Click the Scan button.

Once you complete the steps, the device will restart and boot into a standalone version of the Microsoft Defender Antivirus, and it'll scan the entire machine. If malicious code is detected, it'll be removed or quarantined automatically.

After the scan, the device will restart into Windows 10, and you can then view a report in the Windows Security app.

How to view protection history using Microsoft Defender Antivirus

Microsoft Defender Antivirus also includes an area that you can view the latest protection actions and recommendations. To view protection history, use these steps:

Open Windows Security.

Click on Virus & threat protection.

Click the Protection history option.

Microsoft Defender Antivirus Protection History - Source: Windows Central

Click the "Filters" drop-down menu and select the history you want to review, including:

Recommendations.

Quarantined items.

Cleaned items.

Blocked actions.

Severity.

Microsoft Defender protection history

Source: Windows Central - After you complete the steps, you'll get a report with items that have been removed, cleaned, or are still waiting for action.

How to temporarily disable Microsoft Defender Antivirus

It's not recommended to use a device without malware protection, but sometimes the antivirus can be the reason you can't install an app or software update. If this is the case, you can disable the antivirus temporarily to complete the software installation.To disable Microsoft Defender Antivirus, use these steps:

Open Windows Security.

Click on Virus & threat protection.

Under the "Virus & threat protection settings" section, click the Manage settings option.

Virus & threat protection settings option - Source: Windows Central

Turn off the Real-time protection toggle switch.

Disable Microsoft Defender Antivirus

Source: Windows Central

Once you complete the steps, you can perform tasks that may conflict with the antivirus. If you don't re-enable the antivirus, it'll restart automatically the next time you reboot your computer.

If you have a good reason, you can disable Windows Defender Antivirus permanently using these advanced instructions.

How to enable anti-ransomware using Microsoft Defender Antivirus

Microsoft Defender Antivirus includes a feature known as Controlled folder access, and it's designed to monitor and protect your data against ransomware attacks and unwanted changes from malicious programs. Since it's an advanced feature, and it can cause false-positives, Controlled folder access is an opt-in feature, which means that you need to enable manually using the Windows Security app.To enable Controlled folder access on Windows 10, use these steps:

Open Windows Security.

Click on Virus & threat protection.

Under the "Virus & threat protection settings" section, click the Manage settings option.

Virus & threat protection settings option

Source: Windows Central

Quick tip: You can also access the settings by clicking the Manage ransomware protection option at the bottom of the page.

Under the "Controlled folder access" section, click the Managed Controlled folder access option.

Manage Controlled Folder Access

Source: Windows Central

Turn on the Controlled folder access toggle switch.

Enable Controlled folder access on Microsoft Defender

Source: Windows Central

Click the Block history option to access the "Protection history" page to view blocked folder access.

(Optional) Click the Protected folders option to add (or remove) additional protected folders.

(Optional) Click the Allow an app through Controlled folder access option to allow apps you trust to make changes on the protected folders.

After you complete the steps, the security feature will enable and monitor apps trying to make changes to files in the protected folders. If the app is flag as malicious or unknown, Controlled folder access will block the attempt, and you'll receive an alert of the activity.

How to exclude scan locations using Microsoft Defender Antivirus

If you have a folder with files you don't want to scan for viruses, then the anti-malware feature includes adding or removing scanning locations.

To prevent the antivirus from scanning specific folders, use these steps:

Open Windows Security.

Click on Virus & threat protection.

Under the "Virus & threat protection settings" section, click the Manage settings option.

Virus & threat protection settings option

Source: Windows Central

Under the "Exclusions" section, click the Add or remove exclusions option.

Exclude folder locations on Microsoft Defender Antivirus

Source: Windows Central

Click the Add an exclusion button.

Microsoft Defender Exclusion

Source: Windows Central

Select the kind of exclusion you want to configure. For example, Folder, but you can select one of the following:

File.

Folder.

File type.

Process.

Select the folder location.

Click the Select Folder button.

Once you complete the steps, the antivirus will not scan the location you specified. You may need to repeat the steps to add more exclusions.

How to check account protection using Windows Security

The account protection feature available with Windows Security is designed to monitor and notify you of any problems with your account and signings to best protect your identity on Windows 10.

To check the account protection on Windows 10, use these steps:

Open Windows Security.

Click on Account protection.

Confirm that Microsoft account, Windows Hello, and Dynamic lock have a green mark indicating that everything is working correctly.

Windows Security Account Protection

Source: Windows Central

If one of the account security items require your attention, you'll see an alert to take action to remedy the problem. For example, if you're using a password to sign in, the account protection system will recommend to set up the account with one of the available Windows Hello authentication methods, such as fingerprint, face, or PIN.

How to manage network security with Microsoft Defender Firewall

The app also includes an area to monitor and manage the Microsoft Defender Firewall settings.

View firewall status

To access the firewall settings with Windows Security, use these steps:

Open Windows Security.

Click on Firewall & network protection.

On the page, you can view at a glance in which network profile the firewall is currently enabled and protecting you from unauthorized access. The one marked as "active" is the network profile currently in use.

Firewall & network protection

Source: Windows Central

The page also includes various options to adjust firewall settings to allow apps through the firewall and advanced settings. However, these settings are links to change configurations from the Control Panel.

Enable or disable firewall

To enable or disable the Microsoft Defender Firewall, use these steps:

Open Windows Security.

Click on Firewall & network protection.

Click the active firewall. For example, Private network.

Microsoft Defender Firewall private network

Source: Windows Central

Turn on or off the Microsoft Defender Firewall toggle switch to enable or disable the security feature.

Enable or disable Microsoft Defender Firewall

Source: Windows Central

(Optional) Check the Blocks all incoming connections, including those in the list of allowed apps option to quickly block incoming connections.

After you complete the steps, the firewall protection will disable on your computer.

If you're disabling the firewall to test an application, remember to enable it again after the test. If the problem was the firewall, it's best to create a firewall rule instead of disabling the security feature completely.

How to protect device against malicious code using Windows Security

The "App & browser control" page is the place to configure app protection and online security settings that can help you protect your computer against sites, apps, and files that may contain malicious code.

The default settings are the recommended configuration you should be using, but you can always change them if you have a specific reason.

Reputation-base protection

To protect the device using reputation-based protection, use these steps:

Open Windows Security.

Click on App & browser control.

Under the "Reputation-based protection" section, click the Turn on button.

Click the Reputation-based protection settings option.

Reputation-based protection settings

Source: Windows Central

Turn on or off the protection options according to your preferences:

Check apps and files – offers protection against unrecognized apps and files from the internet.

SmartScreen for Microsoft Edge – protects device from malicious downloads and websites.

Potentially unwanted app blocking – blocks low-reputation apps that can be responsible for unexpected behaviors.

SmartScreen for Microsoft Store apps – checks web content that Microsoft Store apps use.

Windows Security reputation-based protection

Source: Windows Central

Quick note: Windows 10 includes the optimal settings for this feature, but you can always enable or disable the features depending on your preferences.

Once you complete the steps, Microsoft Defender Antivirus will protect your device from unwanted apps, files, and websites.

Isolation browsing

Isolation browsing is a feature available on Windows 10 Pro, Education, and Enterprise, which has been designed to isolate Microsoft Edge at the hardware level to protect the device and data from malware and zero-day attacks.

If the option is available, you can access the Microsoft Defender Application Guard settings, using these steps:

Open Windows Security.

Click on App & browser control.

Click the Change Application Guard settings option.

Change Application Guard settings

Source: Windows Central

Quick tip: This option is only available if the feature is already installed on Windows 10.

Torn on the feature that you want to enable during an Application Guard session, including:

Save data.

Copy and paste.

Print files.

Camera and microphone.

Advanced graphics.

Application Guard Settings on Windows Security

Source: Windows Central

(Optional) Click the Uninstall Microsoft Defender Application Guard option to disable the feature.

If you're using a supported version of Windows 10, you'll only be able to access the settings if the "Microsoft Defender Application Guard" component is enabled through the "Turn Windows Features on or off" experience.

Once you complete the steps, you can start a new security browsing session opening the Chromium version of Microsoft Edge, click the main menu (three-dotted) button, and select the New Application Guard window option.

Exploit protection

Exploit protection is an advanced feature that can help mitigate malware and vulnerabilities without having to wait for a malware or system update.

Windows 10 includes the most optimal settings for Exploit protection, and you shouldn't be making any changes to these settings unless you know what you're doing.

To customize the Exploit protection settings, use these steps:

Open Windows Security.

Click on App & browser control.

Click the Exploit protection settings option.

Exploit protection settings option

Source: Windows Central

Click the System settings tab.

Exploit Protection System Settings

Source: Windows Central

Configure the settings with your desire preferences.

Click the Program settings tab.

Exploit Protection Program Settings

Source: Windows Central

Configure the settings with your desire preferences.

Once you complete the steps, Exploit protection will run on the device according to your settings.

How to enable core isolation using Windows Security

Core isolation is a virtualization technology that adds an extra layer of security against sophisticated attacks. The feature you can configure will depend on the device capability. However, you'll usually find the memory integrity feature, which has been designed to minimize the chances of malware injection into memory.

Typically, you don't need to worry about the feature, but you can turn it on using these steps:

Open Windows Security.

Click on Device security.

Click the Core isolation details option.

Core Isolation Details on Windows Security

Source: Windows Central

Turn on the Memory integrity toggle switch.

Enable Memory Integrity on Windows 10

Source: Windows Central

After you complete the steps, you'll need to restart your computer to apply the new changes.

If you don't see the option, it's likely because virtualization isn't enabled inside the Basic Input/Output System (BIOS) or Unified Extensible Firmware Interface (UEFI).

How to view device health and performance report using Windows Security

Windows Security also includes an area that surfaces information about the health and performance of your computer.

To view the health and performance report of a device, use these steps:

Open Windows Security.

Click on Device performance & health.

Windows Security Health Report

Source: Windows Central

Check the health port of the device.

The report includes statuses for Windows Update, storage, device driver, and battery. If action needs to be taken, you'll see an alert with a recommendation on how to remedy the issue.

Here are the meanings for each possible status state:

Green: everything is working correctly.

Yellow: recommendation is available.

Red: warning that requires immediate attention.

Starting with the Windows 10 May 2020 Update, you'll still be able to see the "Fresh start" option, but the feature has been replaced with an option in the Reset this PC feature available through the Settings app.

How to manage parental control and track devices using Windows Security

Windows Security also has a "Family options" area, but it's not a place where you can manage any settings. Instead, it offers access to your Microsoft account to manage parental control and other devices connected to the account.

To access the Family options, use these steps:

Open Windows Security.

Click on Family options.

Under the "Parental controls" section, click the View family settings option to open these settings in your Microsoft account online.

Windows Security Family Options

Source: Windows Central

Under the "See your family's devices at a glance" section, click the View devices option to open these settings in your Microsoft account online.

Check out this guide, if you need help setting up a kid-friendly device.

How to adjust notifications for Windows Security

Finally, there's the Settings page that allows you to manage security providers and notifications settings.

To change the notifications settings on Windows Security, use these steps:

Open Windows Security.

Click the Settings button at the bottom of the page.

Under the "Notifications" section, click the Manage notifications option.

Windows Security Manage Notifications

Source: Windows Central

Customize the notifications to your preferences for the Microsoft Defender Antivirus, account protection, and firewall.

Windows Security notifications settings

Source: Windows Central

Once you complete the steps, the notifications will behave according to your configuration.

In the Settings page for Windows Security, you'll also notice a "Security providers" section, which allows you to access another page where you can see a list of other security providers, such as web protection, firewall, and antivirus. Although you can't customize any settings, you can use this page to open the security app and adjust their settings.

Wrapping things up

Although you can always use a third-party security tools from popular companies, such as Norton, AVG, Avast, Bitdefender, and others, Windows Security offers a robust set of security tools and easy to use interface that can compete side-by-side with any other solution.

Best of all, it's free, and it works alongside other security products.

______________________________________________________________________________

THREAT FOCUS: DataViper Security - UNITED STATES 

https://www.zdnet.com/article/hacker-breaches-security-firm-in-act-of-revenge/?&web_view=true


Exploit: Unauthorized Database Access (Malicious Insider)

DataViper: Information Security  

Risk to Small Business: 1.239 = Extreme - A malicious insider is the culprit in a data breach at information security firm DataViper. 8,200 databases containing the personal information of millions of users were snatched from the company’s data leak monitoring service. The hacker, purportedly a former employee of Night Lion who is using that name for Dark Web activity, claims to have spent three months inside DataViper servers while exfiltrating databases indexed for the DataViper data leak monitoring service. The hacker also posted ads on the Empire Dark Web marketplace where they put up for sale 50 of the biggest databases that they found inside DataViper’s backend.

Individual Risk: 2.117 = Severe - While these databases contained the information of billions of people worldwide, much of the information was from old breaches. Some new information was included, but researchers have not ascertained how much and what kind. This kind of information is often used in phishing and credential stuffing attacks.

Customers Impacted: Unknown 

Effect On Customers: Insider threats are a menace to every business. Our insider threats eBook helps companies spot and stop insider threats.  While most insider incidents at organizations are caused by unintentional threats like human error, malicious insider attacks count for more than 20% of insider incidents. Some malicious insiders sell company secrets or even their own credentials on the Dark Web.

Breach Risk Levels

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security and Cyber Hawke to the Rescue: Many cybersecurity incidents today are the result of internal security issues that no firewall or anti-virus could have prevented.  Cyber Hawk combines machine learning and intelligent tagging to identify anomalous activity, suspicious changes, and threats caused by misconfigurations. To find out more call Avantia on 07 30109711 or Email info@avantiacorp.com.au

THREAT FOCUS: Benefit Recovery Specialists - UNITED STATES

https://www.databreachtoday.com/billing-vendor-breach-affects-275000-a-14607


Exploit: Malware

Benefit Recovery Specialists: Medical Billing and Debt Collection 

Risk to Small Business: 1.974 = Severe - A malware incident was just confirmed at Benefit Recovery Systems by the US Department of Health and Human Services’ Office for Civil Rights. Several computers at the Houston-based company were infected, leading to a breach that exposed thousands of customer records. In a breach notification statement posted on BRSI’s website, the company says that on April 30, it discovered a malware incident affecting certain company systems. The company stated that customer files containing personal information may have been accessed and/or acquired by the unknown actor between April 20 and April 30, 2020.  

Individual Risk: 2.227 = Severe - Information that may have been exposed includes name, date of birth, date of service, provider name, policy identification number, procedure code, and/or diagnosis code. A small number of Social Security numbers may also have been exposed. Patients that were impacted should be alert for spear phishing attempts or identity theft. 

Customers Impacted: 275,000 

Effect On Customers: Healthcare data is one of the hottest commodities in today’s data markets – especially COVID-19 related patient or research data. Plus, healthcare companies face steep fines for HIPPA violations like this, making it prudent for every healthcare organization to add data loss prevention and security awareness training as priorities before a breach.

Breach Risk Levels

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Corporate Services & ID Agent to the Rescue: Phishing is a common delivery system for malware. Our security awareness training solution BullPhish ID helps prevent malware attacks by teaching users to be aware of phishing attempts. To Learn more, call Avantia on 07 30109711  

THREAT FOCUS: Canadian Defense Academy - CANADA

https://www.theglobeandmail.com/canada/article-four-canadian-military-schools-affected-by-cyberattack/


Exploit: Ransomware

Canadian Defense Academy: Military Training College System 

Risk to Small Business: 1.694 = Severe - Computer systems at Canada’s four military academies have been taken offline by a purported ransomware attack. The schools affected include the Royal Military College, the Royal Military College Saint-Jean, the Canadian Forces College and the Chief Warrant Officer Robert Osside Profession of Arms Institute. Early indications suggest this incident resulted from a mass phishing campaign. An officer at an engineering school that was impacted reported the incident as a ransomware attack on his personal blog. The incident has not affected any classified systems or classified research. 

Individual Risk: No personally identifying information or personal financial data was reported as exposed in this incident. Customers Impacted: Unknown

Effect On Customers: Ransomware is the business scourge that keeps information security professionals up at night. Most ransomware arrives through a successful phishing attack, and phishing is the biggest threat of 2020 so far, with a more than 600% increase in attempts noted since the start of the pandemic.

Breach Risk Levels

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: Protection from ransomware starts as protection from phishing. Improved phishing resistance training with BullPhish ID will arm staffers with the knowledge and awareness that they need to spot and stop potentially ransomware-infected emails. Call Avantia on 07 3010 9711 to find out more.

THREAT FOCUS: Xchanging Services - UNITED KINGDOM

https://www.insurancejournal.com/news/international/2020/07/06/574427.htm#


Exploit: Ransomware

Xchanging = Insurance Managed Services Platform 

Risk to Small Business: 2.307 = Severe - Ransomware strikes again, this time taking systems hostage at Xchanging, the UK based subsidiary of DXC Technology. The problem appears to be limited to several of the company’s customer-facing services. Xchanging offers business process services in areas such as customer administration, finance and procurement, and technology services including application management, infrastructure management, specialist software, and data integration. No data is believed to have been stolen in this incident. 

Customers Impacted: 1,000+ 

Individual Risk: No personally identifying information or personal financial data was reported as exposed in this incident. Effect On Customers:  Every business has relationships with service providers, making the risk of a third-party data breach unavoidable. Especially when transacting business with companies that handle payment, financial or personnel data, organizations have to be cognizant of the potential for a data breach that comes through business services relationships, and the Dark Web danger that brings to the table.

Breach Risk Levels 1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & Huntsman Digital Auditor to the Rescue: Helping SME’s to understand the importance of security is no easy task. With an ‘Essential8’ Digital Security Audit we offer a remote access, independent, ‘real time’ audit of our clients critical operational infrastructure systems to determine where the gaps are, with recommendations for remediation.

Its the first step to real cyber security. Call Avantia’s office on 07 30109711 or visit: https://www.avantiacybersecurity.com/cyber-security-audit

THREAT FOCUS: Energias de Portugal (EDP) - PORTUGAL

https://www.bleepingcomputer.com/news/security/edp-energy-giant-confirms-ragnar-locker-ransomware-attack/?&web_view=true


Exploit: Ransomware 

Energias de Portugal: Energy Provider 

Risk to Small Business: 2.109 = Severe - Energy giant EDP reported through its North American subsidiary, EDP NA, that it had been affected by a ransomware attack using Ragnar Locker. While the attack was not recent, the company just confirmed the parameters of it publicly as it became apparent that recovery would include notifying potentially affected customers. The attackers reportedly demanded that EDP Group pay a ransom of 1580 bitcoins for a decryptor and to stop the cybercriminals from releasing over 10 TB of data allegedly stolen in the incident.   

Individual Risk: 2.022 = Severe - Attackers reportedly gained access to some personal information stored on the impacted servers, including personally identifying information and Social Security numbers. No financial or payment card data was accessed. The company is offering customers one year of free data protection via Experian as a proactive measure.  Customers Impacted: 11,500

Effect On Customers: As ransomware continues to wreak havoc with cybersecurity at businesses of any size, every business needs to have a plan in place to both recover from a ransomware incident and bolster their security to defend against potential ransomware attacks because Dark Web activity has never been higher – or a bigger threat to businesses.

Breach Risk Levels

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security and Symantec Endpoint Protection to the rescue: Symantec Endpoint Protection is a client-server solution that protects laptops, desktops, and servers in your network against malware, risks, and vulnerabilities. Symantec Endpoint Protection combines virus protection with advanced threat protection to proactively secure computers against known and unknown threats, such as viruses, worms, Trojan horses, and adware. Call Avantia on 07 30109711 to find out more.

THREAT FOCUS: Fisher and Paykel - NEW ZEALAND

https://cyware.com/news/nefilim-operators-released-more-data-of-fisher-paykel-on-the-dark-web-c8802e4d


Exploit: Ransomware  

Fisher and Paykel: Appliance Manufacturer and Distributor 

Risk to Small Business: 2.374 = Severe - The saga continues for New Zealand appliance company Fisher and Paykel, as they continue to experience damage following a ransomware attack last month. In June, attackers took the company’s data hostage, releasing a teaser on the Dark Web as part of its initial ransom demand. The attackers used Nefilim ransomware, whi9ch is effective against Windows systems.  A larger trove of corporate data just hit the Dark Web after the company apparently failed to meet the ransom demand. So far the materials released are financial documents dating back to 2014. 

Individual Risk: No personally identifying information or personal financial data was reported as exposed in this incident. Customers Impacted: Unknown

Effect On Customers: It’s become increasingly common for ransomware attacks to have multiple components, with attackers initially making a ransom demand while providing sample data as proof that they have information, and then escalating incidents if their demands are not met. With a huge rise in phishing attempts, businesses can’t afford to take security awareness training chances.

Breach Risk Levels

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: Protection from ransomware starts as protection from phishing. Improved phishing resistance training with BullPhish ID will arm staffers with the knowledge and awareness that they need to spot and stop potentially ransomware-infected emails. Call Avantia on 07 3010 9711 to find out more.

THREAT FOCUS: T7 Games/Ouroboros Games  - INDIA

https://www.vpnmentor.com/blog/report-clubillion-leak/


Exploit: Unsecured Database

T7 Games/Ouroboros Games: Gambling Games Application Developer 

Risk to Small Business: 1.217 = Extreme - The world’s most popular social gambling app Clubillion suffered a major data breach that affects customers around the world. A research team initially discovered the problem on March 19, finding the database hosted on Amazon Web Services during the course of working on a web mapping project. The developers of Clubillion were notified by the researchers quickly, but continued inaction exposed approximately 200 million user records per day – 50GB worth of data. The active database included constantly updated gameplay information for affected users as well as IP addresses, e-mail addresses, winnings, and private messages. The database was recorded as open for 16 days before action was taken to contain the leak.  

Individual Risk: 2.219 = Severe - While researchers did not see any personally identifying or financial information in the affected database, the complexity of the breach prevents certainty about exactly what was leaked. Users of the app should be aware of potential phishing attacks fueled by this data.  

Customers Impacted: 160,000+

Effect On Customers: Staffers aren’t just using their favorite apps and services on their personal phones and computers – they're doing it on their work computers too.  As companies continue to adopt “Bring Your Own Device” policies and the work/personal line gets murkier for staffers, companies have to be concerned about the potential for danger caused by breaches in entertainment and social media apps. 


Avantia Cyber Security and Passly to the Rescue: Protect company systems with an essential second layer of security. Multifactor authentication with Passly means that even if a staffer’s password is stolen or compromised through an incident like this, the authentication code needed to log in to company systems puts another door between cybercriminals and company data. Cal 07 30109711 to find out more.

__________________________________________________________________________


POSTSCRIPT:


Web-Based Apps Are Great Tools For Businesses But They Have Hidden Dangers 

Almost every business relies on web-based applications and tools to function these days. From data storage to video conferencing, web-based applications are everywhere. But they’re not as safe as you might think – and that can be a problem for businesses.  Recently, a newly discovered spyware effort attacked users through 32 million downloads of extensions to Google’s widely used Chrome web browser. Google removed around 70 add-ons that it deemed “malicious” in response to that discovery.  Remote workers are more likely to use work devices for everything. The dangerous extensions were designed to avoid detection by antivirus or security software. If a user with one of the malicious browser extensions installed surfed the web on a home computer, it would connect to a series of websites and transmit information. Anyone using a corporate network, which would include security services, would be less likely to transmit sensitive information. As the work/home device line blurs, every company needs to put protections in place to deal with cybersecurity incidents caused by these kinds of problems. A dynamic, comprehensive digital risk protection platform like ID Agent’s can help reduce the risk of damage from unintentional insider threats like this with Passly. Our freshly updated secure identity and access management solution Passly, seamlessly integrates with over 1,000 applications to provide an essential added layer of security for companies by requiring multifactor authentication – keeping the bad guys out and company data in to help prevent a costly and potentially devastating breach.


Third Party Data Breaches Endanger Every Company 

Just because your company hasn’t had a data breach, that doesn’t mean that your staffers’ credentials are safe. Third-party data breaches are an increasing problem for every company. These days everyone uses internet-enabled services for everything from shopping to airline tickets. But that convenience comes at a price for workers: the risk of a personally identifiable data breach – and those breaches endanger their employers as well.  Recently, 45 million records of travelers to Thailand and Malaysia appeared on the Dark Web. The stolen information included extensive personal data on travelers from many countries including their Passenger ID number, full name, mobile numbers, passport details, home address, gender, and flight details. And as we reported recently, users of top gambling app Clubillion were recently impacted by a data breach as well, leading to millions of users having personally identifiable data leaked. These breaches provide the fuel that powers spear phishing attempts, blackmail, password compromise, and other cyberattacks. While companies can’t stop third-party breaches from accidental exposure of their workers’ personal information, they can mitigate the potential damage and add protections that can stop bad actors from using it against them.  Ensure that you’re protecting your data and systems from common sources of credential compromise and data loss by implementing a solid cybersecurity plan bulwarked by a digital risk protection platform featuring a Dark Web monitoring solution like Dark Web ID to watch for compromised credentials and alert companies to trouble. By making sure that you’re prepared for trouble from unexpected sources, you make your entire cybersecurity posture stronger to increase data loss prevention fast.

______________________________________________________________________________ 


AVANTIA CYBER SECURITY - PARTNER FOCUS

Passly is our Digital Risk Protection Platform. With the mass migration to remote work and the increased dependency on cloud applications to run daily business operations, Secure Identity and Access Management is the cornerstone of enabling the right people to have the right resources - all from the right devices and locations.  Passly includes state-of-the-art features to protect your systems and data, including multi-factor authentication, secure password vault, single sign-on, and integration with Dark Web ID to view exposed credential hits. Passly is the ideal security solution for today’s remote workforce – at a fraction of the price of other tools.


FOR MORE INFORMATION ON PASSLY CONTACT AVANTIA CYBER SECURITY ON +61 7 30109711 / info@avantiacorp.com.au

______________________________________________________________________________


Disclaimer*:

Avantia Corporate Services Pty Ltd T/A Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, other members of the 5 Eyes Alliance, the Australian Cyber Security Centers, and other sources in 56 countries who provide cyber breach and cyber security information in real time. Given their international focus and experience in the cyberspace arena we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the contents accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.

*COPYRIGHT 2020* Avantia Corporate Services - All Rights Reserved.

(447,000)

Want The Information  Cyber Criminal's  Don't Want You To Know?

Subscribe below to receive our weekly Threat Updates straight to your inbox.

Call (07) 3010 9711 

info@avantiacorp.com.au

 

Avantia Corporate Services Pty Ltd,                    Level 7, 320 Adelaide Street

Brisbane, Queensland 4000

AUSTRALIA.

  • LinkedIn Social Icon
  • Facebook Social Icon

DISCLAIMER*: Avantia Corporate Services Pty Ltd and Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, and up to 56 other countries who provide cyber breach and cybersecurity information to us in real-time. Given their international focus and experience in the cyberspace arena, we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the content's accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.

*COPYRIGHT 2020* Avantia Corporate Services  PTY LTD - All Rights Reserved.