Safe in the water, Not so much on land!
This week an Australian Navy shipbuilder was hit by a cyber security breach and extortion attempt and a German-based spyware startup inadvertently exposes 20GB of its own unprotected data online. Apple releases security updates and says new MacBook Laptop will disconnect microphone when lid is closed – why is this important?
This week in review:
Dark Web Metrics*
Total Compromises: 37,290
· Top Source Hits: Website (36,618)
o Disqus.com (36,618)
· Top PIIs compromised: Domains (37,253)
o Hashed/Cleartext Passwords (36,617)
· Top Company Size: 11-50
· Top Industry: High-Tech & IT
Malware Attacks/Discoveries*
Hits: 28 | Targets: Internet of Things, Dynamic Network Services, Inc (Dyn), Deutsche Telekom,
Germany, United States
Hits: 24 | Targets: Iran, North Korea, Industrial Control Systems, SCADA and ICS Products and
Technologies, United States
Hits: 15 | Targets: Syria, Microsoft Windows Xp, Microsoft Windows, Server Message Block ,
Russia
Hits: 8 | Targets: Microsoft Windows, Hypertext Transfer Protocold, Facebook, Israel
Hits: 7 | Targets: Ethereum, ARC processors, Huawei Technologies, Internet of Things, Huawei
Targeted Industries*
Hits: 162 | Targets: Google, Microsoft, Yahoo, Twitter, Facebook
Hits: 160 | Targets: Cathay Pacific, British Airways, Uber, FedEx , Delta Air Lines
Hits: 156 | Targets: Google, Microsoft, Yahoo, Twitter, Facebook
Hits: 148 | Targets: PayPal, Dominion Resources, Equifax Inc, BankIslami, AXA S.A.
Hits: 89 | Targets: Google, Twitter, Facebook, YouTube, LinkedIn
Threat Actors*
Hits: 46 | Targets: WordPress, Joomla, Twitter, Apache HTTP Server, Symantec
Hits: 43 | Targets: Islamic State in Iraq and the Levant, Twitter, United Nations, United States, Tunisia
Hits: 21 | Targets: Israel, Iran, Syria, Lebanon, United States
Hits: 14
Hits: 13 | Targets: British Airways, Ticketmaster Entertainment, Newegg, Feedify, United States
In Other News
Apple Laptops Close a doorway*.
Apple unveiled new Macs and iPads on Tuesday and has pushed out security updates for macOS (Mojave, High Sierra, Sierra), iOS, watchOS, tvOS, Safari, iTunes, and iCloud for Windows.
During the Apple event that presented the new devices to the world, Apple revealed that all new Mac portables (MacBooks) that have the T2 Security Chip built in automatically disable the microphone when the lid of the device is closed.
“This disconnect is implemented in hardware alone, and therefore prevents any software, even with root or kernel privileges in macOS, and even the software on the T2 chip, from engaging the microphone when the lid is closed,” Apple explained.
“The camera is not disconnected in hardware because its field of view is completely obstructed with the lid closed.”
This gives a high degree of privacy from hackers stalking to get intelligence for a future attack which may not be available on other laptops.
Google 68 Chrome Rolled out*
Google began rolling out Chrome 68 - now, Google’s browser will display a “Not Secure” warning next to the website in the address bar if the site is not secured with HTTPS.
With the many breaches of data security around the world and across Australia recently, it’s becoming increasingly important to be diligent with online security.
You might have heard that malware has been used to compromise Australian factories and even traffic lights. But business websites are increasingly popular targets — and the size of your business doesn’t matter to the cyber criminals who use hijacked computers that are constantly scouring the web for ‘easy’ targets.
Groups of these hijacked computers (called bots) use automated programs to look for sites running versions of vulnerable systems and automatically attack them. If they can get sufficient access, they can then turn that website or server into another machine in their bot army to send spam and/or attack other sites. In many cases, planting malware is the first part of a break-in. If left untreated, other mayhem may follow.
What’s more, malware is increasingly versatile and destructive. It can do all sorts of bad things, including:
· Erase all your data.
· Steal your customers’ information.
· Encrypt your data and hold it for ransom.
If you enter your website in Google Site Console the search engine will alert you if it finds Malware on your site. Although Google typically sends malware alerts to your Message Center, you can have your Message Center messages forwarded to your Email Account.
Apple iPhone Vulnerability*
A security enthusiast who discovered a passcode bypass vulnerability in Apple's iOS 12 late last month has now dropped another passcode bypass bug that works on the latest iOS 12.0.1 that was released last week. Jose Rodriguez, a Spanish amateur security researcher, discovered a bug in iOS 12 in late September that allows attackers with physical access to your iPhone to access your contacts and photos. The bug was patched in iOS 12.0.1, but he now discovered a similar iPhone passcode bypass hack that works in 12.0.1 and is easier to execute than the bug Rodriguez discovered and reported two weeks ago.
The new hack allows anyone with physical access to your locked iPhone to access your photo album, select photos and send them to anyone using Apple Messages.
Since the new hack requires much less effort than the previous one, it leaves any iPhone user vulnerable to a skeptic or distrustful partner, curious school mate, friend or roommate who could access your iPhone's photo album and grab your private photos.
Repair Your Phone Yourself:
In the USA it is now legal to break Digital Rights Management in order to repair your phone, following a ruling at the US Copyright Office. This is big news for third-party phone repair shops, as well as the repair businesses of many other products such as cars, tablets, refrigerators and even tractors. Go ahead and crack that old broken iPhone open to fix it yourself! Well… try to fix it at your own risk, but now you have the option.
Threat Focus: Cathay Pacific Airways – Hong Kong
Exploit: Unclear at this time. Cathay Pacific Airways: Hong Kong-based international airline. Risk to Small Business: 1.666 = Severe: Customers are not soon to forget the company that failed to secure their data and waited several months to acknowledge their breach. Individual Risk: 2.285 = Severe: Individuals affected by this breach are at a higher risk of credit card fraud and should contact their card issuer, cancel their cards immediately, and enroll in a credit monitoring service, if provided. Customers Impacted: 9.4 million. Effect in Customers: For any organization, a breach where the hacker obtained payment information is a customer relations disaster. A breach where almost 9.5 million customers were affected would scale this disaster up to match. Risk Levels: 1 - Extreme Risk 2 - Severe Risk 3 - Moderate Risk *The risk score is calculated using a formula that takes into account a wide range of factors related to the assessed breach.
Threat Focus: Wolf Intelligence - Germany Exploit: Exposed database. Wolf Intelligence: German-based spyware startup. Risk to Small Business: 1.666 = Severe: A breach caused by negligence is hard to explain to a customer, which would affect the amount of time it would take to regain trust. Individual Risk: 2.142 = Severe: Because the data exposed was highly personal, including phone conversations and texts, those affected by this breach are at a higher risk of identity theft. Customers Impacted: 20 gigabytes of data exposed, it is unclear how many customer’s data existed within that. Effect on Customers: An organization in the spyware industry will obviously take a SEVERE hit to their reputation, but any company would suffer the embarrassment of the founder leaving scans of his credit cards exposed on the internet. Risk Levels: 1 - Extreme Risk 2 - Severe Risk 3 - Moderate Risk *The risk score is calculated using a formula that takes into account a wide range of factors related to the assessed breach.
POSTSCRIPT:
Ransomscare. There was an article that came out this week written by the previous CIO (Chief Information Officer) of the New York City Law Department (which is also the world's largest public sector law firm), discussing the best ways to avoid ransomware. In the article he discussed 3 key points:
1.Cyber Hygiene: This is an obvious one but cannot be underrated! Passwords must be changed regularly, and everyone must remain diligent while browsing their inbox.
2. Best practices: Best practices in this context covers updating existing tech, using preventative technologies, and communication. To have the best practice for updating existing tech, put a priority on pushing out patches, use cloud web application firewalls and credential monitoring to stay a step ahead with preventative tech, and communicate with your security team, employees or external cyber security consultants about what they should be doing as individuals and as a team.
3. Testing disaster recovery plans: This point is self-explanatory, you need a test to see if your backup plans work. You wouldn’t leave the fire alarms untested!
With ransomware being seen all over the world from Atlanta to Moscow to Sydney, it is something every business should take into account.
If you don’t have an Incident Response Strategy or a Disaster Recovery Plan or require a complete Certified Cyber Security Risk Assessment call Paul Nielsen, Certified Cyber Security Advisor, on 07 30109711 for assistance.
Consider this: When you think about Cyber Security think about the ones you care the most about – your family. If you have children or young adults using Smartphones, Tablets or Laptops consider their vulnerability. Do you want to put their digital selves in the hands of pedophiles, scammers and cyber criminals. The purchase of children’s digital credentials (username/password) is big business on the Dark Web. Check out our inexpensive Individual or Family monitoring service – it’s a ‘no brainer’ for your peace of mind. CLICK HERE FOR PRICING
* Disclaimer: Avantia Corporate Services Pty Ltd provides the content in this publication to the reader for general information only and has compiled the content from a number of sources in the USA and up to 56 other countries who provide cyber breach information to us in real time. Given their international focus and experience in the cyberspace arena we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the contents accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.