SCAMMERS CAPITALISE ON PANDEMIC
This Past Week:
Scammers Capitalise on Pandemic; Alliance: COVID, Cyber Security, Compliance and ESG top concerns for finance sector; NSW Police steals a march on criminal activity; Australia is fighting back about Ransomware; Unsecured servers and cloud services: How remote work has increased the attack surface that hackers can target and major breaches in AUSTRALIA, USA and INDIA.
__________________________________________________________________________________
Scammers capitalise on Pandemic.
Australians lost over A$851 million to scams in 2020, a record amount, as scammers took advantage of the pandemic to con unsuspecting people, according to the Australian Competition and Consumer Commission’s (ACCC). The report compiles data from Scamwatch, ReportCyber, other government agencies and 10 banks and financial intermediaries, and is based on more than 444,000 reports. Investment scams accounted for the biggest losses, with A$328 million, and made up more than a third of total losses. Romance scams were the next biggest category, costing Australians A$131 million, while payment redirection scams resulted in A$128 million of losses. “Last year, scam victims reported the biggest losses we have seen, but worse, we expect the real losses will be even higher, as many people don’t report these scams,” ACCC Deputy Chair Delia Rickard said. “Unfortunately scammers continue to become more sophisticated and last year used the COVID-19 pandemic to scam and take advantage of people from all walks of life during this crisis.” Of the A$851 million in combined losses, A$176 million were reported to Scamwatch alone. (All losses described below are from Scamwatch data only). “Victoria, which was significantly impacted by the second wave of the virus, recorded the highest losses nationwide for the first time and Victorians reported A$49 million in losses to Scamwatch, more than double those in 2019.” Ms Rickard said. “We saw scammers claiming the government restrictions meant people could not see items in person before purchase. This was a common ruse in vehicle sale and puppy scams, which both had higher reports and losses.” As people spent more time online during the COVID-19 pandemic lockdown, reports and losses for some scams also increased. Health and medical scams increased more than 20 fold compared to 2019, accounting for over A$3.9 million in losses. Losses to threat based scams increased by 178 per cent to A$11.8 million, and there were more than A$8.4 million in losses to remote access scams, an increase of over 74 per cent. Phishing activity also thrived during the pandemic, especially through government impersonation scams. There were over 44,000 reports of phishing scams, representing a 75 per cent increase.
Allianz: COVID, cyber security, compliance and ESG top concerns for the finance sector
Financial institutions and their directors have to navigate a rapidly changing world, marked by new and emerging risks driven by cyber exposures based on the sector’s reliance on technology, a growing burden of compliance, and the turbulence of Covid-19, according to the newly released report. Financial Services Risk Trends: An Insurer’s Perspective from Allianz Global Corporate & Specialty (AGCS). At the same time, the behaviour and culture of financial institutions is under growing scrutiny from a wide range of stakeholders in areas such as sustainability, employment practices, diversity and inclusion and executive pay. “The financial services sector faces a period of heightened risks. Covid-19 has caused one of the largest ever shocks to the global economy, triggering unprecedented economic and fiscal stimulus and record levels of government debt,” says Paul Schiavone global industry solutions director financial services at AGCS. “Despite an improved economic outlook, considerable uncertainty remains. The threat of economic and market volatility still lies ahead while the sector is also increasingly needing to focus on so-called ‘non-financial’ risks such as cyber resilience, management of third parties and supply chains, as well as the impact of climate change and other Environmental Social and Governance (ESG) trends.” The AGCS report highlights some of the most significant risk trends for banks, asset managers, private equity funds, insurers and other players in the financial services sector, as ranked in the Allianz Risk Barometer 2021, which surveyed over 900 industry respondent, with the top three risk including:
Cyber incidents
Pandemic outbreak
Business interruption
This is followed by changes in legislation and regulation – driven by ESG and climate change concerns in particular. Macroeconomic developments, such as rising credit risk and the ongoing low interest rate environment, ranked fifth.
The Allianz Risk Barometer findings are mirrored by an AGCS analysis of 7,654 insurance claims for the financial services segment over the past five years, worth approximately €870mn (US$1.05 billion).
Cyber incidents including crime ranked as the top cause of loss by value, with other top loss drivers including negligence and shareholder derivative actions.
COVID-19 impact : Financial institutions are alive to the potential ramifications of government and central bank responses to the pandemic, such as low interest rates, rising government debt and the winding down of support and grants and loans to businesses. Large corrections or adjustments in markets – such as in equities, bonds or credit – could result in potential litigation from investors and shareholders, while an increase in insolvencies could also put some institutions’ own balance sheets under additional strain. “Claims may be brought against directors and officers in the financial services industry where there has been a perceived failure to foresee, disclose or manage or prepare for Covid-19 related risks,” says Shanil Williams global head of financial lines at AGCS. The Covid-19 environment is also providing fertile ground for criminals seeking to exploit the crisis as the pandemic led to a rapid and largely unplanned increase in homeworking, electronic trading and a rapid acceleration in digitalisation. Despite significant cyber security spend, financial services companies are an attractive target and face a wide range of cyber threats including business email compromise attacks, ransomware campaigns, ATM “jackpotting” – where criminals take control of cash machines through network servers – or supply chain attacks. The SolarWinds incident targeted banks and regulatory agencies, demonstrating the potential vulnerabilities of the sector to outages via their reliance on third-party service providers. Most financial institutions are now making use of cloud services-run software which comes with a growing reliance on a relatively small number of providers. Institutions face sizable business interruption exposures, as well as third party liabilities, when things go wrong. “Third-party service providers can be the weak link in the cyber security chain,” says Thomas Kang head of cyber, tech and media North America at AGCS.“We recently had a bank client suffer a large data breach after a third-party vendor failed to delete personal information when decommissioning hardware,” notes Kang. “How financial institutions manage risks presented by the cloud will be critical going forward. They are effectively offloading a significant portion of cyber security responsibilities to a third-party. However, by partnering with the right cloud service provider, companies can also leverage the cloud as a way to manage their overall cyber exposure.” Compliance challenges around cyber, cryptocurrencies and climate change Compliance is one of the biggest challenges for the financial services industry, with legislation and regulation around cyber, new technologies and climate change and ESG factors constantly evolving and increasing. Indeed, the report notes that there has been a seismic shift in the regulatory view of privacy and cyber security in recent years with firms facing a growing bank of requirements. The consequences of data breaches are far-reaching, with more aggressive enforcement, higher fines and regulatory costs, and growing third party liability, followed by litigation. Regulators are increasingly focusing on business continuity, operational resilience and the management of third party risk following a number of major outages at banks and payment processing companies. Companies need to operationalize their response to regulation and privacy rights, not just look at cyber security. Applications of new technologies such as Artificial Intelligence (AI), biometrics and virtual currencies will likely raise new risks and liabilities in future, in large part from compliance as well. With AI, there have already been regulatory investigations in the US related to the use of unconscious bias in algorithms for credit scoring. There have also been a number of lawsuits related to the collection and use of biometric data. The growing acceptance of digital or cryptocurrencies as an asset class will ultimately present operational and regulatory risks for financial institutions with uncertainty around potential asset bubbles and concerns about money laundering, ransomware attacks, the prospect of third-party liabilities and even ESG issues as “mining” or creating cryptocurrencies uses large amounts of energy. Finally, the growth in stock market investment, guided by social media raises mis-selling concerns – already one of the top causes of insurance claims. ESG factors taking centre stage Financial institutions and capital markets are seen as an important facilitator of the change needed to tackle climate change and encourage sustainability. Again, regulation is setting the pace. There have been over 170 ESG regulatory measures introduced globally since 2018, with Europe leading the way. The surge in regulation, in combination with inconsistent approaches across jurisdictions and a lack of data availability, represents significant operational and compliance challenges for financial service providers. “Financial services may be ahead of many other sectors when it comes to addressing ESG topics, but it will still be an important factor shaping risk for years to come,” says David Van den Berghe global head of financial institutions at AGCS. “Social and environmental trends are increasingly sources of regulatory change and liability, while increased disclosure and reporting will make it much easier to hold companies and their boards to account,” says Van den Berghe. At the same time, activist shareholders or stakeholders increasingly focus on ESG topics. Climate change litigation, in particular, is beginning to include financial institutions. Cases have previously tended to focus on the nature of investments, although there has been a growing use of litigation seeking to drive behavioural shifts and force disclosure debate. Besides climate change, broader social responsibilities are coming under scrutiny, with board remuneration and diversity being particular hot topics, and regulatory issues.“Companies that commit to addressing climate change and diversity and inclusion will need to follow through. For those that do not, it will come back to haunt them,” says Van den Berghe. Claims trends and its impact on the insurance market The AGCS report also highlights some of the major causes of claims that insurers see from financial institutions. The fact that compliance risk is growing is concerning, as compliance issues are already one of the biggest drivers of claims. “Keeping abreast of compliance in a rapidly-changing world is a tough task for companies and their directors and officers,” says Williams. “Their compliance burden is enormous, and is now accompanied by growing regulatory activism, legal action and litigation funding.” Cyber incidents already result in the most expensive claims and insurers are seeing a rising number of technology-related losses including claims made against directors following major privacy breaches. Other examples include sizable claims related to fraudulent payment instructions and “fake president” scams. Such payments can be in the millions of dollars. AGCS has also handled a number of liability claims arising from technical problems with exchanges and electronic processing systems where systems have gone down and clients have not been able to execute trades, and have made claims against policyholders for loss of opportunity. There have also been claims where a system failure has caused damages to a third party; one financial institution suffered a significant loss after a trading system crashed causing processing failures for customers. Recent loss activity, compounded by Covid-19 uncertainty, have contributed to a recasting of the insurance market for financial institutions, characterized by adjusted pricing and enhanced focus on risk selection by insurers, but also a growing interest for alternative risk transfer solutions, in addition to traditional insurance. Insurance is increasingly an important part of the capital stack of financial institutions and a growing number are partnering with insurers to manage risk and regulatory capital requirements or utilizing captive insurers to compensate for changes in the insurance markets or to finance more difficult-to-place risks.
NSW Police steals a march on criminal activity
Australia’s NSW Police Force pulls in about a terabyte’s worth of computer vision each and every day to support investigations – including from CCTV, from body worn cameras, laptops, mobile devices to dashcams. Add into that mix recordings from interviews, information from triple zero calls, police reports, forensic investigations and it is clear how the data collection available to support enquiries expands exponentially. This could be needle in a haystack territory. But it’s not thanks to a massive digital modernisation program well underway that brings to bear cloud computing, artificial intelligence and machine learning, edge computing and mobile devices to ensure that front line officers have the information they need to expedite justice and are not deskbound and data mired. NSW has the largest police force in Australia with more than 22,000 members, including 18,000+ police officers serving 8 million people. Since 2017/18 NSW Police under a new Digital IT Strategy and leadership has digitised much of the interactions and channels it has to NSW citizens – from supporting them to report crime across all types to doing a national police check in seconds online. Internally, through a platform NSW Police call BluePortal officers can request everything digitally from a search dog, PolAir, mounted police to radios and IT equipment as well do a risk assessment and operational orders or just enquire on their roster or payroll issue. As part of this significant digital transformation effort, which has been steered by Gordon Dunsford, CITO and Executive Director Digital Technology and Innovation, more than 200 of NSW Police’s legacy systems are being retired, re-architected or replaced with modern cloud-based systems. One of the landmark programs of work is the Integrated Policing Operating System (IPOS). This modern cloud-based platform replaces NSW Police’s 27-year-old central database and will be used to manage all the data from operations including triple zero calls, arrests and charges, firearms, criminal investigations and forensics – and then make that easily accessible by police officers. IPOS is based on Mark43’s public safety software and NSW Police is working with Microsoft Consulting Services on the build of the IPOS application with Protected level security in the Microsoft Azure cloud. At the same time NSW Police has rolled out its AI/ML-infused Insights policing platform which speeds up significantly, and democratises, access to a wide array of critical information and automates many tasks such as transcribing recordings of audio interviews or poring through petabytes of CCTV footage. This ensures faster access to useful insights and frees police to focus on operational matters. The text-to-speech capability of the platform is already attracting interest from other agencies internationally, at Federal and State levels, says Dunsford. It’s also dramatically speeding up police work. A 20-minute recording of a statement can take an individual Police officer two or three hours to manually transcribe. With the Insights platform this is now completed in seconds or minutes with a good-to-great level of accuracy in the automatic transcription –which is only getting better thanks to machine learning. The system has been designed with ethics front and centre, and in consultation with privacy experts with a particular focus on avoiding bias. As part of this significant digital transformation effort, which has been steered by Gordon Dunsford, CITO and Executive Director Digital Technology and Innovation, more than 200 of NSW Police’s legacy systems are being retired, re-architected or replaced with modern cloud-based systems. One of the landmark programs of work is the Integrated Policing Operating System (IPOS). This modern cloud-based platform replaces NSW Police’s 27-year-old central database and will be used to manage all the data from operations including triple zero calls, arrests and charges, firearms, criminal investigations and forensics – and then make that easily accessible by police officers. IPOS is based on Mark43’s public safety software and NSW Police is working with Microsoft Consulting Services on the build of the IPOS application with Protected level security in the Microsoft Azure cloud. At the same time NSW Police has rolled out its AI/ML-infused Insights policing platform which speeds up significantly, and democratises, access to a wide array of critical information and automates many tasks such as transcribing recordings of audio interviews or poring through petabytes of CCTV footage. This ensures faster access to useful insights and frees police to focus on operational matters. The text-to-speech capability of the platform is already attracting interest from other agencies internationally, at Federal and State levels, says Dunsford. It’s also dramatically speeding up police work. A 20-minute recording of a statement can take an individual Police officer two or three hours to manually transcribe. With the Insights platform this is now completed in seconds or minutes with a good-to-great level of accuracy in the automatic transcription –which is only getting better thanks to machine learning. The system has been designed with ethics front and centre, and in consultation with privacy experts with a particular focus on avoiding bias. While IPOS and Insights are independent solutions, they are very much complementary. IPOS brings together information from triple zero calls, complaints or reports from the public, all the way through to data from investigations management, forensics and ultimately custody management. IPOS brings to life the ‘steel thread’ processes of NSW Police Force from the call for service through 000 to the hand off to the Justice or Courts systems. The IPOS system gives a single view of a person of interest across all the functions of a large and complex law enforcement Agency like NSW Police and can make that information available directly to police via their MobiPol mobile devices. It can also provide access to important additional information – for example alerting police to the fact that the address where they are going to apprehend someone is located next to another house where residents are known to be antagonistic to the police through its geofencing capability. Dunsford says that at present NSW police officers share MobiPols – but with IPOS there are plans to equip every officer with their own device and access to IPOS. Joseph Ontedhu, the NSW Police Chief Enterprise Architect, who has played a key role in the development of the Insights platform meanwhile describes it as an investigation support tool that can accelerate the pace at which useful information can be provided to police. Insights is currently hosted internally, but shortly will migrate to the cloud, and already NSW Police is using a containerisation strategy to parcel up data that needs to be interpreted rapidly, and sending that to Azure for processing. Dunsford says Microsoft Azure’s security credentials are highly valued by NSW Police, helping it to de-risk its modernisation program. The selection of Azure as the platform for IPOS was also supported by Mark43’s decision to build its software on the Microsoft cloud. NSW Police is supported by Microsoft Consulting Services as it builds IPOS to Protected level in Azure. Dunsford adds that the performance and scalability of Azure supports the explosive nature of some police work, particularly State Crime and State intelligence Command work where there can be huge volumes of information to process and manage in a short space of time. Azure also plays a key role in the democratisation of data – making information available to police where and when they need it, preventing them being deskbound. Ontedhu explains that if the information that an officer needs is sitting in a legacy system, the metadata about that information can be brought into Insights for analysis. “Let’s say, they want to know if NSW Police has got any CCTV or body-worn video that NSW Police now wear, or even from a police car specific to a certain location at a certain time, they can go search. Then we’ll get a hit if that body worn video has been uploaded. NSW Police already has plans to replace the legacy data store systems with the Digital Evidence Cloud, and has built a small-scale capability and has trialed this with NSW Police’s Forensics Command. That, says Dunsford, should dramatically increase the amount of material that can be collected and analysed to support current and future investigations when NSW Police is ready to scale the trial. “We join the dots,” he says. Insights has already proven its ability to join the dots by supporting Strike Force Toronto which looked for evidence of arson and other criminal acts from the 2019/20 NSW bushfires. Dunsford said that during investigations about the 2019/20 bushfires the system took geographic information, bushfire information, and then overlaid that with data from some 17 separate sources including Bureau of Meteorology data about lightning strikes and wind conditions. It then overlaid that with geo-located mobile phone data of suspected arsonists. That, he said, had allowed police to present evidence in a very graphical or visual way to the Bushfire and related inquests investigating the horrific bushfire season in NSW. Dunsford says the impact Insights is having means demand for the platform has taken off; “Because of the speed, the agility and the ease of use in particular. A lot of this comes from the ability to scale, the ability to throw GPUs at scale at a platform like this, and harness the peaking capability we need to run these major, major investigations with tens of thousands of hours at CCTV and other digital evidence. “That’s what the cloud offers NSW Police, and particularly Microsoft.” Dunsford has made significant progress already on building strong digital foundations for NSW Police Force and has also carved out a reputation for the organisation as being a leading-edge innovator that attracts and retains leading edge digital tech talent. It’s this combination that delivers real tech intensity to an organisation. According to Dunsford; “I want us to be seen as an organisation that’s very much investing in technology and talent to really transform what we do with frontline police and the way they work. How they use technology to get results faster, smarter, not having to work harder and longer, not burning out. “And being out in the street more, so everything they do in a police station, they can do on the street from a mobile first perspective.” With the Digital Evidence Cloud now well advanced and ready to be scaled off the back of IPOS and Insights, he is exploring the potential of further innovation with a planned trial of Microsoft’s edge technology in NSW police cars. Dunsford also wants to understand how low earth orbit (LEO) satellites could be used to support police; how data from the Integrated Connected Officer program which collects data from an officer’s firearm, taser, car and body worn camera can be ingested into Insights; and how drones could be deployed to collect video that could help identify potentially dangerous situations. Advanced AI and machine learning could, he thinks, be used to train systems to identify everything from the colour, make and model of vehicles, to a backpack in a crowded street, to finding a particular individual based on their unique gait. Dunsford stresses that as AI/ ML plays an increased role, ethics considerations are at the heart of all the NSW Police’s modernisation plans and that it will always consult stakeholders. The goal however remains crystal clear – to digitally enable and keep police safer, to prevent and disrupt crime and to speed up justice outcomes for victims of crime and the community.
Australia is fighting back about Ransomware
Ransomware campaigns impact multiple sectors across the economy as Australians continue to be targeted by cybercriminals through campaigns impacting multiple sectors across our economy. Assistant Minister for Defence, the Hon Andrew Hastie MP, said the Government is tackling cybercriminals head-on to support Australian organisations and individuals from cyber compromise. “In 2018 the Australian Cyber Security Centre was established within the Australian Signals Directorate as the standing taskforce that combines the expertise of foreign and domestic law enforcement and intelligence agencies to fight cybercrime,” Assistant Minister Hastie said. “The Australian Signals Directorate has used, and will continue to use, its broad range of offensive cyber capabilities to disrupt and bring cybercriminal syndicates targeting Australia to their knees. Offensive cyber is just one of the tools in Australia’s toolkit. “The ACSC provides vital advice and assistance to defend Australian businesses and individuals against ransomware, and brings together the Australian Signals Directorate’s intelligence, offensive cyber and cyber security capabilities to defend Australia’s interests from malicious cyber actors. “The ACSC takes the information it learns from cyber attacks against Australian businesses, and uses it to warn and protect further Australian organisations from being targeted. “Under the Cyber Security Strategy 2020, the Australian Government is strengthening Australia’s capability to counter cybercrime with a $164.9 million investment,” Assistant Minister Hastie said. Ransomware is one of the most damaging types of cyber attacks, which can have severe and long-lasting impacts to Australian organisations and their operations. But prevention is better than cure, and with cyber security the best offence is often a strong defence. Companies and organisations need to have protective measures in place that will make it harder for cybercriminals to harm their business. The ACSC has published a ransomware Prevention and Protection Guide, and Emergency Response Guide. The guides are available at cyber.gov.au/ransomware. “I encourage Australian organisations to report their ransomware incidents to the ACSC so we can protect and warn all organisations and build better overall cyber defences for ‘Team Australia’. Any cybercriminal operating on the dark web or hiding behind encryption should be on notice that the full range of Australia’s intelligence and law enforcement capabilities are being aimed at you”, Assistant Minister Hastie said. Cybercrime can be reported through ReportCyber which is managed by the ACSC on behalf of law enforcement agencies, providing a single online portal for individuals and businesses to report cyber incidents.
Unsecured servers and cloud services: How remote work has increased the attack surface that hackers can target.
Cybersecurity researchers discover hundreds of thousands of insecure severs, ports and cloud services being used by remote workers that could be easily exploited by cyber attackers. The increase in the use of cloud services as a result of organisations and their employees shifting to remote work because of the COVID-19 pandemic is leaving corporate networks exposed to cyberattacks. Many businesses had to swiftly introduce working from home at the start of the pandemic, with employees becoming reliant on cloud services including Remote Desktop Protocols (RDP), Virtual Private Networks (VPN) and application suites like Microsoft Office 365 or Google Workspace. While this allowed employees to continue doing their jobs outside the traditional corporate network, it has also increased the potential attack surface for cyber criminals. Malicious hackers are able to exploit the reduced level of monitoring activity, while successfully compromising credentials – that are used to remotely login to cloud services – provides a stealthy route into corporate environments. Cybersecurity researchers at security company Zscaler analysed the networks of 1,500 companies and found hundreds of thousands of vulnerabilities in the form of 392,298 exposed servers, 214,230 exposed ports and 60,572 exposed cloud instances – all of which can be discovered on the internet. It claimed the biggest companies have an average of 468 servers exposed, while large companies have 209 at risk. The researchers defined 'exposed' as something that anyone can connect to if they discover the services – including remote and cloud services. Organisations are likely to be unaware that these services are exposed to the internet in the first place. In addition to this, researchers discovered unpatched systems with 202,000 Common Vulnerabilities and Exposures (CVEs), an average of 135 per organisation, with almost half classified as 'Critical' or 'High' severity. It's possible that cyber criminals will be able to discover and exploit these vulnerabilities in order to enter corporate networks and lay the foundations for cyberattacks including data theft, ransomware and other malware campaigns. "The sheer amount of information that is being shared today is concerning because it is all essentially an attack surface. Anything that can be accessed can be exploited by unauthorised or malicious users, creating new risks for businesses that don't have complete awareness and control of their network exposure," said Nathan Howe, vice president for emerging technology at Zscaler. While an increased attack surface can impact organisations of all sizes, international and large employers are the most at risk, due to their number of employees and a distributed workforce. A global workforce may also make it more difficult to detect anomalous activity because the company is used to employees accessing the network from around the world, so a malicious intruder may not be immediately obvious. But it's possible to take steps to reduce the attack surface – and the potential risk to the organisation as a result. Zscaler recommends three steps for minimising corporate network risk. The first is to know your network – by being aware of what applications and services are in use, it's easier to mitigate risk. The second is to know your potential vulnerabilities – researchers recommend that information security teams stay informed about the latest vulnerabilities and the patches that can be applied to counter them. The third thing organisations should do is adopt practices that minimise risk and act as a deterrent to cyber criminals. For example, secure login credentials for cloud services with multi-factor authentication, so in the event of a username and password being breached, it isn't as simple for criminals to actually access accounts and services. "By understanding their individual attack surfaces and deploying appropriate security measures, including zero trust architecture, companies can better protect their application infrastructure from recurring vulnerabilities that allow attackers to steal data, sabotage systems, or hold networks hostage for ransom," said Howe. __________________________________________________________________________________
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
THREAT FOCUS: United States – MedNetwoRX
https://www.healthcareitnews.com/news/reported-ransomware-attack-leads-weeks-aprima-ehr-outages
Exploit: Ransomware
MedNetwoRX: Medical Information Processing
Risk to Business: 1.607= Severe
A reported ransomware attack on MedNetwoRX has impeded medical providers’ access to their Aprima electronic health record systems for more than two weeks. This hack impacts medical practices, clinics and hospitals of all sizes, from solo providers to conglomerates that rely on MedNetworx to host the Aprima electronic medical records system from vendor CompuGroup eMDs. MedNetworx says that on April 22, it experienced a network outage that resulted in a temporary disruption to its servers and other IT systems. Two major clients, Arthritis & Osteoporosis Center of Kentucky, the Alpine Center for Diabetes, Endocrinology and Metabolism, have been identified as victims as well as many small single and partner practices. The incident is under investigation and some functionality has been restored.
Individual Impact: No sensitive personal or financial information was confirmed as compromised in this incident, but the investigation is ongoing.
Customers Impacted: Unknown
How It Could Affect Your Business: This is the kind of third-party service provider incident that reverberates for months as rolling damage becomes apparent. With no clear word on what if any data was stolen, your clients could be waiting for a nasty surprise.
THREAT FOCUS: United States – City of Tulsa
https://therecord.media/city-of-tulsa-hit-by-ransomware-over-the-weekend/
Exploit: Ransomware
City of Tulsa: Municipality
Risk to Business: 1.722= Severe
The city of Tulsa, Oklahoma, has been hit by a ransomware attack that affected the city government’s network and brought down official websites. The attack, which took place on the night between Friday and Saturday, is under investigation and city IT crews have begun restoring functionality and data from backups. This follows a string of ransomware attacks on other US municipalities in recent weeks. City officials were careful to note that no customer information has been compromised, but residents will see delays in-network services. While emergency response is not hampered, 311, some credit card payment systems and the city’s new online utility billing system were impacted.
Individual Impact: No sensitive personal or financial information was confirmed as compromised in this incident, but the investigation is ongoing.
Customers Impacted: Unknown
How it Could Affect Your Business Ransomware has been an especially nasty foe for government entities, especially cities and towns. Cybercriminals know that these targets are likely to pay ransoms and unlikely to have strong security or security awareness training in place.
THREAT FOCUS: United States – Fermilab
https://www.govinfosecurity.com/us-physics-laboratory-exposed-documents-credentials-a-16536
Exploit: Credential Compromise
Fermilab: Research Laboratory
Risk to Business: 1.523 = Severe
The Fermilab physics laboratory has taken action to lock down its systems after security researchers found weaknesses exposing documents, proprietary applications, personal information, project details and credentials. Fermilab, which is part of the US Department of Energy, is a world-famous particle accelerator and physics laboratory in Batavia, Illinois. One database the researchers discovered allowed unauthenticated access to 5,795 documents and 53,685 file entries. One entry point led into Fermilab’s IT ticketing system, which displayed 4,500 trouble tickets. Also found was an FTP server that required no password and allowed anyone to log in anonymously. Other impacted systems exposed credentials, experiment data and other proprietary information that were stored with no security.
Individual Impact: No sensitive personal or financial information was confirmed as compromised in this incident, but the investigation is ongoing.
Customers Impacted: Unknown
How it Could Affect Your Business: Proprietary data needs to be stored securely. Not only does it give your competition an edge if they can see what you’re doing, but it also gives cybercriminals an edge when they’re crafting a cyberattack against your company.
THREAT FOCUS: United States – BlueForce Inc.
Exploit: Ransomware
BlueForce: Defence Contractor
Risk to Business: 1.668 = Severe
Someone who runs training programs may need to upgrade their security awareness training. Defense contractor BlueForce has been hit by the Conti ransomware group. The gang posted data from the operation on its leak site along with supposed chat records from its negotiation with BlueForce. The Conti gang has demanded 17 bitcoin for the decryption key. BlueForce is a Virginia-based defense veteran-owned contractor that works with the US Department of Defense and the US Department of State on program management, training and development initiatives.
Individual Impact: No sensitive personal or financial information was confirmed as compromised in this incident, but the investigation is ongoing.
Customers Impacted: Unknown
How it Could Affect Your Business: Increased security awareness training makes organizations up to 70% less likely to experience damaging cybersecurity incidents like this one.
THREAT FOCUS: United States – CaptureRX
https://www.infosecurity-magazine.com/news/capturerx-data-breach-impacts/
Exploit: Ransomware
CaptureRX: Medical Software Company
Risk to Business: 1.907 = Severe
Texas-based CaptureRx, fell victim to a ransomware attack in which cybercriminals snatched files containing the personal health information (PHI) of more than 24,000 individuals. The security breach impacted 17,655 patients of Faxton St. Luke’s Healthcare and a further 6,777 patients at Gifford Health Care as well as an indeterminate number of Thrifty Drug Store patients. CaptureRx is currently unclear how many of its healthcare provider clients have been affected by the attack. Nor has the company finished its final tally of how many individuals had their PHI exposed because of the incident.
Risk to Business: 1.959 = Severe
Data exposed and stolen by the ransomware attackers included names, dates of birth, prescription information, and, for a limited number of patients, medical record numbers. Affected healthcare provider clients were notified of the incident by CaptureRx between March 30 and April 7.
Customers Impacted: 24K +
How it Could Affect Your Business: The medical sector has been absolutely battered by ransomware in the last 12 months. Breaches at service providers like this and Accellion show that cybercriminals are playing smart by hitting targets that offer them access to a variety of information that has value for future attacks.
THREAT FOCUS: United States – Alaska Court System (ACS)
https://thehill.com/policy/cybersecurity/551463-alaska-court-system-forced-offline-by-cyberattack
Exploit: Ransomware:
Alaska Court System: Judicial Body
Risk to Business: 1.572 = Severe
The Alaska Court System (ACS) was forced to temporarily disconnect its online servers this week due to a cyberattack that installed malware on their systems, disrupting virtual court hearings. The court’s website had been taken offline and the ability to search court cases had been suspended while it worked to remove malware that had been installed on its servers. Activities that may be impacted by the ACS taking its website offline include the ability of the public to view court hearings over Zoom, online bail payments, submitting juror questionnaires and sending or receiving emails to or from an ACS email address.
Individual Impact: No sensitive personal or financial information was announced as compromised in this incident, but the investigation is ongoing.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware is the weapon of choice for cybercrime especially against local, state and municipal governments with often weak or outmoded IT departments.
THREAT FOCUS: Australia – NSW Labor Party
Exploit: Ransomware
NSW Labor Party: Political Organization
Risk to Business: 2.109 = Severe
The ransomware group Avaddon is threatening to release a trove of sensitive information including images of passports, driver’s licenses and employment contracts from a ransomware hit on the NSW Labor Party. The cybercriminals have demanded a response to its ransom request within 240 hours and threatened to launch a denial of service attack against the party if it did not pay. NSW Police has come on board in the investigation.
Individual Impact: No sensitive personal or financial information was announced as compromised in this incident, but the investigation is ongoing.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware is the modern cybercriminal’s weapon of choice. Make sure your clients are taking every possible precaution because 61% of organizations worldwide experienced a damaging ransomware incident in 2020.
THREAT FOCUS: Australia – Schepisi Communications
Exploit: Hacking
Schepisi Communications: Cloud Storage
Risk to Business: 2.307 = Severe
Melbourne-based Schepisi Communications has been the victim of a suspected ransomware attack. The company’s website has been offline for days after a hacker group said it infiltrated the company’s data systems and posted a disturbing ransom note on the dark web. The company is a service provider for Telstra that supplies phone numbers and cloud storage services. Among Schepisi’s other customers that appeared to have had their information exposed were global food conglomerate Nestle, a Melbourne radio station, an Australian property management firm, and a financial services company based in Victoria.
Individual Impact: No sensitive personal or financial information was announced as compromised in this incident, but the investigation is ongoing.
How it Could Affect Your Business: Malware and ransomware have been the plague of increasingly beleaguered service providers. Every organization in the sector should step up phishing resistance training to reduce the chance of falling prey to an attack.
THREAT FOCUS: India – WedMeGood
https://www.hackread.com/shinyhunters-leak-india-wedmegood-database/
Exploit: Hacking
WedMeGood: Wedding Planning
Risk to Business: 1.817 = Severe
Legendary cybercrime gang ShinyHunters has dumped a database belonging to WedMeGood, a popular Indian wedding planning platform. WedMeGood is yet to verify the data breach, but dark web analysts say that the database contains 41.5 GB worth of data. Lately, the hacking group has been focusing on leaking databases of Indian entities.
Risk to Business: 1.773 = Severe
Impacted users have had PII exposed including full names, city, gender, phone numbers, email addresses, password hashes, booking leads, last login date, account creation date, Facebook unique ID numbers, vacation descriptions for Airbnb and other wedding details. Site users will want to be aware of the potential of spear-phishing attacks using this data.
Customers Impacted: Unknown
How it Could Affect Your Business: ransomware attacks have been especially prevalent against targets in India recently, with hits on other major companies like BigBasket and Dr. Reddy’s. Every organization in the sector should step up phishing resistance training to reduce the chance of falling prey to an attack.
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
______________________________________________________________________________
POSTSCRIPT
Is Your Organisation in Danger from an Infrastructure Attack?
Infrastructure targeted cyberattacks aren’t just the problem of big business, government and military targets these days. Increasingly, cybercriminals including nation-state actors, are setting their sights on smaller companies that may have weaker security. One in four attacks that IBM Security X-Force Incident Response remediated in 2020 were caused by ransomware. But by taking a few sensible precautions, you can bolster your defenses against this threat.
Experts estimate that 51% of businesses were victims of ransomware in 2020. These included companies in data handling, cloud computing, medical information processing and storage, transportation, manufacturing, education and many other sectors that may not at first glance seem like infrastructure targets. By attacking companies that do business with big fish, cybercriminals can gain information about them, or even gain access to the systems of major targets, like recently happened with Solarwinds.
Cybercrime gangs overwhelmingly favor ransomware as their weapon of choice in these attacks. This multifunctional tool can be used to shut down production lines, steal data, lock down servers and cripple services. The number one delivery system for ransomware is phishing – 94 % of ransomware arrives at businesses via email. By preventing phishing attacks from finding success at your business, you can protect your business from ransomware.
Take action now to protect your business from this growing threat by implementing sensible precautions like a security assessment to find vulnerabilities and increased security awareness training to ensure that you’re ready for trouble.
__________________________________________________________________________________
DISCLAIMER* Avantia Corporate Services Pty Ltd T/A Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, other members of the 5 Eyes Alliance, the Australian Cyber Security Centers, and other sources in 56 countries who provide cyber breach and cyber security information in real time. Given their international focus and experience in the cyberspace arena we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the contents accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.