Subscribe below to receive our weekly Threat Updates straight to your inbox.

Call (07) 3010 9711 

info@avantiacorp.com.au

 

Avantia Corporate Services Pty Ltd,                    Level 7, 320 Adelaide Street

Brisbane, Queensland 4000

  • LinkedIn Social Icon
  • Facebook Social Icon

© 2019 by Avantia Cyber Security. All Rights Reserved.

Disclaimer*: Avantia Corporate Services Pty Ltd and Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, and up to 56 other countries who provide cyber breach and cybersecurity information to us in real-time. Given their international focus and experience in the cyberspace arena, we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the content's accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.

Search
  • Avantia Threat Update

PEGASUS LIKE SPY VIRUS GOES VIRAL....

Updated: Dec 5, 2019


So Who is Snooping on you now?

This Past Week*, Spyware discovered snooping; the growing iOT threat; tips to mitigate your risk from Ransomware; Australian Insurance industries perspective on cyber security; Apple yanks 18 ‘tainted’ Apps from store; Compromised email accounts expose IT infrastructure; Ransomware leads to company data misuse, Cybersecurity incidents are expected to rise this Holiday season and significant breaches in AUSTRALIA; NEW ZEALAND; FRANCE; IRELAND and UNITED STATES.


Dark Web ID Trends*: Top Source Hits: ID Theft Forums

Top Compromise Type: Domain 

Top Industry: Education & Research

Top Employee Count: 101 - 250 Employees 


PEGASUS LIKE SPYWARE COULD BE SNOOPING ON YOU RIGHT NOW*!

The recent reveal of Pegasus spyware attack via WhatsApp that targeted Lawyers, Journalists and Human Rights Activists, offers an astonishing revelation on the kind of havoc such spyware can create. The frequent international media buzz about the recent incident of snooping by Pegasus spyware which impacted several unsuspicious mobile users has raised an alert on the security level of Android and iOS-based mobile phones. The Pegasus spyware is not new – it was only targeting iOS users in 2016. Developed by the Israeli firm, NSO Group, the earlier reported incidences of Pegasus spyware were specific to iOS — circa 2017, Pegasus started to attack Android mobile Operating Systems also. The modus operandi was to penetrate mobile phones through a malicious link that provided the spyware with the ability to read text messages, track calls, collect passwords, gather data from other apps and collect geo-location of the phone. However, the spyware had been evolving for quite some time and off recently, it was found to be again infecting Android as well as other mobile operating systems. What makes Pegasus a scary affair today? Until the last incident, Pegasus was gaining entry into a user’s mobile, by tricking the user into clicking a link. The user still had control over whether or not to click the link & prevent Pegasus spyware from getting installed. However, in a bold and game-changing move, Pegasus spyware has now been found to exploit a vulnerability in WhatsApp that doesn’t even require any action from the victim. All that it needs to take over the victim’s phone is just make a missed call on WhatsApp and there’s absolutely nothing the mobile user can do to control this. Sounds scary right!! It is. So then how do you know if your mobile phone is infected by spyware? Typically, in this case, users realised that they had been compromised by Pegasus only when WhatsApp sent them a message on its platform notifying them about the same. There are paid/free applications available on App stores (of respective operating system providers) that claim stellar detection capabilities for this insidious spyware. However, there is no clear indication of the success of their functionality. Analysts firmly state though that, in case of something like the highly sophisticated & professional-grade spyware Pegasus, users won’t really see any suspicious behavior which alert them about a possible breach in their phone. That’s where the real danger lies and in turn, highlights the importance of integrating a robust antivirus software for mobile devices. Pegasus is not the lone attacker! The NSO Group had stated explicitly that it only provides Pegasus to authorised Government agencies indicating the high cost required to procure this software. It was no surprise then that Pegasus was only involved in attacking high-profile targets. Interestingly, Pegasus is only one of the few spyware that has gained popularity in the recent past and has been considered to be one of the best spyware in the history of cybersecurity. The search engines, however, list out a plethora of other free/cheap spyware that are easily available and can be used to target innocent victims. Hence, there are reports of several surveillance attacks that are not just targeting high – profile elite class or social activists, but instead, these highly abundant spyware are being directed towards any mobile user. This goes on to explain that it wouldn’t be long before cyber actors start manipulating other spyware to plan targeted attacks at scale on businesses as well as individual iPhone and Android mobile users. A very recent example of a high – severity Pegasus-like spyware was detected by Facebook who announced it to the world. The social media giant stated that the attack could target WhatsApp with MP4 files. This new type of WhatsApp vulnerability identified as a “stack-based buffer overflow vulnerability” could allow the remote attacker to target WhatsApp users by sending a specially crafted video file in MP4 format. It can allow a remote attacker to force “Remote Code Execution (RCE) and Denial of Services (DoS)”, to compromise a mobile phone running on iOS, Android or Windows. The threat is real. As users move towards using lean mobility over laptops and computers, cybercriminals are quick to shift their attention towards mobile devices. Mobile dependency in today’s world is at its maximum. We are living out of our mobile phones – be it professionally or personally. It is for this reason that mobile devices today have become a storehouse for vast amounts of our personal & professional data. The sad part, however, is that users often regard security as an afterthought when it comes to mobile devices as against their home or office computers. This is a recipe of disaster as hackers are figuring out novel ways to attack mobile devices. Pegasus is still an extreme case scenario – malware penetration is at its peak from multiple channels such as social media engineering, malicious applications, zero-day vulnerabilities, etc. The significant penetration of mobile devices has made billions of unsuspicious mobile users across the world soft-targets to cyber hackers. The bottom line is that spyware or for that matter malware has the ability to attack any unsuspicious mobile phone user and not just specific and high-profile targets. This has generated an urgent need for increased awareness about the importance of securing every mobile device, be it for consumers or businesses.


PUBLISHERS NOTE: In Greek mythology ‘Pegasus’ was the immortal winged horse that sprang from the God Medusa. The snakes on Medusa's head are said to represent the natural cycle of life, symbolizing rebirth and death. In the digital age Pegasus ultimately is a symbolism of power, freedom, innate talent, abilities or gifts, the gift of voice/communication, the gift of speech, and chance/opportunities. .......


THE THREAT TO iOT IS GROWING RAPIDLY*

A network of 50 honeypots deployed around the world has been catching and monitoring attacks against IoT devices. Such detected attacks have increased almost nine-fold between H1 2018 and H1 2019, from 12 million to 105 million. During the same period, the number of unique attacking IP addresses increased from 69,000 to 276,000. Many of the attacks are directed at home smart devices, such as routers. "Our telemetry data," says Kaspersky in its latest analysis, "suggests that smart botnet operators check the network AS [autonomous system] name and tend to target only IP addresses belonging to internet service providers supplying Internet connection to home users." The reason is simple. IoT devices do not have the capacity for internal security software, and SoHo IoT devices tend not to have the surrounding security layers found in business IoT. The result is a source of devices that are easy to compromise and incorporate within large scale botnets that can be used different purposes -- such as massive DDoS attacks. Many of the attacks on IoT devices focus on brute-forcing the access credentials using the devices' default settings, which are frequently unchanged by the user. By collecting the credentials used in the attacks, Kaspersky's researchers are able to gauge the most attacked devices. "New cameras are probed every quarter as exploits are released into the wild," comments Kaspersky. "In Q1 2019, we observed bots trying to infect specific Gpon routers using a specific hard-coded password." Thirty-nine percent of the detected attacks involved the Mirai family, but the Nyadrop malware family came a close second at 38.5%. Nyadrop is a backdoor and dropper, and can be used to further spread Mirai. It appeared in 2016 and has grown in popularity. It has replaced the Hajime malware, which was the second most popular (again behind Mirai) in Q1 2018. The telemetry gathered by the honeypots also allows the researchers to discover the countries hosting the IP addresses behind the attacks. China leads, hosting 21.2% of all detected attacks. Brazil is second with 13.5%. China's dominance is even greater in telnet attacks, where it hosts 30%. Brazil is still second with 19%. This is a reversal from H1 2018, where Brazil hosted 28% of telnet attacks and China 14%. Egypt and Russia are both growing fast -- Egypt from outside of the top ten to third with 12%, and Russia from eighth with 3% to fourth with 11%. "As people become more and more surrounded by smart devices, we are witnessing how IoT attacks are intensifying," comments Dan Demeter, one of the security researchers at Kaspersky. "Judging by the enlarged number of attacks and criminals' persistency, we can say that IoT is a fruitful area for attackers that use even the most primitive methods, like guessing password and login combinations. This is much easier than most people think: the most common combinations by far are usually 'support/support', followed by 'admin/admin', 'default/default'. It's quite easy to change the default password, so we urge everyone to take this simple step towards securing your smart devices." Other steps recommended by Kaspersky include installing new firmware updates as early as possible, and rebooting any device that appears to be acting strangely. The latter might clear the device of any memory-resident malware, but will not prevent it from being re-infected later. Noticeably, the researchers comment, "We are looking at a steady trend for an increase in repeat attacks from attackers' IP addresses, suggesting increasingly persistent attempts at infecting devices previously known to the attackers." This will include attempts to re-infect rebooted devices that remain unpatched or with the same password. A more advanced recommendation from Kaspersky is to keep access to IoT devices restricted by a local VPN, allowing the user to access them from the 'home' network, instead of publicly exposing them on the internet. Although the growth of attacks against home IoT devices might appear to be a home problem, the ultimate threat is to business. Mirai botnets have already been seen to have the potential for massive DDoS attacks against business and even the internet itself. KrebsonSecurity was attacked by Mirai in 2016 with an attack peaking at 665 Gbps. One month later, another Mirai attack targeted the Dyn DNS service, affecting major services such as Twitter, Etsy, GitHub, Soundcloud, PagerDuty, Spotify, Shopify, Airbnb, Intercom and Heroku simultaneously. SoHo may be targeted by IoT infections, but business is threatened.


ELEVEN KEY TECHNIQUES TO MITIGATE YOUR RISK FROM RANSOMWARE*

With cyber criminals growing ever-more sophisticated, firms find themselves wondering how they can proactively prevent and, if needed, respond to a ransomware attack. Ransomware is a type of malicious software (malware) programmed to encrypt data and block access to a computer system until money is paid. And the effects it can have on a business — including lost data, lost revenue, and lost trust — can be devastating - the smaller the business the greater the effect. Be sure you’ve taken the following steps to keep your business safe from the threat of ransomware:

Conduct Security Awareness Training Of all the ways firms can protect themselves from ransomware, staff education and application of consistent security protocols are the most effective. Schedule regular security trainings and educational emails reminding employees how to spot spear-phishing attempts, email scams, and other cyberthreats. And be sure to have a written, frequently tested incident response plan in place.

Follow a “zero trust” model Of course, you trust your employees, but why open your firm up to unnecessary security risks by giving everyone access to sensitive information? Start by giving employees minimum authorised access, then expand out as needed based on individual roles.

Use strong passwords It seems simple, but a strong password goes a long way in keeping your accounts safe. Choose the longest most complex password permissible on a website or application, with at least 11 or more characters with random strings instead of common words.

Use a password manager Password managers like LastPass and Keeper make it easy to store your login information, allowing for more complex passwords that require less typing each time you log in.

Engage a trustworthy service provider with an ‘alert’ service to provide Dark Web monitoring services of your companies Usernames & Passwords that could be for sale on the Dark Web for as little as $5 each.

Enable multi-factor authentication (MFA) Multi-factor authentication helps ensure that the only person who has access to your account is you. It requires two or three types of credentials to authenticate your identity and can easily be tied to your smartphone or watch with biometric authentication.

Deploy Endpoint Anti malware This new paradigm enhances protection against known malware by applying patches and updates from a central server. That design ensures consistency in protection and reduces the likelihood that any device would be unpatched or behind in its updates.

Virtualise your workstations and server Cloud-hosted virtual workspaces and servers allow you to access remote instances of each computer in your network. Also, you’ll be able to access all programs, tools, client information, and business-critical documents remotely, just as they existed before you lost access to your physical desktops. A virtual instance means you can quickly respond to a ransomware infection on one device or in one location by using an uninfected device to reconnect.

Create multiple, incremental, and verified backups. Being able to restore your backup means that the “last good state” of your environment is never far away. This gives you protection against ransomware, particularly when the next attack is often a never-seen malware variant. Multiple instances of your backup means you remove a single point of failure, incremental backups give you an efficient method of storing all data without needing to create multiple copies of the same files, and verification means your backups are tested and ready whether you need to restore a file or the entire database.

Conduct regular Cybersecurity Audits. Your firm should perform regular audits of your technology, hosting service, and employee awareness levels to include the 4 pillars of Cyber Risk: Operational Risk; Legal Risk; Reputational Risk and Recovery Risk. By doing so, you can identify weak spots, remove single points of failure, and find opportunities to re-educate employees on security best practices.

Create incident response plan Here’s the good news: 96% of companies with a secure backup and disaster recovery plan and ‘fit for purpose’ Cyber Insurance survive a ransomware attack. It is important to create an action plan outlining the steps your firm would take in the event of an attack, including how you will identity and assess the threat, contain it, remove it, restore your network, and communicate to employees and clients.


Contact Avantia Corporate Services on +61 7 30109711 if your require assistance or advice with any of the above threats or mitigation services.


A LONG WAY TO GO BEFORE THE CYBER GAP IS CLOSED - THE PERSPECTIVE OF THE AUSTRALIAN CYBER INSURANCE INDUSTRY *


Australia remains acutely exposed to cyber attack, and a string of measures – including consideration of a reinsurance pool – are required to shore up defences, risk experts say. The Federal Government is consulting on the nation’s 2020 Cyber Security Strategy, and risk modeller Risk Frontiers has published its response, stressing the importance of insurance but highlighting how far government and industry still have to go. The global cyber insurance market is estimated at between $US4 billion and $US5 billion, with the US accounting for more than 80%, and Australia just 2%. Risk Frontiers urges significant work on data collection and sharing, the regulatory framework, insurance policies and premiums, and education and awareness. GM Ryan Springall told insuranceNEWS.com.au the need for action is urgent, as Australia is an attractive target and its defences are down. “Australia has been quite lucky so far – we haven’t had a cyber attack on the scale of those overseas,” he said. “But it will happen.” Risk Frontiers’ submission explains that to accurately price risk, insurers require a “robust quantitative understanding” of the frequency and severity of events. “In the case of cyber risk, this understanding is currently lacking,” the submission says. “Overcoming this deficiency will require strong and pragmatic leadership from the government to ensure a cyber-risk resilient Australian economy.” The establishment of the Notifiable Data Breach Scheme is “a positive step”, but “more information on breach frequency and severity needs to be shared with the insurance industry”. The submission also urges collaboration between academia and the industry to better understand and model cyber risk. The Government must develop “a compelling regulatory framework”, Risk Frontiers says, and promote cyber risk management with particular emphasis on cyber insurance. It should also work with insurers to assist in the attribution of attacks and consider establishing a cyber reinsurance pool. “A cyber reinsurance pool is one form of funding that the Government should explore to improve confidence in the cyber insurance market, increase the resilience of the economy and community to cyber attacks and, more generally, as a signal to build market confidence,” it says. It points out that in the UK, terrorism scheme Pool Re was last year extended to cover cyber terrorism. But while Australian Reinsurance Pool Corporation (ARPC) CEO Chris Wallace has previously said cyber terrorism is a “real gap” in insurance coverage, the last Treasury review snubbed suggestions to expand the scheme. Risk Frontiers says traditional commercial insurance policies are increasingly excluding cyber risk, with insurers “looking to provide explicit policies that are accompanied by robust risk management processes”. “This means that cyber insurance is emerging as a stand-alone coverage and insurance companies with ‘silent cyber’ built into their products are exploring ways to isolate that component.” Current cyber policies typically cover direct costs associated with a post-breach response. But less tangible losses such as reputational damage are usually excluded. Attribution of an attack can be hard to confirm, and policy terms drive a “lack of certainty” around claims. “Since cyber insurance products are still young compared to property & casualty insurance, the policy terms are constantly being tested in court and usually contain explicit exclusion clauses for cases such as ‘act of war’,” Risk Frontiers says. Another barrier to the growth of cyber cover in Australia is that it “is not well understood” within the insurance industry. “Brokers and underwriters lack the training and tools to quantify this emerging risk efficiently as the tools to assessing cyber risk (and hence pricing and policy construction) are different from traditional property and casualty insurance. “In fact, current approaches to assessing cyber security risk rely heavily on manual assessments that greatly impede the scalability and application to small and medium enterprises. “Unlike other mature risks such as those arising from natural catastrophes, cyber security risk is extremely hard to quantify due to its dynamic nature, the scale, the lack of physical boundaries upon which accumulations are analysed and the aggregate expertise required to produce a good model of the risk. “This gap in cyber risk modelling has a major impact on pricing where premium prices become unsound or unaffordable for SMEs.”


APPLE YANKS 18 iOS STORE APPS THAT SHELTERED ADVERT-MASHING MALWARE*.

The iOS App Store is 18 applications lighter recently, after the software was caught harbouring malware that secretly clicked on ads, signed up punters for premium services, or deliberately overloaded websites. Apple pulled the apps, all written by India-based AppAspect, after confirming they were being used for click-fraud, generating cash for miscreants. While these types of programs are not uncommon, and can occasionally slip past the Android and iOS app store filters, there's a bit more to this story than your run-of-the mill scamming operation. The apps themselves are mostly productivity and news programs, many localized for users and services in India – think train timetables and such stuff. They are full and usable apps in their own right, so there is reason to believe the developer may not have known about the malicious activity lurking in its code. According to the team at Wandara, which uncovered the malicious software and reported the apps to Apple, the programs connected to a command-and-control server to receive orders to carry out. Wandera counted only 17 apps to Apple's 18, as one application appeared in two regions, and so was double counted by the iGant, though it is essentially the same code. The control server would send the apps commands to do things like load advertisements, open website windows in the background, or even change a device's settings to subscribe it to expensive subscription services. The existence of this machine has been known of for some time: it was associated with a previous takedown of apps from the same developer on Android. "Additional research found that AppAspect’s Android apps had once been infected in the past and removed from the store. They have since been republished and don’t appear to have the malicious functionality embedded," Wandara said. "It’s unclear whether the bad code was added intentionally or unintentionally by the developer." It's possible, then, that the code to connect to the click-fraud server, both on Android and later iOS, was slipped in by a rogue developer or another scumbag without AppAspect's knowledge.

__________________________________________________________________________________


THREAT FOCUS: Select Health Network - UNITED STATES*

https://www.beckershospitalreview.com/cybersecurity/indiana-physician-group-warns-3-500-patients-of-data-breach.html


Exploit: Unauthorized email account access.

Select Health Network: Indiana-based collection of healthcare providers

Risk to SME’: 1.444 = Extreme: An employee’s compromised email account credentials were used to access sensitive data for thousands of patients. The data was accessed between May 22 and June 13, and it’s unclear why it took the company so long to identify the breach and to report it to patients. Regardless, a small vulnerability will likely result in a sizeable blowback in the form of regulatory scrutiny, brand erosion, and potential financial repercussions.

Individual Risk: 2.142 = Severe: Hackers had access to patient data, including names, addresses, dates of birth, member identification numbers, treatment information, health insurance details, medical history information, and medical record numbers. In addition, some patients’ Social Security numbers were accessible. Those impacted by the breach should know that their credentials could have already been misused, and they should take steps to evaluate their data integrity while also ensuring long-term security.

Customers Impacted: 3,582 Effect on Customers: Small security lapses can have serious consequences, as evidenced by the expansive breach resulting from one compromised employee account. However, companies have an obligation to support their customers after a breach and identifying what happened to their data after it was stolen is a good place to start. Taking the right course of action to support customers after a breach can go a long way towards repairing the reputational damage that can have far-reaching repercussions. Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: Dark Web ID™ monitors the Dark Web to find out if your employee or customer data has been compromised. We work with our partners to strengthen their security suite by offering industry-leading detection. Call Avantia on 07 30109711 (Business Hours) to discover more.



THREAT FOCUS: PayMyTab - UNITED STATES

https://www.zdnet.com/article/paymytab-data-leak-exposes-personal-information-belonging-to-mobile-diners/


Exploit: Accidental data exposure

PayMyTab: Hospitality payment platform

Risk to SME’s: 2 = Severe: Cybersecurity researchers located an unsecured Amazon Web Services bucket that contained the personal data for tens of thousands of PayMyTab users. Notably, the data packet was exposed because PayMyTab personnel failed to follow Amazon’s security protocols. Fortunately, the error was discovered by white hat hackers and was reported to the company, but the bucket had been exposed since July 2, 2018, giving bad actors plenty of time to locate and exploit the information first.

Individual Risk: 1.428 = Severe: User data was openly exposed to the internet, including customer names, email addresses, telephone numbers, order details, restaurant visit information, and the last four digits of payment card numbers. Those compromised by the breach should know that this information can be repurposed by cybercriminals to perpetuate other cybercrimes like phishing attacks. In addition, consider alerting your card issuer to the breach and ensure that your payment card information isn’t misused. Customers Impacted: Unknown Effect On Customers: Understandably, SME’s sometimes fall short in funding cybersecurity initiatives, but compromises can stifle growth and innovation. This incident was an entirely avoidable mistake, and it’s one that could cost the company as it seeks to expand its customer base and capabilities. More than that, it’s a reminder that a great idea can be stymied by failing to account for the vulnerabilities that accompany improvements in user experience. Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Avantia Cyber Security & ID Agent to the Rescue: Monitoring the Dark Web for stolen credentials is critical for organisations who want to provide comprehensive security to their customers. BullPhish ID™ compliments that data with simulated phishing attacks and security awareness training campaigns to educate employees, making them the best defense against cybercrime: Call Avantia on 07 30109711 for more information about our services.


THREAT FOCUS: Solara Medical Supplies - UNITED STATES*

https://www.beckershospitalreview.com/cybersecurity/medical-supplies-company-alerts-patients-employees-of-data-breach.html


Exploit: Compromised email account

Solara Medical Supplies: Supplier of diabetes-related treatment products

Risk to SME’s: 1.444 = Extreme: An unauthorized third-party gained access to several employee accounts containing patient and employee data. The breach was first discovered on June 20th, and the compromised data was exposed between April 2nd and June 20th. In response, the company reset account passwords, and Solara is updating its policies to ensure that a similar scenario doesn’t occur again in the future. Unfortunately, such maneuvers won’t help patients whose data was already stolen in the breach. Moreover, the company’s lengthy response time will certainly invite increased regulatory scrutiny while giving consumers fodder for criticism during the recovery effort.

Individual Risk: 2.142 = Severe: Personal information, including names, addresses, dates of birth, Social Security numbers, employee identification numbers, medical information, health insurance information, financial information, credit/debit card numbers, password information, Medicare/Medicaid numbers, and billing information were all at risk. This comprehensive data set can quickly be distributed on the Dark Web, where it can be used to execute even more egregious cybercrimes. Those impacted by the breach should take every precaution to ensure that their data isn’t being misused.

Customers Impacted: 82,577 Effect On Customers: Preventing a data breach begins with accounting for your vulnerabilities. One of the easiest yet most important cybersecurity initiatives that businesses should undertake is tightening up security around company email accounts. Whether your business fortifies credentials with strong, unique passwords and two-factor authentication or it integrates active monitoring protocols to evaluate data movement, password protection is quickly becoming a “can’t miss” component of any data security strategy. Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security to the Rescue: A comprehensive Cyber Security Audit to identify the Operational, Legal, Reputational and Recovery Risks with remedial advice to mitigate risks can be the “saving grace” in your organisation. To avoid threats before they consume your organisation call Avantia on 07 30109711 for a no obligation discussion.



THREAT FOCUS Allied Universal - UNITED STATES

https://www.bleepingcomputer.com/news/security/allied-universal-breached-by-maze-ransomware-stolen-data-leaked/


Exploit: Ransomware

Allied Universal: Facility services retailer

Risk to SME’s: 2.111 = Severe: Cybercriminals encrypted the company’s IT infrastructure with Maze Ransomware, leaving behind a ransom demand that exceeded $2 million. When the company failed to pay by the instituted deadline, the hackers escalated the attack, publishing 700MB of company data online. Not only will this significantly complicate recovery efforts, the company will be responsible for sending data breach notifications to any impacted individuals. Notably, hackers have threatened to use Allied Universal’s domain name and email accounts to initiate spam campaigns.

Individual Risk: 2.428 = Severe: While ransomware often spares individual’s personal data, there is no honor among thieves, and users’ personal data could be compromised by this attack. Customers should be on the lookout for evidence of data misuse, and, given the hackers’ threat, they should be especially critical of messages purportedly originating from the company.

Customers Impacted: Unknown Effect On Customers: This is an incredibly expansive data breach for an SME, and the repercussions are bound to be both expensive and far-reaching. Even when companies decline to submit to demands, the recovery costs can easily exceed the ransom payment. Coupled with additional data exposure, the price tag on such an incident could be immense. Ransomware is a top threat for any SMB, and the only adequate recovery is to proactively prevent malware from finding its way into your organization. Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: Dark Web ID alerts Avantia our when their customers’ employee emails and passwords have been compromised and are for sale to the highest bidder on the Dark Web, before a breach occurs. Learn how you can get alerts in real time by contacting Avantia Cyber Security on 07 30109711 (Office Hours)



THREAT FOCUS: Liver Wellness - IRELAND*

https://www.siliconrepublic.com/enterprise/liver-wellness-medical-clinic-phishing-breach


Exploit: Phishing attack

Liver Wellness: Medical testing company

Risk to SME’s: 2.444 = Severe: Hackers accessed the healthcare provider’s network and sent phishing emails to their patients soliciting sensitive personal information. The first email was sent in mid-October, and Liver Wellness sent follow up emails notifying customers of the malicious messages originating from their accounts. More than a month after the first phishing email went out, Liver Wellness still hadn’t discovered how hackers accessed their accounts. This news will likely result in increased scrutiny from privacy and health regulators, while also inflicting reputational damage on the Liver Wellness brand.

Individual Risk: 2.428 = Severe: Currently, officials don’t believe that any patients responded to a fraudulent email. Nevertheless, all patients of Liver Health should be especially critical of any communications from the company, especially those soliciting personal data or payment information.

Customers Impacted: Unknown Effect On Customers: Healthcare data breaches are becoming increasingly prevalent as hackers have identified these institutions as targets with valuable information and limited security. As a double whammy, healthcare companies already face stringent regulatory standards that can escalate the cost of failure when it comes to protecting patients’ data. In today’s digital landscape, the maxim of “first doing no harm” certainly includes protecting patients’ most sensitive personal information. Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: Monitoring the Dark Web for stolen credentials is critical for organisations who want to provide comprehensive security to their customers. BullPhish ID™ compliments that data with simulated phishing attacks and security awareness training campaigns to educate employees, making them the best defense against cybercrime. Call Avantia on 07 30109711 (Office Hours) to find out how we can help.



THREAT FOCUS: Rouen University Hospital - FRANCE *

https://www.forbes.com/sites/daveywinder/2019/11/20/infection-hits-french-hospital-like-its-2017-as-ransomware-cripples-6000-computers/


Exploit: Ransomware

Rouen University Hospital: Full-service medical facility

Risk to SME’s: 2.333 = Severe: A catastrophic ransomware attack encrypted the IT infrastructure for all five campuses of Rouen University Hospital. In total, more than 6,000 computers were encrypted with IT administrators, bringing the rest of the network offline to prevent malware from spreading further. Days after the attack, the hospital still hadn’t cleared the encryption. Doctors and nurses resorted to using paper medical records and making phone calls to various departments to ensure continuity of care. This incident is more than just an inconvenience, as it put lives at risk and interrupts all organizational processes.

Individual Risk: No personal data was compromised in the breach, but patient care was at risk due to communication outages.

Customers Impacted: Unknown Effect On Customers: Once a ransomware attack takes place, most businesses struggle to execute a response plan that can recover damage to data and infrastructure. Knowing that these attacks are increasing in frequency and intensity, businesses of every size and sector need to evaluate their defensive posture and ensure that they have their bases covered. Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security to the Rescue: Helping SME’s understand the importance of cyber security is no easy task. With a comprehensive Certified Cyber Security Audit, we offer hands-on assistance with ‘finding the gaps’ in your cyber security posture, setting you up for the win against the cyber criminals by showing you where to plug the gaps in safety. Call Avantia on 07 30109711 (Office Hours) to discuss how we can assist you.



THREAT FOCUS:  Disney+ Streaming Service - NEW ZEALAND*

https://www.newshub.co.nz/home/entertainment/2019/11/thousands-of-disney-accounts-hacked-sold-online-within-hours-of-site-launch.html


Exploit: Compromised user accounts

Disney+: Media streaming service

Risk to SME’s: 1.888 = Severe: Thousands of Disney+ customers had their login credentials stolen and distributed on the Dark Web. While the data breach isn’t limited to Australian users, it coincided with the Australian launch of the streaming service, which means that the brand’s reputation was damaged before users had an opportunity to judge the service based on its merits. In a crowded marketplace, brand erosion can quickly degrade competitiveness, and these negative headlines will not help Disney’s competition against Netflix and other streaming services.

Individual Risk: 2.142 = Severe: It’s unclear how hackers gained access to user accounts. Some customers admitted to reusing passwords that could have been compromised in other attacks, but some used unique passwords. It’s possible that users had credential stealing malware installed on their computers or that they responded to a phishing attack. Regardless, account details include their most sensitive personal information, and they should take every precaution to ensure that their data remains secure. At the same time, users should double check the originality of every account password, as it’s an easy way to thwart many hacking attempts.

Customers Impacted: Unknown Effect On Customers: Even as the cost of a data breach continues to rise exponentially, quantifiable costs aren’t the only expense that companies should consider. Brand erosion is a real problem, as customers are increasingly willing to walk away from platforms and services that can’t protect their data. No matter how you look at it, having thousands of people complaining about your service online is a terrible day for business, and could have long-term costs for the service’s viability. Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: With BullPhish ID, MSPs can provide a more complete picture of a company’s security posture and potential risk, transforming the weakest links of an organization into their strongest points of protection. Find out how you can get started with us here: Phone 07 30109711 during office hours..



THREAT FOCUS: Sport Australia - AUSTRALIA*

https://www.sportaus.gov.au/media-centre/news/a-statement-from-asc-ceo


Exploit: Compromised email account

Sport Australia: Government agency responsible for supporting and investing in athletic activities

Risk to SME’s: 2 = Severe: Hackers compromised an employee’s email account that caused a data security scare at the agency. After identifying suspicious activity on the account, the employee reported the abnormalities to an IT administrator who determined that the account was compromised. However, only the single employee account was impacted by the breach. While this incident appears to have spared personal data, compromised email accounts are often the gateway into an organization's network, and they can be the catalyst for widespread data breaches that come with serious consequences.

Individual Risk: Employee accounts often contained personal data, but Sport Australia isn’t reporting any compromised personal information from this breach.

Customers Impacted: Unknown Effect On Customers: Securing your employees’ email accounts is one of the best ways to ensure that your network remains intact. With many login credentials already for sale on the Dark Web, businesses should implement necessary stop-gaps to ensure that their employees’ can protect company data by securing the email accounts at all times. Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: With AuthAnvil, you can prioritise password integrity at every level. We offer integrated multi-factor authentication, single sign-on, and identity management solutions to protect your credentials and your data. Find out more at by calling Avantia on 07 30109711 (Office Hours).  .



POSTSCRIPT:


Cybersecurity Instances Expected to Rise this Holiday Season 

It’s the unwanted gift that keeps on giving. A breach inflicts serious financial and reputational damage on any victim, and new data suggests that such attacks will be on the rise during the holiday season. Hackers have zeroed in on vulnerabilities in websites that collect and store customers’ PII or payment information, ready to be exploited by increased web traffic and distracted IT staff.  The study found that the average website relies on 31 third-party integrations, each providing a unique opportunity to find vulnerabilities that can compromise users’ information. Indeed, third-party partnerships can often be a weak point in companies’ IT development. However, rather than waiting to be the next victim, SME’s should take the time now to evaluate their cybersecurity posture and ensure that they are ready to address and defend the most prescient threats for their business. For some, this holiday season will be spent wishing they were more prepared to protect their IT, while others will be thankful that they already did.

Cybercriminals Targeting Office 365 Admin Credentials with Phishing Attacks 

Office 365 is often used as a starting point for many phishing scams because of its popularity in the business community. Now cybercriminals are upping their game, using information readily available on the internet to target business administrators with phishing scams in hopes of attaining the Office 365 login credentials.  In launching such targeted attacks, hackers hope to gain access to IT infrastructure using credentials that can provide full access. In addition, admin accounts can often be used to infiltrate other user accounts, or hackers can use admin accounts to create new accounts that can be further used to distribute phishing campaigns. Ultimately, it underscores the importance of training all employees about the risk of phishing attacks and of keeping them abreast of the latest trends and tactics. Since hackers are nimble with their tactics, businesses need to be dynamic in their training, always ready to stymie their efforts.


Disclaimer*: Avantia Corporate Services Pty Ltd and Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, and up to 56 other countries who provide cyber breach and cyber security information to us in real time. Given their international focus and experience in the cyberspace arena we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the contents accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.

*COPYRIGHT 2019 Avantia Corporate Services - All Rights Reserved.

86,159