top of page
  • Avantia Threat Update


THIS PAST WEEK: A “terrifying” Robot Dog named ‘SPOT’ is available for purchase for private use; Quaulcomm launches RB% Robotic Platform; Planning for a Rapid Response will ensure you have a foundation in place during a crisis; South African Bank has to replace 12 million cards after employees steal master key; Honda confirms its network has been hit by a serious cyber attack; Italian company exposed as a front for Malware Operations; Ransomware closes a company’s doors; An online store gives away customer data; The UK has a rough year for data security and major breaches in UNITED STATES; CANADA; UNITED KINGDOM; SOUTH AFRICA; JAPAN and AUSTRALIA.

Dark Web ID Trends: Top Source Hits: ID Theft Forums

Top Compromise Type: Domain 

Top Industry: Non-Profit Organization

Top Employee Count: 1 - 10 Employees 



Robotics firm Boston Dynamics has made an art of releasing viral-ready videos of its robots that are once captivating and terrifying. Now Spot, the robotic quadruped that's starred in recent videos, is available for sale commercially. Spot made headlines recently enforcing social distancing at a park in Singapore, which was widely decried as a hair-raising preview of a robotic police state and a gross overuse of technology. As my colleague covered, the Massachusetts State Police have also entertained using Spot to intercede in dangerous situations. Security, however, is just one potential application. Designed as a task-agnostic autonomous platform, Spot's utility extends beyond security and defense into areas like pipeline and infrastructure inspection and search and rescue. Under an early adopter program, Boston Dynamics previously released 150 Spot robots to businesses and research institutions, where they were used in power generation facilities, factory floors, and construction sites, to name a few. In one deployment, a construction firm in Canada used a Spot robot to automate the capture of thousands of images weekly on a 500,000 square foot building site, creating an ongoing record of progress and enabling the builders to identify growing problems and inefficiencies early. Spot was also used by a NASA Jet Propulsion Laboratory team in DARPA's recent Subterranean Challenge Competition, which put robots into unforgiving underground environments. Using spot, along with a range of integrated perception and communication tools, the team won the competition's urban circuit, demonstrating the capabilities of the platform.  As with many robots, a big selling point has been safety. Spot's agility, payload capacity, and advanced sensing should allow it to replace humans in certain high-risk environments.  "At Boston Dynamics, we have spent decades creating and refining robots with advanced mobility, dexterity, and intelligence because we believe agile robots can solve a broad range of real-world problems," Marc Raibert, chairman and founder of Boston Dynamics, said in a company release. "The combination of Spot's sophisticated software and high-performance. After the successful implementation of the early adopter program, which offered only short-term leases of the hardware, businesses can now purchase their very own Spot online. Spot costs just under $75,000, which is actually quite a decent price for a robotic super dog ready to do your bidding. "Now you can use Spot to increase human safety in environments and tasks where traditional automation hasn't been successful."

AUTHORS NOTE: More frightening than ‘Spot’ at present is the cyber security implications of hacking into ‘spot’ and his decedents ‘brains’ by malicious criminals or rogue states.


Qualcomm, a US based company offers a variety of software, applications, and services to help improve mobile device performance, is launching the RB5 robotics platform and new robotics developer kit to speed up industrial applications as well as infuse them with 5G connectivity. The company four years ago made a big pushing into robotics with the aim to leverage its connectivity hardware and research and development and build out its business-to-business efforts. Qualcomm's strategy revolved around building a platform that could apply to $200 toy robots as well as $2 million industrial robots, said Dev Singh, head of robotics, drones, and intelligent machines at Qualcomm. "In the field, we have millions of robots powered by Qualcomm technology," said Singh, who added that NASA's latest Mars robot launching July 17 has Snapdragon 801 on-board the rover. Typically, robot makers have cobbled together CPUs, GPUs, and components and integrated them. Qualcomm is advancing industrial robots by integrating systems on a chip, SDKs, cameras, AI processors, and 5G. Qualcomm is targeting a robotics industry growing rapidly. ABI Research estimates that 60 million robots were deployed in 2020 and that tally will double by 2025. The RB5 platform builds on 2019's launch of RB3, which will remain in the portfolio and is being deployed. Qualcomm said it had more than 20 early adopters to evaluate the RB5 platform. In addition, there are more than 30 ecosystem partners such as Autocore, Canonical,,, Intel RealSense, Open Robotics, Panasonic, and Shoreline IoT developing hardware and software for robotics applications. As for the market, Qualcomm's Singh said the company is focused on all aspects of the robot market but said the growth for the moment revolves around "robots solving problems." The COVID-19 pandemic has accelerated deployments for commercial markets such as healthcare, delivery, and warehouses. "Service robots are growing exponentially with industry 4.0 a little slower," he said. "As the 5G rollout happens it will be deployed in the factories of the future." Singh isn't kidding about the service robot boom. Consider a few recent headlines:

  • Automatic refill: Driverless prescription delivery is here

  • Delivery robots maneuvering to devour food delivery market

  • SK Telecom develops autonomous disinfectant robot

  • Robotic watchdogs and wearables enforce social distancing

  • Robotics developers are cleaning up during COVID-19

  • Robots are taking over during COVID-19 (and there's no going back)

RB5 is aimed at industrial markets such as logistics, manufacturing, construction, and agriculture as well as commercial use cases in hospitals, security, retail, package delivery, and personal assistants. What Qualcomm is ultimately going for is connecting industrial robots with 5G, so they won't be tethered for connectivity. That move will enable manufacturers to adjust factories based on shifts and be nimbler.


Crises and outbreaks change us and society, with the war against COVID-19 having the most dramatic impact in recent memory. Every aspect of our existence is different, including new ways of working, communicating, conducting business, and taking care of ourselves and our families. The key is learning from these experiences so we can be better prepared for future events. These extreme changes have escalated another war, a war against cyber threats, with exposure to new cybersecurity risks that threat actors choose to exploit. The line between work and personal devices has blurred with users and usage moving fluidly between them. Personal and business data flows freely across home Wi-Fi networks. When the workday ends, we transition seamlessly to virtual happy hours and binge-watching videos using a growing number of services – further expanding the attack surface. Threat actors are also using novel lures that pull on our fears and inquisitive nature to entice us to click on malicious links or attachments or unwittingly share data that we shouldn’t. It’s a situation that is quickly becoming untenable for many cybersecurity professionals and causing organizations to question their capacity to respond rapidly. While serving as a Supreme Allied Commander during WWII, Dwight D. Eisenhower said, “In preparing for battle I have always found that plans are useless, but planning is indispensable.” Planning for rapid response will help ensure you have a foundation in place during times of crisis to work more effectively with your peers to mitigate risk and to answer questions from management about the organization’s resilience to the latest threats.  Outlined below are three steps to help you lay the groundwork for rapid response. It’s important to note that these recommendations aren’t specific to COVID-19. Going through this planning process will also improve your ability to respond rapidly to future events – from a new, high-profile, ransomware campaign with global impact to opportunistic cyberattacks triggered by a natural or manmade disaster.

1. Consume. As we’ve seen before with global threats like Wannacry and are seeing now with COVID-19, crises and outbreaks generate a strong uptick in new, disparate sources of threat information. Many commercial threat intelligence providers, governments, open source feeds and frameworks provide valuable threat and outbreak-specific data. Becoming aware of these new sources is one thing but being able to consume all that data is another, especially since they are in different formats and may be different types of data than you currently utilize. To make this situation manageable you need a central repository that is prepared to accept these feeds or if they are in non-standard formats can map to them quickly – in minutes or hours. The agility to accept new threat information sources quickly for consumption is at the heart of rapid response. With high quality data aggregated and normalized, you can assess how it may pertain to you and utilize it.

2. Understand. Understanding the data individually provides value, but the real value comes from understanding it in aggregate, including with respect to events and associated indicators from your own internal systems – for example, from your SIEM, log management repository, case management system and security infrastructure. By relating the data to what’s actually happening in your environment, you gain context that makes it tangible. For example, an indicator that is active, high-scoring or cited within the last 24 hours will initiate further investigation, while others may warrant ongoing monitoring and those that are benign can be set aside. A big picture view also allows you to quickly see who else within the organization needs to consume and understand this data – your SOC team, network security team, threat intelligence analysts, threat hunters, forensics and investigations, management, etc. – and share it. 

3. Action. The final step is to enable the data as part of your infrastructure and operations. Quickly sending the appropriate pieces of data to the appropriate tools, systems and controls within your environment will accelerate detection, response and prevention. For example, exporting the data to your existing infrastructure allows those technologies to perform more efficiently and effectively – delivering fewer false positives. You can also use your curated threat intelligence to be anticipatory and prevent attacks in the future – like automatically sending intelligence to your sensor grid (firewalls, IPS/IDS, routers, web and email security, endpoint detection and response (EDR), etc.) to generate and apply updated policies and rules to mitigate risk.  With capabilities to quickly curate and integrate new threat data sources across your operations, you’re prepared for whatever the future brings. You can be confident that your security teams have laid the groundwork for rapid response. You also have a construct for effective communication with management, with capability to provide details about a specific threat and how you are mitigating risk in ways that resonate with business leaders. Planning now for how you will deal with new threats triggered by the next big crisis or outbreak is time well-spent.


Postbank, the banking division of South Africa's Post Office, has lost more than US$3.2 million from fraudulent transactions and will now have to replace more than 12 million cards for its customers after employees printed and then stole its master key. The Sunday Times of South Africa, the local news outlet that broke the story, said the incident took place in December 2018 when someone printed the bank's master key on a piece of paper at its old data center in the city of Pretoria. The bank suspects that employees are behind the breach, the news publication said, citing an internal security audit they obtained from a source in the bank. The master key is a 36-digit code (encryption key) that allows its holder to decrypt the bank's operations and even access and modify banking systems. It is also used to generate keys for customer cards. The internal report said that between March and December 2019, the rogue employees used the master key to access accounts and make more than 25,000 fraudulent transactions, stealing more than US$3.2 million (56 million Rand) from customer balances. Following the discovery of the breach, Postbank will now have to replace all customer cards that have been generated with the master key, an operation the bank suspects it would cost it more than one billion rands (~$58 million). This includes replacing normal payment cards, but also cards for receiving government social benefits. Sunday Times said that roughly eight to ten million of the cards are for receiving social grants, and these were where most of the fraudulent operations had taken place. "According to the report, it seems that corrupt employees have had access to the Host Master Key (HMK) or lower level keys," the security researcher behind Bank Security, a Twitter account dedicated to banking fraud, told ZDNet today in an interview. "The HMK is the key that protects all the keys, which, in a mainframe architecture, could access the ATM pins, home banking access codes, customer data, credit cards, etc.," the researcher told ZDNet. "Access to this type of data depends on the architecture, servers and database configurations. This key is then used by mainframes or servers that have access to the different internal applications and databases with stored customer data, as mentioned above. "The way in which this key and all the others lower-level keys are exchanged with third party systems has different implementations that vary from bank to bank," the researcher said. The Postbank incident is one of a kind as bank master keys are a bank's most sensitive secret and guarded accordingly, and are very rarely compromised, let alone outright stolen. "Generally, by best practice, the HMK key is managed on dedicated servers (with dedicated OS) and is highly protected from physical access (multiple simultaneous badge access and restricted/separated data center)," Bank Security told ZDNet. "Furthermore, a single person does not have access to the entire key but is divided between various reliable managers or VIPs, and the key can only be reconstructed if everyone is corrupt. "Generally, the people and the key are changed periodically precisely to avoid this type of fraud or problem ,as in the case of PostBank," the researcher said. "As far as i know, the management of these keys is left to the individual banks and the internal processes that regulate the periodic change and security are decided by the individual bank and not by a defined regulation." Postbank could not be reached for comment. In February 2020, fellow South African bank Nedbank also reported a security breach. The bank said that hackers breached a third-party service provider and then stole information on more than 1.7 million of its customers.


Honda, the Japanese car manufacturer, has confirmed it has been hit with a cyberattack that has impacted some of its operations, including production systems outside of Japan. "Honda can confirm that a cyberattack has taken place on the Honda network," a spokesperson said. The company added: "Work is being undertaken to minimise the impact and to restore full functionality of production, sales and development activities. At this point, we see minimal business impact". The company said it had experienced difficulties accessing servers, email and internal systems and that there was also an impact on production systems outside of Japan. It said its "internal server" was attacked externally and a "virus" had spread, but that it would would not disclose any further details for security reasons. Honda's customer service and financial services operations have have also tweeted that they are experiencing "technical difficulties". "At this time Honda Customer Service and Honda Financial Services are experiencing technical difficulties and are unavailable. We are working to resolve the issue as quickly as possible. We apologize for the inconvenience and thank you for your patience and understanding," said the Tweet. This isn't the first time Honda operations have been disrupted by a cyberattack; the manufacturer was forced to temporarily shut down a car plant in Japan in July 2017 after falling victim to WannaCry ransomware.


Italian company CloudEyE is believed to have made more than $500,000 from selling its binary cryptos to malware gangs. For the past four years, an Italian company has operated a seemingly legitimate website and business, offering to provide binary protection against reverse engineering for Windows applications, but has secretly advertised and provided its service to malware gangs. The company's secret business came to light after security researchers from Check Point began looking at GuLoader, a new malware strain that rose to become one of the most active malware operations of 2020.Check Point says it found references in the GuLoader code mentioning CloudEyE Protector, an anti-reverse-engineering software service provided by an Italian company named CloudEyE. But while source code protection services are legal and widely used, almost by all commercial/legitimate apps, Check Point said it linked this company and its owners to activity on hacking forums going back years. The cyber-security firm connected the CloudEyE binary protecting service advertised on the website to ads promoting a malware crypting service named DarkEyE, heavily advertised on hacking forums as far back as 2014. Furthermore, Check Point also linked three usernames and emails used to promote DarkEyE to the real-world identity of one of the CloudEyE founders, as displayed on the CloudEyE website. In addition, Check Point says it also tracked these three email addresses and usernames to multiple posts on hacking forums. The posts advertised malware/binary crypting services even before DarkEyE (CloudEyE's precursor), and went as far back as 2011, showing how entrenched and well-connected this user was in the cybercrime and malware community. These connections apparently helped the group get their legitimate business off the ground. Check Point says the CloudEyE team bragged of having more than 5,000 customers on their website making at least US$500,000. Based on their minimum rate of $100/month, Check Point says the group earned at least $500,000 from their service. However, the sum could be much higher if we take into account that some monthly plans can go up to $750/month, and some customers most likely used the service multiple months. All clues point to the fact that the two CloudEyE operators attempted to legitimize their criminal operation by hiding it behind a front company as a way to justify their profits and avoid raising the suspicions of local tax authorities when cashing out their massive profits. "CloudEyE operations may look legal, but the service provided by CloudEyE has been a common denominator in thousands of attacks over the past year," Check Point said. But while Check Point says the DarkEyE and CloudEyE tools were widely used over the past years, there is one malware operation that appears to be CloudEye's primary customer, and that's GuLoader. In a report, Check Point lays out the different connections between CloudEyE and GuLoader. The most obvious is that the code of apps passed through the CloudEyE Protect app contained similar patterns with GuLoader malware samples spotted in the wild. This connection was so strong that any random app passed through the CloudEyE app would almost certainly be detected as a GuLoader malware sample, despite being a legitimate app. Second, Check Point says that the CloudEyE interface contained a placeholder (default) URL that it often found in GuLoader samples. Third, many of the CloudEyE features appear to have been specifically designed to support GuLoader operations. "Tutorials published on the CloudEyE website show how to store payloads on cloud drives such as Google Drive and OneDrive," Check Point said. "Cloud drives usually perform anti-virus checking and technically don't allow the upload of malware. However, payload encryption implemented in CloudEyE helps to bypass this limitation." Such a feature makes no sense for a normal app. However, avoiding cloud scans is crucial for a malware operation, and especially for something like GuLoader -- categorized as a "network downloader -- which relies on infecting a victim computer and then downloading a second-stage payload from services such as Google Drive or Microsoft OneDrive. Following Check Point's damning report on Monday, CloudEyE responded by denouncing the report and blamed the tool's use for malware operations on abuses perpetrated by its users, without its knowledge. However, members of the cyber-security community dismissed the company's statement as "poor lies" and have called on Italian authorities to investigate the company and its two founders. Based on Check Point's report, the two are at risk of being investigated under charges of aiding and abetting a criminal operation and money laundering.



Exploit: Ransomware

ST Engineering: aeronautics contractor

Risk to Small Business: 1.732 = Severe The San Antonio, Texas branch of defense, aeronautics, and space contracting conglomerate ST Engineering was hit with a MAZE ransomware attack disrupting operations and putting data at risk for a second time. This division of the international flight equipment services giant was also hit with a MAZE ransomware attack in May 2020 to the same effect. In an industry that expects top-notch security standards to be maintained by any company that wants to be a player, this is problematic and dangerous

Customers Impacted: Unknown

Effect On Customers: Ransomware like MAZE is commonly delivered to vulnerable businesses through phishing attacks, including the use of fake websites and dodgy attachments to infect systems. Phishing has grown exponentially in 2020, and COVID-19 related attacks are on track to be the biggest phishing scam driver in history. Breach Risk Levels 1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.

Avantia Cyber Security & BullPhish to the Rescue: BullPhish ID simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime – now with COVID-19 scam awareness kits. Call 07 30109711 (office Hours) to find out how you can get started.

THREAT FOCUS: Kentucky Employee Health Plan - UNITED STATES

Exploit: unauthorized database access

Kentucky Employee Health Plan: health insurance provider 

Risk to Small Business: 1.462 = Severe Two data breaches compromised plan members’ personal data and enabled bad actors to steal more than $100,000 in gift cards. Hackers used valid login information to access the system in the first breach and were able to compound the damage of that breach in a second breach. The second breach accessed member programs to redeem reward points for gift cards. The two breaches created scrutiny and drew calls for further investigation as to whether the “bad actors” were from outside the office or if insider threats were the root cause.

Individual Risk: 2.703 = Moderate Hackers accessed users’ account portals containing their screening and health assessment data. Although this attack appears to be financially motivated, healthcare-related data often makes its way to the Dark Web, where it can be used to execute additional fraud attempts. Those impacted by the breach should immediately update their account passwords while monitoring their accounts for suspicious activity.  

Customers Impacted:  2,700

Effect On Customers: Whatever the results of this investigation show, it raises the question of insider threats. Whether staffers are accidentally or deliberately giving information and passwords to bad actors, insider threats have to be a top concern for every business

Breach Risk Levels

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.

Avantia Cyber Security and ‘Cleard Life’ to the Rescue: With Cyber Security experts estimating that up to 70% of all Data Breaches are caused by company insiders including 30% of these breaches being malicious, it is vital for organisations to compete regular Employee Background Checks covering areas such as criminal history, illegal drug use, financial stress, adverse work behavior, security breaches, false or inflated CVs and more. Call Avantia on 07 30109711 (Office Hours) to find out how fast and cost effective this can be.

THREAT FOCUS: Chartered Professional Accountants of Canada - CANADA

Exploit: Phishing

Chartered Professional Accountants of Canada: professional membership organization  

Risk to Small Business: 1.317 = Severe The organization recently disclosed that personal information for its members had been compromised following a successful phishing attack in April. CPA Canada announced the results of its completed investigation, determining that the compromised information primarily affected subscribers of its CPA Canada magazine and an indeterminate number of website users. Impacted members were sent a phishing email asking them to change their user information on the organization’s online platform. 

Individual Risk: 2.238 = Moderate The security alert sent to all users of the CPA Canada website or magazine subscribers notes that members should be wary of spear phishing emails using industry-specific details from CPA Canada and change their login credentials on the website as a safety precaution.  

Customers Impacted: 329,000

Effect On Customers: A data breach caused by a human error like phishing is a sign to an organization’s membership that it doesn’t take those members’ information security seriously, making it harder to retain members and sell professional resources. 

Breach Risk Levels

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.

Avantia Cyber Security & BullPhish to the Rescue: BullPhish ID simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime – now with COVID-19 scam awareness kits. Call 07 30109711 (office Hours) to find out how you can get started.


Exploit: Ransomware  Fitness Depot: fitness equipment retailer 

Risk to Small Business: 1.871 = Severe Fitness Depot’s online store was infected with card-skimming malware that stole customers’ personal and financial data at checkout. It took the retailer more than three months to identify the breach, giving cybercriminals ample time to capitalize on the surge of online sales since the COVID-19 pandemic began. The data breach, which began on February 18th, will likely cause online shoppers to think twice before buying from their platform, potentially disrupting a vital lifeline while many in-person shops remain closed.  

Individual Risk : 1.764 = Severe Payment card skimming malware captures all information entered at checking. This information can allow hackers to commit identity or financial fraud. Those impacted by the breach need to notify their financial institutions and to carefully monitor their accounts for misuse. In many cases, victims should enroll in credit or identity monitoring services to ensure their data’s long term integrity.  

Customers Impacted: Unknown

Effect On Customers: For most consumers, cybersecurity is a critical component of their buying decisions when shopping online. Card skimming malware represents a growing threat to online stores, and companies counting on digital sales to drive revenue need to account for this risk and many others presented by online shopping. In 2020, it’s a bottom-line issue that retailers can’t afford to ignore. 

Breach Risk Levels

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.

Avantia Cyber Security & Huntsman Digital Auditor to the Rescue: Helping SME’s to understand the importance of security is no easy task. With an ‘Essential8’ Digital Security Audit we offer a remote access, independent, ‘real time’ audit of our clients critical operational infrastructure systems to determine where the gaps are, with recommendations for remediation.

Its the first step to real cyber security. Call Avantia’s office on 07 30109711 or visit:


Exploit: accidental data sharing

Inventory Hub: property management inventory platform 

Risk to Small Business: 2.209 = Severe A recently unearthed flaw in the security of this property management platform made members’ names and addresses, internal and external property images, inventories of each property’s contents, and information about physical security including photos of alarms, cameras, and locks available for an indeterminate amount of time. According to the researcher who discovered the vulnerability, the opening allowed would-be burglars to access exact layouts of all the listed properties, plus inventories of the contents, and user records back to 2017.   Individual Risk: 2.607 = Moderate User information including names, physical addresses, and lists of contents for properties listed on the platform since 2017 were compromised. Users should remain on guard for potential spear phishing attacks using these details.

Customers Impacted: 8,871

Effect On Customers: Data breaches that leak personal information can be dangerous and lead to other types of criminal activity. Users of a service like Data Hive expect that even their most basic personal information will be kept safe when they choose a partner company, and increasingly reject service providers that fail them.  

Breach Risk Levels

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.

Avantia Cyber Security & Huntsman Digital Auditor to the Rescue: Helping SME’s to understand the importance of security is no easy task. With an ‘Essential8’ Digital Security Audit we offer a remote access, independent, ‘real time’ audit of our clients critical operational infrastructure systems to determine where the gaps are, with recommendations for remediation.

Its the first step to real cyber security. Call Avantia’s office on 07 30109711 or visit:


Exploit: Unauthorized database access

Life Health Care: healthcare provider 

Risk to Small Business: 2.605 = Extreme The healthcare provider, which operates 49 hospitals and dozens of other healthcare facilities across South Africa and Botswana, was hit with an attack that compromised its data storage and intake systems. The attack affected its admissions systems, business processing systems, and email servers, although investigators have not yet determined how much patient data (if any) has been compromised. The healthcare provider said that patient service and care were not impacted, although patients could expect longer wait times for the resolution of administrative requests. 

Individual Risk : 2.230 = Severe Patients who have been treated at any of Life Health Care’s facilities should expect that their personal information and health information has been compromised and take appropriate measures to protect their identities. 

Customers Impacted: Unknown

Effect On Customers: Healthcare facilities that fall victim to cyberattacks aren’t just facing the costs of a standard breach recovery – they’re also facing potentially hefty regulatory fines, as well as the negative impact on patient trust. 

Breach Risk Levels

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.

Avantia Cyber Security & Huntsman Digital Auditor to the Rescue: Helping SME’s to understand the importance of security is no easy task. With an ‘Essential8’ Digital Security Audit we offer a remote access, independent, ‘real time’ audit of our clients critical operational infrastructure systems to determine where the gaps are, with recommendations for remediation. Its the first step to real cyber security. Call Avantia’s office on 07 30109711 or visit:


Exploit: Ransomware

Lion Beer Australia: brewing conglomerate 

Risk to Small Business: 1.302 = Extreme At Lion Brewing Australia, operations were disrupted by a ransomware attack as it began to reopen and restaff its 8 breweries in Australia and New Zealand. The attack came just as the company was able to resume operations after a period of closure caused by COVID-19 restrictions. The company has been forced to shut down its key systems entirely, reverting to manual systems to operate and process orders in this devastating incident that has still not been fully resolved. 

Individual Risk: No employee or customer information was reported affected by this incident.

Customers Impacted: Unknown

Effect On Customers: A successful ransomware attack can be catastrophic for a business at any time, and its typically powered by information obtained from the Dark Web. Ransomware is especially problematic right now, and a nasty surprise as businesses try to start recovering lost revenue in the wake of the COVID-19 pandemic. 

Breach Risk Levels

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.

Avantia Cyber Security & ID Agent to the Rescue: Dark WEb ID watches for trouble to prevent disasters like this. Dark Web ID uses human and machine intelligence to search for and analyse Dark Web threats our Client’s companies, alerting them fast when potential trouble arises. Find out more and receive a FREE Dark Web scan search for your compromised credentials by calling Avantia NOW on 07 30109711.

THREAT FOCUS: Honda Motor Company Inc - JAPAN

Exploit: ransomware

Honda Motor Company Inc.: Automotive and equipment Manufacturer 

Risk to Small Business: 1.308 = Extreme Honda was recently walloped by a huge cyberattack that briefly shut down production at its factories worldwide. The attackers are suspected of using SNAKE/EKANS ransomware to infiltrate equipment and computer systems connected to operations and production in every Honda facility, leading to delayed post-pandemic reopenings at some factories. Honda is undertaking restoration operations at its factories, sales centers, and business units and has successfully restored most functionality.  

Individual Risk: No individual data was reported as compromised in this breach, nor does Honda believe that individual data was affected. 

Customers Impacted: Unknown

Effect On Customers: Ransomware is a powerful foe, and even unsophisticated ransomware like SNAKE/EKAN can bring a mighty company like Honda to its knees fast. Without a comprehensive digital risk protection strategy in place, companies are at a higher risk of attack by bad actors looking to steal data or disrupt operations.

Breach Risk Levels

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.

Avantia Cyber Security & Huntsman Digital Auditor to the Rescue: Helping SME’s to understand the importance of security is no easy task. With an ‘Essential8’ Digital Security Audit we offer a remote access, independent, ‘real time’ audit of our clients critical operational infrastructure systems to determine where the gaps are, with recommendations for remediation. Its the first step to real cyber security. Call Avantia’s office on 07 30109711 or visit:



Ransomware is Everywhere, and Every Company is At Risk  

Ransomware is a growing menace to companies of every size and has surged to become even more popular as a means of attack. During the global pandemic, researchers reported that ransomware attacks have skyrocketed, increasing by more than 140% over 2019.  Ransomware has not only become more pervasive; it’s also become more expensive. The expected cost of a ransomware attack, (including recovery, remediation, and ransoms), is expected to increase to $20 billion in 2021.  One U.S. oil and gas company lost a whopping $30 million to a single ransomware attack in 2019, and ransomware related downtime can also cost a fortune.  Healthcare is an especially popular and juicy target for bad actors, and cyberattacks against healthcare industry targets have increased fivefold in 2020.  Ransomware has ravaged healthcare organizations providing essential COVID-19 care in the US, Canada, the UK, and other regions impacted by the pandemic.  The most common method of delivery for ransomware is through a phishing attack, and they’ve jumped over 600% since the start of the COVID-19 pandemic. Don’t wait until ransomware makes an impact on your bottom line – start training every staffer thoroughly to make them the strongest possible defense against the phishing attacks that aim to deliver ransomware.  BullPhish ID is the perfect training and testing solution for today’s remote workforce. This dynamic platform includes over 80 phishing kits (including the initial email and related landing page and reply email), and 50 security video campaigns (short animated videos with test and reply email), including training to resist COVID-19 phishing scams.  

Are You Staying Remote? Update Your IT Security Plan.  

Although many companies were accustomed to supporting a remote workforce at least part of the time before the global pandemic, every company that’s still operating had to quickly transition to a fully remote workforce as the pandemic took hold of the world – and some of them discovered that they liked it.  Many companies used to only allow limited remote work, convinced that their staffers would be less productive at home without supervision. As remote work became a necessity during the COVID-19 restrictions imposed around the world, companies that braced for decreased productivity from their newly remote workforce were in for a surprise. Instead of diminishing production, remote work was boosting it, with one study reporting that remote workers on average worked 1.4 more days in a month than they did in the office.  This has led to a sea change in the thinking about remote work. Myriad companies in a broad range of industries have already adopted or are beginning to adopt permanent remote work as a norm for staff. The enticement of smaller facility costs and more flexibility combined with the added staff productivity and satisfaction is encouraging progressive companies to stay fully remote – but remote work brings its own cybersecurity risks.



Huntsman provides security technology to measure, report and reduce cyber risk to enable the digital transformation of governments and business to more efficient operating models, while at the same time complying with the increasing demands of legislative requirements.  Huntsman's 'Essential 8 Auditor' is a cybersecurity auditing tool that provides an objective, quantitative measure of an organisation’s cyber posture to determine and alert organisations to any gaps in key cyber defense strategies. The Essential 8  (E8) Framework was developed by the Australian Signals Directorate (ASD).  It is a prioritised list of practical security controls that organisations can implement to make their organisation’s information more secure and has been found to mitigate up to 85% of cyber attacks.  Avantia Cyber Security partners with Huntsman Security in Australia to offer and implement the Huntsman Essential Auditor Tool to organisations to find out where the cracks are in their cyber security posture.



Avantia Corporate Services Pty Ltd T/A Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, other members of the 5 Eyes Alliance, the Australian Cyber Security Centers, and other sources in 56 countries who provide cyber breach and cyber security information to us in real time. Given their international focus and experience in the cyberspace arena we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the contents accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.

*COPYRIGHT 2020* Avantia Corporate Services - All Rights Reserved.


bottom of page