Search
  • Avantia Threat Update

STOP RANSOMWARE: THE WARNING & SIGNS YOU ARE UNDER ATTACK


THIS PAST WEEK: Are you already under attack from Ransomware; How Criminals posed as staff to collect Credit Card info from guests at the Ritz Hotel, London, UK;  Carnival Cruises hit by Ransomware; US Army exposes N. Korean Cyber Warfare Capabilities; ‘Oblivious’ staff working at home ignore cyber security risks; Cybersecurity educators get taken to school by bad actors; The ancestral home of cybersecurity gets hit with a third party data breach; Credential stuffing rocks Canada’s Revenue Authority; Unexpected risks to businesses as kids head back to school and parents continue working remotely and Major Data Breaches in AUSTRALIA; FRANCE; JAPAN; CANADA; UNITED KINGDOM: UNITED STATES.


Dark Web ID’s Top Threats

Top Source Hits: ID Theft Forum

Top Compromise Type: Domain

Top Industry: Aerospace & Defense

Top Employee Count: 11-50

______________________________________________________________________________

RANSOMWARE: THESE WARNING SIGNS COULD MEAN YOU ARE ALREADY UNDER ATTACK.

There are as many as 100 claims to insurers over ransomware attacks every day, according to one estimate. And as the average ransomware attack can take anywhere from 60 to 120 days to move from the initial security breach to the delivery of the actual ransomware, that means hundreds of companies could have hackers hiding in their networks at any time, getting ready to trigger their network-encrypting malware. So what are the early indicators for companies that are trying to spot a ransomware attack before they cause too much damage? Any what should they do if they discover an attack in progress? "Look at your environment and understand what your RDP exposure is, and make sure you have two-factor authentication on those links or have them behind a VPN," said Jared Phipps, VP at security company SentinelOne.

[Remote Desktop Protocol (RDP) is a connection protocol developed by Microsoft to provide users with a graphical interface while connected to another computer over a network connection. ... ] Coronavirus lockdown means that more staff are working from home, and so more companies have opened up RDP links to make remote access easier. This is giving ransomware gangs an opening, Phipps said, so scanning your internet-facing systems for open RDP ports is a first step. Another warning sign could be unexpected software tools appearing on the network. Attackers may start with control of just one PC on a network – perhaps via a phishing email (indeed, a spate of phishing emails could be an indicator of an attack, and if staff are trained to spot them this could provide an early warning). With this toe-hold in the network, hackers will explore from there to see what else they can find to attack.  That means using network scanners, such as AngryIP or Advanced Port Scanner. If these are detected on the network, it's time to check in with your security team. If no one internally admits to using the scanner, it is time to investigate, according to tech security company Sophos, which has outlined some of the signs that a ransomware attack could be underway in a recent blog post.  Another red flag is any detection of MimiKatz, which is one of the tools most regularly used by hackers, along with Microsoft Process Explorer, in their attempts to steal passwords and login details, Sophos said. Once they've gained access to the network, ransomware gangs will often next try to increase their reach by creating administrator accounts for themselves, for example in Active Directory, and use that extra power to start disabling security software using applications created to assist with the forced removal of software, such as Process Hacker, IOBit Uninstaller, GMER, and PC Hunter, said Sophos. "These types of commercial tools are legitimate, but in the wrong hands, security teams and admins need to question why they have suddenly appeared," the security firm said. To stop this happening, companies need to look for accounts that are created outside of your ticketing system or account management system, said SentinelOne's Phipps. Once the attackers have gained administrator powers, they then attempt to spread further across the network, using PowerShell. The whole project can take weeks, and maybe even months, for the ransomware gangs to execute. That's partly because the slower they move through the computer network, the harder they are to spot. And many security tools only record traffic on the network for a certain amount of time, which means if the hackers hold on for a while it becomes much harder for security teams to work out how they got into the system in the first place. "It's like a flight data recorder: if you wait long enough, it records over the attack and there's no evidence they've figured that out," said Phipps. "It makes it harder for people to figure out and do the investigation because all the security tools they have show no data on entry. "There are also some clear signs that a ransomware attack is getting close to completion. The attackers will attempt to disable Active Directory and domain controllers, and corrupt any backups they can find, as well as disabling any software deployment systems that could be used to push patches or updates. "And then they'll hit you with the attack," said Phipps. Sophos also noted that at this point the gang may attempt to encrypt a few devices just to see if their plan is going to work: "This will show their hand, and attackers will know their time is now limited. "So how to stop the attackers once they are in? According to Phipps, the most important thing is to get control of the RDP sessions, because that stops the attackers coming in and cuts off their command-and-control access. Other steps, like forcing a password change across core systems, can be useful – but if the hackers are able to use RDP to get back into the network, steps like that will be undermined. It's also important to monitor for unexpected admin accounts appearing, and firms should consider monitoring or limiting PowerShell usage.  How can you make your organisation a harder, and therefore less attractive, target for ransomware gangs to consider? Keeping software patched and up to date is key here; many ransomware attacks rely on software flaws to work, but most of these flaws have long been fixed by software companies – you just have to administer the patch. For ransomware attacks that come via email, training staff not to click on random links, and combining strong passwords with two-factor authentication across as many systems as possible, will also help to deter or slow down attackers.


RITZ LONDON HOTEL SUSPECTS DATA BREACH, CRIMINALS POSE AS STAFF IN CREDIT CARD FRAUD

The Ritz Hotel in London has launched an investigation into a data breach in which scammers may have posed as staff members to steal credit card data.  In a series of messages posted to Twitter dated August 15, the luxury hotel chain said that on August 12, the company was made aware of a "potential data breach within our food and beverage reservation system." Ritz London added that this may have led to the compromise of "some of our clients' personal data." While the hotel said that the security incident did not include any credit card details or payment information, the leaked data may have been used in a social engineering scam designed to steal more valuable financial information -- straight from the source.  As reported by the BBC, scammers have phoned Ritz restaurant reservation holders with the "exact" details of their bookings, while requesting the confirmation of their payment card details.  The fraudsters, pretending to be Ritz employees, used call ID spoofing to appear to be from the hotel.  One guest speaking to the publication said a scammer called her a day before she was due to visit the Ritz for afternoon tea. After requesting that she "confirm" her details, the fraudster said her card had been declined and then requested a second payment card. Information in hand, the scam artist then tried to make a number of transactions exceeding £1000 from retailer Argos.  However, the guest's bank spotted the odd payments. Perhaps aware this was likely to happen, the scammer then called again -- but this time, pretended to be from her bank in order to obtain the three-digit security code from the back of the payment card, which would authorize future transactions made.  Another woman told the BBC that the same tactics were used on her, but she dismissed the call after the fraudster on the other end of the line was not able to provide details relating to the hotel -- knowledge that a true employee would possess.  It is not known how widespread this scam is, or how many people have been targeted. The Ritz hotel has emailed customers, emphasizing that staff will not call them after a reservation is made.  "We immediately launched an investigation to identify the cause of the breach, which is ongoing, to find out what happened, how and to prevent this from happening again," the hotel chain says.  The UK's Information Commissioner's Office (ICO) has been informed of the security incident.


WORLD’S LARGEST CRUISE LINE OPERATOR ‘CARNIVAL’ HIT BY RANSOMWARE.

Cruise line operator Carnival Corporation has disclosed that one of their brands suffered a ransomware attack over the past weekend. Carnival Corporation is the largest cruise operator in the world with over 150,000 employees and 13 million guests annually. The cruise line operates under the brands Carnival Cruise Line, Costa, P&O Australia, P&O Cruises, Princess Cruises, Holland American Line, AIDA, Cunard, and their ultra-luxury cruise line Seabourn. In an 8-K form filed with the Securities and Exchange Commission (SEC), Carnival Corporation has disclosed that one of its brands suffered a ransomware attack on August 15th, 2020. "On August 15, 2020, Carnival Corporation and Carnival plc (together, the “Company,” “we,” “us,” or “our”) detected a ransomware attack that accessed and encrypted a portion of one brand’s information technology systems. The unauthorized access also included the download of certain of our data files," the cruise line operator stated in their filing. As part of the attack, Carnival states data was likely stolen and could lead to claims from those affected by the potential data breach. "Nonetheless, we expect that the security event included unauthorized access to personal data of guests and employees, which may result in potential claims from guests, employees, shareholders, or regulatory agencies," The filing does not indicate the ransomware operation that compromised their network, and there are close to twenty different gangs that steal and leak unencrypted files as part of their attacks. This ransomware attack comes on the heels of a data breach announced in March 2020 that led to the exposure of customers' personal information, including possible payment information. BleepingComputer contacted Carnival with further questions about the attack, but they are not providing any additional information. "We are not planning to discuss anything beyond the 8K filing at this point since it is early in the investigation process," Carnival told BleepingComputer. According to cybersecurity intelligence firm Bad Packets, Carnival utilizes vulnerable edge gateway devices that allow an attacker to gain access to a corporate network. The CVE-2019-19781 vulnerability is for Citrix ADC (NetScaler) devices that, when exploited, allow a hacker to gain access to the company's internal network. Patches for this vulnerability were released in January 2020. The other vulnerability, CVE-2020-2021, exists in Palo Alto Networks firewalls and allows unauthenticated network-based attackers to bypass authentication. This vulnerability was patched at the end of June 2020. Either of these vulnerabilities can be abused by ransomware operators to gain access to a corporate network silently. Once the attackers gain access, they spread laterally to other computers and harvest network credentials. When they gain control over an administrator account and the Windows domain controller, the attackers deploy the ransom While it is not known if either of these vulnerabilities were used in Carnival's attack, they are commonly abused by ransomware operators in these types of attacks.


U.S. ARMY REPORT DESCRIBES NORTH KOREA’S CYBER WARFARE CAPABILITIES.

A report published recently by the U.S. Army describes North Korea’s cyber warfare capabilities and provides information on various units and their missions. The 332-page report, titled “North Korean Tactics,” details North Korean forces and their actions, and one chapter focuses on electronic intelligence warfare, which Pyongyang allegedly uses to collect information on its enemies, deceive its enemies, and launch disruptive and destructive attacks, particularly ones aimed at communication and information systems and infrastructure. North Korea’s electronic warfare includes both lethal and non-lethal methods. Non-lethal methods include electronic jamming and signals reconnaissance, while lethal methods can include physical destruction of targets supporting its enemy’s decision-making process. In terms of computer warfare, the Army says North Korea primarily conducts these types of attacks because they represent a low-cost and low-risk method for targeting the enemy’s computers, they can be used to counter the enemy’s superior conventional military capabilities, and they can “upset the status quo with little fear of retaliation.” “North Korean computer warfare activities may be conducted prior to or during a military action. For example, by damaging or destroying networks related to an enemy’s projected force deployments and troop movements, the [Korean People’s Army (KPA)] can effectively disrupt planning and misdirect movement, producing substantial confusion and delays. As modern armies increasingly rely on ‘just-in-time’ logistics support, targeting logistics-related computers and databases can produce delays in the arrival of important material such as ammunition, fuel, and spare parts during critical phases of a conflict,” the report reads. The unit responsible for cyber warfare is called the Cyber Warfare Guidance Unit, and it’s often referred to as Bureau 121. The Army says Bureau 121 has more than 6,000 members, with many operating from countries such as China, Russia, India, Malaysia and Belarus. It’s worth pointing out that South Korea’s defense ministry estimated in 2015 that North Korea had an elite cyber warfare unit with up to 6,000 members. The Army says Bureau 121 has four main subordinate groups. One of them is Lazarus, which has an unknown number of members and which is believed to be responsible for many of the high-profile cyberattacks launched by North Korea over the past years. Another group is called Andarial (Andariel), which has roughly 1,600 members and whose mission is to conduct reconnaissance operations in preparation of further attacks. The Bluenoroff group has approximately 1,700 members and it focuses on financially-motivated campaigns. The U.S. Treasury Department last year placed sanctions on Andarial, Lazarus, and Bluenoroff. The fourth and final group is the Electronic Warfare Jamming Regiment, which focuses on jamming enemy communications.


WORKING FROM HOME CAUSES SURGE IN SECURITY BREACHES, STAFF ‘OBLIVIOUS’ TO BEST PRACTICES.

The COVID-19 pandemic shows little sign of slowing down, and for many businesses, employees are still working remotely and from home offices.  While some companies are gearing towards reopening their standard office spaces in the coming months -- and have all the challenges associated with how to do so safely to face -- they may also be facing repercussions of the rapid shift to remote working models in the cybersecurity space.  In the clamor to ensure employees could do their jobs from home, the enterprise needed to make sure members of staff had the right equipment as well as network and resource access. However, according to Malwarebytes, the rushed response to COVID-19 in the business arena has created massive gaps in cybersecurity -- and security incidents have increased as a result.  Recently, the cybersecurity firm released a report (.PDF), "Enduring from Home: COVID-19's Impact on Business Security," examining the impact of the novel coronavirus in the security world.  Company telemetry and a survey conducted with 200 IT and cybersecurity professionals suggest that since the start of the pandemic, remote workers have caused a security breach in 20% of organizations.  As a result, 24% of survey respondents added that their organizations had to pay unexpected costs to address cybersecurity breaches or malware infections after shelter-in-place orders were imposed.  In total, 18% of those surveyed said cybersecurity was not a priority, and 5% went further -- admitting their staff were "oblivious" to best security practices. According to the cybersecurity firm, business email compromise, the quick shift to cloud services -- which may include improperly-configured buckets or access controls -- and improperly secured corporate Virtual Private Networks (VPNs) are all contributing to the emerging issue.  In addition, phishing email rates relating to COVID-19 have surged, with thousands of separate campaigns and fraudulent domains connected to the pandemic coming under the scrutiny of multiple security firms.  The UK National Health Service (NHS)'s key workers, for example, were hit with roughly 40,000 spam and phishing attempts between March and the first half of July, at the height of the pandemic in the country.  Malwarebytes cited NetWiredRC and AveMaria, remote desktop access-capable malware families, as common payloads for COVID-19-related phishing schemes. 

pic of graph

Roughly 75% of survey respondents were positive about the transition to remote working, but 45% said that no additional security checks or audits were performed to check the security posture of these necessary changes. In addition, while 61% of organizations did provide their staff with remote working devices, 65% did not consider the deployment of any new security tools together with the equipment.  "Threat actors are adapting quickly as the landscape shifts to find new ways to capitalize on the remote workforce," said Adam Kujawa, director at Malwarebytes Labs. "We saw a substantial increase in the use of cloud and collaboration tools, paired with concerns about the security of these tools. This tells us that we need to closely evaluate cybersecurity in relation to these tools, as well as the vulnerabilities of working in dispersed environments, in order to mitigate threats more effectively."

______________________________________________________________________________


THREAT FOCUS: United States –  Michigan State University - UNITED STATES

https://apnews.com/876fddc3c0b7dc1cc4ad0a7d6a19fb23


Exploit: Malware

Michigan State University: Institution of Higher Learning 

Risk to Small Business: 2.171 = Severe - Just in time for back to school, attackers were able to steal credit card and personal information from roughly 2,600 users of Michigan State University’s online store. Cybercriminals used malicious scripts designed to harvest and exfiltrate customers’ payment cards between Oct. 19, 2019, and June 26, 2020.

Individual Risk: 2.311 = Severe - MSU is notifying all potentially affected customers of the data breach and is offering free identity protection and credit monitoring.

Customers Impacted: 2,600

How it Could Affect Your Business: Magecart or skimming attacks are a regular tool of the trade for cybercriminals and the data that they collect often ends up for sale on the Dark Web.

Breach Risk Levels

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk

Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: More than 65% of the data on the Dark Web can damage businesses. Put the power of Dark Web ID to work for your clients to guard against credential compromise danger. Call 07 3010 9711 today for a free ‘real time’ demonstration to discover if your critical credentials are listed on the Dark Web for sale to Cuber Criminals to exploit.

THREAT FOCUS: Brown-Forman Liquor - UNITED STATES

https://www.infosecurity-magazine.com/news/jack-danielsmaker-suffers-revil/?&web_view=true


Exploit: Ransomware

Brown-Forman: Wine and Spirits Conglomerate

Risk to Small Business: 1.979 = Severe - REvil ransomware strikes again, this time at beverage giant Brown-Forman, the maker of Jack Daniel’s and other spirits. Although the company has been mum on the details of the attack aside from claiming it successfully prevented attackers from encrypting its files, the cybercriminal gang says that 1TB of corporate data is now in their hands and it will most likely be leaked online in batches.

Individual Risk: No individual data has been reported as compromised in this breach.

Customers Impacted: Unknown

How it Could Affect Your Business: Ransomware often makes its way into company inboxes in the form of a phishing email. Phishing resistance training must be a crucial component of any company’s cybersecurity strategy.

Breach Risk Levels

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk

Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: Security awareness and phishing resistance training is not something companies can afford to cut back on. The cost-effective solutions in our digital risk protection platform fulfill the need for updated training without breaking the bank. Call Avantia on 07 30109711 and learn how a BullPhish ID Staff penetration Test can assist you in finding the ‘weak links’ in your chain. 

THREAT FOCUS: FHN Healthcare - UNITED STATES

https://portswigger.net/daily-swig/medical-records-exposed-in-data-breach-at-illinois-healthcare-system


Exploit: Email Account Compromise

FHN: Healthcare System 

Risk to Small Business: 1.870 = Severe - In a just disclosed incident, an unspecified “email account compromise” of “several” employee accounts resulted in a data breach that impacted patient PII (Personally Identifiable Information) at FHN healthcare facilities in Illinois. An unauthorized party was detected accessing employee email accounts on February 12 and 13. Information that may have been exposed in the breach included some patients’ names, dates of birth, medical record or patient account numbers, health insurance information, and limited treatment and/or clinical information, such as provider names, diagnoses, and medication information. In some instances, patients’ health insurance information and/or Social Security numbers were also identified as exposed in the compromised email accounts. 

Individual Risk: 1.821 = Severe

Not all patients of FHN were impacted, and FHN has contacted those patients were as well as offering complimentary credit monitoring and identity protection services to those patients whose Social Security numbers and/or drivers’ license numbers were exposed in the incident.

Customers Impacted: Unknown

How it Could Affect Your Business: Not only will this cause customer anger, this breach will also incur a potentially substantial HIPPA violation penalty. Placing better protections, including multifactor authentication, on systems that handle sensitive data can prevent incidents like this from happening.

Breach Risk Levels

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk

Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & Passly to the Rescue: With Passly, get the secure identity and access management solutions that you need to protect your systems and data in today’s remote work landscape at a price that you can afford, including multi-factor authentication, single sign-on, and secure password storage. Find out more by phoning Avantia on 07 30109711 or Click the link to get started: https://www.avantiacybersecurity.com/overwatch

THREAT FOCUS: SANS Institute - UNITED STATES

https://www.infosecurity-magazine.com/news/sans-phishing-attack/?&web_view=true


Exploit: Phishing/Accidental Data Sharing

SANS Institute: Cybersecurity Education and Certification

Risk to Small Business: 1.875 = Severe - Somebody needs to stay after class for extra tutoring at SANS Institute after an accidental data sharing incident led to a data breach that exposed over 28,000 PII records. The information was apparently mistakenly forwarded to an outside party. The forwarded emails included files that contained some subset of email, first name, last name, work title, company name, industry, address, and country of residence. One phishing email resulted in 513 emails full of PII being forwarded to the external address and malicious Office 365 add-on was also installed on the infected machine as part of the attack. Individual Risk: No sensitive data or financial information was reported as stolen. 

Customers Impacted: Unknown

How it Could Affect Your Business: The most common delivery system for ransomware is a phishing email – and 90% of incidents that end in a data breach start with a phishing email. Boosting phishing resistance is essential to lower the chance of a successful ransomware attack.

Breach Risk Levels

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & Passly to the Rescue: With Passly, get the secure identity and access management solutions that you need to protect your systems and data in today’s remote work landscape at a price that you can afford, including multi-factor authentication, single sign-on, and secure password storage. Find out more by phoning Avantia on 07 30109711 or Click the link to get started: https://www.avantiacybersecurity.com/overwatch

THREAT FOCUS: Canadian Revenue Authority - CANADA

https://globalnews.ca/news/7281074/cra-hack-online-services/


Exploit: Credential Stuffing

Canadian Revenue Authority: Government Agency

Risk to Business: 1.412 = Extreme - A series of cybersecurity incidents have rocked then Canadian Revenue Authority, leading to a complete shutdown of services that may take some time to restore. In three credential stuffing attacks, hackers compromised the usernames and passwords of thousands of accounts. Over the course of several days, the first and largest attack targeted GCKey accounts, the second attack took advantage of a “vulnerability in security software”, and the third resulted in the CRA suspending online services while it assessed the breach and attempted mitigation.

Individual Risk: 2.511 = Moderate - About 15,000 accounts are known to have been compromised, but the investigation is complex and ongoing. Service is expected to be restored for online users this week.

Customers Impacted: 15 million

How it Could Affect Your Business: Credential stuffing attacks are so successful because password reuse and recycling are endemic. Even though most people know that it’s dangerous, it’s still incredibly common – and incredibly risky for businesses who fail to secure their access points.

Breach Risk Levels

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & Passly to the Rescue: With Passly, get the secure identity and access management solutions that you need to protect your systems and data in today’s remote work landscape at a price that you can afford, including multi-factor authentication, single sign-on, and secure password storage. Find out more by phoning Avantia on 07 30109711 or Click the link to get started: https://www.avantiacybersecurity.com/overwatch

THREAT FOCUS: Bletchley Park Trust - UNITED KINGDOM

https://www.bbc.com/news/technology-53771942


Exploit: Third Party Breach Exposure

Bletchley Park Trust – Non-Profit Organization 

Risk to Small Business: 2.707 = Moderate - Another victim of the Blackbaud breach, the Bletchley Park Trust announced that its donor information has been compromised. It’s just the latest addition to a huge list of universities, trusts, charities, and non-profit organizations that have been impacted by the massive breach at fundraising giant Blackbaud in July. Individual Risk: No sensitive data or financial information was reported as stolen. 

Customers Impacted: Unknown

How it Could Affect Your Business: Third party risks are a constant in today’s business world, as more companies rely on online transactions to do business, and organizations contract outside providers to deliver specialty services like accounting or fundraising.

Breach Risk Levels

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: More than 65% of the data on the Dark Web can damage businesses. Put the power of Dark Web ID to work for your clients to guard against credential compromise danger. Call 07 3010 9711 today for a free ‘real time’ demonstration to discover if your critical credentials are listed on the Dark Web for sale to Cuber Criminals to exploit.

THREAT FOCUS: SPIE Group - FRANCE

https://securityaffairs.co/wordpress/106969/malware/nefilim-ransomware-spie-group.html?web_view=true


Exploit: Ransomware

SPIE Group: Energy and Communications Services

Risk to Small Business: 2.137 = Severe - Nefilim ransomware operators claim to have infiltrated SPIE Group, a major European technical services provider and exfiltrated a large amount of proprietary data. In an initial ransom post on their website, the cybercriminals released 65,042 files contained in 18,551 data folders as a “first installment” and have promised more if their demands aren’t met.

Individual Risk: No personal information was reported as stolen in this incident.

Customers Impacted: Unknown

How it Could Affect Your Business: Although we can’t be sure how it happened, ransomware is almost inevitably the result of a phishing attack that successfully lured in a staffer. Phishing attacks aren’t just email attachments anymore – they can be delivered through SMS, text, and messaging too.

Breach Risk Levels

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & BullPhish ID: Designed to protect against human error, Bullphish ID simulates phishing attacks that can lead to ransomware attacks and manages security awareness training campaigns to educate employees, making them the best defense against cybercrime. Training including video is now available in 8 languages! Learn more by calling Avantia on 07 30109711 or contacting us at info@avantiacorp.com.au today.

THREAT FOCUS: Konica-Minolta - JAPAN

https://securityaffairs.co/wordpress/107226/cyber-crime/konica-minolta-ransomware.html?&web_view=true


Exploit: Ransomware

Konica Minolta: Optical Products Company 

Risk to Small Business: 2.335 = Severe -The Japanese technology giant fell victim to a ransomware attack in late July that impacted business services and operations. Cybercriminals were able to deploy RansomEXX malware, a new variety of human-operated ransomware that encrypts systems but does not exfiltrate data. No other information has been made available about the attack.

Individual Risk: No data was reported stolen in this incident.

Customers Impacted: Unknown

How it Could Affect Your Business: Most ransomware attacks are the result of a phishing, and no company is immune to the impact of today’s biggest cybersecurity menace.

Breach Risk Levels

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk

Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & BullPhish ID: Designed to protect against human error, Bullphish ID simulates phishing attacks that can lead to ransomware attacks and manages security awareness training campaigns to educate employees, making them the best defense against cybercrime. Training including video is now available in 8 languages! Learn more by calling Avantia on 07 30109711 or contacting us at info@avantiacorp.com.au today.

THREAT FOCUS: ACT Education Directorate - AUSTRALIA

https://www.itnews.com.au/news/act-education-blocks-student-gmail-access-after-spam-email-storm-551773


Exploit: Credential Stuffing

ACT Education Directorate – Government Agency 

Risk to Small Business: 2.301 = Severe - ACT Education was forced to block all public school students from accessing their Google email accounts after a spamming and credential stuffing incident led to students being exposed to lewd material – and the exposure of some students’ personal data. The educational authority is investigating the incident, and conflicting reports attribute the incident to either credential stuffing or internal hacking, possibly by a student.

Individual Risk: No data was reported stolen in this incident.

Customers Impacted: Unknown

How it Could Affect Your Business: Cybersecurity awareness is more important than ever for people of every age. Without updated, consistent security awareness and phishing resistance training, standards can slip and incidents like this can become major headaches.

Breach Risk Levels

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Corporate Services & ID Agent to the Rescue: Are you aware of the risk of danger from improper training and the need to employ a consistently updated phishing resistance training solution. BullPhish ID adds 4 new training kits and 4 new video lessons each month to keep staffers on guard against potential attacks. Call 07 30109711 now to find out more.


POSTSCRIPT.


Email Security Training Has Never Been More Important – or Worse. A recent report from Mimecast on the state of email security raised some interesting data points. Although most companies are aware of the risk to their organization from email-based threats, many of them are still failing at doing anything to effectively stem the tide of dangers. One of the most disturbing statistics of note is that only 1 in 5 companies provide regular email security and phishing resistance training to their employees. Even with 57% of the companies surveying saying that they had been impacted by a ransomware attack, and a hugely publicized 600% increase in phishing attack attempts since the start of the global pandemic, companies are still failing to take security awareness training seriously.

FAILURE TO PREPARE IS AN EMERGENCY

Cybersecurity and phishing awareness training sounds like something that can be put off until they have more time or more money, but it isn’t – it’s crucial for maintaining their data security. Employee security awareness training, like phishing resistance training with BullPhish ID, can reduce the risk of a cybersecurity incident impacting a company by up to 70%. With 80% of the survey respondents agreeing that email volume is only going to increase, and that fact being borne out by current events like the Great Work From Home and distance learning pitfalls, regularly updated email security training has to be a high priority for every organization.

EMAIL SAFETY TRAINING SHOULDN’T WAIT

BullPhish ID is ideal for remote or in-office workers. With simple remote management and fully stocked plug-and-play phishing kits available, you can easily divide workers into custom groups for training campaigns and run scenarios including mew COVID-19 threats. Simple online testing tools allow administrators to quickly see who needs more training. At a time when everyone’s budget is a little tight, no one can afford a disastrous data breach or ransomware incident. A little extra expenditure on security awareness and phishing resistance training now means that businesses are more likely to avoid that nasty consequence later.


IoT (Internet Of Things) and Home Router Vulnerabilities Can Spell Trouble For Businesses

As kids start heading back to class, and parents work to find a new home/life balance, things have changed a bit from the usual back-to-school routine. Unlike in past years, most everyone is doing their thing by logging in from home – and that can create an unexpected danger for your business. While we’ve been at home during the pandemic, many people realized that their homes could use a little sprucing up. Maybe they had time that they didn’t usually have to research new devices, or they decided to treat themselves at a dark time. For many folks, that translated into fun conveniences like smart plugs, a digital assistant, or a robot vacuum that can be controlled by an app. The Internet of Things (IoT) devices have never been more popular – 5.8 billion home and auto IoT devices are expected to connect to the internet this year. While these small creature comforts may not seem like a source of harm for your business, they can be – 57% of IoT devices are vulnerable to medium or high severity attacks. That means that if a cybercriminal hacks into an employee’s smart plug, then uses that opening to get into their smartphone, then slips through another opening to get into their business email account – you’ve been hacked, and the resulting danger to your systems and data is no different than it would be if the same thing happened from a hacker penetrating your enterprise security directly. So how can companies combat this danger? The fastest way is to add a secure identity and access management solution like Passly. Multifactor Authentication (MFA) provides a crucial extra layer of security between hazards like this and your data. Adding MFA means that you can rest a little easier knowing that no matter how a cybercriminal manages to sneak past your security, they won’t be able to affect your business severely – helping alleviate one source of stress in uncertain times.


__________________________________________________________________________________


AVANTIA CYBER SECURITY - PARTNER FOCUS


Huntsman provides security technology to measure, report and reduce cyber risk to enable the digital transformation of governments and business to more efficient operating models, while at the same time complying with the increasing demands of legislative requirements.  Huntsman's 'Essential 8 Auditor' is a cybersecurity auditing tool that provides an objective, quantitative measure of an organisation’s cyber posture to determine and alert organisations to any gaps in key cyber defense strategies. The Essential 8  (E8) Framework was developed by the Australian Signals Directorate (ASD).  It is a prioritised list of practical security controls that organisations can implement to make their organisation’s information more secure and has been found to mitigate up to 85% of cyber attacks. 


FOR MORE INFORMATION ON HUNTSMAN DEFENSE GRADE CYBER SECURITY, PLEASE CONTACT AVANTIA CYBER SECURITY

ON +61 7 30109711 / info@avantiacorp.com.a

Disclaimer*:

Avantia Corporate Services Pty Ltd T/A Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, other members of the 5 Eyes Alliance, the Australian Cyber Security Centers, and other sources in 56 countries who provide cyber breach and cyber security information in real time. Given their international focus and experience in the cyberspace arena we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the contents accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.

*COPYRIGHT 2020* Avantia Corporate Services - All Rights Reserved.

(15,002,600)


Want The Information  Cyber Criminal's  Don't Want You To Know?

Subscribe below to receive our weekly Threat Updates straight to your inbox.

Call (07) 3010 9711 

info@avantiacorp.com.au

 

Avantia Corporate Services Pty Ltd,                    Level 7, 320 Adelaide Street

Brisbane, Queensland 4000

AUSTRALIA.

  • LinkedIn Social Icon
  • Facebook Social Icon

DISCLAIMER*: Avantia Corporate Services Pty Ltd and Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, and up to 56 other countries who provide cyber breach and cybersecurity information to us in real-time. Given their international focus and experience in the cyberspace arena, we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the content's accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.

*COPYRIGHT 2020* Avantia Corporate Services  PTY LTD - All Rights Reserved.