Avantia Threat Update
THE 'ioT' AND 2019 - COMING TO A WORLD LIKE YOURS.
Updated: Jan 11, 2019
This week we report on how the ‘Internet Of Things’ or ioT will influence Cyber Security Risk in 2019. How ‘the day of reckoning’ has come for those responsible for many SamSam (Malware) attacks across the world and hackers targeting Spotify users.
THIS PAST WEEK’S TOP DARK ID TRENDS*:
Top Source Hits: ID Theft Forums (98%) Top Compromise Type: Domains Top Industry: Finance and Insurance (13%) Top Employee Count: 11-50 employees (45%)
THIS PAST WEEK’S TOP TARGETED INDUSTRIES:*
Consumer Goods Hits: 370 | Targets: Marriott International, Starwood Hotels & Resorts Worldwide, Inc., Huawei Technologies, Sony Corp
Service Hits: 364 | Targets: Marriott International, Starwood Hotels & Resorts Worldwide, Inc., Saks Fifth Avenue, Heartland Payment Systems, Skrill
Hospitality Hits: 357 | Targets: Marriott International, Starwood Hotels & Resorts Worldwide, Inc.
Tourism Hits: 325 | Targets: Marriott International
Software Hits: 275 | Targets: Quora, Adobe, Humble Bundle, Inc., Spotify, Google
THIS PAST WEEK’S TOP THREAT ACTORS*:
Hezbollah Hits: 111 | Targets: Israel, Lebanon, Iran, Syria, United States
BinarySec Hits: 20 | Targets: Islamic State in Iraq and the Levant, Texas, Tunisia, Ku Klux Klan, Central Intelligence Agency
CtrlSec Hits: 20 | Targets: Islamic State in Iraq and the Levant, Twitter, United Nations, United States, Tunisia
Syrian Electronic Army Hits: 20 | Targets: Skype, Twitter, United States Army, Facebook, Microsoft
Inj3ct0r Team Hits: 15 | Targets: WordPress, Joomla, Twitter, Apache HTTP Server, Symantec
THIS PAST WEEK’S TOP MALWARE DISCOVERIES*:.
Emotet Hits: 26 | Targets: Germany, United Kingdom, Banking, Microsoft Windows, United States
Wcry Hits: 19 | Targets: Boeing, Microsoft Windows, United Kingdom, Bitcoin, North Korea
NotPetya Hits: 16 | Targets: Ukraine, United Kingdom, Russia, A.P. Moller-Maersk, United States
Xrumer Hits: 16 | Targets: xevil, Brut, Valparaiso, A-Poster, Уничтожитель
Samsam Hits: 13 | Targets: Atlanta, Colorado Department of Transportation, Bitcoin, Allscripts, LabCorp
IN OTHER NEWS:
AI, IoT, And Edge Computing Drive Cybersecurity Concerns for 2019*.
What is the ‘Internet Of Things’ or ioT: The Internet of Things refers to the use of intelligently connected devices and systems to leverage data gathered by embedded sensors and actuators in machines and other physical objects. In other words, the IoT (Internet of Things) can be called to any of the physical objects connected with networks.
Connected systems are putting critical data and intellectual property at a security risk, according to Forcepoint's Cybersecurity Predictions Report, released Wednesday. By examining technology trends and the motivation behind cyberattacks, the report determined seven major areas of cybersecurity risk for 2019.
This past year saw several large-scale breaches, which greatly impacted user privacy, said the report. But in 2019, businesses can expect a number of advanced cybersecurity technologies to hit the market, offering new options for protection, according to the report.
Here are the seven areas of cybersecurity risk for 2019, according to Forcepoint:
1. The Winter of AI? Promises of machine learning and artificial intelligence enthrall marketers and media alike. If AI is about reproducing cognition, does cybersecurity AI really exist? How will attackers capitalize on a slowdown of AI funding?
2. Industrial IoT Disruption at Scale. Attacks on consumer IoT are prevalent, but the possibility of disruption in manufacturing and similar industries makes the threat all the more serious. Meltdown and Spectre have given attackers a way to target hardware vulnerabilities—cloud infrastructure may be next.
3. A Counterfeit Reflection. As phishing attacks persist, "SIM Swaps" undermine the effectiveness of two-factor authentication (2FA). Biometrics offer additional security by using data more unique to each end-user, but newfound vulnerabilities in facial recognition software lead experts to put faith into behavioral biometrics.
4. Courtroom Face-Off. What happens when an employer sues an employee on grounds they purposefully stole data or caused a breach? Several cases have now found their way to high-level courts—including one very public incident at Tesla—publicly highlighting deficient cybersecurity measures. How might workplace monitoring help establish intent and motive?
5. A Collision Course to Cyber Cold War. A result of fracturing trust between world powers, trade embargos have dominated the media in 2018. Industrial espionage presents a way for nation-states to acquire new technology they would have otherwise purchased legitimately. How will organizations keep intellectual property out of the hands of nation-state-sponsored hackers?
6. Driven to the Edge. Consumers exhausted by breaches and abuse of their personal data have led organizations to introduce new user privacy needs inside of the services they provide. Edge computing offers customers more control of their data, but a lack of consumer trust may prevent any such benefit.
7. Cybersecurity Cultures That Don't Adapt Will Fail. No partnership ever takes place without due diligence, which until now, has not taken a partner's cybersecurity programs into account. The introduction of "security trust ratings" will indicate to potential partners how safe it is to permit suppliers to handle PII (Personally Identifiable Information like Medicare Number/Drivers License Number/Tax File Number) or other critical data. How would cybersecurity culture play a part in these ratings? How would they affect supply chains?
The big takeaways:
· 2018 saw many large-scale data breaches, but 2019 will shift to more widespread, integrated cybersecurity concerns
· Industrial IoT disruption, phishing attacks, and edge computing present some of the largest areas of cybersecurity risks.
Iranians Get Their Just Deserts*
Two Iranian men living in New Jersey were indicted for using the infamous SamSam ransomware to collect over
$6million USD (7,981,320.00 CAD, 8,205,990.00 AUD, 5,278,320.00 EUR) and causing over $30 million USD ($39,906,600.00 CAD, $41,029,950.00 AUD, 26,391,600.00 EUR) in damages. SamSam is well known for its targeting of infrastructure, including hospitals.
Latest Phishing Campaign Targeting Users of Spotify*
A latest phishing campaign targeting users of Spotify have been discovered by the security experts. In this campaign, the hackers send phishing emails to the Spotify users that appear to have come from digital music streaming service itself.
Researchers from AppRiver, the cybersecurity firm, have discovered this phishing campaign (i.e. specifically targeting the users of Spotify). The hackers attack by luring targeted users of Spotify to click on the malicious links (i.e. a button) via a genuine-looking e-mail that is claimed to have been sent by Spotify itself. Once clicked, the new malicious page asks the targeted user (i.e. the victim) to enter their login credentials which then gets transmitted to attackers.
By a blog post, the researchers explained its discovery of this latest Spotify phishing campaign. As per their explanation in the report, the attacker needs the innocent user to click a green button having words "CONFIRM ACCOUNT". Above that button, the hacker further attempt to lure the user by having a text that urges the user to confirm account by saying "You're almost there. Confirm your account below to remove any restrictions on your Spotify account".
Upon clicking the "CONFIRM ACCOUNT" button, a new window having a login page will open. This malicious login site appears quite similar to legitimate Spotify login site, so as to confuse the user. Now the user (i.e. the victim) will lose his/her Spotify account details to attacker, when he/she enters the login credentials. As per the researchers, the login credentials also might allow the attackers to have access to various other banking and online accounts of the Spotify victims as many people unfortunately use similar username and password in multiple websites. Moreover, the cybercriminals behind this phishing campaign could sell these stolen credentials on the dark web also.
AppRiver cybersecurity analyst, David Pickett, told Threatpost that "knowing just one password for a victim opens the door to a multitude of attack vectors".
Iranian Hackers Target UK Universities teaching Cyber Security Courses.
Iranian cybercriminals tried to hack into U.K. universities offering government-certified cybersecurity courses, successfully accessing at least one university’s accounts during a campaign lasting months.
The hacking group has targeted at least 18 British universities, according to researchers. The list includes top-flight institutions. But it also includes less well-known destinations which are notable for being among a select group certified by the National Cyber Security Centre (NCSC) to provide degrees in cybersecurity.
It is not known whether the universities were singled out because of their affiliation, but half of those targeted by the hackers are on the NCSC-certified list, including Warwick and Lancaster. The attacks are believed to be linked to a previous campaign which US officials blamed on Iranians, in which dozens of universities were hacked and their research published on two Iranian websites.
People with U.K. university log-ins were sent phishing emails to trick them into giving up their passwords.
Threat Focus: Just Urban (United Kingdom.)*
Exploit: Exposed database. Just Urban: A London-based start-up, used for booking massages. Risk to Small Business: 2 = Severe: The damage dealt by this breach to a small or new business could stunt the growth of the company and even cause a loss of clients. Some of the data exposed included complaints about clients. While it is important for the employees of a massage company, especially one that goes to a person’s home, to share if a certain client is inappropriate - most organizations could face severe backlash from their customer base if complaints about them surfaced. Customers Impacted: 309,000. Effect on Customers: In any organization, the exposure of complaints against customers is highly embarrassing in addition to being bad for business. The reasons why the complaints exist make sense in the context of the organizations operations but is still a damaging blow to the standing of the company with its clients. Most organizations would not have the justification for keeping such complaints on file, and NO organization can justify leaving a database exposed with sensitive business and client information. It could take years for an organization that experiences a breach such as this to recover and regain trust.
Risk Levels: 1 - Extreme Risk 2 - Severe Risk 3 - Moderate Risk *The risk score is calculated using a formula that takes into account a wide range of factors related to the assessed breach.
The Evolution of a Phish* A new report has shed light on the fact that not only are email-based attacks on the rise, but they are spreading at an alarming rate. Cyber criminals have been shuffling their decks of targets, as 99% of the most heavily targeted email addresses this quarter are different than those targeted in Q3. The phishing emails now are more likely to show up in the inbox of your marketing, public relations, and human resources departments. The reasoning behind this shift is that these teams have access to information about earnings and employee records. It is important to stay agile in cybersecurity, as cyber criminals are always adapting to find new ways to compromise credentials and hack into organizations.
* Disclaimer: Avantia Corporate Services Pty Ltd provides the content in this publication to the reader for general information only and has compiled the content from a number of sources in the USA and up to 56 other countries who provide cyber breach information to us in real time. Given their international focus and experience in the cyberspace arena we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the contents accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions.