top of page
  • Writer's picture Avantia Threat Update



The world’s first Artificial Intelligence ‘personnel vetting‘ officer gets to work vetting employees; The potential of A.I. driven security operations; Ransomware criminals launch data auction; Malware stalks publishing platforms; Hackers target German firm tasked with procuring medical equipment; Bogus ‘Contact Tracing‘ Apps (for Covid-19) deployed to steal data; Glaring oversights lead to data disasters; Ransomware puts governance out of action; A new study shows the enormous cost of data breaches and Major Breaches in SPAIN; NEW ZEALAND; UNITED KINGDOM; CANADA and UNITED STATES.  

Dark Web ID Trends:

Top Source Hits: ID Theft Forums

Top Compromise Type: Domains

Top Industry: Education & Research

Top Employee Count: 501+



With Cyber Security experts estimating that up to 70% of all Data Breachers are caused by company insiders including 30% of these breaches being malicious, it is vital for organisations to compete regular background employee checks as part of their ‘Cyber Risk Mitigation Strategy’. Background vetting includes a confidential one-on-one background screening interview covering areas such as criminal history, illegal drug use, financial stress, adverse work behavior, security breaches, false or inflated CVs and more. Initial vetting interviews are conducted by digital worker, Stephanie, the world’s first PSPF-compliant Augmented Intelligence (AI) screening solution custom-built for Australian employers to access. Stephanie, is a human-looking digital worker that uses natural language processing, sentiment analysis and deep learning and in the background, she is able to analyse a person for the appropriate levels of Honesty, Trustworthiness, Tolerance, Maturity, Loyalty and Resilience. After the interview is complete, machine learning algorithms are used that match the subjects information with the Australian Government personnel security protocols, adjudicative guidelines and standards. The AI-generated report is then carefully moderated by qualified human vetting officers. The turn-a-round is fast, accurate, and costs are relatively low.

Risks Of a Compromised Employee are Significant - The Facts:

1 in 5 fraudulently lied on their Resume.

1 in 5 Data Breaches are caused by malicious employees

1 in 33 Retail employees have stolen from their Employer

5% of Annual Revenue is lost due to Occupational Fraud

3 in 5 Subjects who have criminal convictions fail to admit them even when asked during vetting.

1 in 6 Employees working with Children Card Holders have a Criminal Record

1 in 50 Employees are currently using the illegal drug ICE

1 in 38 Employees are currently using Marijuana illegally.

More than 400,000 people in Australia have been screened using the Protective Security Policy Framework (PSPF) of the Australian Government’s Personnel Security Protocols. It is by far Australia’s most widely used, comprehensive and consistently applied integrity standard.  Since 2010, Avantia’s Partner - ‘Cleard life’ have been entrusted by the Australian Government and Fortune 500 companies to provide discreet, timely and accurate screening solutions. It is imperative for businesses of all sizes implement a ‘trusted insider threat’ program as part of their Cyber Security Posture. Trust, not loyalty is the new commodity and making sure, really sure, staff are trustworthy is a logical element to this. Scalable plans means that Stephanie can assist small businesses to make sound decisions as well as having the capacity to help with the customised screening needs of larger corporations.

For more information on the solution to employee vetting (regardless of their tenure ) that is Cost Effective, Fast and Non Threatening to the Subject please call Avantia Corporate Services on +61 7 30109711 or Email


Managing security is an increasingly complicated task for a number of reason. First, networks are expanding rapidly, and many organizations have found that their visibility across the network has been significantly reduced. “Siloed” security tools and isolated network development and security projects have resulted in vendor sprawl, which means more management consoles to track and more data that isn’t being correlated quickly enough to detect fast-moving threats. The other issue is the security skills gap. When finding people with even general security skills is becoming increasingly difficult, finding individuals with specialised skills, such as security analysts, is becoming nearly impossible. But without enough skilled people on the IT staff to analyse the growing volume of data being generated, threats get missed, or they get discovered too late to do anything about them. Traditionally, Machine Learning (ML) and Artificial Intelligence (AI) are used by organizations to perform mundane tasks that bog down security teams, such as correlating log files or performing device patching and updating. But that only scratches the surface of their potential. But Machine Learning (ML) and Artificial Intelligence (AI) can also help fill the cybersecurity skills gap by reducing the complexity and overhead that comes from an expanding security infrastructure. They are perfectly suited for data-oriented tasks, such as the correlation and analysis of log files and threat alerts being generated by an organization’s growing number of security and networking devices. ML-enhanced systems are quite capable of performing higher-order tasks, such as assessing new files, web sites, and network infrastructures to automatically identify malware and other exploits. They can even detect previously unknown attacks that may reach an organisation ahead of threat intelligence updates from vendors to upgrade their security devices. It can also generate threat intelligence about threats and threat patterns, known as security play-books, to enable organizations to more accurately predict and prevent cyberthreats, as well as automatically.  ML can also find and inventory devices with known vulnerabilities, and even schedule those devices for patching, upgrade, monitoring, or replacement. This function is especially critical as the volume of vulnerable IoT devices being deployed in networks continues to increase. When combined with the inability to easily patch or harden many of these devices, many organizations simply do not have systems in place to identify and secure these potential points of attack. ML-based systems can take the guesswork out of analyzing and securing IoT resources. Likewise, some AI systems are now able to aggregate and analyse massive amounts of data coming from hundreds of sources across an organization’s IT and security infrastructure to detect hidden threats – a process that not even the best data analysts could match. It can also enrich and alert on those threats, with the option of orchestrating a coordinated response using selected resources from across the network to improve the efficiency of security operations.   AI can also leverage play-books generated by ML systems to improve the accuracy and efficiency of its data analysis. By correlating threat patterns and practices with live network traffic, an AI system should be able to detect threat patterns and interrupt an attack before it has the opportunity to execute its objectives. Over time, this process will become increasingly efficient, giving organisations a significant advantage over their cyber adversaries. Such groundbreaking advances in AI enable the automatic prevention, detection, and response to cyber threats at a level of accuracy and speed that human resources and siloed management platforms have never been unable to achieve. By weaving AI across the network through strategically deployed security platforms, organisations not only enjoy comprehensive visibility and protection across all devices, users, endpoints, and environments, but centralized AI-driven security operations can also collect, correlate, and communicate across that security fabric to ensure faster and more comprehensive response and remediation. This provides organisations with an unprecedented capacity to manage the sprawling – and growing – collection of security devices they have in place, as well as see and protect the data, applications, and workflows spread across their deployed network systems, access points, and mobile and IoT (Internet Of Things) devices, whether physical or virtual.  By integrating these systems with SOC environments, AI-enhanced cybersecurity systems can augment an entire team of threat researchers, security analysts, incident responders, and more. This enables the organization to reduce the risk and potential impact of security incidents by blocking more threats, detecting them sooner, and responding to breaches and exploits faster – while simultaneously improving the overall efficiency and cost of their security operations. And by driving advanced AI technologies deep into the distributed network and security infrastructure, organizations can significantly enhance their ability to detect and respond to threats, adapt security policies and protocols in real time to keep up dynamic network changes, and extend visibility and control across the entire distributed network. This, in turn, amplifies and accelerates the services of on-staff threat researchers and data analysts, enabling them to oversee security operations rather than trying to keep up with the correlation and processing of a growing volume of threat intelligence. By combining ML and AI with a team of advanced cybersecurity professionals to deploy true AI-driven security operations, organisations can stay a step ahead of cybercriminals, ensuring that they can more consistently and efficiently keep their organization out of harm’s way.


REvil Ransomware, a.k.a. Sodinokibi, managers keep inventing the ways of getting rich even if the victims refuse to pay the ransom. Researchers revealed a new section called Happy Blog Auction in the gang-operated leak site on the Dark Web in early June 2020. It turned out that this section is a newly launched data auction, which is already offering volunteers to place bets for the leaked credentials for the celebrity law firm Grubman Shire Meiselas & Sacks (GSMLaw); U.S. President Donald Trump; Madonna; A Canadian Agricultural Company and others.  REvil auction is available for the registered users only and the registration is required for each auction separately. Each bidder has to pay a deposit of 10% of the starting price as proof that he or she is a solvent buyer. The deposit is supposedly refunded as soon as the auction finishes if the other bidder wins. However, if the bidder wins, but fails to pay the rest of the stakes, the deposit leaves for REvil gang. The gang accepts the payments in Monero (MXC) cryptocurrency only. Although earlier victims of the REvil ransomware virus have been urged to pay Bitcoins for ransom payments, they switched the currency preferences in April last year due to a more appropriate privacy and anonymity policies.  Before launching the Happy Blog Auction, crooks behind the infamous REvil ‘ransomware as a business’ exposed some data entries on Lady Gaga, one of the GSM Law clients. The company refused to pay $42M bribe and expressed doubts about the reality of the REvil ransomware attack.  As a response, criminals uploaded the 2.4GB of data, though most of the entries were useless from the hackers' viewpoint since the data revealed nothing about the celebrity except official documents, collaborators, producers, expense sheets, and similar information.  However, it seems that the idea to launch an eBay or Ubid-like auction was born when criminals started receiving the request to sell Trump's “dirty laundry.”  The bids on Trump-related data was the first one on the leak site with an initial price of US$1,000,000. Criminals then released a report claiming that this data has been sold to an unknown buyer. However, no one really knows if that's true because Trump's delegates claim that the President has never been the client of the GSMLaw neither as a businessman, individual, or the President.  Currently, REvil ransomware operators are selling the stolen data of the U.S. food distributor (Blitz - price of US$200,000) and a Canadian agricultural company (price of US$100,00 though price keeps rising). REvil is a relatively newborn ransomware virus as it emerged in the market less than a year ago and has already managed to initiate a bunch of targeted attacks. However, the main difference between this encryption-based ransomware is that it never targets individual home users.  The group of extortionists is arranging their attacks in a comprehensive manner. Typically, criminals exploit zero-day vulnerabilities (The term “zero-day” refers to a newly discovered software vulnerability. Because the developer has just learned of the flaw, it also means an official patch or update to fix the issue hasn't been released.) which allow criminals to infiltrate into the corporate servers using exploits and initiate ransomware attacks manually. Therefore, all attacks are well-considered and planned.  REvil ransomware is also known for both encrypting files on servers and leaking credentials en masses by connecting to the C2 server of the operators. In the case of the GSMLaw hack, the managers of the corporate servers did not spot any traces of the breach since the data hasn't been locked. Having this in mind, cybersecurity experts raise red flags to raise the consciousness of the business server managers.


Servers are being targeted with a malware attack that uses its infected hosts to brute-force other machines. (A brute force attack, also known as an exhaustive search, is a cryptographic hack that relies on guessing possible combinations of a targeted password until the correct password is discovered - the longer the password, the more combinations that will need to be tested.) Known to Akamai researchers as Stealthworker, the infection preys on weak passwords then uses a massive arsenal of malware to overtake Windows and Linux servers running popular CMS, publishing, and hosting tools. Akamai senior security researcher Larry Cashdollar discovered the attack while operating an intentionally exposed Wordpress/MySQL container that for some reason was dealing in massive amounts of traffic. "I log into the system and I see a ton of connections between my system and dozens of WP sites around the internet," Cashdollar said. "I notice the traffic is WordPress login attempts, my system is attempting to log into their WordPress login page with a bunch of credentials." While combing through the log files of the obviously compromised virtual box, he stumbled upon a suspicious WordPress theme that contained a PHP file modified to install the malware. Eventually, Cashdollar says, he was able to capture the malware in action and observe its entire life cycle, from introduction to complete server takeover. Here's how it works. Stealthworker begins its attack with a distributed brute-force attack. Infected machines each hit the target with a number of login attempts using common passwords. By breaking up the attempts among multiple machines, the attacker can avoid limits on the number of login attempts. Once the admin password is guessed (in this case for WordPress, though Stealthworker also targets Drupal, Joomla, Magento, MySQL, and a host of others), the malware then runs through the steps of installing and deleting various components. The end result is a fully copied Windows or Linux server at the command of the botnet (a network of private computers infected with malicious software and controlled as a group without the owners' knowledge) owner. Akamai researchers say that when their infected test systems were wiped clean of the malware itself, the botnet would reinfect those machines within minutes. It was only when passwords were changed that the infection could be eradicated once and for all. Eventually the server is instructed to dial its command-and-control host, where it is given its instructions to join with other servers in attempting to brute-force the passwords of other machines. In the process, all passwords collected from the copied machine get added into the list of logins that the botnet attempts on other machines. Other than attempting to assimilate other servers, the intent of the Stealthworker malware is not really clear. There's also not much in the way of how many people are using the attack, it could be one large operation, or several groups with the same tools. Akamai researcher Steve Ragan notes that while there is some indication that scraping tools such as MageCart could be used on the servers, the full control the malware affords to the attacker opens the door to just about any sort of malicious venture. "What they get is this broad network of vulnerable servers and websites they can use for anything," Ragan explained. "The endgame is pretty much whatever the attacker feels like doing." While the Stealthworker attack is a nasty one and difficult to fully remove, the solution is rather simple. Akamai recommends that administrators make sure all of their passwords are complex and difficult to guess as the attack preys on weak credentials, that one simple step should keep everything safe.


One of the several multinational corporations enlisted by the German government to help it obtain personal protective equipment (PPE) for the care of COVID-19 patients has been targeted in an ongoing phishing campaign, IBM reported. According to IBM, a threat actor has targeted more than 100 high-ranking people within this company, which is part of Germany's Task Force Personal Protective Equipment (TFPSA), whose members leverage their contact networks, particularly in China, to secure PPE. The attackers have targeted executives within the organisation, as well as its supply chain partners, and IBM believes the same group likely also targeted other members of the task force. IBM says it has notified German authorities. The company targeted in the attack has not been named, but the task force’s members include BASF, Volkswagen, Lufthansa, logistics firm Fiege, and retailer Otto. IBM spotted the first attack against the company on March 30, the same day German officials held talks with the members of the task force. The activity was traced back to an IP address in Russia, which researchers linked to more than 280 URLs that point to fake Microsoft login pages designed to phish users’ credentials. The harvested credentials are then sent to email accounts hosted by the Russia-based company Yandex. It’s worth noting that while the attack involves a Russian IP address and exfiltration is done via a Russian service, it does not necessarily mean that the attack was launched by a Russian threat actor as it’s not uncommon for sophisticated hacker groups to plant fake evidence to throw investigators off track. An analysis of the URLs showed that they were sent to executives working for the company — the targets included people working in operations, finance and procurement — as well as executives at this company’s partners, including European and American organisations in the transport, chemical manufacturing, medical, pharmaceutical, oil and gas, finance, and communications sectors. IBM says it’s unclear how many users entered their username and password on the phishing pages, but the email accounts of the targeted individuals could store valuable information, including data that can be used to conduct further activities within the compromised network. “Given the worldwide spread of COVID-19 and fears of a pending second wave of infection, it is highly likely criminal and state-sponsored actors alike will seek to exploit global procurement and supply chains with the intention of either profiting from the crisis or supporting the acquisition activities of their host nation,” IBM researchers said in a blog post. This is not the first report of attacks targeting entities involved in the response to the coronavirus crisis. Google warned in April that state-sponsored hackers had been exploiting the outbreak to attack healthcare and other organizations involved in the fight against the pandemic. A few weeks later, the US and UK issued a joint alert to warn that sophisticated threat groups had been targeting organizations involved in the national and international response to COVID-19. Then, one week later, the US accused Chinese hackers of trying to steal research and intellectual property related to treatments and vaccines for the


At least a dozen bogus "contact tracing" apps designed to look like official software to track coronavirus infections have been deployed globally to spread malware and steal user data, security researchers said. The researchers from California-based firm Anomali said the apps, once installed on a device, "are designed to download and install malware" on devices and "steal banking credentials and personal data." Anomali said the fake COVID-19 apps do not appear to be distributed through official channels like the Google Play Store but rather are being spread through other apps, third-party stores, and websites that encourage downloads. "Threat actors continue to imitate official apps to take advantage of the brand recognition and perceived trust of those released by government agencies," the company said in a blog post. "The global impact of the COVID-19 pandemic makes the virus a recognizable and potentially fear-inducing name, of which actors will continue to abuse." The revelation is the latest warning about hackers using the virus pandemic to take advantage of public fear to trick users into revealing passwords or other data. Contact-tracing apps are being developed in many countries, using smartphone technology to determine when users have come into contact with an infected individual. A variety of technologies are being used for the apps, including some systems that have been criticised by privacy activists for collecting data which may be abused by governments. Some surveys suggest the public is skeptical about using the apps. Anomali found bogus apps deployed in Armenia, Brazil, India, Colombia, Indonesia, Iran, Italy, Kyrgystan, Russia and Singapore, in some cases impersonating official government tracing applications. A similar warning last month from a British-based association said fraudsters had tried to get users to download a bogus UK contact tracing app.


THREAT FOCUS: Westech International - UNITED STATES

Exploit: Ransomware

Westech International: Nuclear maintenance subcontractor 

Risk to Small Business: 1.510 = Severe Cybercriminals associated with the MAZE ransomware group exfiltrated company data before encrypting certain networks. The stolen files were subsequently posted online. Westech International is working with cybersecurity experts to identify the scope of the incident and restore access to encrypted data. In the meantime, the company will likely face significant fallout as its business relies on an industry that demands the highest cybersecurity standards. 

Individual Risk: 2.279 = Severe The company did not detail the specific information compromised in the breach, but the incident includes company emails and payroll information, which likely contain personal and financial data. Anyone impacted by this breach should immediately notify their financial institutions while taking steps to protect their personal information against misuse. 

Customers Impacted: Unknown

Effect On Customers: Stolen data can be quickly disseminated on the Dark Web. To combat data misuse and to prevent further cybersecurity incidents, today’s organizations need insight into this nefarious marketplace. With information traveling quickly among bad actors, it could be the difference between stopping further misuse and succumbing to a more problematic cybersecurity incident. 

Breach Risk Levels

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.

Avantia Cyber Security & ID Agent to the Rescue: Dark Web ID monitors the Dark Web to find out if your employee or customer data has been compromised. We work with our Partners to strengthen their security suite by offering our industry-leading Detection and Alert System. Discover more by calling 07 30109711 or Email


Exploit: Unsecured database

Joomla: Content management system 

Risk to Small Business: 1.708 = Severe Developers failed to secure backup files on a cloud storage platform, leaving people’s personal data exposed to the internet. The storage platform doesn’t automatically encrypt data, but enabling these security features is simple, making this incident an unforced error that was easily preventable. While the platform has secured the database, this breach will test users’ loyalty at a time when people are more willing than ever to leave businesses that can’t protect their information. 

Individual Risk: 2.675 = Severe The data breach exposed personally identifiable information, including names, addresses, phone numbers, website addresses, business titles, encrypted passwords, IP addresses, and newsletters subscription preferences. Users should update their Joomla account passwords and any other account credentials using the same details. In addition, they need to carefully monitor incoming messages as this information is often used in phishing scams.   Customers Impacted:  2,700

Effect On Customers: Billions of account credentials are compromised every year. Companies committed to cybersecurity shouldn’t rely exclusively on password integrity to protect their most critical information. Instead, make account security tools, like two-factor authentication, accessible for all employees. 

Breach Risk Levels

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.

Avantia Cyber Security & Unitrends Backup Solutions to the Rescue: Unitrends combine deep expertise gained over thirty years of focusing on backup and cloud storage purpose-built to make data protection simpler, more automated and more resilient than any other solution in the industry with up to 1 TB of cloud storage is included for each workstation for direct-to-the-cloud backup. Find out more by calling Avantia at 07 30109711 or Email

THREAT FOCUS: San Francisco Employees’ Retirement System (SFERS) - UNITED STATES

Exploit: Unauthorized database access

SFERS: Public employee benefits program  

Risk to Small Business: 1.980 = Severe An unauthorized user accessed a critical database managed by the program’s third-party vendor, causing a significant data breach. The breach, which occurred on February 24, 2020, wasn’t discovered until the end of March. An analysis of the incident couldn’t be completed until this month, leaving many people unaware that their information might be compromised. This data breach reveals the cybersecurity risk that accompanies third-party partnerships but also the often-lengthy delay between breach identification and notification.

Individual Risk: 2.602 = Moderate The data breach did not compromise Social Security numbers or bank data, but it did include members’ names, addresses, dates of birth, and beneficiary information. This data can be used in a variety of different cybercrimes. Most notably, cybercriminals are using stolen data to craft spear phishing messages that can result in even more problematic cybersecurity incidents.  

Customers Impacted: 74,000

Effect On Customers: Third-party vendors are an inevitable part of doing business in 2020. However, these relationships expose companies to potential data breaches that are outside of their control. In this environment, having an extra layer of protection to prevent network or account access is a critical component of any defensive strategy.

Breach Risk Levels

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.

Avantia Cyber Security & Passly to the Rescue: With Passly, get the secure identity and access management solutions that you need to protect your systems and data in today’s remote work landscape at a price that you can afford, including multi-factor authentication, single sign-on, and secure password storage. Find out more by phoning Avantia on 07 30109711 or Click the link to get started:

THREAT FOCUS: The Nipissing First Nation - CANADA

Exploit: Ransomware 

The Nipissing First Nation: Administration for First Nations Tribe

Risk to Small Business: 1.702 = Severe A ransomware attack disrupted communications throughout the administration and resource network. The attack, which was first detected on May 8th, was partially thwarted when the organization prevented it from encrypting networks, communications infrastructure was impacted. To repair the damage, Nipissing First Nation hired a cybersecurity team to investigate the cause and to identify solutions. Despite avoiding some of the worst consequences, the organization will still face an expensive recovery process that will impact its operations at a critical time.  Individual Risk: At this time, no personal information was compromised in the breach.  

Customers Impacted: Unknown

Effect On Customers: While cybersecurity specialists believe that company and customer data was spared in this attack, ransomware attacks often double as data breaches when bad actors exfiltrate data before encrypting networks. Organizations should regularly assess their defensive landscape to ensure that they are prepared to defend against the latest ransomware trends.

Breach Risk Levels

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.

Avantia Cyber Security & Huntsman Digital Auditor to the Rescue: Helping SME’s to understand the importance of security is no easy task. With an ‘Essential8’ Digital Security Audit we offer a remote access, independent, ‘real time’ audit of our clients critical operational infrastructure systems to determine where the gaps are, with recommendations for remediation.

Its the first step to real cyber security. Call Avantia’s office on 07 30109711 or visit:

THREAT FOCUS: The Manitoba Agricultural Services Corporation (MASC) - CANADA

Exploit: Accidental data sharing  

MASC: Agriculture products and services provider 

Risk to Small Business: 2.847 = Moderate An employee accidentally attached a document containing the names and contact information for more than 130 clients. The incident is an embarrassing oversight, requiring MASC to notify its clients of the self-inflicted data breach. In response to the breach, MASC acknowledged that it’s implementing new policies and procedures to guard against a similar data breach in the future. However, there is no guarantee that these steps will assuage clients, who could shy away from partnering with organizations without data security processes in place from day one.

Individual Risk: 2.922 = Moderate The breach exposed organizational contact information, which could include certain employees’ personal data. This information can be used to craft convincing phishing scams, and employees should carefully evaluate the authenticity of incoming communications.

Customers Impacted: 134

Effect On Customers: As we’ve reported previously, accidental and malicious insider threats pose a meaningful data privacy risk to every organization. While many organizations are rightly focused on external cyber threats, it’s important to account for a 360-degree approach to cybersecurity that includes effective policies and procedures to prevent insider threats from compromising company data.

Breach Risk Levels

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.

Avantia Cyber Security & Huntsman Digital Auditor to the Rescue: Helping SME’s to understand the importance of security is no easy task. With an ‘Essential8’ Digital Security Audit we offer a remote access, independent, ‘real time’ audit of our clients critical operational infrastructure systems to determine where the gaps are, with recommendations for remediation.

Its the first step to real cyber security. Call Avantia’s office on 07 30109711 or visit:

THREAT FOCUS: 8Belts Learning - SPAIN

Exploit: Unsecured database

8Belts: Online learning platform  

Risk to Small Business: 2.161 = Severe Developers failed to secure an Amazon Web Services S3 bucket, exposing users’ personal data to the open internet. The database includes both critical company files and users’ personal information, making it an especially problematic cybersecurity incident for the company. 8Belt frequently partners with prominent organizations to provide educational services, and this data breach could jeopardize those important relationships. In response, the company will need to undergo a significant PR effort to restore customer confidence, an effort that is undoubtedly predicated on the reprioritization of data privacy.

Individual Risk: 1.710 = Severe This data breach impacts both staff and students of the online learning platform. It includes their names, email addresses, phone numbers, dates of birth, National ID numbers, and Skype IDs. Those impacted need to carefully scrutinize income messages, as compromised data often reemerges in convincing-looking spear phishing campaigns that can compromise even more sensitive data.

Customers Impacted: 150,000

Effect On Customers: Billions of records are routinely compromised through accidental and malicious data exposure. This data is fodder for phishing scams, which rely on personal information to craft authentic-looking messages that inspire engagement. In response, every company needs a robust, dynamic phishing scam awareness program to ensure that these malicious messages don’t compromise company data.

Breach Risk Levels

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.

Avantia Cyber Security & BullPhish to the Rescue: BullPhish ID simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime – now with COVID-19 scam awareness kits. Call 07 30109711 (office Hours) to find out how you can get started. .


Exploit: Accidental data sharing

NHS Orkney: Healthcare provider 

Risk to Small Business: 1.974 = Severe An administrative error allowed COVID-19 test results to be sent to a local business. NHS Orkney has sent notices to data breach victims and notified governing authorities of the incident. In response, the organization is instituting new data management policies meant to prevent a similar incident in the future. This privacy violation comes at a critical time as COVID-19 testing is seen as a way to contain the virus, but it will be more difficult to convince people to be tested if they are worried about privacy violations as part of the process. 

Individual Risk: 2.768 = Moderate The agency declined to detail the specific information transmitted in the breach, but medical tests often include patients’ most sensitive personal information. Even though this information was only transmitted to one outside business, those impacted should know that this information could be used in a variety of nefarious ways if it fell into the wrong hands. Therefore, they should continue to monitor their accounts and credentials for signs of misuse.  Customers Impacted: 51

Effect On Customers: While many employees present a severe data security vulnerability, companies can transform team members into cybersecurity assets by providing the right training. However, these initiatives are useless if they are implemented after a breach. Instead, organizations should make phishing scam and data management training a top priority from day one. 

Breach Risk Levels

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.

Avantia Cyber Security & BullPhish to the Rescue: BullPhish ID simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime – now with COVID-19 scam awareness kits. Call 07 30109711 (office Hours) to find out how you can get started. .

THREAT FOCUS: Earthquake Commission - NEW ZEALAND

Exploit: Accidental data sharing

Earthquake Commission: Crown Entity    

Risk to Small Business: 1.616 = Severe The Earthquake Commission has come under public scrutiny after the organization accidentally shared peoples’ personal information with a company lawyer and their client. The organization was quick to blame an employee who failed to implement data security stop-gaps intended to prevent such an error. The breach has been a PR disaster for the company, which has been slow to notify victims and repair the damage. As a result, the Earthquake Commission is experiencing media scrutiny and intense customer blowback as those angered by the incident speak publicly about their frustration with the company. 

Individual Risk: 2.101 = Severe The breach exposed customers personal data, including names, addresses, and payment details. Victims should carefully monitor their accounts for potential misuse, while continuing to press the company to take necessary steps to secure this information.

Customers Impacted: 8,000

Effect On Customers: Data breaches are expensive, but the less-quantifiable reputation damage that always accompanies a breach can be equally problematic. As this incident demonstrates, today’s consumers have little patience for cybersecurity lapses, and they are not assuaged by apologies. Therefore, businesses wanting to thrive in today’s digital environment need to be proactive about data security, considering it a critical customer demand in 2020 and beyond.

Breach Risk Levels

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.

Avantia Cyber Security & Huntsman Digital Auditor to the Rescue: Helping SME’s to understand the importance of security is no easy task. With an ‘Essential8’ Digital Security Audit we offer a remote access, independent, ‘real time’ audit of our clients critical operational infrastructure systems to determine where the gaps are, with recommendations for remediation.

Its the first step to real cyber security. Call Avantia’s office on 07 30109711 or visit:



Strong Cybersecurity Pays for Itself – Data Breach Costs Exceeded $1.2 Trillion for US Companies in 2019     

Data breaches have enormous consequences for companies, including recovery and repair expenses, reputational damage, potential regulatory penalties – all of which spell financial loss. This week, a new report illustrates just how significant the financial consequences of a data breach can be. In 2019, some major data breaches spelled disaster for heavyweight firms. With more than five-billion records compromised in 2019, breaches are estimated to have collectively cost companies $1.2 trillion, nearly double the sum from 2018. 

Healthcare was the most targeted sector in 2019, with 382 total breaches, a startling 100% year-over-year increase. It’s shaping up to be number one in 2020 as well. Unfortunately, the COVID-19 pandemic has incited cybercriminals to increase their attacks on the healthcare sector, which will certainly increase risks in the year ahead. In addition to healthcare, banking, insurance, education, government, and retail were among the top targets of cybercriminals.  Taken together, personally identifiable information was the most sought after commodity. In response, it’s clear that companies need to take action to secure their systems and data now, especially as remote work compounds the risk of a cybersecurity incident. While today’s threat landscape is expansive and pervasive, every organization can improve its defensive posture by addressing the most prominent risks, including unauthorized access, phishing scams, and malware. 

460 Million Records Reported Stolen in May    

A tally of May cybersecurity instances found that 460 million records were compromised last month, marking another staggering total in an already-historic year for cybersecurity. However, the sum only represents the beginning of the problem, as many data breaches are going unreported as companies fear regulatory repercussions and customer blowback. In addition, many data breaches also expose reams of sensitive personal data, making it difficult to quantify the full scope of the problem.  For businesses, this information has two prominent implications. First, there is a growing need to identify compromised data on the Dark Web. As more records are stolen and distributed in the dark corners of the internet, companies need eyes and ears to know if their information is among the mountain of stolen data. What’s more, the sheer number of compromised records makes it more important than ever for organizations to put additional barriers between their IT infrastructure and bad actors. If your staffer is reusing a password from a compromised retail account or using their pet’s name to log in, that can put you at risk for a breach by making it easy for cybercriminals to find a way into your systems.



ID Agent provides a comprehensive set of threat intelligence and identity monitoring solutions to private and public sector organizations and to millions of individuals impacted by cyber incidents. The company's flagship product,Dark Web ID, combines human and sophisticated Dark Web intelligence with capabilities to identify, analyse and monitor for compromised or stolen employee and customer data, mitigating exposure to clients’ most valuable assets – their digital identity.  ___________________________________________________________________


Avantia Corporate Services Pty Ltd T/A Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, other members of the 5 Eyes Alliance, the Australian Cyber Security Centers, and other sources in 56 countries who provide cyber breach and cyber security information to us in real time. Given their international focus and experience in the cyberspace arena we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the contents accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.

*COPYRIGHT 2020* Avantia Corporate Services - All Rights Reserved.


bottom of page