Search
  • Avantia Threat Update

Tumblr trips again.........

Updated: Nov 2, 2018


Watch your footwork when you visit Tumbler......

This week Tumblr was breached and we explore the dangers lurking in Dark Web job postings as well as this weeks roundup of Malware Attacks/Discoveries; Top Industries Targeted by Cyber Criminals and Who/Where these attacks are coming from……….and who is being attacked.


This week in Review:


Dark Web Metrics*:

  • Total Compromises: 3,767

  • Top Source Hits: ID Theft Forum (1,429)

  • Top PIIs compromised (PII = Personally Identifiable Information): Domains (3,761); Clear Text Passwords (876)

  • Top Company Size targeted: 11-50 employees

  • Top Industry: Business & Professional Services and Finance & Insurance

Malware Attacks/Discoveries*

· FlyAgent: Hits 53

· TRISIS: Hits 40 – Targets: Industrial Safety Systems; Schneider Electric (High Rise Elevators and Escalators); Triconex Safety Systems; Industrial Control Systems.

· AutoIT: Hits 22 – Targets: Microsoft Windows; Hyper Text Transfer Protocols; Facebook; Nation of Israel.

· GrandCrab: Hits 18 – Targets: Ticketmaster Entertainment; Newegg (Retail Digital Game Equipment Supplier); Server Message Block; Government of Russia; Government of Syria.

· Magecart: Hits 15 – Targets: Ticketmaster Entertainment; Newegg (Retail Digital Game Supplier); British Airways; eCommerce; Magento.


Targeted Industries*

· Transportation: Hits 2158 – Targets: Cathay Pacific; British Airways; Air Canada; Delta Airlines; Hong Kong Dragon Airlines.

· Software: Hits 1106 – Targets: Cambridge Analytica; Twitter; Yahoo; Google; Microsoft.

· Information Technology: Hits 680 – Targets: Twitter; Yahoo; Google; Microsoft.

· Social Network: Hits 467 – Targets: Twitter; Google; Linkdin; Facebook; Reddit.

· Internet: Hits 394 – Targets: Twitter; Facebook; Linkdin; YouTube.


Threat Actors*

(A threat actor, also called a malicious actor, is an entity that is partially or wholly responsible for cyber event that impacts – or has the potential to impact -- an organization's security.)

· Inj3ctOrTeam: Hits 116 – Targets: Word Press; Joomla; Twitter; Apache HTTP Server; Symantec.

· Magecart: Hits 91 – Targets: British Airways; Ticketmaster Entertainment; Newegg (Retail Digital Game Equipment Supplier); Feedify (Real time free push notification service); Government of United States.

· CrtlSec: Hits 37 – Targets: Islamic State in Iraq and the Levant; Twitter; United Nations; Government of United States; Government of Tunisia.

· Hezbollah: Hits 22 – Targets: Government of Israel; Government of Iran; Government of Syria; Government of Lebanon; Government of United States.

· BinarySec: Hits 9 – Targets: Islamic State of Iraq and the Levant; State of Texas, USA; Government of Tunisia; Ku Klux Klan organisation; Central Intelligence Agency USA.



In other News


When the Dating App Stands You Up A dating app called Donald Daters was discovered to be exposing all user information on the open internet… including personal messages. The app’s goal is to help single Donald Trump supporters connect with one another, but instead exposed all that used it. The hacker that accessed the database was able to “collect profile data, including names, photos, personal messages, and the digital access tokens to log into their accounts.” The hacker also can delete the app’s data. Watch out where you put your personal information, people!

Cathay Pacific discovers breach – Shares drop 5%. One of Asia's top airlines has discovered a data breach in which the personal information of more than 9 million passengers may have been stolen. Cathay Pacific said that a wide range of data — including passengers' names, dates of birth, phone numbers, email addresses and passport numbers — was exposed in a hack of its information systems earlier this year. It's the latest embarrassing data breach to hit a major international airline. British Airways said last month that hackers stole the payment card details of 380,000 of its customers. Cathay said it first discovered "suspicious activity" on its network in March and "took immediate action to contain the event" and investigate it with the help of a cybersecurity firm. It confirmed in May that personal data had been compromised and has since been analyzing the data to identify which passengers were affected. Cathay shares slumped more than 5% in morning trading in Hong Kong on Thursday following the disclosure of the breach.


Crypto Currencies stolen by the bagfull!

Every year respected cybersecurity outlet Group-IB releases an annual report, and according to TheNextWeb which obtained an advance summary of their latest - North Korea is to blame for the majority of major cryptocurrency exchange hacks. The date range covered is Feb 2018 to Sept 2018, where $882 million worth of cryptocurrency was stolen, and North Korea is getting credit for $571 million of it. Problem is, as soon as the words "North Korea" come up, everyone focuses on who did it, instead of how they did it. “Spear phishing remains the major vector of attack on corporate networks. For instance, fraudsters deliver malware under the cover of CV spam that has a malware embedded in the document, After the local network is successfully compromised, the hackers browse the local network to find work stations and servers used working with private cryptocurrency wallets.” the report says. Every method listed above involves a human within an exchange making amateur-level mistakes - not actual security holes in their networks. Whether it be opening an e-mail attachment that turns out to be malware, or "social engineering" which is a nice way to say - someone simply talked someone within the exchange to let them into someone else's account. But when the exchanges are falling for old, simple scams leading to massive amounts of stolen funds - you have to wonder if they'd even admit it if the suspect was actually a 14 year old wanna-be hacker. A quick way to distract the public from where they went wrong, would be to switch the conversation to the hot topic of North Korea. Remember, it's in-part these exchanges "internal investigations" coming to these conclusions. But the fact is, blame here falls directly on these exchanges which clearly have employees with high levels of access, and low security training. Even if North Korea was behind all of these - at best, they just happened to do it first. If getting past exchange security is truly this easy - someone was going to do it eventually.

THREAT FOCUS: Magen David Adom - Israel

Exploit: Exposed database. Magen David Adom: The state of Israel’s aid and disaster relief organization. Risk to Small Business: 1.444 = Extreme: A large breach of medical and payment information is highly damaging to business and could take a significant amount of time to regain the trust of its clients. Individual Risk: 2.285 = Severe: Those affected by this breach will be at a high risk of identity theft. Customers Impacted: Not disclosed. Effect on Customers: The negative impact of a breach of this nature could influence relationships with customers and other businesses for years to come. Risk Levels: 1 - Extreme Risk 2 - Severe Risk 3 - Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


THREAT FOCUS: Disqus - USA Exploit: Exposed Database Disqus: A network community platform that allows users to blog or comment on other company’s websites. It can be installed as a plug-in or drop-in code. Disqus collects user data on the back end and allows companies to use this information for customer analytics, etc… Risk to Small Business: 2.4444 = Severe: Although roughly 1/3 of the 17.5 million records compromised involved passwords, they happened to be salted/hashed. The company also discovered and announced the breach in a quick manner and notified the affected customers. Individual Risk: 2.4286 = Severe: Those affected by this breach will be at a high risk of identity theft. Customers Impacted: 5.8 million Effect on Customers: The breach involved a large number of customers; however, the database was from 2012 and most credentials could have already been changed. While this is damaging to Disqus’ reputation, they followed protocol and demonstrated how to do breach disclosure the proper way.

THREAT FOCUS: Tumblr - USa Exploit: Virus. Tumblr: A popular blogging website. Risk to Small Business: 2 = Severe: While Tumblr deserves some credit for 1. Having a bug bounty program that resulted in catching this bug, and 2. Fixing the bug in less than 12 hours after it was discovered, many customers will not appreciate their personal information being leaked and will react accordingly. Tumblr’s timely response, disclosure of the breach, and its bug bounty program will likely reduce the impact on the business significantly. Individual Risk: 2.714 = Moderate: Email addresses were leaked so those affected by the breach are at a higher risk of spam. Customers Impacted: All of the ‘recommend blogs’ shown on Tumblr. Effect on Customers: A breach that exposes user information is always going to have a negative effect on business, but every organization should take a page out of Tumblr’s book here regarding their response to the event and how they discovered it. Customers lose trust in businesses that mishandle their information, but they also respect when a company is making a serious effort to locate vulnerabilities and can handle a problem when it arises with swift action. Risk Levels: 1 - Extreme Risk 2 - Severe Risk 3 - Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


Postscript:


The Dark Web Monster When looking for a job, usually you would check one of the many job hunting sites you see in commercials or circle ads in newspapers (at least at one point you did). Some people do something very similar… but on the Dark Web searching for an illicit job. Many job postings on the Dark Web seem like normal job ads. But when you look closer you will notice that advert for a driver not only needs the person to drive but also transport drugs. The driver would make $1,000 for a week of work, not including the living expense compensation. One of the more lucrative opportunities on the Dark Web job market is the corporate insider. The most common target is financial employees who, in one example, are offered $3,150 to get a loan or increase cash withdrawal limits on a card. Postal workers are also targeted to steal packages.

The Dark Web is lucrative for those willing to risk their job and possibly their freedom for money. Be careful of both insiders and the wide array of illicit software sold there.



Consider this: When you think about Cyber Security think about the ones you care the most about – your family. If you have children or young adults using Smartphones, Tablets or Laptops consider their vulnerability. Do you want to put their digital selves in the hands of pedophiles, scammers and cyber criminals. The purchase of children’s digital credentials (username/password) is big business on the Dark Web. Check out our inexpensive Individual or Family monitoring service – it’s a ‘no brainer’ for your peace of mind. CLICK HERE FOR PRICING



* Disclaimer: Avantia Corporate Services Pty Ltd provides the content in this publication to the reader for general information only and has compiled the content from a number of sources in the USA and up to 56 other countries who provide cyber breach information to us in real time.  Given their international focus and experience in the cyberspace arena we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the contents accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.

Want The Information  Cyber Criminal's  Don't Want You To Know?

Subscribe below to receive our weekly Threat Updates straight to your inbox.

Call (07) 3010 9711 

info@avantiacorp.com.au

 

Avantia Corporate Services Pty Ltd,                    Level 7, 320 Adelaide Street

Brisbane, Queensland 4000

AUSTRALIA.

  • LinkedIn Social Icon
  • Facebook Social Icon

DISCLAIMER*: Avantia Corporate Services Pty Ltd and Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, and up to 56 other countries who provide cyber breach and cybersecurity information to us in real-time. Given their international focus and experience in the cyberspace arena, we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the content's accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.

*COPYRIGHT 2020* Avantia Corporate Services  PTY LTD - All Rights Reserved.