Subscribe below to receive our weekly Threat Updates straight to your inbox.

Call (07) 3010 9711 

info@avantiacorp.com.au

 

Avantia Corporate Services Pty Ltd,                    Level 7, 320 Adelaide Street

Brisbane, Queensland 4000

  • LinkedIn Social Icon
  • Facebook Social Icon

© 2019 by Avantia Cyber Security. All Rights Reserved.

Disclaimer*: Avantia Corporate Services Pty Ltd and Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, and up to 56 other countries who provide cyber breach and cybersecurity information to us in real-time. Given their international focus and experience in the cyberspace arena, we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the content's accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.

Search
  • Avantia Threat Update

TURKISH DELIGHT NOT SO SWEET


This Past Week: Hackers acting in Turkey’s interests are believed to be behind recent Cyber Attacks; American Cyber Security Officials fly to London to brief ‘Boris’; Three Magecart hackers arrested in Indonesia; Toll Transport - an Aussie delivery giant, breached and shuts down customer portal; Phishing scam compromised an entire healthcare network; Malware impacted businesses productivity; Ransomware attacks have become costlier than ever and major cyber breaches in NEW ZEALAND; GERMANY; CANADA; UNITED STATES and UNITED KINGDOM. 

Top Dark Web ID Trends:

Top Source Hits: ID Theft Forums  Top Compromise Type: Domain Top Industry: Media & Entertainment Top Employee Count: 251 - 500 Employees 

______________________________________________________________________________


HACKERS ACTING IN TURKEY’S INTERESTS BELIEVED TO BE BEHIND RECENT CYBER ATTACKS

Sweeping cyberattacks targeting governments and other organizations in Europe and the Middle East are believed to be the work of hackers acting in the interests of the Turkish government, three senior Western security officials said. The hackers have attacked at least 30 organizations, including government ministries, embassies and security services as well as companies and other groups, according to a Reuters review of public internet records. Victims have included Cypriot and Greek government email services and the Iraqi government’s national security advisor, the records show. The attacks involve intercepting internet traffic to victim websites, potentially enabling hackers to obtain illicit access to the networks of government bodies and other organizations.

According to two British officials and one U.S. official, the activity bears the hallmarks of a state-backed cyber espionage operation conducted to advance Turkish interests. The officials said that conclusion was based on three elements: the identities and locations of the victims, which included governments of countries that are geopolitically significant to Turkey; similarities to previous attacks that they say used infrastructure registered from Turkey; and information contained in confidential intelligence assessments that they declined to detail. The officials said it wasn’t clear which specific individuals or organizations were responsible but that they believed the waves of attacks were linked because they all used the same servers or other infrastructure. Turkey’s Interior Ministry declined to comment. A senior Turkish official did not respond directly to questions about the campaign but said Turkey was itself frequently a victim of cyberattacks. The Cypriot government said in a statement that the “relevant agencies were immediately aware of the attacks and moved to contain” them. “We will not comment on specifics for reasons of national security,” Officials in Athens said they had no evidence the Greek government email system was compromised. The Iraqi government did not respond to requests for comment. The Cypriot, Greek and Iraqi attacks identified by Reuters all occurred in late 2018 or early 2019, according to the public internet records. The broader series of attacks is ongoing, according to the officials as well as private cybersecurity investigators. A spokeswoman for the UK’s National Cyber Security Centre, which is part of the GCHQ signals intelligence agency, declined to comment on who was behind the attacks. In the United States, the Office of the Director of National Intelligence declined to comment on who was behind the attacks and the Federal Bureau of Investigation did not respond to a request for comment. The attacks highlight a weakness in a core pillar of online infrastructure that can leave victims exposed to attacks that happen outside their own networks, making them difficult to detect and defend against, cybersecurity specialists said. The hackers used a technique known as DNS hijacking, according to the Western officials and private cybersecurity experts. This involves tampering with the effective address book of the internet, called the Domain Name System (DNS), which enables computers to match website addresses with the correct server. By reconfiguring parts of this system, hackers were able to redirect visitors to imposter websites, such as a fake email service, and capture passwords and other text entered there. Reuters reviewed public DNS records, which showed when website traffic was redirected to servers identified by private cybersecurity firms as being controlled by the hackers. All of the victims identified by Reuters had traffic to their websites hijacked - often traffic visiting login portals for email services, cloud storage servers and online networks — according to the records and cybersecurity experts who have studied the attacks.


AMERICAN SECURITY OFFICIALS FLY TO LONDON TO ‘BRIEF’ BORIS.

It would be "nothing short of madness" to use Huawei gear in Britain's 5G mobile networks, an American national security adviser has reportedly told UK Prime Minister Boris Johnson. As reported recently, a US delegation consisting of deputy national security advisor Matt Pottinger, junior foreign minister Chris Ford, special envoy Robert Blair and three others flew into London yesterday to hand unspecified "intelligence" to British officials. The delegation refused to clarify publicly what was so compelling about this intelligence that it would convince the UK to shut out Huawei. One of the delegates did tell the Guardian Newspaper that "Donald Trump is watching closely", while the officials are also reported to have threatened to reduce intelligence-sharing with the UK if Blighty chooses the Chinese firm for 5G – flatly contradicting domestic spy chief Sir Andrew Parker, who yesterday shrugged his . Those known risks are twofold: (1) Huawei’s coding practices are describes as “piss poor” as Britain's Huawei Cyber Security Evaluation Centre (HCSEC) found last year; and (2) There is the ever-present fear that Huawei, or people within Huawei, could be forced to abuse their product knowledge to serve the Chinese regime, perhaps through espionage conducted on UK comms networks or helping with denial-of-service attacks. Although the US have been claiming for years that Huawei poses a threat to communication security, given well documented activities of American Spy Agencies over the last couple of decades this seems like a hollow concern. It's not implausible, even, that American spies are concerned their level of covert access to the world's conversations will also become available to Chinese eavesdroppers, presenting yet another threat to US dominance. With Huawei offering a cut-price alternative to US enterprise tech brands such as Cisco, as well as arguably better technology to Western 5G network products, it's little surprise the American government is furiously lobbying on its industry's behalf. Despite US unease, none of the technical threats said to be posed by Huawei have made it into the public domain. In the absence of evidence such as that gathered by HCSEC, remaining US objections could appear to the onlooker to be mostly political. Huawei's UK Vice President, Victor Zhang, said in a canned statement: "We are confident that the UK government will make a decision based upon evidence, as opposed to unsubstantiated allegations. Two UK parliamentary committees concluded there is no technical reason to ban us from supplying 5G equipment, and this week the head of MI5 said there is 'no reason to think' the UK's intelligence-sharing relationship with the US would be harmed if Britain continued to use Huawei technology."


THREE MAGECART HACKERS ARRESTED IN INDONESIA:

It was announced recently that three individuals suspected of being involved in Magecart online skimming attacks were arrested late last year in Indonesia. The arrests were made as part of an international effort called Operation Night Fury, which saw participation from Interpol’s ASEAN Cyber Capability Desk and Indonesian Cyber Police, as well as private cybersecurity company Group-IB. Over the past couple of years, numerous hacking groups have been operating under the Magecart umbrella, infecting thousands of e-commerce websites with JavaScript code designed to steal customers’ credit card data. The suspects, aged 23, 27 and 35, allegedly managed to infect hundreds of online commerce sites from Indonesia, Australia, the United Kingdom, the United States, Germany, Brazil, and other countries, and have stolen the data of thousands of users worldwide, Indonesian authorities say. The three suspects, identified only by their initials (ANF, K and N), were arrested in Jakarta and Yogyakarta on December 20. Other suspects from the same group remain at large, authorities said. One of the arrested individuals apparently admitted on Indonesian television to injecting web skimmers on various websites since 2017, Sanguine Security reports. During the operation, authorities seized “laptops, mobile phones of various brands, CPU units, IDs, BCA Token, ATM cards,” Group-IB reveals. If found guilty, the suspects face up to 10 years in jail. Sanguine Security attributes a total of 571 attacks on e-commerce websites to these individuals. Despite that, the security firm says, they have been responsible for only 1% of all Magecart incidents since 2017. The security company also notes that, following the arrests, several card collection servers remain active and have been modified, including the magecart.net domain. The same code was found on 27 more stores, the company says. Group-IB, which has been tracking this specific family of JavaScript code sniffers since 2018, says that an analysis of the hackers’ infrastructure shows that they infected 200 websites. The investigation into the group’s activities, however, continues, and the number of websites is expected to be higher. The investigation also revealed that the hackers used the stolen payment data to buy goods such as electronic devices or luxury items, and then resold them online in Indonesia at below the market prices. The hackers used VPNs to access the servers storing stolen data and their skimmer’s control servers, and relied only on stolen credit card data to pay for hosting services and buy new domains.


TOLL TRANSPORT, AN AUSSIE DELIVERY GIANT, BREACHED AND SHUTS DOWN CUSTOMER PORTAL

Australian courier company Toll has shut down several of its key systems after a "security incident" prompting a backlash from frustrated customers. Individual punters and businesses alike said they were unable to send, receive or track their packages since as early as Wednesday morning last week. The company's tracking website, MyToll, has been down since Friday 1st Feb, 2020. A Toll Customer who spoke to service reps over the phone told us Toll employees have been unable to provide information about their packages, or even to access their internal tracking database. "As a precautionary measure, in response to a cyber security incident on Friday, Toll deliberately shut down a number of systems across multiple sites and business units," the company said in a statement posted on its website. Toll is one of Australia's largest courier companies, and claims to deliver 95 million packages a year. Its services are used to transport packages for eBay, mobile phone vendors and US travel documents for Australians, among other things. The breach is reported to have affected Australia, India and the Philippines. The company has not said how many customers have been affected. Frustrated Australian customers took to Twitter with characteristic ire. Local media reported that Toll is still making some deliveries, but receipts are being recorded manually instead of electronically. Toll said it is working to restore the affected systems in a "controlled and secure manner". "Business continuity plans have been activated to maintain customer service and operations," the company said. Toll did not answer media requests for more information on what these plans involve. Nor did the company say when it expects its systems to be up and running again, or whether wider systems have been affected. Toll Group is owned by Japan Post Holdings, which bought the Melbourne-based group in 2015 for A$6.5bn. It has turned into a dud investment for Japan Post, which wrote down the value of Toll by $4.9bn in 2017.

______________________________________________________________________________


THREAT FOCUS: Tampa Bay Times - UNITED STATES

https://www.cyberscoop.com/tampa-bay-times-ransomware/


Exploit: Ransomware

Tampa Bay Times: Local news organization

Risk to Small Business: 2.111 = Severe: Cybercriminals infected Hanna Andersson’s online store with payment skimming malware that collects customers’ personally identifiable information. The breach impacted customers shopping between September 16 and November 11, 2019. The company only identified the breach after being notified by law enforcement, and the consequences were exacerbated because Hanna Andersson failed to follow PCI standards for payment card encryption and CVV management. As a result, the company will likely face both customer blowback and regulatory scrutiny, neither of which will help the business thrive.

Individual Risk: No personal information was compromised in the breach.

Customers Impacted: Unknown Effect On Customers: Cybercriminals are frequently turning to ransomware attacks to exploit companies that can’t or won’t protect their critical IT. These attacks are relatively easy to deploy, and, for organizations unprepared to defend themselves, they are uniquely expensive. With today’s threat landscape, it’s critical to regularly assess and update your defense posture to meet the moment. Risk Levels: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Avantia Cyber Security to the Rescue: It’s critical that SME’s understand the importance of cybersecurity and the ‘cyber risks‘ to their organisation. Our Pinpoint Cyber Security Audits™ are an expansion of our White Glove Onboarding Support that includes a Certified 3rd Party holistic Cyber Security Audit incorporating the “Essential 8” mitigation strategies (as defined by the Australian Cyber Security Centers - a div. of the Australian Defense Signals Directorate) to evaluate our client’s Operational; Legal; Reputational & Recovery Risks with recommendations for remedies. Click on the link at https://www.avantiacybersecurity.com/cyber-security-audit for more information.


THREAT FOCUS: California Healthcare Network - UNITED STATES

United States - California Healthcare Network

https://portswigger.net/daily-swig/california-healthcare-data-breach-could-impact-nearly-200-000-patients


Exploit: Phishing scam

California Healthcare Network: Hospital and urgent care center operator

Risk to Small Business: 1.888 = Severe: Employees fell for a phishing scam that compromised patients’ protected health information (PHI). The company first discovered the breach on June 19, 2019, when it secured accounts by resetting login credentials. However, an additional investigation revealed that patient data was compromised in the breach. The California Healthcare Network is notifying patients of the incident and updating the email security standards, but the real test is certainly still ahead. Healthcare data breaches are the most expensive of any sector, and the company will undoubtedly endure intense regulatory scrutiny because of the sensitive nature of the breach.

Individual Risk: 2.428 = Severe: Hackers had access to patient data contained in employee email accounts. California Health Network declined to provide specific data categories, but healthcare records often include patients’ most sensitive personal data. The access is limited between June 11, 2019 and June 18, 2019, but the information has now been available for more than six months, so those impacted by the breach will want to work quickly to secure their data. The California Healthcare Network is offering free credit monitoring services to all victims.

Customers Impacted: 199,548 Effect On Customers: Most data breaches begin with a successful phishing scam. Every organization has a responsibility to train its employees in defensive best practices, which is a relative bargain compared to the high cost of a data breach. In doing so, organizations transform a known vulnerability into a valuable asset to their defensive posture. Risk Levels: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: BullPhish ID™ simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime. Call Avantia on 07 30109711 to find out how we can help you.


THREAT FOCUS: Rogers Communications - CANADA

https://www.itworldcanada.com/article/rogers-internal-passwords-and-source-code-found-open-on-github/426429


Exploit: Intentional data exposure

Rogers Communications: Telecommunications company

Risk to Small Business: 1.777 = Severe: Security researchers found sensitive data from Rogers Communications posted on two public GitHub accounts. The information included application source code, internal usernames, passwords, and the company’s private keys. The data was dumped on the website by a former employee. Although the company claims that the information is outdated and couldn’t lead to a data breach, other specialists note that it could provide cybercriminals with insights into the company’s IT infrastructure. At the very least, it’s a black mark on the company’s data privacy reputation, but that’s unlikely to be the only consequence the company faces.

Individual Risk: 2.285 = Severe: While customer data wasn’t compromised, the incident exposed employee account information. These credentials may no longer be relevant, but employees would be wise to update their passwords and, if possible, enable two-factor authentication.

Customers Impacted: Unknown Effect On Customers: Employee email accounts are often the gateway for all types of data loss events. Securing this easy avenue into your company's critical IT can go a long way towards preventing a data breach. Since email credentials are some of the most frequently sought out by cybercriminals, an extra security layer, like two-factor authentication, can ensure that accounts remain secure even if usernames or passwords are compromised. Risk Levels: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security to the Rescue: It’s critical that SME’s understand the importance of cybersecurity and the ‘cyber risks‘ to their organisation. Our Pinpoint Cyber Security Audits™ are an expansion of our White Glove Onboarding Support that includes a Certified 3rd Party holistic Cyber Security Audit incorporating the “Essential 8” mitigation strategies (as defined by the Australian Cyber Security Centers - a div. of the Australian Defense Signals Directorate) to evaluate our client’s Operational; Legal; Reputational & Recovery Risks with recommendations for remedies. Click on the link at https://www.avantiacybersecurity.com/cyber-security-audit for more information.


THREAT FOCUS: Bird Constructions - CANADA

https://www.infosecurity-magazine.com/news/bird-construction-compromised-in/


Exploit: Ransomware

Bird Construction: Commercial and institutional building construction company

Risk to Small Business: 1.888 = Severe: A December ransomware attack has encrypted critical company data. In a statement, Bird Construction noted that the organization continues to function without interruption. However, after the company refused to pay a ransom, cybercriminals began releasing the stolen data online, creating a more expansive and expensive data loss event. The company relies on hundreds of millions of dollars in government contracts, and sensitive government and military information may be included in the breach. The recovery process is bound to be incredibly expensive, and it could have long-term implications for their business model.

Individual Risk: 2.285 = Severe: Cybercriminals have begun publishing employees’ personal data online. The hacking group is slowly releasing the data, perhaps trying to encourage the company to pay up. The specific details of the exposed data remain unclear, but all employees should reset their account credentials and closely monitor their accounts for unusual or suspicious activity.

Customers Impacted: Unknown Effect On Customers: Ransomware attacks are a growing threat for every organization, and cybercriminals appear to be upping the ante. Rather than moving on when companies refuse to pay up, many have begun releasing company data online, increasing the cost and scope of the attack. Therefore, every organization to reassess its defensive posture to account for this burgeoning threat.

Risk Levels: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Avantia Cyber Security & ID Agent to the Rescue: Dark Web ID monitors the Dark Web to find out if your employee or customer data has been compromised. We work with our Clients to strengthen their security suite by offering industry-leading detection. Discover more at:  https://www.avantiacybersecurity.com/copy-of-the-secret


THREAT FOCUS: Royal Yachting Association - UNITED KINGDOM

https://www.theregister.co.uk/2020/01/24/royal_yachting_association_data_breach/


Exploit: Unauthorized database access

Royal Yachting Association:  British Boating organization

Risk to Small Business: 1.777 = Severe: Hackers infiltrated the company’s network and downloaded a database containing customers’ personal information. The organization identified the breach on January 17th and hired cybersecurity specialists to investigate the event and secure customer data. To prevent unauthorized account access, the Royal Yachting Association reset all customer passwords. Although the database contains information from several years ago, there are still many ways that bad actors can deploy this information in additional cybercrimes.

Individual Risk: 2.428 = Severe: The data breach compromised members’ personally identifiable information, including names, email addresses, and hashed passwords. No financial data was compromised. Those impacted by the breach should immediately reset their password on any accounts using these login credentials. In addition, they should carefully assess online communications, as this data can be used to craft spear phishing attacks that can dupe unsuspecting recipients into compromising even more personal information.

Customers Impacted: Unknown Effect On Customers: Data breaches compromising usernames and passwords can have far-reaching consequences for an organization, as this data can be used in many ways to make an already bad situation even worse. Moreover, cybercriminals can come up with many ways to misuse this information, and businesses need tools to stop its spread as soon as possible. Risk Levels: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: Dark Web ID alerts Avantia when our customers’ employee emails and passwords have been compromised and are for sale to the highest bidder, before a breach occurs. Learn how you can partner up with us here:

www.avantiacybersecurity.com


THREAT FOCUS: City Of Potsdam - GERMANY

https://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-threatens-to-publish-data-of-automotive-group/


Exploit: Malware attack

City of Potsdam: Local municipality in Germany

Risk to Small Business: 2 = Severe: A malware attack forced the City of Potsdam to bring its network entirely offline to prevent further expansion and data exfiltration. As a result, government employees cannot send or receive email, and most administrative functions are inaccessible. While emergency services remain unharmed, there will be a significant cost for the government, as worker productivity slows, sales opportunities are missed, and recovery efforts eat away at precious resources.

Individual Risk: No personal information was compromised in the breach.

Customers Impacted: Unknown Effect On Customers: Data breaches continue to become more expensive, partly because the opportunity costs are so high. In the digital age, cyberattacks can render an organization useless, eroding their bottom line and dampening the future financial outlook. Unfortunately, many organizations can’t sustain that level of financial loss and are forced to close their doors. However, a strong defense posture can ensure that your business is ready to thrive amidst today’s evolving threat landscape. Risk Levels: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Avantia Cyber Security & ID Agent to the Rescue: With BullPhish ID, Avantia can provide a more complete picture of a company’s security posture and potential risk, transforming the weakest links of an organization into their strongest points of protection. Find out how you can get started with us here: http://www.avantiacyber security.com


THREAT FOCUS: Super Casino - UNITED KINGDOM

https://www.technadu.com/supercasino-breached-customer-info-leaked/90769/


Exploit: Unauthorized data access

SuperCasino: Online gambling platform

Risk to Small Business: 1.888 = Severe: SuperCasino experienced a data breach that compromised users’ personally identifiable information. While the online gambling outfit identified and investigated the breach, their customer communications were blasé at best, minimizing the potential harm to customers’ data privacy. The company will likely endure intense scrutiny under GDPR and other privacy regulations, which could mean painful penalties alongside other financial implications of the data breach.

Individual Risk: 2.285 = Severe: SuperCasino claims that users’ financial data was not compromised in the event. However, hackers did access users’ names, usernames, email addresses, telephone numbers, residential addresses, and account activity data. SuperCasino is asking all users to reset their passwords and to reset passwords on any platforms that may use duplicate credentials. Victims are at a heightened risk for phishing attacks and other scam messages, so they should carefully scrutinize their online communications.

Customers Impacted: Unknown Effect On Customers: Protecting against a data breach should be every company’s first priority but deploying an adequate response to an event needs to be a close second. Moreover, as data privacy regulation becomes the new norm, every organization needs to consider the necessary steps to compliance that can prevent a breach or mitigate the consequences after an event occurs. Pre-planning for both of these contingencies can ensure that your organization is ready to thrive in today’s digital environment. Risk Levels: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security to the Rescue: It’s critical that SME’s understand the importance of cybersecurity and the ‘cyber risks‘ to their organisation. Our Pinpoint Cyber Security Audits™ are an expansion of our White Glove Onboarding Support that includes a Certified 3rd Party holistic Cyber Security Audit incorporating the “Essential 8” mitigation strategies (as defined by the Australian Cyber Security Centers - a div. of the Australian Defense Signals Directorate) to evaluate our Client’s Operational; Legal; Reputational & Recovery Risks with recommendations for remedies. Click on the link at https://www.avantiacybersecurity.com/cyber-security-audit for more information.


THREAT FOCUS: Toll Group - NEW ZEALAND.

https://www.nzherald.co.nz/business/news/article.cfm?c_id=3&objectid=12305031


Exploit: Cyberattack

Toll Group: Transport and logistics company

Risk to Small Business: 2.222 = Severe: A cyberattack has forced Toll Group to shut down many of its customer-facing network systems to contain any impact on customers and operations. Although Toll Group is referring to the incident as a “cyberattack,” it’s likely that this episode is the result of a ransomware attack. The company expects that many customer applications will be impacted. The incident underscores that opportunity cost that is increasingly driving up the cost of ransomware attacks. During the outage, it’s unlikely that Toll Group will be able to collect revenue, meaning the event could have a significant impact on its bottom line.

Individual Risk: No personal information was compromised in the breach.

Customers Impacted: Unknown Effect On Customers: Ransomware attacks will likely be one of the most expensive and pervasive cyber risks in 2020. The holistic high costs associated with these breaches should make a robust defense a top priority at every organization. Ultimately, cybercriminals always require an access point to infect a company with ransomware, and closing off common loopholes like phishing scams, outdated software, and compromised credentials can go a long way toward ensuring that your company isn’t the next victim of a ransomware attack. Risk Levels: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security to the Rescue: It’s critical that SME’s understand the importance of cybersecurity and the ‘cyber risks‘ to their organisation. Our Pinpoint Cyber Security Audits™ are an expansion of our White Glove Onboarding Support that includes a Certified 3rd Party holistic Cyber Security Audit incorporating the “Essential 8” mitigation strategies (as defined by the Australian Cyber Security Centers - a div. of the Australian Defense Signals Directorate) to evaluate our client’s Operational; Legal; Reputational & Recovery Risks with recommendations for remedies. Click on the link at https://www.avantiacybersecurity.com/cyber-security-audit for more information.



POSTSCRIPT:


Recovering From a Ransomware Attack is More Expensive Than Ever 

2019 saw a steep rise in the number of ransomware attacks impacting vulnerable organizations. Unfortunately, recovering from these attacks is becoming more expensive than ever. According to a new report, the total recovery cost of a ransomware attack doubled in the last quarter of the year, reaching US$84,116 (AUD$125,546) In some cases, the cost is increasing because cybercriminals demand higher ransoms, but other factors, including hardware replacement, lost revenue, and brand erosion, all contribute to this incredibly high sum. In addition, the report detailed the latest escalation in ransomware attacks. Cybercriminals are not content with just encrypting data and demanding Bitcoin payments anymore. They are increasingly willing to release company data online, which can provide both a greater incentive for companies to pay the ransomware and add a secondary revenue stream for criminal operations. Taken together, it’s clear that today’s organizations need to reassess their defensive postures as it relates to this escalating threat. Notably, ransomware always requires an access point and a foothold to encrypt company data. Closing off common loopholes like phishing emails and securing employee accounts with simple, effective tools like two-factor authentication can help ensure that your organization isn’t the next victim of an expensive ransomware attack.

Canada Plans to Update Its Data Privacy Laws 


Data privacy regulations are becoming par for the course in today’s dangerous digital landscape. On the back of Europe’s tone-setting General Data Protection Regulation, California's Consumer Privacy Act, New York’s SHIELD Act and Australia’s Notifiable Data Breaches Act governments worldwide are reviewing their regulatory position around robust privacy laws. Now, Canadian authorities are indicating that they are ready to update the country’s data privacy laws as well.

According to the country’s Privacy Commissioner, David Therrien, Canada wants to update its mechanisms for providing support to individuals and accountability for companies. Currently, two federal statutes regulate data privacy in Canada, and when the country updated their requirements in 2018, the number of reported breaches increased six-fold in the following year.

It’s likely that Canada will continue to update its guidelines, specifically in the area of enforcement. By implementing financial penalties for data security, Canada would more closely align its data privacy laws with other prominent regulations. Collectively, it’s clear that digital platforms no longer operate in a veritable Wild West. Instead, companies are going to need to learn how to achieve and demonstrate compliance with multifaceted privacy laws around the world.


Disclaimer*:

Avantia Corporate Services Pty Ltd T/A Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, and up to 56 other countries who provide cyber breach and cyber security information to us in real time. Given their international focus and experience in the cyberspace arena we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the contents accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.

*COPYRIGHT 2020* Avantia Corporate Services - All Rights Reserved.

199,548