Search
  • Avantia Threat Update

TWITTER HACKERS NAILED 2FA AND RESET USER PASSWORDS.



This Past Week:

Twitter hackers nailed 2FA and reset user passwords; U.S. indicts 2 Chinese Nationals for hacking hundreds of organisations on behalf of the Communist Party Of China Government; Ransomware Warning - Now attackers are stealing data as well as encrypting it; Inside a ransomware attack: from the first breach to the ransomware demand; The European Union (EU) for the first time sanctions Russia & Chinese hackers; Even tech giants have basic cybersecurity woes; Third-party data breaches put every business at risk and Major Data Breaches in FRANCE; BELGIUM; AUSTRALIA; ARGENTINA; HONG KONG CHINA and UNITED STATES.


Cybersecurity News: Dark Web ID’s Top Threats

Top Source Hits: ID Theft Forum

Top Compromise Type: Domain

Top Industry: Finance & Insurance

Top Employee Count: 251-500

______________________________________________________________________________


TWITTER HACKERS BUSTED 2FA (2 FACTOR AUTHENTICATION) TO ACCESS ACCOUNTS AND THEN RESET USER PASSWORDS.

Twitter has revealed more about the July 15 attack that saw several prominent accounts hijacked to promote a Bitcoin scam. The Saturday, July 18 update admits “the attackers successfully manipulated a small number of employees and used their credentials to access Twitter’s internal systems, including getting through our two-factor protections.” The post continues: “As of now, we know that they accessed tools only available to our internal support teams to target 130 Twitter accounts. For 45 of those accounts, the attackers were able to initiate a password reset, login to the account, and send Tweets. We are continuing our forensic review of all of the accounts to confirm all actions that may have been taken. In addition, we believe they may have attempted to sell some of the usernames.” Data leaked. Twitter isn’t sure what, but said the “attackers were able to view personal information including email addresses and phone numbers” for the 130 impacted accounts. It’s possible “additional information” may also have been viewed. Eight account-holders suffered the indignity of attackers downloading the account’s information through the “Your Twitter Data” tool, which offers users the chance to access a summary of their Twitter account details, private messages, and activity. Twitter is contacting those folks directly. Future scholars will regard most of Twitter’s post as a decent example of the genre known as “Sorry, that shouldn’t have happened, please forgive us, we’re getting more infosec training.” There’s not much more to the post than that, other than perhaps the revelation that Twitter is collaborating with law enforcement agencies to figure out what happened. And is really sorry, but thinks saying so means it doesn’t have to be quite as sorry as it was when the hack happened.


U.S. INDICTS 2 CHINESE NATIONALS FOR HACKING HUNDREDS OF ORGANISATIONS ON BEHALF OF THE CHINESE GOVERNMENT (CPC)


The United States Department of Justice announced charges against two individuals for the hacking of hundreds of organizations worldwide, including governments and COVID-19 responders. The two, Li Xiaoyu, 34, and Dong Jiazhi, 33, both nationals and residents of China, are accused to have conducted computer intrusion activities on behalf of the Chinese government for more than 10 years. Victims of the two include governments, non-governmental organizations, companies, human rights activists, clergy, and dissidents in the United States, the United Kingdom, Australia, Germany, Japan, the Netherlands, South Korea, and more.Li and Dong, the DoJ says, targeted a broad range of industries, including high tech manufacturing, engineering, software, solar energy, pharmaceuticals, and defense. Recently, they targeted the networks of organizations “developing COVID-19 vaccines, testing technology, and treatments,” DoJ says. According to the 11-count indictment, the hackers used RAR files (RAR is the native format of WinRAR archiver. Like other archives, RAR file is a data container storing one or several files in compressed form. If you downloaded RAR file from Internet, you need to unpack its contents in order to use it), to exfiltrate data, changed file names and timestamps, and hid programs and documents at specific locations on the compromised networks, including the victim’s Recycle Bin. The indictment alleges that the two conspired to steal trade secrets from eight victims, including manufacturing processes, pharmaceutical chemical structures, source code, technology designs, and test mechanisms and results. “Such information would give competitors with a market edge by providing insight into proprietary business plans and savings on research and development costs in creating competing products,” the DoJ says. The hackers allegedly stole hundreds of millions of dollars’ worth of secrets, intellectual property, and other data, and even attempted to extort at least one of the victims, threatening to make the stolen information public unless a ransom was paid. Li and Dong, the indictment alleges, sometimes acted for their own profit, but also engaged in the stealing of information that was of interest for the Chinese Ministry of State Security (MSS), and were assisted by an MSS officer who the DoJ did not name. Working on behalf of the MSS, the two stole information regarding military satellite programs and wireless networks and communications systems, but also data on counter-chemical weapons systems, and ship-to-helicopter integration systems, the indictment reveals. Additionally, they are accused of providing the MSS with personal information stolen from their victims, including email passwords of Chinese dissidents. For years, the hackers targeted victims worldwide, while receiving safe-haven in China, “for the benefit of the MSS and for their own personal gain.” The hackers targeted known vulnerabilities in popular software to perform intrusions (including those in web server apps, web app development suites, and software collaboration programs). In some cases, they used newly disclosed security flaws, before a majority of users would have installed available patches. The indictment, which provides further details on when and what type of data was stolen from specific organizations, also accuses the two of placing web shells on victim networks, and of frequently using the China Chopper web shell — the tool is popular among Chinese hackers — to maintain access to the compromised environments. Sometimes, they protected access to the web shells with passwords. “China has now taken its place, alongside Russia, Iran and North Korea, in that shameful club of nations that provide a safe haven for cyber criminals in exchange for those criminals being ‘on call’ to work for the benefit of the state, here to feed the Chinese Communist party’s insatiable hunger for non-Chinese companies’ hard-earned intellectual property, including COVID-19 research,” said Assistant Attorney General for National Security John C. Demers.


RANSOMWARE WARNING: NOW ATTACKERS ARE STEALING DATA AS WELL AS ENCRYPTING IT.

Cyber criminals are increasingly bullying victims by threatening to leak data if they don't pay - and the problem is likely going to get worse, say researchers.There's now an increasing chance of getting your data stolen, in addition to your network being encrypted, when you are hit with a ransomware attack – which means falling victim to this kind of malware is now even more dangerous. The prospect of being locked out of the network by cyber criminals is damaging enough, but by leaking stolen data, hackers are creating additional problems. Crooks use the stolen data as leverage, effectively trying to bully organisations who've become infected with ransomware into paying up – rather than trying to restore the network themselves – on the basis that if no ransom is paid, private information will be leaked. Analysing numbers of submissions to ID Ransomware – a site that allows people to identify ransomware – researchers at Emsisoft found that, of 100,000 submissions related to ransomware attacks between January and June this year, 11,642 involved ransomware families overtly attempt to steal data – or just over 11%.

Organisations in the legal, healthcare and financial sectors are among the most targeted by these campaigns, based on the assumption that they hold the most sensitive data. And researchers warn that the percentage of ransomware attacks that steal data could be even higher, because some will do it discreetly, potentially using the stolen information as the basis for additional attacks. "All ransomware groups have the ability to exfiltrate data. While some groups overtly steal data and use the threat of its release as additional leverage to extort payment, other groups likely covertly steal it," said the blog post by researchers. "While groups that steal covertly may not exfiltrate as much data as groups seeking to use it as leverage, they may well extract any data that has an obvious and significant market value or that can be used to attack other organizations." The prospect of suffering a data breach in addition to a ransomware attack is worrying for organisations because, even if the network is restored, the leak can cause other problems with customers or regulators. Exfiltration and encryption attacks will become increasingly standard practice and both the risks and the costs associated with ransomware incidents will continue to increase, warned researchers. However, it's possible for organisations to avoid falling victim to ransomware in the first place – or at least limiting the damage it can do – by following some cybersecurity hygiene basics. They include applying security patches to protect against known vulnerabilities, and disabling remote ports where they're not needed and segmenting the network to stop ransomware from getting in, or being able to spread quickly around the network if it does. Organisations should also use multi-factor authentication so even if passwords are known, they can't be used to gain access to other areas of the network. Backups should be regularly made and stored offline, while organisations should also have a plan for that they'll do in the event of ransomware compromising the network.


INSIDE A RANSOMWARE ATTACK: FROM THE FIRST BREACH TO THE RANSOMWARE DEMAND:

Security researchers have revealed the anatomy of a ransomware attack, showing how cyber criminals gained access to a network and deployed ransomware  -- all in the space of just two weeks. Researchers from tech security company SentinelOne examined a server that was used by criminals in October last year to turn a small security breach in a corporate network into a damaging Ryuk ransomware attack. This sort of data can be vital in helping understand the tactics and techniques used by attackers. Once the network was breached by the Trickbot malware, the hackers started to hunt around to find out what they had gained access to – and how to make money out of it. "Over the course of some time they dig around in the network and they attempt to map it out and understand what it looks like. They have an endgame, and their endgame is to monetise the data, the network, for their illicit gain," SentinelOne researcher Joshua Platt told ZDNet. "They already understand there is the potential for making money and are looking to expand that leverage." Once the hackers decided to exploit the network breach, they used tools like PowerTrick and Cobalt Strike to secure their hold on the network and explored further, searching for open ports and other devices to which they could gain access. Then they moved on to the ransomware phase of the attack. From the initial TrickBot infection, through profiling the network, to finally initiating the Ryuk malware attack took around two weeks, said SentinelOne. "Going by the timestamps, we can guess the time period of two weeks for dwell time," the company's blog post said. Ryuk was first seen in August 2018 and has been responsible for multiple attacks globally, according to the UK's National Cyber Security Centre advisory from last year. It's targeted ransomware: the ransom is set according to the victim's perceived ability to pay, and it can take days or even months from the initial infection to the ransomware being activated, because the hackers need time to identify the most critical network systems. But the NCSC said this delay also gives defenders a window of opportunity to stop the ransomware attack from being triggered, if they can detect that first infection. According to the FBI, Ryuk is an extremely lucrative project for its criminal developers, generating roughly $61m in ransom between February 2018 and October 2019. The success of Ryuk in forcing companies to pay ransoms means that the crooks have a bulging war chest with which to hone their attacks. "It's obviously going to increase; they have more money and more ability now to hire even more talent," said Platt. Ransomware also continues to evolve, Platt said: "When you look at the beginning of ransomware, they would ransom personal computers for $300, and now we are into the millions of dollars".  The next step, he said, would be more sophisticated extortion attempts: "These guys are digging around in the networks they are looking for the biggest possible thing they can extort companies with."


THE EUROPEAN UNION, FOR THE FIRST TIME, SANCTIONS RUSSIA & CHINESE CYBER ATTACKERS:

The European Union imposed its first ever sanctions against alleged cyber attackers targeting Russian and Chinese individuals and a specialist unit of Moscow's GRU military intelligence agency. An export firm based in North Korea and technology company from Tiajin, China, were also listed. The member states said measures would be taken against six individuals and three entities involved in various actions, including the attempt to hack into the Organisation for the Prohibition of Chemical Weapons (OPCW). They also included suspects said to be involved in the major cyber assaults known by the nicknames "WannaCry", "NotPetya" and "Operation Could Hopper".  The individuals will be banned from travel to the European Union and all the targets will be subject to an asset freeze for any funds in areas under EU jurisdiction. In addition, the European Council of member states said: "EU persons and entities are forbidden from making funds available to those listed." EU foreign policy chief Josep Borrell said the action had been taken "to better prevent, discourage, deter and respond to such malicious behaviour in cyberspace". These attacks, he said, represented "an external threat to the European Union or its member states" or had "a significant effect against third States or international organisations". The best known of the targeted entities is the Main Centre for Special Technologies, a unit of the Main Directorate of the General Staff of the Armed Forces of the Russian Federation -- better known as the GRU. This unit, based on Kirova Street in Moscow, is said to have carried out attacks known as NotPetya and EternalPetya in June 2017, hitting EU private companies with ransomware and blocking data. The sanctions list also accuses GRU agents of carrying out an attack on the Ukrainian power grid in the winters of 2015 and 2016, resulting in parts of it being shut down. Four alleged Russian GRU agents -- two "human intelligence support" officers and two "cyber operators" -- are also named, for their roles in the April 2018 attempt to penetrate the OPCW agency in The Hague.The watchdog was investigating reports that Russian-backed Syrian forces carried out chemical attacks when alleged GRU agents were intercepted trying to penetrate the agency's wifi from a hire car parked near its headquarters. "With these sanctions, the EU is taking a big step towards safer cyber space. The price for bad behaviour is being increased, because the bad guys still get away with it too often," said Dutch foreign minister Stef Blok. "Now the EU shows that it can take effective action against these and other malicious parties," he said. The other two entities targeted were Tianjin Huaying Haitai Science and Technology Development Company Ltd, said to be the actor known to cyber war observers as "Advanced Persistent Threat 10" or APT10. Haitai is said to have been the source of "Operation Cloud Hopper", which the European Council said "targeted information systems of multinational companies in six continents ... and gained unauthorised access to commercially sensitive data, resulting in significant economic loss". Another target was Chosun Expo, an export company from North Korea which, under the "WannaCry" banner, is said to have helped hack the Polish Financial Supervision Authority and Sony Pictures Entertainment. It is alleged to have carried out cyber-theft from the Bangladesh Bank and attempted cyber-theft from the Vietnam Tien Phong Bank

______________________________________________________________________________

THREAT FOCUS: BlackBaud Services - UNITED STATES

https://www.zdnet.com/article/cloud-provider-stopped-ransomware-attack-but-had-to-pay-ransom-demand-anyway/?&web_view=true


Exploit: Ransomware

BlackBaud: Cloud Services & Financial Technology 

Risk to Small Business: 2.177 = Severe - BlackBaud admitted that its’ success in preventing a recent ransomware attack in May 2020 wasn’t quite as straightforward as it seemed. It turns out that they did pay a ransom to the hackers, but not to decrypt files. The ransom was paid to prevent the release of the stolen data in an increasingly popular double-extortion ransomware scheme. The cloud provider, which primarily works with non-profits, foundations, educational charities, and healthcare organizations, said the incident only impacted the data of only a small subset of its customers, which they have now notified. 

Individual Risk: 2.797 = Moderate - According to BlackBaud’s statement about the incident,  no credit card information, bank account information, or Social Security numbers were stolen.  

Customers Impacted: Unknown

Effect On Customers: Ransomware is the bane of every company in today’s threat environment. Improved security awareness training, especially around phishing threats, is the best way for companies to quickly boost their defenses against ransomware.

Breach Risk Levels

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores for Breach levels are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: ID Agent’s digital risk protection platform packs three essential components of an effective, dynamic defense of data and systems. Over 3,000 Cyber Security Companies in 30 countries around the wold chose ID Agent to keep their Passwords compliant.   Put the power of ID Agent to work for you by Partnering with us today. Call Avantia on 07 30109711 to find out how.

THREAT FOCUS: MyCastingFile.com - UNITED STATES

https://www.zdnet.com/article/us-actor-casting-company-leaked-private-data-of-over-260000-individuals/?&web_view=true


Exploit: Unsecured Database 

MyCastingFile.com: Entertainment Staffing Platform 

Risk to Small Business: 1.643 - Severe Researchers discovered an unsecured Elasticsearch database owned by MyCastingFile.com and filled with information about clients of the casting agency, including current and aspiring actors. It’s estimated that the breach started on May 31 and wasn’t addressed until mid-June. The New Orleans based company acted quickly after they were informed of the problem, but still suffered a breach estimated to be 1GB in size, with over 260,000 user profiles leaked of clients, actors, and members of staff, including minors. 

Individual Risk: 2.349 = Severe - The leak included names, physical addresses, email addresses, phone numbers, work histories, dates of birth, height and weight, ethnicity, and physical descriptions. Anyone with a profile at the platform should be alert for potential identity theft and spear phishing attempts.  

Customers Impacted: 260,000 

Effect On Customers: Failure to secure a database is a rookie move, and no company’s clients are going to look at that kindly – especially when that failure involved children. Customers today are concerned about data privacy, and more aware of Dark Web danger than they used to be – and they will not want to continue doing business with companies that can’t keep their information safe.

Breach Risk Levels

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores for Breach levels are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & Huntsman Digital Auditor to the Rescue: Helping SME’s to understand the importance of cyber security is no easy task. With an ‘Essential8’ Digital Security Audit we offer a remote access, independent, ‘real time’ audit of our clients critical operational infrastructure systems to determine where the gaps are, with recommendations for remediation. Its the first step to real cyber security. Call Avantia’s office on 07 30109711 or visit: https://www.avantiacybersecurity.com/cyber-security-audit

THREAT FOCUS: LiveAuctioneers - UNITED STATES

https://portswigger.net/daily-swig/liveauctioneers-data-breach-millions-of-cracked-passwords-for-sale-say-researchers


Exploit: Unauthorized Database Access

LiveAuctioneers: Online Antiques Auction House 

Risk to Small Business: 2.172 = Severe - LiveAuctioneers has reported a major data breach courtesy of one of its third-party data processing partners. The company first noted the incident on July 10, 2020, after monitors spotted Dark Web posts advertising the sale of the company’s records company records of 3.4 million LiveAuctioneers users, as well as three million cracked username and password combinations. 

Individual Risk: 2.172 = Severe - While no financial data has been reported as compromised, the investigation is still ongoing. Those affected have been notified via email. Every user should reset their account password and be alert to potential identity theft.  

Customers Impacted: 3.4 million 

How it Could Affect Your Business:  Third party risk is a growing menace that’s hard for businesses to overcome. By maintaining a constant watch on Dark Web markets, businesses can get notified when credentials, including those used in accounts at third party partners, suffer a breach, lowering their risk of compromise from the stolen information.

Breach Risk Levels

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores for Breach levels are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: Dark Web ID uses human and machine intelligence to watch the Dark Web 24/7/365. We scour every corner for leaked passwords, compromised credentials, or sensitive data that could create a data breach risk for Avantia’s Customers and alert them in real time when they appear. Book a FREE demo by calling Avantia on 07 30109711

THREAT FOCUS: Tesco Supermarkets - UNITED KINGDOM

https://www.infosecurity-magazine.com/news/consumers-targeted-tesco-scam/


Exploit: Phishing/Impersonation

Tesco: Grocery Retailer

Risk to Small Business: 2.877 = Moderate - Retail giant Tesco was recently used as a front for an elaborate phishing operation that used a fake Facebook page as well as SMS and email communication to trick consumers into handing over their details and steal confidential and payment data as part of a fake giveaway for a  new HD TV. Facebook users who shared the post helped it spread. Victims received an email offering them the chance to “register to claim their prize. A button in the message then linked victims to a landing page to enter their name, home address, telephone number, and bank account details. 

Individual Risk: 2.667 = Moderate - The Facebook portion of the scam was shut down quickly, but some consumers did fall for the email, providing bad actors with personal and financial data, and the scam may still be circulating via email.  Customers Impacted: Unknown

How it Could Affect Your Business: In a booming Dark Web economy, everything is for sale. Your client’s brand is just as valuable as their data. Digital risk protection can’t stop impersonation schemes, but it can prevent bad actors from masquerading as your client in Dark Web forums or on social media if your client is alerted to the problem quickly enough.

Breach Risk Levels

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores for Breach levels are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & BullPhish ID: Designed to protect against human error, Bullphish ID simulates phishing attacks that can lead to ransomware attacks and manages security awareness training campaigns to educate employees, making them the best defense against cybercrime. Training including video is now available in 8 languages! Learn more by calling Avantia on 07 30109711 or contacting us at info@avantiacorp.com.au today.

THREAT FOCUS: Orange Telecom - FRANCE

https://www.bleepingcomputer.com/news/security/orange-confirms-ransomware-attack-exposing-business-customers-data/?&web_view=true

Exploit: Ransomware  

Orange: Telecom Provider 

Risk to Small Business: 2.323 = Severe - French telecommunications giant Orange has confirmed that they suffered a data breach affecting customers in their Orange Business Services Division. The Nefilim ransomware group added Orange to its data leak site on July 15, 2020. Orange noted that it was quickly able to mitigate the attack and stop the leak, but some business clients had their data captured by the hackers. No mention of a ransom or payment was released by Orange.    Individual Risk: No individual personal or financial data has been reported as compromised, but no details have been released about the contents of those 20 compromised enterprise accounts.  

Customers Impacted: Unknown

How it Could Affect Your Business: Ransomware is everywhere these days, and cybercriminals are often choosing to make more targeted attacks than in the past to lower their chances of quick detection. Every company needs to make defending against ransomware a top security training priority.

Breach Risk Levels

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores for Breach levels are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & BullPhish ID: Designed to protect against human error, Bullphish ID simulates phishing attacks that can lead to ransomware attacks and manages security awareness training campaigns to educate employees, making them the best defense against cybercrime. Training including video is now available in 8 languages! Learn more by calling Avantia on 07 30109711 or contacting us at info@avantiacorp.com.au today.

THREAT FOCUS: Argenta Bank - BELGUM

https://cyware.com/news/jackpotting-attackers-are-back-in-action-belgiums-argenta-bank-targeted-072676cb


Exploit: Malware 

Argenta Bank: Banking and Financial Services 

Risk to Small Business: 1.778 = Severe - Argenta Bank is the latest victim of an increasingly popular malware attack, jackpotting. In these schemes, cybercriminals infect operating systems for ATM machines, turning them into free money fountains. These very precise attacks require specific knowledge and technical skills, and the machines affected were manufactured by Diebold Nixdorf. The bank was forced to turn off 143 machines at various times over two days. 

Individual Risk: No consumer personal or financial data was reported as stolen in this breach.

Customers Impacted: Unknown

How it Could Affect Your Business: Sophisticated attacks that require specialized information are becoming more common as attackers seek maximum profit from minimum work and malicious insiders offering cybercrime services like access credentials“as a service” become more common. Guarding against insider threats helps reduce the chance of this kind of crime.

Breach Risk Levels

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores for Breach levels are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security and Cyber Hawk to the Rescue: More than 70% of all cybersecurity incidents today are the result of internal security issues that no firewall or anti-virus could have prevented.  Cyber Hawk combines machine learning and intelligent tagging to identify anomalous activity, suspicious changes and threats caused by misconfigurations. For More information call Avantia on 07 30109711 or Email info@avantiacorp.com.au today.


THREAT FOCUS: Western Australia Department of Health - AUSTRALIA

https://www.msn.com/en-au/news/australia/wa-department-of-health-data-breach-under-investigation-after-confidential-information-published-online/ar-BB16XYAT


Exploit: Unauthorized Database Access 

Western Australia Department of Health: Government Agency

Risk to Small Business: 2.227 = Severe - Confidential data from the state’s Department of Health was made publicly available on a website after it was distributed over a third-party paging service. Security researchers discovered that a website was recently set up which provided confidential information about Western Australian patients and doctors, including those with suspected COVID-19 infections. The State Government and Western Australia Police are working to have the site taken down, but it was still up as of a recent check.  

Individual Risk: 2.623 = Moderate - No financial information was reported stolen, but sensitive health data may have been compromised. Affected users should be alert for potential spear phishing attempts or blackmail using this data. 

Customers Impacted: Unknown

How it Could Affect Your Business: Health data is extremely valuable right now, especially COVID-19 related data. Both private companies and international threat actors are paying top dollar for research and treatment data as healthcare organizations race to find a lucrative vaccine or treatment that works against COVID-19. This incident combines a third-party data breach with a reliance on outdated technology to create trouble.  

Breach Risk Levels

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores for Breach levels are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & Passly to the Rescue: With Passly, get the secure identity and access management solutions that you need to protect your systems and data in today’s remote work landscape at a price that you can afford, including multi-factor authentication, single sign-on, and secure password storage. Find out more by phoning Avantia on 07 30109711 or Click the link to get started: https://www.avantiacybersecurity.com/overwatch

THREAT FOCUS: Telecom Argentina - ARGENTINA

https://www.zdnet.com/article/ransomware-gang-demands-7-5-million-from-argentinian-isp/?&web_view=true


Exploit: Ransomware 

Telecom Argentina: Telecom and Internet Service Provider

Risk to Small Business: 2.870 = Severe - REvil gang attackers made a bold foray into Telecom Argentina last week, culminating in successfully gaining entry to an internal Domain Administration account, giving them free access to deploy their ransomware payload to more than 18,000 workstations. The company moved quickly to combat the incident, and alerted workers to the danger of potentially corporate network, not to connect to its internal VPN network, and not open emails containing archive files. 

Individual Risk: No individual personal or financial data is reported as affected at this time. 

Customers Impacted: Unknown

How it Could Affect Your Business: Administrator accounts are often compromised through whaling, a type of phishing – and an expressway for cybercriminals to race into the heart of a business. Combat that risk by putting extra protections in place like multifactor authentication that help keep administrator accounts safe. 

Breach Risk Levels

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores for Breach levels are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & Passly to the Rescue: With Passly, get the secure identity and access management solutions that you need to protect your systems and data in today’s remote work landscape at a price that you can afford, including multi-factor authentication, single sign-on, and secure password storage. Find out more by phoning Avantia on 07 30109711 or Click the link to get started: https://www.avantiacybersecurity.com/overwatch

THREAT FOCUS: UFO - VPN - HONG KONG, CHINA


Exploit: Unsecured Database 

UFO VPN: Virtual Private Network Host/ Provider 

Risk to Small Business: 1.086 = Extreme - Users who were relying on VPN provider UFO for a safe, anonymous way to secure their communications and data got a nasty surprise this week. Researchers uncovered more than 20 million user logs from the company available on the Dark Web. It’s a double reputation blow for a VPN provider that claims to retain no login or usage information. The 894 GB database was reportedly hosted on an Elasticsearch cluster that was not even password protected.  The data allegedly included plaintext passwords, IP addresses, timestamps of user connections, session tokens, device information, and user operating system types, along with geographical information in the form of tags. 

Individual Risk: 1.910 = Severe - Anyone who has used the service for a VPN should be concerned about compromise, spear phishing, identity theft, blackmail, or fraud connected to this event.  

How it Could Affect Your Business: Securing a remote workforce can be complex, especially as communications tools become more easily compromised, like messaging and SMS text. One common security measure that companies take when setting up for remote work is encouraging staffers to connect through a VPN. Failing to adequately investigate the safety record of that VPN provider could create additional risk instead of decreasing it.

Breach Risk Levels

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores for Breach levels are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & Passly to the Rescue: With Passly, get the secure identity and access management solutions that you need to protect your systems and data in today’s remote work landscape at a price that you can afford, including multi-factor authentication, single sign-on, and secure password storage. Find out more by phoning Avantia on 07 30109711 or Click the link to get started: https://www.avantiacybersecurity.com/overwatch

______________________________________________________________________________


POSTSCRIPT:


Does Remote Work Really Increase Cyberattack Risks? 

It’s long been debated whether remote work demonstrably increases the risk of a cyberattack. As we move through the pandemic, we’re all taking part in an unexpected experiment in remote working – and we’re just starting to see if the increased risk that’s often associated with remote work is fact or fiction.  The third Global Threat Report is out, and it’s got some important data to consider when debating the risk of remote work or securing a remote workforce. According to researchers, 91% of executives surveyed believe that remote work has placed their companies at higher risk for a cyberattack, with a high incidence of phishing attempts named as the biggest factor that drove that opinion.   The study, conducted in March and April of 2020, found that 85% of the surveyed executives (chief information officers, chief technology officers, and chief information security officers) felt that breach risks were too high because their workforce had not been properly equipped, trained, or secured to work from home, with 28% citing severe known gaps in security. As the pandemic continues to affect the way that business is done, companies need to take adequate measures to secure their remote workforce long term. Over 29% of the surveyed executives cited a lack of multifactor authentication as the biggest threat facing their organization, rising to 50% for companies in the financial services sector, and 46% for companies with 251-500 employees. COVID-19 related malware was reported by 43% of respondents as the biggest perceived threat organizations with 50-250 employees.  Don’t wait to deploy essentials like multifactor authentication (MFA). By adding a solution like Passly to your security stack, you provide one affordable tool that packs a huge security punch by combining MFA, single sign on, remote management, seamless integration with over 100 applications, and easy deployment in days, not weeks.  Companies should be proactive to avoid future headaches. By adding MFA and the remote workforce support power of our digital risk protection platform now, businesses can be ready for tumultuous times and avoid hazards like scrambling for added security or a costly data breach as we continue to grapple with the global pandemic. 

______________________________________________________________________________

AVANTIA CYBER SECURITY - PARTNER FOCUS

Portuguese;  Spanish (Iberian/European) and Spanish (Latin) Employees learn best in their native language. By offering BullPhish ID training videos with translations in seven additional languages, we’re making security awareness training more accessible to users around the world. Training your employees about the dangers and risks of cybersecurity is the first line of defense by expanding and empowering companies and their employees to take action against cyber threats and to shore up protection of digital identities and corporate assets


FOR MORE INFORMATION ON PASSLY CONTACT AVANTIA CYBER SECURITY ON +61 7 30109711 / info@avantiacorp.com.a

______________________________________________________________________________


Disclaimer*:

Avantia Corporate Services Pty Ltd T/A Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, other members of the 5 Eyes Alliance, the Australian Cyber Security Centers, and other sources in 56 countries who provide cyber breach and cyber security information in real time. Given their international focus and experience in the cyberspace arena we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the contents accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.

*COPYRIGHT 2020* Avantia Corporate Services - All Rights Reserved.

(3,660,000)

Want The Information  Cyber Criminal's  Don't Want You To Know?

Subscribe below to receive our weekly Threat Updates straight to your inbox.

Call (07) 3010 9711 

info@avantiacorp.com.au

 

Avantia Corporate Services Pty Ltd,                    Level 7, 320 Adelaide Street

Brisbane, Queensland 4000

AUSTRALIA.

  • LinkedIn Social Icon
  • Facebook Social Icon

DISCLAIMER*: Avantia Corporate Services Pty Ltd and Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, and up to 56 other countries who provide cyber breach and cybersecurity information to us in real-time. Given their international focus and experience in the cyberspace arena, we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the content's accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.

*COPYRIGHT 2020* Avantia Corporate Services  PTY LTD - All Rights Reserved.