Search
  • Avantia Threat Update

UK TRAINING TEENS FOR FREE, TO BE FUTURE CYBER WARRIORS

Updated: May 23



This Past Week*: UK Govt offers free virtual cyber school for teens in Covid-19 lockdown; Contact Tracing App Unsafe if Bluetooth not fixed; Israel Govt tells water treatment companies to change passwords; ‘Frontline’ Chinese COVID-19 Firm hacked; Scams continue to inundate healthcare providers; Nine million logs of British drivers road journeys spill onto internet; Malware steals SME customer data at checkout; Thousands of companies send employees home with compromised devices: Web Shell warnings issued by Australia & America and major breached in  USA; AUSTRALIA; CANADA; PORTUGAL; HOLLAND and UNITED KINGDOM.


Dark Web ID Trends*:

Top Source Hits: ID Theft Forums

Top Compromise Type: Domain

Top Industry: Manufacturing

Top Employee Count: 50-100

______________________________________________________________________________


UNITED KINGDOM GOVERNMENT OFFERS FREE VIRTUAL CYBER SCHOOL FOR TEENAGERS DURING COVID-19 LOCKDOWN*.

The UK Government on Friday launched a new virtual cyber security school aimed at encouraging teenagers to learn new skills while stuck at home during the coronavirus pandemic lockdown. The Department for Digital, Culture, Media and Sports (DCMS) said this will help them develop important skills needed for future jobs, particularly in cyber security. “This new initiative will give teenagers something fun and educational to do from home and provide them with a glimpse into the life of a cyber security professional,” said UK Minister Matt Warman. “We have a world-leading cyber sector which plays a crucial role protecting the country and our digital economy, so it is absolutely vital we continue to inspire the next generation of tech talent to help maintain the UK's strong position,” he said. Children across the country will have the opportunity to crack codes, fix security flaws and examine the trails left behind by cyber criminals as part of a new learning experience they can take part in from home. The initiative comes as coronavirus lockdown measures mean schools still remain closed to most children – but the online courses hope to inspire interest in careers in the cybersecurity industry, while providing something to do. As part of the Cyber Discovery Virtual Cyber School, kids will be able to try over 200 cybersecurity challenges based around cracking codes, finding and fixing security flaws and dissecting digital trails left behind by criminals, all as part of a game. Through playing, young people will learn the concepts and ideas that real agents use when dealing with real cyberattacks. As part of the school, information security experts will run weekly webinars to teach viewers about security disciplines including digital forensics, cryptography and operating systems. "Cybersecurity is a fascinating field packed with opportunities for innovation and to make the online world more secure. It spans every part of society and has a huge role in our future security and technology prospects as a nation," said James Lyne, chief technology officer at SANS, the provider behind Cyber Discovery. "This is your chance to learn how to 'forensicate' like a digital Sherlock Holmes, close down vulnerabilities before the hackers find them, and break codes." The launch of Cyber Discovery comes alongside the government announcing a number of other online courses around cybersecurity skills. They include the CyberFirst summer course, which has been running since 2016 but is moving online this year in order to run under social-distancing measures. Students taking part in CyberFirst will have the opportunity to learn to code, as well as learning about cybersecurity in virtual classrooms. "Technology is helping us all cope with the coronavirus crisis and is playing an essential role in keeping our businesses moving and our society connected," said Ciaran Martin, CEO of the NCSC. A third course is available from the National Crime Agency and Cyber Security Challenge UK. The free CyberLand game sees players tasked with protecting a virtual city from hackers while also teaching security skills


CONTACT TRACING APP UNSAFE IF BLUETOOTH VULNERABILITIES NOT FIXED*.

As more Governments turn to contact tracing apps to aid in their efforts to contain the coronavirus outbreak, cybersecurity experts are warning this may spark renewed interest in Bluetooth attacks. They urge developers to ensure such apps are regularly tested for vulnerabilities and release patches swiftly to plug potential holes, while governments should provide assurance that their databases are secure and the data collected will not be used for purposes other than as originally intended. Users should also take the necessary steps to safeguard their personal data and prevent their devices from becoming the target of cybercriminals. According to Acronis' co-founder and technology president Stas Protassov, Bluetooth has had several vulnerabilities in the past, including as recently as February when BlueFrag, a critical vulnerability that affected multiple Android and Apple iOS devices which then required patching.  Left unpatched, devices could be breached by hackers within the vicinity and the user's personal data stolen, Protassov warned. He also stressed the need for users to update their devices' firmware to ensure vulnerabilities are promptly fixed. And as with any app, they also should check the permissions that all contact tracing apps requested.  Most of these apps, including Singapore's TraceTogether, use Bluetooth signals to detect others in close proximity, and security observers say it could leave the smartphone susceptible to threats, especially if there are undiscovered or unfixed vulnerabilities. Some compromise in personal privacy has been deemed necessary in countries such as Singapore, Taiwan, and South Korea that have turned to technology to aid in contact tracing and movement monitoring, but there are questions citizens should still ask to protect their cyber wellbeing. "People will want to download these apps to help curb the pandemic, but they also need to be aware of the cyber protection risks they are taking on. Only install official apps," Protassov said, noting that malicious lookalike apps likely are already being developed and would be released soon after the official ones. HackerOne's technical program manager Niels Schweisshelm also highlighted the critical vulnerabilities linked to the Bluetooth protocol and its implementations, which were exploitable by remote attackers and enabled arbitrary code execution on affected Android devices.  While these have since been fixed, Schweisshelm said the fixes offer no guarantee that Bluetooth and its implementations would be free from future vulnerabilities. He added that security research in the near future was expected to focus heavily on wireless technology and this could uncover other similar vulnerabilities.  Tom Kellermann, VMware Carbon Black's head of cybersecurity strategy, also underscored the need for contact tracing apps to be regularly tested for vulnerabilities and critical updates to be released swiftly. He said they should be configured to be automatically updated and prevented from interacting with mobile smart assistants.  Noting that Bluetooth attacks, similar to mobile app attacks, likely would remain in circulation, Kellermann said users should only turn on the wireless technology when they leave their home and limit the location settings to run only when in use.  Governments, too, should ensure backend databases were secure and regularly conduct application testing to mitigation exploitation of contact tracing apps.  Any personally identifiable information (PII) collected would need to be properly stored and encrypted, said Protassov, who noted that the data preferably should not be stored at all. He added that all possible precaution must be taken to avoid a massive data leak such as that involving Equifax.  Pointing to Singapore where Acronis is headquartered, he said the government has been transparent in its communication about the country's contact tracing app, TraceTogether. He said governments worldwide should clearly state what information is being gathered by contact tracing apps, how this data is collected, and who has access to the data. And where possible, the data should be anonymised, or at least pseudonymised, he noted.   According to the Singapore government, its TraceTogether app does not collect any location data nor ask for the user's mobile phone during setup. Meanwhile, any data collected is held by the Ministry of Health (MOH) and stored in "a highly secured server" along with a random anonymised user ID that is linked to the mobile number.  When TraceTogether is running on the phone, it creates a temporary ID that is generated by encrypting the user ID with a private key, which is held by the Health Ministry. The temporary ID is then exchanged with nearby phones and renewed regularly, making it difficult for anyone to identify or link the temporary IDs to the user, said GovTech, the government agency behind the contact tracing app. It noted that the temporary ID could only be decrypted by the Health Ministry.  It added that the TraceTogether app shows connections between devices, not their locations, and this data log is stored on the user's phone and shared with the ministry -- with the user's consent -- when needed for contact tracing. GovTech said: "Your phone will store the temporary IDs from nearby phones, together with information about the nearby phone's model, Bluetooth signal strength, and time. All this information is stored locally on your phone, and not sent to MOH, unless you are contact traced."


ISRAEL GOVERNMENT TELLS WATER TREATMENT COMPANIES TO CHANGE PASSWORDS*.

The Israeli government says that hackers have targeted its water supply and treatment facilities last week. In a security alert sent by the Israeli National Cyber-Directorate (INCD), the agency is urging personnel at companies active in the energy and water sectors to change passwords for all internet-connected systems. If passwords can't be changed, the agency recommended taking systems offline until proper security systems can be put in place. The INCD alert, issued on April 23, said the agency received reports of intrusion attempts at wastewater treatment plants, water pumping stations, and sewers, but did not go into details. A similar alert was also published by Israel's Computer Emergency Response Team (CERT) and by the Israel government's Water Authority. According to a Ynet report, the Water Authority told companies to change passwords "with emphasis on operational systems and chlorine control devices in particular," believed to have been targeted the most. ZDNet has learned from sources today that the Israeli government has issued these alerts in an attempt to improve the cyber-security posture of its industrial infrastructure, but also after it received a report from cyber-security firm ClearSky. Low code development is accelerating business success & is driving digital disruption now more than ever The benefits that low code development is delivering around efficiency and speed to market is undeniable. The company is said to have identified an Islamic hacktivist group active on social media. Named the Jerusalem Electronic Army (J.E.Army), the group has a presence on all major social networks, such as Facebook, Instagram, WhatsApp, Twitter, and Telegram, where it often posts screenshots from targets they claim to have hacked. On some of these sites, the group has claimed to have gained access to various Israeli universities and government systems. ClearSky linked the group to the Gaza Cybergang, a known Arab-speaking hacking group believed to be operating out of Palestine. At the time of writing, there have been no reports of a confirmed intrusion at any Israeli water treatment and supply company. The alerts also urged companies to update equipment firmware to the latest versions.


CHINESE ‘FRONTLINE’ COVID-19 RESEARCH FIRM HACKED: DATA NOW FOR SALE ON THE DARK WEB*.

It’s a controversial subject—the use of CT scans to diagnose coronavirus—but it’s an emerging field. And while the likes of the U.S. Centers for Disease Control and Prevention and the American College of Radiology have cautioned against it, one Chinese medical company has harnessed Intel’s technology and Huawei’s marketing channels to push its solutions into frontline hospitals. The Huizhou-based company in question, Huiying Medical, has said that the deployment of such technology might widen the availability of COVID-19 testing, especially in areas without access to the latest techniques and technology. It is reported to be field-testing the tech across 20 hospitals in China, after honing its AI algorithms from the study of several thousand confirmed cases. The company says its AI scanning can now correctly diagnose COVID-19 with 96% accuracy. “As the world is combating the coronavirus pandemic,” Intel said last month, “it is critical for AI technology companies to join forces with the healthcare industry to defeat this disease as quickly as possible. “The Intel AI Builders Program salutes and supports our partner Huiying Medical’s efforts in confronting the challenge with innovation and collaboration.” Unsurprising, then, that Huiying Medical has reportedly found itself targeted by hackers. As with everything related to the virus, whether it’s the distribution of stimulus funds or providing the latest information on infections, cyber criminals have pivoted their activity to focus on the global pandemic. Cyber researchers at Cyble now report that a threat actor they describe as “credible,” has gained access to the medical company’s “COVID-19 detection technology source code and COVID-19 experimental data.” Huiying Medical has not yet responded to a request for comment. According to Cyble, the threat actor “THE0TIME” is selling the data for 4 Bitcoins, around US$30,000. That data is said to include user information, technology source code, and reports on experiments. Cyble said that its research team “reviewed the exclusive and non-public samples and verified the claim that way.” The team revealed company confidential images from the breached data, which they are not making public. The technology is highly-prized, selling for as much as $50,000 per hospital per month to expedite diagnoses. The medical company says in its marketing that “China has nearly two months of data and experience accumulation in the prevention and treatment of COVID-19. We are hoping that we could offer some effort in the prevention, control of the epidemic by using an AI application.” As such, if this breach is confirmed it will provide that technology to other players in the field and will also allow scientists outside China to review a wealth of source data from closer to the root of the pandemic. Cyble is a credible source for data breaches that find their way into dark web sales. Their report into the sale of 267 million Facebook user profiles for just US$540, was confirmed by Facebook. They have also just reported on a data firm’s loss of one million employee profiles for some of the world’s largest firms—again, now available for purchase on the Dark Web.


NINE MILLION LOGS OF BRITISH DRIVERS ROAD JOURNEYS SPILL ONTO THE INTERNET FROM PASSWORD-LESS NUMBER PLATE CAMERA DASHBOARDS*.

In a blunder described as "astonishing and worrying," Sheffield City Council's automatic number-plate recognition (ANPR) system exposed to the internet 8.6 million records of road journeys made by thousands of people. The ANPR camera system's internal management dashboard could be accessed by simply entering its IP address into a web browser. No login details or authentication of any sort was needed to view and search the live system – which logs where and when vehicles, identified by their number plates, travel through Sheffield's road network. Britain's Surveillance Camera Commissioner Tony Porter described the security lapse as "both astonishing and worrying," and demanded a full probe into the leak. He said "As chair of the National ANPR Independent Advisory Group, I will be requesting a report into this incident. I will focus on the comprehensive national standards that exist and look towards any emerging compliance issues or failure thereof." Eugene Walker, Sheffield City Council's executive director of resources, together with Assistant Chief Constable David Hartley of South Yorkshire Police said “ We take joint responsibility for working to address this data breach. It is not an acceptable thing to have occurred. However, it is important to be very clear that, to the best of our knowledge, nobody came to any harm or suffered any detrimental effects as a result of this breach.” Sources revealed that the unprotected dashboard from infosec expert and author Chris Kubecka, working with freelance writer Gerard Janssen, stumbled across it using search engine Censys.io. She said: "Was the public ever told the system would be in place and that the risks were reasonable? Was there an opportunity for public discourse – or, like in Hitchhiker's Guide to the Galaxy, were the plans in a planning office at an impossible or undisclosed location?" The unsecured management dashboard could have been used by anyone who found it to reconstruct a particular vehicle's journey, or series of journeys, from its number plate, right down to the minute with ease. A malicious person could have renamed the cameras or altered key metadata shown to operators, such as a camera's location, direction, and unique identifying number. Privacy International's Edin Omanovic lamented over the privacy-busting potential of the system, saying: "Time and again we've seen the introduction of surveillance tech for very specific purposes, only to creep into other areas of enforcement." Omanovic continued: ANPR use must be proportionate to the problem it's trying to address – it's not supposed to be a tool of mass surveillance. Both the council and police have a responsibility to ensure their use is proportionate and subject to a data protection impact assessment. They must both now explain how exactly they are using this system, how their use is consistent with data protection rules, how it came to be that this data was exposed, and what changes they've made to ensure it never happens again. The dashboard was taken offline within a few hours after officials were alerted. Sheffield City Council and South Yorkshire Police added: "As soon as this was brought to our attention we took action to deal with the immediate risk and ensure the information was no longer viewable externally. Both Sheffield City Council and South Yorkshire Police have also notified the Information Commissioner's Office. “We will continue to investigate how this happened and do everything we can to ensure it will not happen again" . A total of 8,616,198 records of vehicle movements, by time, location, and number plate, could be searched through the dashboard last week. This number constantly grew as more and more number plates were captured by the 100 live cameras feeding the system, and locations of vehicles were logged along with timestamps. A screenshot showing a number plate's journey through the Sheffield ANPR network. On the left, the location of the camera that spotted the plate and timestamps, and on the right, the number plate. One camera alone recorded at least 13,000 number plates on one day in April – having previously captured 21,000 on one day in February before the UK entered its coronavirus lockdown. The exposed dashboard was in active use, with entries in the logs being processed and marked as "cleared".


WEB SHELL WARNING ISSUED BY AUSTRALIA AND AMERICA*.

The US National Security Agency (NSA) and its Australian counterpart the Australian Signals Directorate (ASD) have published a set of guidelines to help companies avoid a common kind of attack: web shell exploits. A web shell is a malicious program, often written in a scripting language like PHP or Java Server Pages, that gives an attacker remote access to a system and lets them execute functions on a victim’s web server. Attackers hack web-facing applications so that they can install and execute these files on the server, enabling them to steal data, launch attacks on visitors to the site, or use the web server as an ingress point to burrow further into the victim’s infrastructure. Attackers often disguise web shells as innocuous-looking files that could pass for a component of the web application, enabling them to ‘live off the land’ by executing malicious commands unobtrusively and lurk undetected for a long time unless an admin is paying attention. The NSA warned: Web shell malware has been a threat for years and continues to evade detection from most security tools. Malicious cyber actors are increasingly leveraging this type of malware to get consistent access to compromised networks while using communications that blend in well with legitimate traffic. This means attackers might send system commands over HTTPS or route commands to other systems, including to your internal networks, which may appear as normal network traffic. The guidelines list several CVEs that are common attack vectors for the installation of web shells, targeting products from Microsoft (SharePoint and Exchange), Atlassian, Progress, Zoho, and Adobe (ColdFusion). The document addresses several layers of defence. The first involves detecting malicious web shells. It suggests several techniques, one of which is to compare current web application files with those that are known to be legitimate. To do this, you’d take a copy of the freshly installed web app, with the necessary updates applied, and then periodically use file comparison tools (WinDiff for Windows or LinuxDiff for Linux systems) to compare it against current versions. The NSA also provides a PowerShell script for this. It also advises people to watch for uncommon activity such as running network enumeration commands that have no place in most legitimate web apps. Other things to watch for include large responses to a web app which could indicate data exfiltration, access times outside peak hours, or access times from unusual regions. These signals will often generate false positives, though, it warns. The second layer of defence focuses on preventing malicious web shells and the damage they can do to your systems. The document suggests protecting the web servers themselves from unauthorised access by blocking or restricting access to appropriate ports and services. Other guidance focuses on preventing attackers using an installed shell to to wreak havoc in your network. These include using least-privilege principles when assigning permissions to web apps and/or monitoring the integrity of web-accessible directories and files, either blocking or alerting admins to changes. Another recommendation involves segregating networks so that internet-facing web servers can’t access sensitive parts of your network. This might be tricky if your web app needs access to customer records from production systems, but could at least prevent attackers from penetrating deeper into your network. Finally, the paper looks at response and recovery after an attack. After detecting a web shell, use packet capture (PCAP) to find out what it was doing inside your network, it says. The paper, along with a related NSA GitHub repository, also includes tools and intrusion prevention system (ISP) rules to help implement some of these anti-web shell techniques. The Open Web Application Security Project (OWASP) also publishes a set of core intrusion prevention system (ISP) rules that people should apply, the paper adds. ______________________________________________________________________________


THREAT FOCUS: Beaumont Health - UNITED STATES*

https://www.cyberscoop.com/beaumont-health-data-breach/

Exploit: Phishing scam  

Beaumont Health: Healthcare provider  

Risk to Small Business: 1.537 = Severe A phishing scam gave hackers access to IT infrastructure containing patients’ protected health information. The breach was identified on March 29, 2020, but data was exfiltrated between May 23, 2019, and June 2, 2019, leaving patient data exposed for nearly a year. This incident has come to light as healthcare providers face cybersecurity threats while battling the COVID-19 crisis, and Beaumont Health will undoubtedly face both regulatory troubles and financial woes on a long road to recovery.

Individual Risk: 1.509 = Severe Hackers accessed patients’ personally identifiable information and protected health information, including names, birth dates, Social Security numbers, and medical conditions. In some cases, hackers also accessed bank accounts and driver’s license information. Those impacted by the breach should immediately contact their financial service providers to notify them of the incident. In addition, they will need to closely monitor their accounts for suspicious or unusual activity. They should be especially critical of incoming messages, as hackers often use information from one breach to craft authentic-looking spear phishing campaigns that can compromise additional data.  

Customers Impacted: 112,000

Effect On Customers’ Business: Phishing scams are a significant risk to every company’s data. Especially during the COVID-19 pandemic, healthcare companies have seen a precipitous increase in these attacks, as hackers look to capitalize on the urgency and unease of the situation to trick employees into compromising critical data.  

Risk Levels: 1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: BullPhish ID simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime – now with COVID-19 scam awareness kits. Call 07 30109711 (office Hours) to find out how you can get started.

THREAT FOCUS: Small Business Administration  - UNITED STATES *

https://www.zdnet.com/article/sba-reveals-potential-data-breach-impacting-8000-emergency-business-loan-applicants/


Exploit: Unauthorized database access

Small Business Administration: Government agency overseeing small business affairs

Risk to Small Business: 2.177 = Severe A cybersecurity vulnerability in the portal processing small business owners applying for an emergency loan under the Economic Injury Disaster Loan Program experienced a data breach. The breach, which was detected on March 25th, impacts a vital program for small businesses, and it could harm small business owners who are already grappling with an especially challenging time. Additionally, this oversight has caught the attention of news media, legislatures, and small business owners, weakening its credibility at a critical time. 

Individual Risk: 2.230 = Severe - The breach exposed applicants’ names, addresses, email addresses, dates of birth, citizen status, and insurance information. This data can quickly circulate on the Dark Web, and bad actors will frequently reuse the information in phishing scams and other fraud attempts. The Small Business Administration is offering victims a year of free identity monitoring services, and victims should enroll in this program to receive a notification if their information is misused.     

Customers Impacted: 8,000

Effect On your Customers’ Business: Now, more than ever, the consequences of a data breach are traumatic for victims. Organizations collecting and storing personal data can support their users during the COVID-19 pandemic by taking extra care to ensure that personal data remains private. It’s a priority that always matters, but that is especially amplified during the pandemic.

Risk Levels: 1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: With ‘Passly’, you can protect your employees’ digital identities, data, and business continuity. We offer integrated multi-factor authentication, single sign-on, and password management solutions to protect your credentials and your data. Find out more - call Avantia on 07 30109711 today


THREAT FOCUS: MNP Accounting - CANADA *

https://www.bleepingcomputer.com/news/security/leading-accounting-firm-mnp-hit-with-cyberattack/


Exploit: Ransomware

MNP: Accounting firm 

Risk to Small Business: 1.619 = Severe MNP identified a ransomware attack that forced the company to shut down all systems, preventing employees from working for nearly a week. The company is deducting banked overtime for the affected employees, which could come with severe backlash. Similarly, many are being asked to bring their computers back to the company for a cybersecurity analysis, likely placing them in harm’s way as social distancing guidelines are intended to keep people apart to stop the spread of COVID-19. 

Individual Risk: At this time, no personal information was compromised in the breach.  

Customers Impacted: Unknown

Effect On Your Customer’s Business: In many cases, ransomware attacks double as data breaches when cybercriminals steal company data before encrypting critical technology. In this case, the consequences of a ransomware attack are amplified, increasing both the cost and practical implications of these increasingly common attacks. 

Risk Levels:

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: BullPhish ID simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime – now with COVID-19 scam awareness kits. Call 07 30109711 (office Hours) to find out how you can get started.


THREAT FOCUS: Webkinz  Gaming - CANADA*

https://ciso.economictimes.indiatimes.com/news/personal-data-of-23-million-players-of-webkinz-childrens-game-hacked/75239025


Exploit: Unauthorized database access 

Webkinz: Online children’s game  

Risk to Small Business: 2.727 = Moderate Hackers compromised a database containing customer information and subsequently posted the information on the Dark Web. The breach includes more than 22 million usernames and passwords. Although the company has patched the vulnerability, this information could give bad actors access to the personally identifiable information of minors. In addition to being a veritable PR disaster for a company marketing its products to children, the breach has safety implications as well.   

Individual Risk: 2.603 = Moderate Those impacted by the breach should immediately update their Webkinz account passwords and their login credentials for any other accounts using the same information. Since this data has already been posted on the Dark Web, users should act quickly to update their credentials, and they need to monitor their accounts for suspicious or unusual activity.   

Customers Impacted: 23,000,000

Effect On Customers: In recent years, the consumer privacy pendulum has swung towards conservative vigilance, and they are increasingly unwilling to do business with companies that can’t protect their data. This is especially true when it comes to companies marketing products to minors. Parents have to feel confident in a company’s data security practices if they are going to support their children’s involvement with your platform.

Risk Levels:

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Corporate Services & ID Agent to the Rescue: Dark Web ID monitors the Dark Web to find out if your employee or customer data has been compromised. We work with our clients to strengthen their security suite by offering industry-leading detection. Discover more and get a no obligation reports on compromises in your business by calling Avantia on 07 30109711


THREAT FOCUS:  Aptoide Apps - PORTUGAL* 

https://www.androidauthority.com/aptoide-data-breach-1108919/


Exploit: Unauthorized database access

Aptoide: Alternative Android App Store  

Risk to Small Business: 1.637 = Severe Hackers posted a trove of user data on a Dark Web hacking forum, forcing Antoide to temporarily disable new account registrations, logins, reviews, and comments. It’s unclear if those responsible are seeking a ransom payment, but the cache of 20 million accounts is part of a larger, 34 million account collection that hackers have yet to release. This breach is particularly problematic for the alternative app store because the service has lauded itself as a more secure and credible alternative to the more popular Google Play.

Individual Risk: 2.217 = Severe According to Aptoide, the breach affects users who registered for an account between July 21, 2016, and January 28, 2018. The compromised information includes names, email addresses, hashed passwords, registration dates, IP addresses, device details, and dates of birth. Those impacted by the breach should immediately update their account passwords and enroll in credit and identity monitoring services to ensure that this information isn’t being misused.  

Customers Impacted: 20,000,000

Effect On Customers: This incident is a damaging blow to Aptoide’s reputation. Notably, the breach resulted from a third-party data center, serving as a reminder to all companies that, even when they do everything right to protect customer information, third-party data breaches can still compromise this highly-valued data. Therefore, companies committed to data security need to put the right measures in place to ensure that accounts remain secure, even when third-parties are compromised.  

Risk Levels: 1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: With ‘Passly’, you can protect your employees’ digital identities, data, and business continuity. We offer integrated multi-factor authentication, single sign-on, and password management solutions to protect your credentials and your data. Find out more - call Avantia on 07 30109711 today


THREAT FOCUS: COVID-19 App Alert - NETHERLANDS* 

https://www.zdnet.com/article/proposed-government-coronavirus-app-falls-at-the-first-hurdle-due-to-data-breach/


Exploit: Accidental data exposure

COVID-19 App Alert: Mobile application

Risk to Small Business: 1.315 = Extreme Developers for the mobile app, COVID19 Alert, which was pitched to the government as a way to track COVID-19 cases, compromised user data in its source code. Before the breach, the app was on the shortlist for government adoption, which could have provided a lucrative contract for developers. Instead, the company has experienced public backlash, and it seems unlikely that they will progress further in the selection process.      Individual Risk: 2.380 = Severe The source code, which was released for public scrutiny ahead of the selection process, contained the names, email addresses, and hashed passwords from another project by the developers. This information can quickly make its way to the Dark Web where bad actors can redeploy it in a variety of cybercrimes. Those impacted by the breach should update their account credentials and carefully monitor their accounts and communications for suspicious or unusual activity.  

Customers Impacted: 200

Effect On Customers: Developers cited their rapid development schedule and their desire to quickly make the service available as the reason for the oversight. However, companies looking to bring a new digital product to market must ensure that user data is secure. Otherwise, the project is likely to stall out before it ever even gets started. 

Risk Levels:

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & Huntsman Digital Auditor to the Rescue: Helping SME’s to understand the importance of security is no easy task. With an ‘Essential8’ Digital Security Audit we offer a remote access, independent, ‘real time’ audit of our clients critical operational infrastructure systems to determine where the gaps are with recommendations for remediation.

Its the first step to real cyber security. Call Avantia’s office on 07 30109711 or visit: https://www.avantiacybersecurity.com/cyber-security-audit

THREAT FOCUS: Robert Dyas Hardware - UNITED KINGDOM*

https://www.zdnet.com/article/stuck-at-home-uk-lockdown-diy-fans-slammed-by-robert-dyas-data-breach/


Exploit: Malware attack

Robert Dyas: Hardware store  

Risk to Small Business: 1.554 = Severe Payment card skimming malware was injected into the company’s online store and remained active for 23 days. The company, which provides DIY and home improvement products, hosts an online store as a critical component of its business while COVID-19 social distancing guidelines are in place. Before the breach was reported, the company was enjoying a significant boost in online sales, and this incident could encourage shoppers to take their business elsewhere. In addition to consumer backlash, the company will face regulatory scrutiny that could result in financial penalties.

Individual Risk: 1.416 = Extreme This breach applies to shoppers who used the online store between March 7, 2020, and March 30, 2020. The payment card skimming malware captured customers’ personal and financial data, including their names, addresses, payment card numbers, expiration dates, and CVV numbers. Those impacted should immediately notify their financial services providers. In addition, they should enroll in credit and identity monitoring services to ensure that this highly sensitive information isn’t misused in other ways.

Customers Impacted: 20,000

Effect On Customers: As COVID-19 keeps many people out of stores, providing a compelling online retail experience is a critical component of any businesses’ ability to remain competitive during this time. However, companies that can’t provide a secure buying experience are unlikely to keep up with the competition, making cybersecurity a bottom-line issue for companies both now and well into the future. 

Risk Levels:

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & Huntsman Digital Auditor to the Rescue: Helping SME’s to understand the importance of security is no easy task. With an ‘Essential8’ Digital Security Audit we offer a remote access, independent, ‘real time’ audit of our clients critical operational infrastructure systems to determine where the gaps are with recommendations for remediation.

Its the first step to real cyber security. Call Avantia’s office on 07 30109711 or visit: https://www.avantiacybersecurity.com/cyber-security-audit

THREAT FOCUS: Cognizant  IT - AUSTRALIA*    

https://www.crn.com/news/security/cognizant-and-its-customers-hit-by-maze-ransomware


Exploit: Ransomware 

Cognizant: IT Service provider  

Risk to Small Business: 1.557 = Severe Maze ransomware, a prominent form of the damaging malware, has encrypted Cognizant’s internal systems and caused disruptions for the company’s clients. Maze ransomware can be especially damaging because it exfiltrates company data before encrypting networks, doubling the damage of an attack by requiring companies to both restore network services while grappling with the impact of a data breach. The company, which has offices around the world, including in Australia, will now have to navigate productivity declines, data security concerns, and recovery costs as it grapples with a COVID-19-related downturn.

Individual Risk: At this time, no personal information was compromised in the breach. However, Maze ransomware is known for its ability to exfiltrate company data. As a result, anyone affiliated with the company should diligently monitor their accounts and communications for signs of fraud.

Customers Impacted: Unknown

Effect On Customers: Especially in the challenging business environment posed by COVID-19, ransomware is an expensive malady that every company needs to actively defend against. Although these attacks can feel random and inevitable, there are active steps that companies can take to bolster their defensive stance against the costly scourge of ransomware attacks.

Risk Levels:

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & Huntsman Digital Auditor to the Rescue: Helping SME’s to understand the importance of security is no easy task. With an ‘Essential8’ Digital Security Audit we offer a remote access, independent, ‘real time’ audit of our clients critical operational infrastructure systems to determine where the gaps are with recommendations for remediation.

Its the first step to real cyber security. Call Avantia’s office on 07 30109711 or visit: https://www.avantiacybersecurity.com/cyber-security-audit

______________________________________________________________________________


POSTSCRIPT:


Hackers Use Stolen Credentials to Attack Hospitals with Ransomware*  

Since the onset of the COVID-19 pandemic, hospitals, and healthcare facilities have dealt with a deluge of cyberattacks, and ransomware has been especially pernicious. According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), hackers infiltrated many of these organizations using stolen credentials obtained from a known vulnerability in their Pulse Secure VPN servers. This threat was first identified in October 2019, with the CISA and the US Federal Bureau of Investigation both issuing subsequent alerts in January and April of 2020. Unfortunately, even after repairing the vulnerability, the agencies have seen examples of cybercriminals using compromised credentials to access company networks. The incident is a reminder of the importance of acting swiftly to address cybersecurity vulnerabilities but also of maintaining insights into the Dark Web, where stolen login information can quickly circulate and create chaos for your IT infrastructure.  COVID-19 is creating a more perilous digital environment for companies, making now the right time to double-down on cybersecurity initiatives that can prevent a breach.  

https://www.bleepingcomputer.com/news/security/us-govt-hacker-used-stolen-ad-credentials-to-ransom-hospitals/?&web_view=true


50,000 Companies Send Employees Home with Infected Devices*

In a rush to enable employees to work remotely, many companies unknowingly sent staffers home with compromised devices. A recent study found that as many as 50,000 companies issued already-compromised devices that were protected at the office by company firewalls and other in-house defensive measures but not outside of it. These compromised devices are now operating on lightly-secured home or public Wi-Fi networks in an unmoderated environment, and that brings a deluge of cybersecurity risks. That’s why every company needs to implement a state-of-the-art security solution to control access to its systems and data right now. With millions of passwords and easy password cracking software available widely on the Dark Web, it’s time to realize that a password alone just isn’t strong enough to protect anything anymore. 

Passly is the answer. The world’s first Secure IAM platform, Passly is the cutting-edge secure identity and access management solution that’s designed for today’s mobile business climate, ensuring that staffers can log in safely and keep business flowing smoothly anytime, anywhere. Passly is packed with features that keep data secure including: 

>Rapid implementation to secure your access points now 

>Easy customisation for every user’s access needs for applications, systems, and data  

>A scalable, cost-effective solution that evolves with threats 

>Crucial multifactor authentication with a variety of security code delivery options 

>Simple single sign-on access for over 1000+ business applications and 3rd party tools 

>Secure Password Vaults for centralized password storage and management

>Credential alerts and smooth integration with Dark Web ID

Now more than ever, robust cybersecurity defenses are mission-critical. Don’t wait until after a data breach to implement security that can keep up with today’s threats. Get Passly now to make sure that only the right people are accessing the systems and data that keep businesses moving – and no one else.  We’re here to help as your company adjusts its cybersecurity strategy to meet the new challenges of our changed world and shifting threat landscape. If we can support your efforts during this tumultuous time, please contact us today - Avantia Cyber Security +61 7 30109711.



Disclaimer*:

Avantia Corporate Services Pty Ltd T/A Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, and up to 56 other countries who provide cyber breach and cyber security information to us in real time. Given their international focus and experience in the cyberspace arena we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the contents accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.

*COPYRIGHT 2020* Avantia Corporate Services - All Rights Reserved.

(43,140,200)

Want The Information  Cyber Criminal's  Don't Want You To Know?

Subscribe below to receive our weekly Threat Updates straight to your inbox.

Call (07) 3010 9711 

info@avantiacorp.com.au

 

Avantia Corporate Services Pty Ltd,                    Level 7, 320 Adelaide Street

Brisbane, Queensland 4000

AUSTRALIA.

  • LinkedIn Social Icon
  • Facebook Social Icon

DISCLAIMER*: Avantia Corporate Services Pty Ltd and Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, and up to 56 other countries who provide cyber breach and cybersecurity information to us in real-time. Given their international focus and experience in the cyberspace arena, we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the content's accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.

*COPYRIGHT 2020* Avantia Corporate Services  PTY LTD - All Rights Reserved.