Search
  • Avantia Threat Update

MICROSOFT ALERT ABOUT NEW RANSOMWARE MOBILE VIRUS



This Past Week: A new strain of Mobile Ransomware locks itself behind a ransomeware note; New Office 365 Phishing attack checks stolen credentials in Real Time; Cyber Warriors sound warning on working from home; Takedown of 92 Iranian owned domains include 4 used for disinformation in the USA; Phishing Kits as far as the eye can see; Medical providers aren't just battling COVID-19, they're also battling cybercrime; Studies show how frequently customers break up with businesses that have a data breach, and major breaches in UNITED STATES; CANADA; UNITED KINGDOM; AUSTRALIA; EUROPEAN UNION; NEW ZEALAND; IRELAND and GERMANY.


Dark Web ID Trends: 

Top Source Hits: ID Theft Forums

Top Compromise Type: Domain

Top Industry: Finance & Insurance

Top Employee Count: 501+

______________________________________________________________________________


MICROSOFT HAS WARNED ABOUT A NEW STRAIN OF MOBILE RANSOMWARE THAT TAKES ADVANTAGE OF INCOMING CALL NOTIFICATIONS AND ANDROID’S HOME BUTTON TO LOCK THE DEVICE BEHIND A RANSOM NOTE

The findings concern a variant of a known Android ransomware family dubbed "MalLocker.B" which has now resurfaced with new techniques, including a novel means to deliver the ransom demand on infected devices as well as an obfuscation mechanism to evade security solutions. The development comes amid a huge surge in ransomware attacks against critical infrastructure across sectors, with a 50% increase in the daily average of ransomware attacks in the last three months compared to the first half of the year, and cybercriminals increasingly incorporating double extortion in their playbook. MalLocker has been known for being hosted on malicious websites and circulated on online forums using various social engineering lures by masquerading as popular apps, cracked games, or video players. Previous instances of Android ransomware have exploited Android accessibility features or permission called "SYSTEM_ALERT_WINDOW" to display a persistent window atop all other screens to display the ransom note, which typically masquerade as fake police notices or alerts about purportedly finding explicit images on the device. But just as anti-malware software began detecting this behavior, the new Android ransomware variant has evolved its strategy to overcome this barrier. What's changed with MalLocker.B is the method by which it achieves the same goal via an entirely new tactic. To do so, it leverages the "call" notification that's used to alert the user about incoming calls in order to display a window that covers the entire area of the screen, and subsequently combines it with a Home or Recents keypress to trigger the ransom note to the foreground and prevent the victim from switching to any other screen. "This creates a chain of events that triggers the automatic pop-up of the ransomware screen without doing infinite redraw or posing as a system window," Microsoft said. Aside from incrementally building on an array of aforementioned techniques to show the ransomware screen, the company also noted the presence of a yet-to-be-integrated machine learning model that could be used to fit the ransom note image within the screen without distortion, hinting at the next stage evolution of the malware. Furthermore, in an attempt to mask its true purpose, the ransomware code is heavily obfuscated and made unreadable through name mangling and deliberate use of meaningless variable names and junk code to thwart analysis, the company said. "This new mobile ransomware variant is an important discovery because the malware exhibits behaviors that have not been seen before and could open doors for other malware to follow," Microsoft 365 Defender Research Team said. "It reinforces the need for comprehensive defense powered by broad visibility into attack surfaces as well as domain experts who track the threat landscape and uncover notable threats that might be hiding amidst massive threat data and signals."


NEW OFFICE 365 PHISHING ATTACK CHECKS STOLEN CREDENTIALS IN REAL TIME

Nothing says the bad guys are intent on stealing credentials like testing them while you participate in their phishing attack so they can verify the validity before letting you off the hook. There are tons of stories where a fake log on to Office 365 is the punchline. But seldom do we see an attacker go the length to develop code that passes the compromised credentials over to Office 365 to check them out mid-attack. According to the Threat Research Team at Armorblox, this new attack uses lots of well-known brands to aid in tricking users into giving up their Office 365 credentials. Using Amazon’s Simple Email Service to improve deliverability, the attack uses a payment remittance theme to get potential victims to click. A spoofed (imitation from a hidden source) Office 365 logon page is offered up, but it’s one that passes any provided credentials to Azure Active Directory (AAD) behind the scenes, checks them and then either puts them back to the logon page (in the case of a failed logon) or over to a generic Zoom website page if validated. The value of an Office 365 credential is pretty high for attackers; it can be used to commit brand and individual impersonation by taking over the compromised account, CEO fraud, business email compromise, infecting or scamming partner or customer organizations, and more.


CYBER WARRIORS SOUND WARNING ON WORKING FROM HOME.

Cyber warriors on NATO's eastern edge are warning that the growing number of people working from home globally due to the pandemic is increasing vulnerability to cyber attacks. The Baltic state of Estonia hosts two cyber facilities for the Western military alliance -- set up following a series of cyber attacks from neighbor Russia more than a decade ago. "Large scale use of remote work has attracted spies, thieves and thugs," Jaak Tarien, head of NATO's Cooperative Cyber Defense Centre of Excellence (CCDCOE), told AFP in an interview. The increased amount of information traveling between institutional servers and home networks is creating new challenges for employers. "Tackling these new challenges is complicated and requires a lot of resources as well as a different kind of approach," Tarien said. "We are likely only scratching the surface in assessing the magnitude of malicious activities taking place in the Covid-era busy cyberspace." An EU-wide survey in September found that around a third of employees were working from home. The concerns are echoed at NATO's Cyber Range -- a heavily-guarded facility protected by barbed wire in the centre of the capital Tallinn run by Estonian defense forces. The server rooms inside serve as a platform for NATO cyber security exercises and training. "Specialists have set up the work infrastructure, but they cannot control the way people use their home internet or how secure it is," said Mihkel Tikk, head of the Estonian defense ministry's cyber policy department. Tikk said the latest cyberattacks have targeted Estonia's health sector and Mobile-ID -- the mobile phone based digital ID. The coronavirus pandemic has also affected operations at the cyber facilities themselves, forcing the cancellation of offline exercises. But the NATO Cyber Defense Centre said the silver lining is the growing popularity of the cyber security courses it is putting online. The online courses include "Fighting a Botnet Attack", "Operational Cyber Threat Intelligence" and "IT Systems Attack and Defense". There were 6,411 students by September 1 and the centre is aiming for 10,000 by the end of 2020. The Cyber Defense Centre was set up following a series of cyberattacks of unprecedented sophistication on Estonian websites in 2007. The Russian pro-Kremlin youth organisation Nashi later claimed responsibility. These days, Estonia faces a "continuous flow of attacks" and repelling them requires constant work, Defense Minister Juri Luik told AFP. But he said the country was in "a pretty good situation" since it has had time to learn from past experience. "We have worked diligently to guarantee that the computer networks are difficult to break in and the communication is encrypted –- both military but also civilian communication. "So I think it is relatively more difficult to harm Estonia than many other countries who perhaps are not so used to working via cyberspace and haven't given too much attention to cyber defense," he said. The minister underlined that all this work would be for nothing without basic cyber hygiene, including password protection. "This is extremely important and should be remembered -- especially now that many people work from home via computer. "At home you might let your guard down and that's of course a massive mistake."


TAKEDOWN OF 92 IRAN-OWNED DOMAINS INCLUDES 4 USED FOR DISINFORMATION IN THE USA, SAYS FED.

The U.S. government says it seized 92 internet domains used “to spread pro-Iranian disinformation around the globe,” including four that directly targeted U.S. audiences. Iran’s Islamic Revolutionary Guard Corps operated the domains in violation of U.S. sanctions, according to a Justice Department announcement Wednesday. The department said the operation was based on intelligence provided by Google, and was a collaborative effort between the FBI and Google, Facebook and Twitter. The other 88 domains “targeted audiences in Western Europe, the Middle East, and South East Asia and masqueraded as genuine news outlets,” the department said. The feds claimed jurisdiction over all 92 domains because the government of Iran and the IRGC ran them through “website and domain services in the United States without a license from OFAC,” the Treasury’s Office of Foreign Assets Control. The announcement is the latest in a steady stream of news about attempts by U.S. agencies or Silicon Valley giants to monitor foreign information operations as Election Day looms large on the calendar. Russia and Iran have sat atop the list of nation-states drawing the blame. Reports about global Iranian information operations stretch back to at least 2018. Information seems to be flowing more freely than ever between federal law enforcement and the big U.S. social media companies. Last week Twitter said it acted on an FBI tip to take down about 130 fake accounts that appeared to originate in Iran and were trying to disrupt the U.S. conversation about the first debate between President Trump and Democratic challenger Joe Biden. The seized domains were not specifically oriented around U.S. elections, but Justice official John Demers framed them as part of foreign efforts to sow discord in the U.S. “Fake news organizations have become a new outlet for disinformation spread by authoritarian countries as they continue to try to undermine our democracy,” said Demers, the assistant attorney general for national security. “Today’s actions show that we can use a variety of laws to vindicate the value of transparency.” The Justice Department said the four domains targeted at U.S. audiences — newsstand7.com, usjournal.net, usjournal.us and twtoday.net — were seized specifically under the Foreign Agents Registration Act (FARA), a transparency law that governs the political activities of representatives of foreign entities in the U.S. “Here, the four domains purported to be independent news outlets, but were actually operated by or on behalf of the IRGC to target the United States with pro-Iranian propaganda in an attempt to influence the American people to change United States foreign and domestic policy toward Iran and the Middle East,” the department said. Domestic disinformation and conspiracy theories continue to be a problem for U.S. social media companies. On Wednesday, Facebook said it was banning all accounts related to the conspiracy theory QAnon.


PHISHING KITS AS FAR AS THE EYE CAN SEE.

If you’ve never delved too deep into the topic of phishing kits, you might – quite reasonably – expect that they would be the sort of tools, which are traded almost exclusively on dark web marketplaces. This is however not the case – many phishing kits (or “scam pages” or “scamas” as they are called by their creators) are quite often offered fairly openly on the indexed part of the web as well, as are the corresponding “letters” (i.e. the e-mail templates), e-mail validity checkers and other related tools. You may take a look at what is out there yourself – simply search for “scam page” along with the name of your favorite large bank or major online service on Google… Since I haven’t done so in a while, last weekend I decided to take a look at phishing kits that are available on the “surface” web – more specifically, at those, which have been published during this year. I thought it might be interesting to see what their prices were, which brands and services they “covered” the most and whether there would be any significant increase in the number of phishing kits on offer in the second and third quarter of the year (i.e. in relation to the Covid-19 situation). The idea was to gather information on at least 100 different phishing kits, as although it would not be a large sample size by any means, it should be enough to give us at least some idea of how things stood. I started by looking at YouTube and planned to go through Google, GitHub and a few file upload and e-commerce sites afterwards. Since I have, however, managed find 104 kits for sale/free download from this year on YouTube alone, just using the first search term I tried, I decided to stop there. Each of the phishing kits was presented in a standalone video showing its capabilities. Most of the videos had terms “undetected” and “clean” in their titles in an attempt to make the phishing kits look more desirable (and definitely not backdoored). Some of the videos were offering e-mail templates, access to complex phishing platforms, or tutorials in addition to the scam pages themselves, either as part of a bundle with specific phishing kit or at a premium. Similar selection of additional tools and other materials was available on external e-commerce platforms, where some the kits shown off in the videos were sold. Of the 104 kits, 18 were offered free of charge (and at least one of these was backdoored - this wasn't mentioned in the video description so it was probably intended as a surprise bonus feature). For 76 of them, price was available by e-mail/ICQ/Telegram/Facebook only and the 10 remaining ones ranged in price from US$10 to US$100. The 86 “commercial” phishing kits were offered by 21 sellers, with the most prolific one of them being responsible for 22 different scam pages. At all, the phishing kits “simulated” sites of 53 different services or brands, from Adobe to Zoom. It probably won’t come as a much of a surprise that PayPal and Office 365 were the two “covered” the most often, but some of the others (e.g. Free Fire) might be a bit unexpected. It should be mentioned that although most global phishing statistics published for 2020 so far don’t show any significant rise in the numbers of spam and phishing e-mails in the wild in relation to Covid-19, the frequency of publishing new phishing kits on “surface” web (or at least on YouTube) seems to have increased significantly from the second half of March onward. Whether this increase is due to the Covid-19 situation or because YouTube managed to clear most of the phishing kit videos from the first quarter of this year is impossible to say with any certainty, though I tend to lean towards the former explanation being the more probable one. In any case, as this short excursion to YouTube shows, even on the indexed part of the web there are phishing kits galore…and there is little reason to expect that it will be much different in the near future. Therefore, if you work in infosec in any organization, whose customers might be a good target for semi-targeted phishing, try looking for phishing kits spoofing your brand or service on Google from time to time – you might be surprised at what you find

______________________________________________________________________________


THREAT FOCUS: Boom! Mobile - UNITED STATES

https://securityaffairs.co/wordpress/108925/malware/ajg-ransomware-attack.html


Exploit: Skimming (MageCart)

Boom! Mobile: Telecom 

Risk to Business: 1.997 = Severe - Credit card skimming software has landed at Boom! Mobile, courtesy of the cybercriminal skimmers at Fullz House. The card skimmer code settled in, collecting payment card information from input fields every time it detects any changes and immediately exfiltrating the harvested data for a week. The company’s mobile payment system is still undergoing repairs.

Individual Risk: 1.517 = Severe - Customers of Boom! Mobile who made electronic payments through the company’s website should consider their credit card information compromised and be alert to potential identity theft or fraud using that account.

Customers Impacted: Unknown

How it Could Affect Your Business: Malware like this runs on a script that’s been grafted into the payment system, meaning cybercriminals have access to the nuts and bolts of that business.

Breach Risk Levels 1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: Passly guards against intrusion with cracked, stolen, or compromised passwords by adding simple but effective secure identity and access management protection. Call Avantia at 07 30109711 to find out more.


THREAT FOCUS: Friendemic - UNITED STATES

https://www.infosecurity-magazine.com/news/marketing-firm-spills-nearly-three/


Exploit: Unsecured Database 

Friendemic: Marketing Firm

Risk to Business: 2.227 = Severe - Digital marketing firm Friendemic committed a classic blunder that led to a nasty data breach. An unsecured Amazon S3 bucket resulted in the exposure of  2.7 million records including full names, phone numbers, and email addresses, alongside 16 OAuth tokens stored in plaintext. The company noted that the information was not current customer data and the OAuth tokens were not currently in use.

Individual Risk: No individual information was reported as compromised in this incident, although the potential is there. No details about the uncovered data are available.

Customers Impacted: Unknown

How it Could Affect Your Business: Failing to secure a database, even an old one, shows a basic lack of attention to cybersecurity best practices, and that doesn’t build customer confidence.

Breach Risk Levels 1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: BullPhish ID is an easy, cost-effective solution to help companies train staffers to be aware of cybersecurity risks including phishing with “set it and forget it” campaign management and plug-and-play training kits. Call Avantia on 07 30109711 to learn more.


THREAT FOCUS: AAA Ambulance Service, Inc.- UNITED STATES

https://www.hattiesburgamerican.com/story/news/local/hattiesburg/2020/10/05/aaa-ambulance-service-hattiesburg-ms-reports-july-data-breach/3625304001/


Exploit: Ransomware

AAA Ambulance Service, Inc.: Ambulance Service 

Risk to Business: 1.602 = Severe - Hattiesburg, Mississippi based AAA Ambulance Service, Inc. is just one of several medical sector targets impacted by ransomware this week. A ransomware attack was repelled by the company’s security in July, but it was recently discovered that some client data was obtained around August 2020.

Individual Risk: 2.316 = Severe - Personal information about clients of the service was obtained by hackers, including client date of birth, Social Security number, driver’s license number, financial account number, diagnosis information, medical treatment information, patient account number, prescription information, medical record number, and health insurance information. Customers who may have been impacted have been contacted by the company and are also being offered complimentary credit monitoring services through TransUnion.

Customers Impacted: Unknown

How it Could Affect Your Business: Serious personal information deserves serious security – and even a seemingly unsuccessful cyberattack can still result in data loss. Not only will healthcare sector companies have to pay recovery costs, but they’ll also be on the hook for regulatory penalties.

Breach Risk Levels 1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: Ransomware is almost inevitably the nasty result of an employee falling for a phishing attack. BullPhish ID keeps staffers trained on current threats, with 4 new phishing resistance training kits added every month. Call Avantia on 07 30109711 for more info.


THREAT FOCUS: Chowbus Food Delivery - UNITED STATES

https://www.businessinsider.com/chowbus-data-breach-leaked-information-hundreds-thousands-users-2020-10


Exploit: Accidental Insider Threat

Chowbus: Asian Food Delivery Service

Risk to Business: 2.267 = Moderate - A Chowbus staffer committed a blunder this week, resulting in a massive cybersecurity disaster. An email address registered with the company sent a link to files containing details of about 4,300 restaurants as well as information for 400,000 customers. So far, the incident appears to be a simple human error. Individual Risk: 2.660 = Moderate - The 400,000 customer accounts leaked included clients’ names, postal addresses, phone numbers, and email addresses. All of the impacted accounts may not be unique, and no payment data was compromised. The restaurant information included was not specified.

Customers Impacted: 4,300 restaurants and approximately 400,000 customers.

How it Could Affect Your Business: The number one cause of a data breach never really changes – human error is typically at fault, whether it’s giving up a phished password or making an email forwarding mistake.

Breach Risk Levels 1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: The ID Agent digital risk protection platform enables organizations of any size to implement security awareness training quickly and easily, bringing staffers up to date on the latest threats without breaking the bank.  Call Avantia 0n 07 30109711


THREAT FOCUS: United States – Daniel B. Hastings Freight

https://www.freightwaves.com/news/ransomware-hackers-claims-attack-on-texas-customs-broker


Exploit: Ransomware

Daniel B. Hastings: Freight Forwarder

Risk to Business: 2.326 = Moderate - In the latest incident in a spate of recent trucking and freight transport industry cyberattacks, Laredo, Texas-based Daniel B. Hastings was hit with a ransomware attack. the Conti ransomware group posted a selection of the company’s files on Saturday, and sources say that they appear authentic. They include completed U.S. Customs and Border Protection documents for shipments involving multiple countries, companies, and modes of transport.

Individual Risk: No personal data has been reported as impacted in this incident.

Customers Impacted: Unknown

How it Could Affect Your Business: Ransomware is a devastating weapon that bad actors are using to shut down essential services and attacks in the transportation and freight sectors have been increasing, with recent incidents involving several trucking and shipping companies.

Breach Risk Levels 1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: Learn how to protect systems and data from ransomware by calling Avantia on 07 30109711 now.

THREAT FOCUS: Georgia Department of Human Services - UNITED STATES

https://www.cbs46.com/news/cyber-attack-targets-georgia-department-of-human-services/article_57f9749e-0a72-11eb-a724-3b34ced6f18f.html


Exploit: Employee Email Account Compromise 

Georgia Department of Human Services: State Agency 

Risk to Business: 1.414 = Extreme - A massive breach at the Georgia Department of Human Services has left the highly sensitive data of adults and children in Child Protective Services (CPS) cases of the DHS Division of Family & Children Services (DFCS). The employee email account compromise occurred in May 2020. Georgia DHS secured the account quickly, but damage had occurred.

Individual Risk: 1.202 = Extreme - Extremely sensitive information about parens, children, and families that has contact with DFCS was stolen in this attack, including full names of children involved in those cases and household members, relationship to the child receiving services, county of residence, DFCS case numbers, DFCS identification numbers, date of birth, age, number of times contacted by DFCS, an identifier of whether face-to-face contact was medically appropriate, phone numbers, email addresses, Social Security numbers, Medicaid identification numbers, Medicaid medical insurance identification numbers, medical provider names and appointment dates, plus some psychological reports, counseling notes, medical diagnoses, or substance abuse information and bank information.

Customers Impacted: Unknown

How it Could Affect Your Business: Not only does a data breach leave a huge mess of expensive cleanup behind, in many industries like healthcare, a data breach can also mean your organization will be paying big regulatory penalties and fines too.

Breach Risk Levels 1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: Information like the personal and medical data obtained in this breach will be a hot commodity on the Dark Web. Protect your systems and data from Dark Web danger with 24/7/365 credential monitoring through Dark Web ID. Call Avantia to schedule a Demo on 07 30109711.


THREAT FOCUS: Unity Health Toronto - CANADA

https://www.canadiansecuritymag.com/toronto-hospital-network-says-info-of-about-150-patients-allegedly-stolen/


Exploit: Unauthorized Database Access (Malicious Insider) 

Unity Health Toronto: Hospital

Risk to Business: 1.969 = Severe - A malicious insider caused a hubbub at a Canadian hospital. A disgruntled staffer at a third-party service provider stole patient information from Unity Health Toronto, which they then followed up with an attempt to extract payment from the organization for the return of the data. Unity Health Toronto disclosed that at least 150 patient records were impacted in this insider incident.

Individual Risk: 1.994 = Severe -The records exposed contained patient names, medical history, diagnoses and treatments, according to the network. The company noted that no financial or health insurance information was included.

Customers Impacted: 150

How it Could Affect Your Business: Third party risk is a problem that every business faces in our increasingly interconnected world. When sensitive data is involved, the need to secure information that third party vendors have access to that could harm your business is paramount.

Breach Risk Levels 1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: Passly packs essential secure identity and access management tools like multi-factor authentication, single sign-on, secure shared password vaults, and more in one cost-effective package, helping you blunt the impact of a third party data breach. To find out more phone Avantia on 07 30109711  

THREAT FOCUS: Ardonagh Group - UNITED KINGDOM

https://www.theregister.com/2020/10/06/ardonagh_group_ransomware/


Exploit: Ransomware

Ardonagh Group: Insurance Broker 

Risk to Business: 2.319 = Severe - Top UK insurance broker Ardonaugh fell victim to a damaging ransomware attack that caused it to suspend 200 internal accounts, including accounts with admin privileges, as the infection progressed. Recovery operations are currently underway and a company spokeswoman noted that they’re working with third-party forensic and IT experts to manage the situation.

Customers Impacted: Unknown

How it Could Affect Your Business: Phishing-based email threats are a danger for any company, and they’re only increasing as cybercriminals take advantage of a wealth of cheap data and software for conducting these attacks on the Dark Web. Breach Risk Levels 1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: Preventing ransomware attacks starts with improving security awareness training, especially around phishing resistance. Regularly updated training can prevent up to 70% of cybersecurity incidents. See how our automated solutions can help your business by calling 07 30109711 today


THREAT FOCUS: Wisepay Payments - UNITED KINGDOM

https://news.yahoo.com/wisepay-school-payments-hit-cyber-155028223.html


Exploit: Skimming 

Wisepay: Student Payment Account Provider 

Risk to Business: 2.022 = Severe - Parents that use Wisepay to pay for their children’s ancillary school expenses experienced a shock this week when it was uncovered that the system had been breached by cybercriminal credit card skimming. The attacker was able to harvest payment details between October 2 and 5 via a spoof page. Attempted payments to about 300 schools have been affected by the scam.

Individual Risk: 2.312 = Severe - Any credit cards used to add money to student or school accounts during that window have likely been captured. Users should beware of fraudulent charges and identity theft attempts.

Customers Impacted: Unknown

How it Could Affect Your Business: Payment skimmers are a fast and easy way for cybercriminals to make a quick profit, but disastrous for the merchants and services that are hit with skimming attacks, shaking customer confidence and exposing systems access weaknesses.

Breach Risk Levels 1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: Passly prevents unauthorized users from getting into your systems by requiring multi-factor authentication for access, reducing the risk of a stolen or cracked password giving cybercriminals the keys to the kingdom. Find out more about Passly by phoning 07 30109711 

THREAT FOCUS: University Hospital Limerick - IRELAND

https://www.informationsecuritybuzz.com/expert-comments/experts-on-gardai-investigate-major-data-breach-at-limerick-hospital/


Exploit: Information Theft/Malicious Insider

University Hospital Limerick: Medical Center

Risk to Business: 2.636 = Moderate - In a strange event, University Hospital Limerick suffered a data breach caused by a malicious insider that exposed patient information on social media. The culprit, a rogue non-HSE employee, leaked records obtained from the hospital pharmacy containing the details of treatment and personal information for more than 600 patients, including 95 children.

Individual Risk: 2.822 = Moderate - The hospital has sent letters to notify those affected. The data exposed included the impacted patients’ names, dates of birth, and medicines dispensed from the hospital pharmacy between April 18 and April 22, 2020. No payment, insurance, or health record data was included.

Customers Impacted: 630

How it Could Affect Your Business: While most insider threats are accidental incidents caused by carelessness or employee error, more than 20% of cybersecurity incidents are caused by malicious insiders.

Breach Risk Levels 1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: Our digital risk protection platform offers businesses multiple tools for securing their systems and data, even from unexpected dangers like a malicious insider. Call Avantia now on 07 30109711 to find out more.

THREAT FOCUS: Software AG - GERMANY

https://www.zdnet.com/article/german-tech-giant-software-ag-down-after-ransomware-attack/


Exploit: Ransomware

Software AG: Software Company 

Risk to Business: 2.377 = Severe - German tech giant Software AG ran afoul of a ransomware gang that’s demanding more than $20 million for the encryption key to some of their sensitive data. The gang, identified as Clop, posted samples of the data to the Dark Web after negotiations hit an impasse, including sensitive business data like employee passport and ID scans, employee emails, financial documents, and directories from the company’s internal network.

Individual Risk: 2.417 = Severe - The posted data shows that the gang obtained some employee personal data, and may have also obtained financial data. Employees should remain alert for potential identity theft, spear phishing, and fraud attempts

Customers Impacted: Unknown

How it Could Affect Your Business: Phishing is today’s biggest cybersecurity risk, and ransomware is one of the reasons why it’s an IT professional’s nightmare.

Breach Risk Levels 1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue:  Phishing brings ransomware in its wake. Reduce the chance of your business falling prey to a ransomware gang with phishing resistance training powered by BullPhish ID - Call Avantia on 07 30109711 for more info.

THREAT FOCUS: Snewpit News - AUSTRALIA

https://cybernews.com/security/australian-social-news-platform-leaks-80000-user-records/


Exploit: Unsecured Database

Snewpit: News Sharing Platform

Risk to Business: 2.411= Severe - Cybersecurity researchers discovered an unsecured and exposed data bucket that belongs to Snewpit, an Australian news sharing platform. The unsecured bucket contains close to 80,000 user records, including usernames, full names, email addresses, and profile pictures. The bucket has since been secured.

Individual Risk: 2.301 = Severe - The exposed data included 256 video files filmed and uploaded by Snewpit users and developers, 23,586 image files of photos documenting local events that were uploaded by the users, and 4 CSV files, one of which contained 79,725 user records, including full names, email addresses, usernames, user descriptions, last login times, and total time spent in the Snewpit app, among other metrics.

Customers Impacted: 79,725

How it Could Affect Your Business: Leaving user records and other proprietary data available in an unsecured database is a rookie move, and speaks to that company’s relationship with cybersecurity.

Breach Risk Levels 1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: Data like this generally ends up in a Dark Web data dump. Protect your company from password compromise due to Dark Web data dumps and be alerted if any of your protected credentials appear in one with Dark Web ID. Call Avantia on 07 30109711 for more info.

______________________________________________________________________________


POSTSCRIPT


COVID 19 Related Data Breaches Rocked Almost Half of Businesses

In 2020, cybercrime has skyrocketed. 80% of firms have seen an increase in cyberattacks. Phishing attempts have increased by more than 660%. Ransomware attacks jumped by more than 140% in March 2020 alone. And most disturbing of all, almost half of businesses were impacted by a COVID-19 related cyberattack in 2020, with 47% reported experiencing five or more attacks. A perfect storm of factors combined to make that happen. The shattered global economy quickly created a greater hunger for data in Dark Web markets, especially COVID-19 related medical data. Stay-at-home orders brewed up a sudden influx of pandemic-stressed, newly remote workers. Plus, everyone was hunting for reliable information about the crisis. Conditions in 2020 have been ideal for cybercrime, and bad actors have been quick to take advantage of that. It’s not even completely clear yet just how many organizations have been hit – 63% of security leaders in a recent survey admit it’s likely their systems suffered an unknown compromise over the past year. One important lesson to learn from the COVID-19 related cybercrime bonanza is the importance of simple security tools. They may not be full of bells and whistles, but they’re full of value. That’s why secure identity and access management has moved to the head of the class as a cybersecurity superstar in a rapidly-shifting risk landscape. Remote identity and access management is a key priority for many CISOs this year for good reason – it protects businesses from many dangers without killing IT budgets. Let us help you get your clients set up with Passly to improve their cybersecurity posture fast at a price they’ll love.


Customers Are Ready to Break Up With Businesses That Have Breaches

While data breach can be an expensive and complex recovery proposition for your company, there’s one area that you may never fully repair: customer trust. Customers are indicating that they’re more motivated than ever to terminate their relationships with firms that can’t keep their data safe – and that’s bad news for the 49% of companies that will experience a data breach this year. While that number is high (and continues growing) there’s one sure-fire way to reduce your risk of joining the club. That’s good news for your business because a recent cybersecurity poll determined that customers are 84% less likely to do business with a company that’s been breached. The secret? Security awareness training. Engaging in regularly updated security awareness training including phishing resistance training is crucial for reducing your risk of having a cybersecurity incident. Adequate cybersecurity awareness training reduces your chance of a disaster like a data breach by up to 70%.

______________________________________________________________________________


AVANTIA CYBER SECURITY - PARTNER FOCUS

ID Agent provides a comprehensive set of threat intelligence and identity monitoring solutions to private and public sector organizations and to millions of individuals impacted by cyber incidents. The company's flagship product, Dark Web ID, combines human and sophisticated Dark Web intelligence with capabilities to identify, analyse and monitor for compromised or stolen employee and customer data, mitigating exposure to clients’ most valuable assets – their digital identity. 

FOR MORE INFORMATION ON IT GOVERNANCE PLEASE CONTACT AVANTIA CYBER SECURITY ON +61 7 30109711 / info@avantiacorp.com.au

______________________________________________________________________________


Disclaimer*:

Avantia Corporate Services Pty Ltd T/A Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, other members of the 5 Eyes Alliance, the Australian Cyber Security Centers, and other sources in 56 countries who provide cyber breach and cyber security information in real time. Given their international focus and experience in the cyberspace arena we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the contents accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.

*COPYRIGHT 2020* Avantia Corporate Services - All Rights Reserved

(484,805)






Want The Information  Cyber Criminal's  Don't Want You To Know?

Subscribe below to receive our weekly Threat Updates straight to your inbox.

Call (07) 3010 9711 

info@avantiacorp.com.au

 

Avantia Corporate Services Pty Ltd,                    Level 7, 320 Adelaide Street

Brisbane, Queensland 4000

AUSTRALIA.

  • LinkedIn Social Icon
  • Facebook Social Icon

DISCLAIMER*: Avantia Corporate Services Pty Ltd and Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, and up to 56 other countries who provide cyber breach and cybersecurity information to us in real-time. Given their international focus and experience in the cyberspace arena, we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the content's accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.

*COPYRIGHT 2020* Avantia Corporate Services  PTY LTD - All Rights Reserved.