Search
  • Avantia Threat Update

Who' s the 'dope' now.



This week CANNABIS is in the news, and financial institutions took a hit across the globe. Children’s Hospital Of Philadelphia phishing Email bust.


Dark Web Data Breaches this past week*:

Total Compromises: 1,201 Top PIIs compromised: Domains (1,198) Top Company Size: 11-50 Top Industry: Finance & Insurance


Top Targeted Industries this past week*:

· Information Technology Hits: 225 | Targets: Google, Broadcom, Apple, Twitter, Sony.

· Software Hits: 193 | Targets: Google, Newegg, Twitter, Cambridge Analytica, Microsoft

· Retail Hits: 183 | Targets: Nordstrom, Apple, Target Corp, Under Armour

· Consumer Goods: Hits: 178 | Targets: Nordstrom, Sony Corp, Target Corp, Hasbro, Under Armour.

· Transportation Hits: 152 | Targets: Cathay Pacific, British Airways, Uber


Top Threat Actors this past week*:

· Hezbollah Hits: 88 | Targets: Israel, Iran, Lebanon, Syria, United States

· Magecart Hits: 75 | Targets: British Airways, Ticketmaster Entertainment, Newegg, Feedify, Magento

· Inj3ct0r Team Hits: 40 | Targets: WordPress, Joomla, Twitter, Apache HTTP Server, Symantec

· Lazarus Group Hits: 27 | Targets: Sony Corp, South Korea, United States, Central Bank of Bangladesh, Bitcoin

· Foreign Hackers Hits: 13 | Targets: United States, Sony Corp, UK Power Grid, Canada, Arizona


Top Malware Discoveries this past week*:

· Wcry Hits: 36 | Targets: Boeing, Microsoft Windows, United Kingdom, Bitcoin, North Korea

· ETERNALBLUE Hits: 20 | Targets: Microsoft Windows, Microsoft Windows 10, Server Message Block , Microsoft Windows 8, Microsoft Windows 7

· FlyAgent Hits: 20

· FASTCash Hits: 17 | Targets: Banking, Lazarus Group, Sony Corp, North Korean government, IBM AIX

· Magecart Hits: 16 | Targets: Ticketmaster Entertainment, Newegg, British Airways, eCommerce, Magento



In Other News:

CHOP gets chopped: Children’s Hospital of Philadelphia has reported two data breaches that occurred in August and September of 2018. The hospital on August 24 discovered that hacker had accessed a physician’s email account on August 23 via a phishing attack. A second breach found on September 6 revealed unauthorized access to an additional email account on August 29. The organization began an investigation with a forensics firm and found that compromised data could have included patient names, dates of birth and clinical information in the neonatal and/or fetal care units, affecting the children and parents. Financial and credit information as well as Social Security numbers were not affected.

“While CHOP is not aware of any actual or attempted misuse of patient information related to these incidents, on October 23, 2018, letters were mailed to patient families whose information was contained in these email accounts,” the hospital informed patients and families. “Potentially affected patients are advised to carefully review the statements they receive from their healthcare providers. If they see services that were not received, they should contact their healthcare provider immediately.” The hospital established a call centre for affected individuals and expressed regret for any concern or inconvenience the incidents may have caused. In a statement to Health Data Management, the hospital said a limited number of mothers and babies were affected but the hospital is not able to confirm a specific number. In the aftermath of the breaches, Children’s Hospital of Philadelphia is significantly enhancing the levels of security for the email system.

Avantia’s Comment: Personal Information on Children’s health records and medical information of any kind is highly sought (and highly priced) on the Dark Web selling for up to US$350.00 per individual to Cyber Criminals compared to a regular adult Email/Password for US$0.55c each.


Epic Financial Fail: A financial breach of epic proportion has occurred in Pakistan, with hackers making off with data from almost 8,000 bank account holders from 10 different banks. The government's cybercrime division is on the case, and hopefully making progress… although it is too early to tell. The data is being sold on the Dark Web at $100 to $160 a record. With 11,000 records found so far, that is a pretty penny.

Myths about “the cloud”: As more and more organizations embrace the migration to the cloud, there are the inevitable questions that arise around its safety. Specifically, organisations need to know that their data is going to be secure if they choose to embrace a cloud-based model, particularly a public cloud. The biggest myth we hear over and over among potential users is that “the public cloud is not safe because it’s easier to attack, and then anyone can access my data.” What we’re seeing, however, is that this statement is simply not true. The simplest way to debunk a myth is to break it apart and look at each component.

MYTH: “The public cloud is not safe.”

TRUTH: When public cloud technology was new, there were concerns that it did not provide the requisite levels of security to keep data safe. These concerns were valid as the technology was not yet proven; however, this is no longer the case. Cloud providers now have years of experience, dating back to the early 1990s when modern cloud computing was first introduced. Over the decades, they’ve fine-tuned data and application access, ensuring strong governance, rights management and systems monitoring. While the focus for on-premise and cloud-based IT is the same – to ensure application availability and security – cloud providers are able to scale this approach across multiple businesses and geographies. This scale and experience means that public cloud solutions, as long as they are well-managed, can actually prove more secure and reliable than their on-premise counterparts.

MYTH: “The public cloud is easier to attack.”

TRUTH: Many enterprises think that embracing the public cloud is tantamount to placing all of their digital eggs in one basket. The concern here is that if the provider is attacked, all access to their data – and therefore the ability to conduct business – could be lost. In most cases, however, a successful attack requires there to be an unpatched vulnerability in order to gain access. As we know, keeping up-to-date with patches is one of the biggest challenges for any organization today. A key benefit of the public cloud is that the provider takes the responsibility for patching and monitoring the network, as well as adding extra layers of security to separate internal network systems from externally accessible applications and data. By adding in this third-party vendor whose responsibility is to keep their systems up to date, it actually can bolster security and help keep data more secure than it may otherwise be if held within your organization.

MYTH: “In the public cloud, anyone can access my data.”

TRUTH: One of the biggest concerns people have with public cloud is the worry that they will lose control if they entrust it with their data. By essentially relinquishing a stronghold on the data, there are understandable questions about how secure it could possibly be. However, one of the key benefits that SaaS providers grant is data privacy. In fact, I would go as far to say that data in public cloud is harder for the “wrong people” to access than on-premise data. For example, public cloud data is protected by authentication controls, which are constantly monitored by the cloud provider. And remember, it’s not just your data they are monitoring, but it’s many other customers as well. This ensures that should anyone try to breach your data for any cloud application instance, changes can be made in near real-time to automatically enhance cloud protection for all of the cloud provider’s customers. At the same time, individual businesses’ data is protected from access by others, such as competitors, as it is multi-tenanted. That means each data instance is unique and unaware of other data, using secure keys to obfuscate and prevent leakage. That makes it extremely difficult for an unwanted entity to access your information.

THE BOTTOM LINE:

In the end, the biggest truth about security in public cloud is that it provides security at scale. As a single organization, everything you do is at a scale of one. You might learn from peers, monitor systems and patch and update applications, but there is no shared benefit to this approach. And, with the widely-documented shortage of skilled cybersecurity professionals available, it can be hard to keep up.


Threat Focus: Ontario Cannabis Store/Canada Post - Canada*

Exploit: Supply chain breach. Gained access to the Canada Post’s delivery tracking tool. Ontario Cannabis Store: A recreational cannabis store in Ontario. Canada Post: A crown corporation that functions as the primary postal operator in Canada. Risk to Small Business: 2.222 = Severe: Mail is highly personal. Nobody likes the idea of someone scooping a package off his or her porch (around here they are called porch pirates). The same idea applies to postal data. Even though the Canada Post was the organization compromised, the customers of the Ontario Cannabis Store suffer. Those customers are likely to take their business elsewhere especially given the newly legal status of the product. Individual Risk: 2.714 = Moderate: Those affected by this breach are more likely to fall victim to identity theft and become targets of phishing emails. While this breach is moderate, this is a special case given those exposed are customers of a recently legalized drug. Those exposed could possibly face social/ business repercussions after their use of cannabis becomes public. Customers Impacted: 4,500 customers / 2% of the firm’s customers. Effect On Customers: The legalization of cannabis in Ontario has not been a smooth transition, and with this breach of Canada Post that reveals the names of the Ontario Cannabis Store’s customers the situation only gets stickier. Risk Levels: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


Threat Focus: HSBC Bank - USA*

Exploit: Multiple compromised online accounts. HSBC: One of the largest banking and financial services organizations in the world, HSBC is based in London and has offices in 80 countries. Risk to Small Business: 1.888 = Severe Risk: The data compromised in this breach can be very harmful to an individual if in the wrong hands, and customers know this. Customers will second-guess their choice of a bank if their information is compromised and those thinking about setting up an account could very well look elsewhere. Individual Risk: 2.428 = Severe Risk: Those who are affected by this breach are at a higher risk of fraud and should take advantage of the identity monitoring program that HSBC offered to victims. Customers Impacted: Undisclosed at this time. Effect On Customers: One of the most important things a financial institution has is the trust of its business partners and customers. No one wants to hand over their money to someone they don’t trust. Any organization loses face when experiencing a breach but when a financial institution fails to secure account numbers, transaction history, and balances, customers will not forget it. Risk Levels: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


POSTSCRIPT:


Infrastructure Organisations Beware According to the 2018 Verizon Data Breach Investigations Report, 29.2% of reported breaches happen in industries considered infrastructure. These industries include utilities, transportation, healthcare and others that use operational technology systems. What can organizations that are considered infrastructure do to mitigate these risks? First, let’s take a look at what the risks are, and then how to secure your organization from them.

The first risk is the environment where the organization exists. If there is no inventory of the systems, a lack of security and a lack of understanding of what data is being used, the organization is at a major risk. In order to best combat this risk, one should start by gaining an understanding of overall security posture. If an organization is operating in multiple environments, pick a representative environment and apply what was learned to the other environments.

The second risk is patch management. This is self-explanatory, and its solution is as well. Patch your systems! Running outdated OT systems greatly increases the chance of a breach. Network Segmentation is the third risk, with many OT systems having connections between systems that should not be connected. In order to combat this, develop a plan for network segmentation, that way if one network is breached it is contained rather than spreading. The third risk is the supply chain. It is very hard to control how organizations handle their data, which is why it is important to include security requirements when bringing on new systems, as well as continuing maintenance efforts within their vendor management programs. The fifth risk is a lack of a united front within the organization regarding security. To avoid this, one should foster cooperation and respect between the groups who address cyber threats. Training, communication and cooperation are key here. With the world becoming increasingly digital, state actors are waging war behind the scenes more and more. A good example of this is Russia crippling Ukrainian infrastructure by launching a cyber-attack on power plants. All organizations are at risk for a cyber-attack, but those that are considered infrastructure should consider that the person trying to hack you isn’t necessarily some kid in his mom’s basement or even a pro hacker. It could be an intelligence agency with hundreds of well-trained specialists trying to see how your systems tick and how to break them,




Paul Nielsen CCSRA, Managing Director, Avantia Corporate Services Pty Ltd & Avantia Cyber Security Ph: 07 30109711/0408824122.

CYBER RISK IS BUSINESS RISK

"Wee've Got Your Back"


INDEPENDENT CYBER SECURITY RISK MITIGATION STRATEGY & CYBER SECURITY MANAGEMENT.

If your organisation does not have an 'in house' CISO we offer an affordable alternative.


* Independent Board Non Executive Director (NED) for Cyber Security.

*Development of an Enterprise Information Security Policy (EISP)

*Risk Assessment Strategy for Operational, Legal & Reputational Risk Minimisation.

*Develop and Implement an Incident response Plan.

* Develop and Manage Metrics for Operational Cyber Security.

*Manage Compliance for Regulatory, State, National & International Legal Obligations.

*Manage Stakeholder Engagement.

*Represent and Manage Media Engagement.


CALL +61 7 3010 9711 for a no obligation discussion of your requirements.


* Disclaimer: Avantia Corporate Services Pty Ltd provides the content in this publication to the reader for general information only and has compiled the content from a number of sources in the USA and up to 56 other countries who provide cyber breach information to us in real time. Given their international focus and experience in the cyberspace arena we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the contents accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.

Want The Information  Cyber Criminal's  Don't Want You To Know?

Subscribe below to receive our weekly Threat Updates straight to your inbox.

Call (07) 3010 9711 

info@avantiacorp.com.au

 

Avantia Corporate Services Pty Ltd,                    Level 7, 320 Adelaide Street

Brisbane, Queensland 4000

AUSTRALIA.

  • LinkedIn Social Icon
  • Facebook Social Icon

DISCLAIMER*: Avantia Corporate Services Pty Ltd and Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, and up to 56 other countries who provide cyber breach and cybersecurity information to us in real-time. Given their international focus and experience in the cyberspace arena, we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the content's accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.

*COPYRIGHT 2020* Avantia Corporate Services  PTY LTD - All Rights Reserved.