top of page
  • Writer's picture Avantia Threat Update



The US Army is researching the ‘Telegraphic’ brain signal communication tech for soldiers; Do not trust fake zoom emails about video conferencing invitation; Vatican absolved of one financial sin after revelation of data discrepancies. Iranian Hacking Group Revived Phishing Activities Over Holidays: IT and OT Teams in Critical Infrastructure and Manufacturing Companies Must be Able to Proactively Manage Risk and significant ‘Breaches’ in UNITED STATES; CANADA; UNITED KINGDOM; NETHERLANDS and JAPAN

Top DARK WEB compromises this past week:

Top Source Hits: ID Theft Forum Top Compromise Type: Domain Top Industry: Health & Medical Research Top Employee Count: 501+



The US Army Research Office is funding new research into how brain signals could be analyzed and decoded to create a silent communication channel for military personnel. As reported by C4isrnet, the research program -- backed by the research office -- has been led by University of Southern California researchers, alongside colleagues in Los Angeles, Berkeley, Duke University, and several UK universities, among others. In total, the US Army is providing $6.25 million in funding over five years for the moonshot research, in which algorithms and advanced mathematics are providing the foundation for separating brain signals that "influence action or behavior from signals that do not," according to the publication. By separating these types of brain signals and dismissing signals deemed irrelevant, this could be the first step towards successfully decoding action-based signals and intentions, interpreting them in a way that humans can understand using brain-interface systems. Hamid Krim, an Army Research Office program manager, told C4isrnet that devices based on this technology may be able to provide feedback on the ground to teams so they can take "corrective action"; stress and fatigue signals could let leaders know when soldiers need a rest, and also provide a channel for silent communication via a central computer while boots are on the ground. Tests with monkeys have been performed, so far, to learn how to separate action-based signals from other information. However, a brain-interface system suitable for military purposes is likely "decades away," Krim says. "The next step after that is to be able to understand it [signals]," Kim commented. "The next step after that is to break it down into words so that you can synthesize [it] in a sense, like you learn your vocabulary and your alphabet."


"Zoom email scam" refers to an email spam campaign. The term "spam campaign" is used to describe a mass-scale operation, during which thousands of deceptive emails are sent. The letters, distributed through this spam campaign, claim recipients have received a video conferencing invitation on the Zoom (Zoom Video Communications, Inc.) videotelephony and online chat service platform. It must be emphasized that these scam emails are in no way associated with the actual Zoom service. The letters are used to promote a phishing website, which is designed to record information entered into it. The title/subject of these scam emails - "You received a video conferencing invitation" - contains the essence of the letters. The body of the letters simply greets the email recipient and informs them that they have been invited to a Zoom video conference. However, when the "Review invitation" button is clicked - recipients are redirected to a phishing webpage. This page requests users to sign-in using their Microsoft accounts. As mentioned in the introduction, phishing sites are designed to record all data provided to them. Therefore, instead of accessing the fake Zoom conference invite - users unintentionally expose their Microsoft account log-in credentials (i.e. usernames and passwords) to the scammers behind this spam campaign. However, phishing websites do not only target log-in credentials, they may request a wide variety of data. Commonly, information of interest includes (but is not limited to): names, surnames, addresses, telephone numbers, email addresses, banking account and/or credit card details. Furthermore, phishing may be used in tandem with other scams (e.g. ones that request bogus payments). In summary, by trusting the "Zoom email scam" users may experience system infections, serious privacy issues, financial losses and even identity theft. "Deactivating All Inactive Accounts", "Google Forms Email Scam", "SharePoint Email Scam" and "Account Access Disabled" are some examples of other phishing spam campaigns. The deceptive emails are usually presented as "official", "priority", "important", "urgent" or otherwise attempt to trick recipients into trusting/investigating them. Aside from being used for phishing, spam campaigns can also proliferate malware (e.g. trojans, ransomware, etc.). Regardless of what scam letters claim, offer, request or demand, the end-goal is always the same - to generate revenue for the scammers / cyber criminals behind them. Due to the relative prevalence of such mail, it is strongly advised to exercise caution with incoming emails. How do spam campaigns infect computers? Systems are infected through virulent files, which are distributed via spam campaigns. The files can be attached to the deceptive emails and/or the letters contain download links of such content. Infectious files can be in various formats, e.g. archives (RAR, ZIP, etc.), executable (.exe, .run, etc.), PDF and Microsoft Office documents, JavaScript, and so on. When these files are executed, run or otherwise opened - the infection process (i.e. malware download/installation) is initiated. For example, Microsoft Office documents cause infections by executing malicious macro commands. In Microsoft Office versions released before 2010 - this process begins automatically upon the document's opening. However, the newer versions have "Protected View" mode; hence, users are asked to enable macros (i.e. to enable editing/content). Therefore, in these versions infection can only be triggered if macro commands are enabled manually. How to avoid installation of malware? Suspicious and irrelevant emails must not be opened, especially any attachments or links found in them - as that can result in a high-risk system infection. It is also recommended to use Microsoft Office versions released after 2010. However, malware is also proliferated via dubious download channels (e.g. unofficial and free file-hosting websites, Peer-to-Peer sharing networks and other third party downloaders), illegal activation ("cracking") tools and fake updaters. Therefore, it is advised to always use official/trustworthy download sources, as well as activate and update programs with tools/functions provided by legitimate providers. To protect device integrity and user privacy, it is paramount to have a dependable anti-virus/anti-spyware suite installed and kept updated. Furthermore, this software has to be used for regular system scans and removal of detected/potential threats.


Anti-money-laundering agency says it mis-interpreted info, leading to allegations of unexplained $1.8bn transfer to Australia. The Australian Transaction Reports and Analysis Centre (AUSTRAC), a government agency tasked with detecting and preventing financial crimes, has admitted that software errors led it to allege that the Vatican had inexplicably shipped AU$2.3bn to Australia. In a response to a question put by a Senate Committee, AUSTRAC CEO Nicole Rose clarified the agency’s previous assessment that AU$2.3bn (US$1.78bn, £1.30bn) moved from the Holy See to Australia. Questions about the transfer were asked in the context of ongoing strife within the Vatican, which in late 2020 re-organised its finance agencies after a scandal involving mismanagement of donated funds. Among the allegations raised was the improper funnelling of funds to assist the trial of Cardinal George Pell, an Australian convicted and jailed for child sexual abuse, but later acquitted on appeal. Pell also served as the first Prefect of the Secretariat for the Economy, a post created in 2014 and which oversees Vatican finances and reports directly to the Pope. Allegations that billions had flowed to Australia for no obvious reason fuelled ongoing speculation about the true state of Vatican finances. AUSTRAC doused the flames but covered itself and other un-named organisations in soot by revealing the actual quantity of Vatican-Australia money moves was AU$9.5m (US$7.3m, £5.3m). “The discrepancy in the data occurred due to a range of complexities and inconsistencies in some reporting received by AUSTRAC originating from international institutions, relating to incomplete geo-coding data,” AUSTRAC’s explanation states. “This led to AUSTRAC's system attributing a large series of transactions to the Vatican City State. AUSTRAC's quality assurance processes should have identified this issue.” It is understood that the misattribution may have seen transactions from all of Italy, or even other European nations, attributed to the Vatican. “AUSTRAC has subsequently undertaken a detailed review of the data and put immediate additional quality assurance processes in place,” the response adds. The agency is also “… considering what further processes and governance changes should be implemented into the future.” The Holy See issued a Communique that “acknowledges” the revelation of the true figure and explains that the lesser sum “is attributable, among other things, to a number of contractual obligations and the ordinary management of resources.”


A recent phishing campaign tied to an Iranian hacking group known as "Charming Kitten" used SMS and email messages to spread malicious linkso spread malicious links in an attempt to steal email credentials in the U.S., Europe and the Persian Gulf region, security firm Certfa Lab reports. The campaign, which appears to have been active during the last several weeks of 2020, targeted individuals working for think tanks and political research centers, university professors, journalists and environmental activists. "The group started the new round of attacks at a time when most companies, offices, organizations, etc. were either closed or half-closed during the Christmas holidays and, as a result, their technical support and IT departments were not able to immediately review, identify, and neutralize these cyber incidents," the Certfa Lab report notes. "Charming Kitten has taken full advantage of this timing to execute its new campaign to maximum effect." Charming Kitten, also known as APT35, Phosphorous and Ajax, is one of Iran's top state-sponsored hacking groups. It has been targeting a range of victims and carrying out cyberespionage campaigns since at least 2013. In the SMS campaign, the hacking group sent the victims a "Google Account Recovery" message with a malicious phishing link requesting that the targeted victims click the URL to confirm their identity."The most important point in this method is the structure of the link in the SMS that seems legitimate:


"At first glance, these links generally cause less suspicion for the targets. After opening the links and several redirections, the victims are led to final phishing domains such as 'mobile[.]recover-session-service[.]site' etc." Phishing landing page used to steal credentials (Source: Certfa Lab) "The use of SMS phishing is no surprise and highlights the breadth of social engineering tactics used by threat actors," says Dr. Jamie Collier, intelligence analyst at Mandiant Threat Intelligence Security. "For many years, Iranian groups have also employed fake social media personas to collect information on individuals and distribute malicious links. It is therefore imperative for security teams to implement security policies and user education programs that account for a wide range of social engineering tactics." In Charming Kitten's email campaign, the threat actors used multiple messages and subject lines as lures. In one case, the attackers sent messages related to New Year's greetings with a malicious URL. When the victims failed to click the link, the attackers sent different emails on topics related to Iranian and Israeli politics. When the victims clicked these malicious links, they were directed to a fake domain with a login page that attempted to steal the targets' Microsoft Outlook, Gmail or Yahoo credentials, the report notes. In August 2020, security researchers at ClearSky Cyber Security found Charming Kitten was using LinkedIn and WhatsApp messages to contact potential victims to build trust and persuade them to visit a phishing page (see: Iranian Hackers Using LinkedIn, WhatsApp to Target Victims ). In July 2020, Charming Kitten accidentally exposed videos related to the group's hacking and training activities. These videos detailed the group's spear-phishing campaigns against U.S. Navy and State Department personnel. In June 2020, Google researchers found Charming Kitten hackers unsuccessfully targeted the presidential campaign offices of then President Donald Trump.


IT and security professionals know that change is constant. In fact, part of what defines them is their ability to adapt to change and the faster they adapt, the more successful they will be. The change they encountered in 2020 was unprecedented and had a dramatic impact on their operational technology (OT) environments – accelerating and sometimes recasting how they address the following four key areas.

· Digital transformation. Well before the pandemic, companies in critical infrastructure and manufacturing sectors had already started to improve their traditional manufacturing processes and move to the cloud and SaaS applications. Many also had some type of remote access solution in place so that manufacturers of the industrial control systems that compromise OT networks could service existing machinery per their contracts. Then came the COVID crisis and digital transformation across all sectors accelerated significantly. Driven by the need to increase productivity and top line revenue to stay competitive, companies prioritized digitization and the convergence of IT and OT networks expanded dramatically. Supporting a surge in requests for remote access is the most obvious example – extending connectivity to additional user groups, including employees and third parties, who had previously provided critical services on-site.

· Business opportunities. Researchers also saw an acceleration of business opportunities in critical infrastructure sectors such as life sciences and pharmaceuticals, and food and beverage. For companies in these sectors, the OT side is their business – it’s what drives revenue. To take advantage of these opportunities, organizations are increasingly looking for new ways to optimize processes and reduce costs through automation; Internet of Things (IoT) and smart devices are becoming essential to improving OT operations.

· Cyber threats. Another change is an increase in the number and types of cyber threats. Organizations in critical infrastructure sectors can’t risk downtime, which has contributed to the IT/OT security gap. Yet as their OT and IT networks converge, more legacy OT assets become internet-facing, and they introduce more IoT devices to their environments, the security gap widens and the door for attackers opens further. The U.S. National Security Agency (NSA) and Cybersecurity Infrastructure Security Agency (CISA) alert back in July and last month’s CISA warning of unknown cyber-threat actors targeting the COVID-19 vaccine supply chain, highlight the need to reduce exposure of OT environments, the increased capabilities of attackers, and the urgency and severity of the risk.

· OT security. The connection between improving competitiveness and improving security is increasingly apparent at the board level. Business leaders in these sectors are becoming more educated on the prevalence and severity of these threats and are exploring new ways of mitigating risk and creating business continuity plans. They realize they have spent years protecting their IT networks, but as they look towards more IT/OT convergence to increase business performance and competitiveness, they recognize that their OT networks remain exposed. Just when they can least afford a compromise, they are most vulnerable. So, business continuity plans are number one on their list driven by a holistic approach to risk mitigation.

As we start to see a light at the end of the tunnel with the pandemic, the way we manage our businesses will change permanently, and therefore the technology we use to support it will change permanently as well. To take full advantage of this confluence of changes and move forward securely, IT and OT teams in critical infrastructure and manufacturing companies must be able to proactively manage risk. This starts with FULL VISABILITY into all the assets in the OT environment and the function they perform, so that you can identify vulnerabilities and detect suspicious behaviour more effectively and efficiently. Asset identification isn’t a one-time activity but must be a continuous process to understand new gaps and risks as they emerge. With a complete picture of asset information, agentless solutions that are purpose built for continuous threat monitoring can help you identify and track threats that cross the IT/OT boundary. IT and OT teams can then work together to secure the converged enterprise without risk to productivity or downtime. And to tackle one of the toughest challenges facing industrial cybersecurity practitioners today, secure remote access solutions with strict controls over sessions provide off-site access to OT environments while minimizing the substantial risks introduced by remote workers. The world will go back to some degree of “normal,” but it will not go back to the pre-pandemic baseline. How we work has changed forever. Fortunately, security professionals know they can adapt to change and play a pivotal role in helping organizations transition smoothly.



United States – Parler

Exploit: Hacking

Parler: Social Media Application

Risk to Business: 1.619 = Severe

Now-defunct social media site Parler had a wild ride to the finish, including a hacking incident. Hackers were able to exploit security weaknesses in engineering and security to gain access to the membership-restricted content, scraping at least 70 TB of data. The data scrape also includes deleted posts, meaning that Parler stored user data after users deleted it. The hackers also obtained URLs for over a million video URLs, some deleted and private.

Individual Risk: 1.221 = Extreme

Data was taken from Parler’s “Verified Citizens,” users of the network who verified their identity by uploading photographs of government-issued IDs, such as a driver’s license. The scrape includes user profile data, user information, and which users had administration rights for specific groups within the social network. Data like this could be used to mount spear phishing attacks, or as blackmail material, as it contains details that could connect users to criminal acts or membership in extremist groups.

Customers Impacted: 10 million

How it Could Affect Your Business: Data like this often makes its way to the Dark Web, enabling it to be used to power cybercrime like phishing and credential compromise.

Avantia Cyber Security & ID Agent to the Rescue: Watch for threats from the Dark Web without lifting a finger using Dark Web ID, 24/7/365 credential monitoring that alerts you to trouble fast. Call AUSTRALIA 07 30109711 to learn more.

United States – Taylor Made Diagnostics

Exploit: Ransomware

Taylor Made Diagnostics: Occupational Healthcare Provider

Risk to Business: 2.612 = Moderate

A Conti ransomware attack at this Virginia-based healthcare provider led to some unpleasant consequences for employees of the Norfolk Southern Railroad and UPS after 3K patient records were snatched. The stolen data included health records for employees from both firms, in addition to multiple smaller trucking companies, U.S. government agencies and defense contractors from as recently as December 2020.

Risk to Business: 2.722 = Moderate

The leaked data included completed U.S. Department of Transportation (DOT)-mandated medical exams, as well as drug and alcohol testing reports for truckers and rail workers at multiple companies. Many documents contained detailed personal information such as full names, addresses, social security numbers and scans of driver’s licenses. This information could be used for identity theft and spear phishing attacks.

Customers Impacted: Unknown

How it Could Affect Your Business Ransomware is almost always the result of a successful phishing attack. It’s an expensive nightmare for any business, especially one in the healthcare sector.

Avantia Cyber Security & ID Agent to the Rescue: Learn how to protect businesses from ransomware without breaking the bank in our eBook Ransomware 101. Email To Claim your FREE Copy.

United States – Ubiquiti Networks

Exploit: Ransomware

Ubiquiti Networks: Communications Technology Firm

Risk to Business: 1.979 = Severe

Ubiquiti Networks announced that an intruder made its way into that company’s servers. The hacker was able to access stored data on users, such as names, email addresses, and salted and hashed passwords. It is currently unclear how many users have been affected. The company says there is no indication that there has been unauthorized activity with respect to any user’s account, and the incident is still under investigation.

Individual Risk: No personal or consumer data was reported as impacted in this incident.

Customers Impacted: Unknown

How it Could Affect Your Business: Hacking can come from many directions, but one common source is credential compromise. By adding strong access point protection, companies can add extra security against hackers like this.

Avantia Cyber Security & ID Agent to the Rescue: Protect every door that hackers could use to slip into your systems and steal your data with secure identity and access management tools like single sign-on and multifactor authentication for less with Passly. Call Avantia on 07 30109711 for more info.

United States – South Country Health Alliance

Exploit: Phishing

South Country Health Alliance: Health Plan Provider

Risk to Business: 1.812 = Severe

South Country Health Alliance, a county-owned health plan based in Owatonna, MN, experienced a data breach after a successful phishing attack let cybercriminals access the protected health data and personal information of more than 60K members. The incident has been under investigation since the attack was first confirmed in September 2020, and the filing made with HIPPA regulators noted that affected patients were informed starting 12/30/20.

Individual Risk: 2.006 = Severe

The exposed information included names, Social Security numbers, addresses, Medicare and Medicaid numbers, health insurance information, diagnostic or treatment information, death dates, provider names and information about treatment costs. The health plan is offering complimentary credit monitoring and identity protection service to impacted members.

Customers Impacted: 66,874

How it Could Affect Your Business: Phishing attacks on healthcare targets have been increasing, as the demand for healthcare information and the opportunity afforded to cybercriminals by an overstressed healthcare system creates fresh opportunities.

Avantia Cyber Security & ID Agent to the Rescue: Don’t be surprised by the tricks that cybercriminals are using these days to trick employees. Get the skinny on today’s common lures in our eBook Phish Files. Email to claim your FREE Copy.

Canada – Government of Saskatchewan Hunting, Angling & Fishing Licensing

Exploit: Human Error

Government of Saskatchewan HAL: Regional Regulatory System

Risk to Business: 2.775 = Moderate

The Government of Saskatchewan is informing citizens that an information security incident occurred on 01/07/20 when an email regarding Hunter Harvest surveys was sent to HAL customers from a third-party agency called Aspira. That contractor sent an email that contained the wrong customer name and HAL account identification number to about 33,000 email addresses, scrambling information to the wrong people.

Individual Risk: 2.833 = Moderate

The only information that has been reported as compromised at this time was the name and HAL identification number of affected parties. No payment or other personal information was declared impacted in this breach.

Customers Impacted: 33,000

How it Could Affect Your Business: The number one cause of a data breach is always the same: human error. By building cyber resilience, organizations can make sure that they’re ready for challenges brought on by employee mistakes.

Avantia Cyber Security & ID Agent to the Rescue: Get in the fast lane to creating a cyber resilient organization that’s ready for tomorrow’s challenges with our new eBook and resource package The Road to Cyber Resilience. Email to claim your Free Copy.

United Kingdom – Nohow International

Exploit: Unsecured Database

Nohow International: Staffing Firm

Risk to Business: 1.411 = Extreme

In a devastating blunder, unsecured Microsoft Azure Blob exposed deeply sensitive documents of more than 12,000 construction workers. The treasure trove contained 12,464 images, PDF documents, and email messages presumably sent by the exposed workers to Nohow International in the course of gaining and changing employment with the staffing firm.

Individual Risk: 1.221 = Severe

Employee data impacted in this breach includes scans of passports, national IDs, birth certificates, and tax returns. This data also contained MSG files of email messages sent by construction workers to Nohow’s email address used specifically for receiving documents. The email messages include the workers’ personal and payment information, such as taxpayer reference and national insurance numbers, as well as banking details. This extremely sensitive information can be used to facilitate spear phishing attacks and identity theft.

Customers Impacted: 12,000

How it Could Affect Your Business: Failure to secure an average database is a ding to a company’s reputation for trustworthiness, but failing to secure a database full of extremely sensitive information like this could be devastating.

Avantia Cyber Security & ID Agent to the Rescue: Are your customers covering all of their security bases? Get the Cybersecurity New Year’s Resolutions Checklist and go over it with them to make sure! Call Avantia on 07 30109711 for more info.

The Netherlands – Eneco

Exploit: Credential Stuffing

Eneco: Energy Company

Risk to Business: 1.827 = Severe

Dutch energy supplier Eneco has warned tens of thousands of clients, including business partners, to change their passwords after a recent data breach following a suspected credential stuffing attack. The company reported that hackers accessed approximately 1,700 private and small business accounts. A separate group of approximately 47,000 customers is also being informed by email about the incident “as a precaution”. The investigation is still ongoing.

Individual Risk: 1.717 = Severe

The company stated that affected customers may have had their data “viewed and possibly changed by third parties,” but was unspecific about the exact impact.

Customers Impacted: Unknown

How it Could Affect Your Business: Credential stuffing is a popular attack because it’s cheap, effective, and it’s been made so easy due to an abundance of Dark Web data to fuel it.

Avantia Cyber Security & ID Agent to the Rescue: Businesses that protect their data with Passly gain essential protection against attacks like credential stuffing with tools like multifactor authentication at an excellent price. Call Avantia on 07 30109711 for more info.

Japan – Capcom

Exploit: Ransomware

Capcom Co. Ltd.: Videogame Developer

Risk to Business: 1.332 = Extreme

Recent data breach damage at Capcom was significantly worse than they thought. Capcom has announced that their investigation has uncovered that the personal data of up to 400,000 customers was compromised in the attack — 40,000 more than the company originally estimated. The announcement added that its investigation is ongoing and that new evidence of additional compromise could still come. The Ragnar locker ransomware group also captured 1TB of corporate data, including banking details, contracts, proprietary data, emails and more.

Individual Risk: 2.623 = Moderate

It’s uncertain if any further client data was impacted. Capcom was quick to note that no customer credit-card data was exfiltrated during the breach, saying that it’s currently safe to play and purchase the company’s games online since those transactions are handled by a third-party service provider.

Customers Impacted: 400,000 and growing

How it Could Affect Your Business: No business is too big or too small to fall prey to cybercrime. Ransomware can strike companies of any size and deliver an impact that resounds for months.

Avantia Cyber Security & ID Agent to the Rescue: Protect clients from ransomware by protecting them from its source: phishing. Our newly revamped phishing resistance training solution BullPhish ID makes managing campaigns easy with new, user-friendly training portals. Call Avantia on 07 30109711 for more info.



Can Your Staff Really Spot Phishing Messages? Can You?

Phishing is a threat that looms large for every business. In 2020, phishing threats grew by more than 600% as cybercriminals took advantage of a perfect storm of factors that gave them great advantages: a newly remote workforce, world unrest, the COVID-19 pandemic and a crashing economy. That’s definitely a growth category for cybercrime in 2021. Damage related to cybercrime including phishing-related threats like ransomware and business email compromise is projected to hit $6 trillion annually in 2021 as a new cyberattack is launched every 39 seconds. One of the best investments that you can make to protect your business from today’s worst cyberattack threats is security awareness training featuring phishing resistance. We’re making that easier than ever before with the newly updated BullPhish ID. Featuring user-friendly training portals, customizable training materials, and simple remote management, BullPhish ID is the top-flight training solution that includes everything that you need to get your team ready to face down phishing at an excellent price.

Don’t wait to start your 2021 security awareness and phishing resistance training program. Act now to start protecting your business from cybercrime before one click on one phishing email costs you a fortune.

CALL AVANTIA CYBDER SECURITY ON +61 7 30109711 for more information.





Avantia Corporate Services Pty Ltd T/A Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, other members of the 5 Eyes Alliance, the Australian Cyber Security Centers, and other sources in 56 countries who provide cyber breach and cyber security information in real time. Given their international focus and experience in the cyberspace arena we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the contents accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.

*COPYRIGHT 2020* Avantia Corporate Services - All Rights Reserved.


bottom of page