Search
  • Avantia Threat Update

WIKI LEAKS REVEALS CIA SPYING


This past week, WikiLeaks documents reveal suspected CIA espionage group targets Governments and Private Businesses since 2007; Israeli Research shows Microsoft Office 365 Advanced Threat Protection far too slow to be effective; Happy Snaps take off at Gatwick Airport; Universities targeted by State Sponsored actors; MAC attacks double in 2019; scams continue to trap employees; weak passwords put company data at risk; the consequences of a breach are higher for SME’s and major Breach Attacks in Australia, New Zealand, South Africa, United Kingdom and USA.


This Past Week's Top Dark Web ID Trends:

Top Source Hits: ID Theft Forums

Top Compromise Type: Domain 

Top Industry: High-Tech & IT

Top Employee Count: 51 -100 Employees 

_________________________________________________________


RELEASED WIKILEAKS DOCUMENTS LINK TO CYBER ESPIONAGE GROUP WITH A MULTI YEAR HISTORY OF TARGETING GOVERNMENTS AND PRIVATE BUSINESSES.

Symantec matches tools exposed in Vault 7 documents leak reportedly from the CIA by Wikileaks with those used by cyber espionage group that has been targeting governments and private businesses. Researchers at Symantec have established a connection between the Vault 7 documents released by WikiLeaks and a cyber espionage group with a multi-year history of targeting governments and private companies. WikiLeaks says the tools in Vault 7 are from the CIA. Symantec has been watching this group, nicknamed Longhorn, since 2014. The group has been active since at least 2011, with evidence of activity dating back to 2007. In that time, it has used a range of methods, from backdoor Trojans (Backdoor Trojans are malicious software programs that share the primary functionality of enabling a remote attacker to have access to or send commands to a compromised computer.) to zero-day vulnerabilities (A zero day exploit is a cyber attack that occurs on the same day a weakness is discovered in software - At that point, it's exploited before a fix becomes available from its creator.) to compromise 40 targets in at least 16 countries across Europe, Asia, Africa, and the Middle East. Researchers discovered one attack hit a computer in the US, but an uninstaller was immediately launched following the event -- a sign it was unintentional. While Symantec didn't explicitly say Longhorn is the CIA, it concluded the group's tools bear similarities to those in the Vault 7 documents. "Given the close similarities between the tools and techniques, there can be little doubt that Longhorn's activities and the Vault 7 documents are the work of the same group," the company wrote in a blog post. For example, Vault 7 contains notes and feature release dates for a piece of malware called Fluxwire. The timeline is similar to Corentry, a Longhorn tool tracked by Symantec. According to samples obtained by Symantec, Corentry was consistently updated with new features on the same dates, or several days after, the dates listed in Vault 7. "That's the biggest piece of evidence," says Eric Chien, director of Symantec Security Response, of the matching timelines. "It's sort of hard to argue with." Another similarity was found between Vault 7 document Fire and Forget, a specification for installing malware modules through a tool called ArchAngel. The specification and interface used to load modules closely match a Longhorn tool called Plexor. A third Vault 7 document includes cryptographic protocols for other malware tools, including the use of cryptography within SSL to prevent man-in-the-middle attacks, use of AES with a 32-bit key, and key exchange once per connections. All of these requirements are similar to cryptographic rules found in Longhorn. Chien says the malware attack tools were built to spy on other countries. "Look at them as all-purpose backdoors," he says. "They can do anything on a machine that they would want with it." The attacks have affected organizations in the energy, financial, telecom, aerospace, education, information technology, natural resources, and education industries. There is no trend indicating one type of industry is at greater risk, but they all have a common similarity. "We're not seeing anything like financial attackers transferring money. Everything looks to be very espionage-related and state-espionage related," Chien says. The activity recorded here is different from that exposed by NSA whistleblower Edward Snowden, he continues. NSA aimed to gain access to infrastructure; for example, by compromising mail servers or DNS servers. With so many open source tools available to help with network security, it can be tricky to figure out where to start, especially if you are an IT generalist who has been tasked with security. Longhorn's toolsets are designed differently. They use "human assets," or commissioned insiders, to launch attacks within an organization. Chien cites the example of a VLC multimedia application modified to accept commands and seek documents. The application would be given to an insider who would enter the business and launch the app so the hackers could seek documents of interest. "They wouldn't use it unknowingly," he notes. "It was designed to give to someone who knew something was going on," but didn't know what was happening behind the scenes. Following the Vault 7 leak, Chien says it's unlikely these specific tools will be deployed again by the cyber espionage group. He says the group will revamp their toolsets and come back. Chien emphasizes that for businesses, this is "not just another threat." Businesses need to understand the dangers, revisit their threat models, and implement a comprehensive incident response procedure for such advanced attacks.


NEW ISRAELI BASED IRONSCALES RESEARCH FINDS MICROSOFT ATP (Advanced Threat Protection) TAKES UP TO 250 DAYS TO CREAT PHISHING ATTACK SIGNATURES.

IRONSCALES RESEARCH revealed that Microsoft Office 365 Advanced Threat Protection (ATP), the primary email security filtering service for Office 365 users, can take up to 250 days to create an email phishing attack signature and make it available to enterprise technical staff. (Headquartered in Tel Aviv, Israel, IRONSCALES was incubated in the 8200 EISP, the top program for cyber security ventures, founded by Alumni from the Israel Defense Forces’ Elite Intelligence Technology Unit.) Over the course of 3 months, a representative sample size of 1000 malicious emails containing links or attachments found that ATP took between 6 and 250 days from the time an email phishing attack was first reported until the time that a signature was deployed. This delay in signature creation leaves Office 365’s 60 million monthly users at severe risk of malicious email phishing messages impacting business continuity - as it now takes less than 82 seconds for a phishing email to lure a click. “It’s frustrating to learn that ATP seems to lack the sense of urgency that phishing mitigation requires in today’s email threat landscape,” said Eyal Benishti, IRONSCALES founder & CEO. “As the main cybersecurity safeguard for millions of people, ATP must prioritize phishing attack signatures to limit risk or be more transparent with their users about the need for additional email security to serve as an additional line of defense. When combining this slow response time with the fact that ATP cannot stop the onslaught of fake 365 login pages harvesting users credentials, users must begin to ask tough questions about just how much ATP is actually reducing their risk.”

IRONSCALES’ research also found that attackers are gaining unprecedented leverage over their organizational targets. Currently, for every uniquely identified email phishing attack :

• 50% now affect more than 25 organizations worldwide

• 20% now affect more than 40 organizations worldwide

• 10% now affect more than 55 organizations worldwide

• 5% now affect more than 65 organizations worldwide

2% now affect more than 100 organizations worldwide

Additionally, attackers are now targeting between two and 40 mailboxes per company impacted by an email phishing attack, IRONSCALES research also concluded.


YOUR FACIAL MUGSHOT MAY BE SCANNED YET AGAIN – Facial Recognition technology linked to Passports at Gatwick Airport in the UK.

Gatwick Airport will extend its use of facial recognition to match passengers to their passports at departure gates before they board planes. The original trial with British EasyJet scanned passengers faces when they used self-service luggage drop-off points on their way to European destinations. A spokeswoman for Gatwick Airport said "Gatwick [is now planning] a second trial in the next six months and then rolling out auto-boarding technology on eight departure gates in the North Terminal when it opens a new extension to its Pier 6 departure facility in 2022." She said that the trial showed passengers found the tech easy to use and its use led to faster boarding times and less time spent queuing. The news comes at a challenging time for facial recognition more broadly. In the US, there has been blowback against widespread use of the technology. San Francisco recently banned any use of biometric technology  by public bodies in the city. Attaching the technology to police body-worn cameras has also been criticised.  In the UK, which has a higher tolerance for surveillance, the technology is increasingly being used in public spaces – like Kings Cross Railway Station in London.  Landlords there have been handed a database of images by the Metropolitan Police to load onto its AI-powered spotter system, which ran between 2016 and 2018. The Information Commissioner's Office is investigating the massive ‘snoop’. Passengers can opt out of using the face scanners and Privacy International told the BBC the airport should seek genuine consent, especially when scanning children. Gatwick said no data would be stored for longer than a few seconds during the trial, which had been designed to comply with relevant data protection laws. Last year Gatwick ran one of the most extensive passenger trials of biometric auto-boarding technology with over 20,000 international passengers experiencing the technology for the first time across a whole range of European destinations. More than 90 per cent of those interviewed said they found the technology extremely easy to use and the trial demonstrated faster boarding of the aircraft for the airline and a significant reduction in queue time for passengers. Gatwick is now collating all the data in order to further develop and optimise the technological solution with a view to rolling out auto-boarding technology on eight departure gates in the North Terminal when it opens a new extension to its Pier 6 departure facility in 2022. One of the major benefits for passengers will be the open gate-room concept that Gatwick will be able to enable with this technology. This will allow passengers to spend more time enjoying the shops or having a last minute coffee before boarding their flight.


UNIVERSITIES INCREASINGLY TARGETED BY RANSOMWARE:

Cybercrims are still ‘very likely’ to affect Universities and other educational institutions online with ransomware, reckons GCHQ offshoot the National Cyber Security Centre. Attacks by online criminals and nation states alike are "rising", the NCSC warned in a recently published report, Sarah Lyons, deputy director for economy and society at the British Security Centre said, "NCSC is working closely with the academic sector to ensure that, wherever the threat comes from, they are able to protect their research and their universities in cyberspace."

While cybercriminals are most likely to deploy ransomware and other nasties "through untargeted attacks", the impact of their nefarious deeds is generally more than trivial. Attackers, said the NCSC, are generally quite likely to succeed because they exploit the "open and outward facing" nature of academic institutions. "Using sources such as a University's website, it is straightforward to identify who to target, how to reach them, and to establish a credible story with which to approach them," said the NCSC. They're not alone in highlighting the risk from phishing: back in April, academic infosec boffins JSSC formerly known as the Joint Information Systems Committee, warned that a pen-test (penetration testing) exercise had been able to successfully penetrate (by ‘phishing’ emails) every single university they tested. Aside from organised crime and thieves looking to pick a cyber-pocket through the use of cyber-tools in the cyber-domain, British universities also need to be on the lookout for state-backed threats as well. "Cybercrime"offers a deniable route to obtain information that is otherwise unavailable to them. It is likely exploited instead of, or in conjunction with, traditional routes to gain access to research, such as partnering, 'seconded students', or direct investment." Last year, an Iranian campaign to steal login credentials from Western universities was bought to public light. The scam played on the old technique of setting up fake login pages to man-in-the-middle the victims' credentials (A man-in-the-middle attack is like eavesdropping - When data is sent between a computer and a server, a cybercriminal can get in between and spy.for academic repositories. "Many of the fake pages were linked to university library systems, indicating the actors' appetite for this type of material," the NCSC said of the Iranians' doings. Once inside, state-backed hackers normally go for information of high commercial or military value, NCSC warned. Bulk personal data, technical information, sensitive research and intellectual property are all types of information that attackers of both broad flavours are interested in – and should therefore be defended accordingly. Not all attacks are known or traceable. The University of Edinburgh was targeted last year with a DDoS attack (A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt normal traffic to a web property.) while King's College London (no stranger to IT woes) suffered what appears to be a Brute Force attack (A brute force attack is a trial-and-error method used to obtain information such as a user password or personal identification number (PIN). In a brute force attack, automated software is used to generate a large number of consecutive guesses as to the value of the desired data) against public-facing login pages.  Defending against these kinds of attacks is a combination of the usual methods: train people, staff and students alike, in what a suspicious approach looks like, deploy multi-factor authentication to make it harder for remote attackers to log in, and take a good look at your institution's network architecture and internal controls. "We believe that state espionage will continue to pose the most significant threat to the long-term health of both universities and the UK itself," concluded the NCSC. "There's a realistic possibility that the threat will increase in-line with increased scrutiny of foreign direct investment and the minimising of other avenues to gain insight and advantage." 


MAC USERS TARGET PHISHING ATTACKS DOUBLE IN 2019.

Mac users are being targeted with phishing attacks in an ever increasing number, possibly rising twofold in 2019. Fraudulent e-mails spoofed as being sent from Apple have been increasing 30-40 percent every year. According to Kaspersky the security company, its researchers detected about 1.6m incidences of phishing during January-June this year that tried duping ‘Internauts’ (refers to a designer, operator, or technically capable user of the Internet) entering their login credentials for Apple accounts in one phony Apple site. The above numbers account for solely assaults against Macs machines which had Kaspersky's security program running implying phishing assaults against macOS computers are quite high in number. And whilst malware threatening macOS as well as iOS mobile users show far lower in volume compared to malware threatening Android and Windows users, in the case of phishing, the scenario is pretty something else. Phishing mechanism, which uses social engineering, therefore has little role of software in phishing attacks. As the latest study by Kaspersky reveals, the total count of instances wherein ‘Internauts’ encountered imposter web-pages of Apple used like a medium for victimization rose considerably during the first half of 2019, scaling to 1.6m. Fraud schemes crafted for appearing similar as iCloud facility interface are one of the most common as they seize login details for Apple ID A/Cs. Web-links taking onto such facilities normally arrive through spam mails masquerading as technical support electronic mails. These links usually threaten to kill access to user accounts if the users don't click on them. To remain safeguarded from malware targeting macOS, users require loading solely apps available in Mac App Store alternatively in familiar websites that reliable developers own. Malware purveyors who want their ware to infect a Mac most often use the route of bogus update of Flash Player; therefore, again these must always be ignored. Much safer still, Mac users mustn't let Flash onto their systems in any way. One Mac owner can help another via passing this message. Meanwhile, Kaspersky emphasizes that it's just not any more the case wherein it can be considered about Apple products as wholly "safer" compared to Android or Windows products.



THREAT FOCUS: Garmin SA GPS = SOUTH AFRICA

Exploit: Malware attack

Garmin SA: Maker and distributor of GPS technology

Risk to Small Business: 1.777 = Severe: Malware injected into the Garmin’s South African online store stole customer payment information when they made purchases on the site. Garmin’s online store is currently unavailable as the company works to repair its IT infrastructure after the malware attack. Consequently, the company is missing out on all online sales during the recovery process. At the same time, Garmin will have to work to restore its damaged reputation and to upgrade its cybersecurity standards to ensure that customer information is secure moving forward.

Individual Risk: 2.142 = Severe: Hackers stole sensitive payment information, including names, addresses, phone numbers, email addresses, payment card numbers, and CVV codes. This information can be used to commit financial fraud, and it has a comprehensive market on the Dark Web where this information can quickly spread among bad actors. Those impacted by the breach should notify their bank or payment card providers, and they need to actively monitor their accounts for unusual or suspicious activity.

Customers Impacted: Unknown

Effect On Customers: Online stores are a critical revenue stream for many companies and compromised online payment details can significantly reduce sales opportunities for years to come. Therefore, protecting these systems should be a top priority for every business with an online store, as studies have shown that companies may not get a chance to demonstrate their efficacy in this regard.

Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


THREAT FOCUS: New Zealand Transport Agency - NEW ZEALAND

Exploit: Unauthorized database access

New Zealand Transport Agency: Government agency overseeing transportation and land policy

Risk to Small Business: 2 = Severe: An API that integrates the New Zealand Transport Agency was left open, providing public access to company databases containing information related to traffic patterns, maintenance contractors, and policing services. The compromised data was available for more than a year, and the agency reported significant spikes in activity during specific periods. Such a blatant database leak is indicative of a lack of oversight that will cost taxpayers money and sharply reduce organizational efficiency.

Individual Risk: No personal information was compromised in the breach.

Customers Impacted: Unknown

Effect On Customers: Customer data isn’t the only thing vulnerable to lax cybersecurity standards. Proprietary information or intellectual property is often targeted by bad actors who can use this data to eliminate a company’s competitive edge or otherwise harm business interests. Data protection at every level is a critical component of doing business in the digital age.

Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


THREAT FOCUS: Get Payment Services - AUSTRALIA

Exploit: Unauthorized database access

Get: Payment service for university societies and clubs

Risk to Small Business: 1.777 = Severe: Due to a technical glitch, a platform user was able to access personal information on other accounts. After multiple attempts to contact the company, the users made the report public on Reddit, and Get ultimately responded by updating its network to prevent this access. Previously known as Qnect, the company endured a similar breach in the past and ultimately changed its name after users impacted by the breach were continually exploited with information ransom requests. It’s a reminder that data breaches have cascading consequences for businesses and their customers, and the only way to truly avert these repercussions is to prevent a breach from occurring in the first place.

Individual Risk: 2.142 = Severe Risk: User data was released to the public, including names, email addresses, dates of birth, Facebook IDs, and phone numbers. This information is extremely valuable on the Dark Web, and it can spread quickly, reemerging in other attacks that can further magnify the effects of a breach. Those impacted should enroll in credit and identity monitoring services, while being aware that their data could be misused again in the near future.

Customers Impacted: 50,000

Effect On Customers: Customers and employees are increasingly unwilling to remain loyal to a company that can’t protect people’s personal information. This is especially true for organizations with a demonstrated pattern of carelessness regarding cybersecurity standards. Rather than leaving data security up to chance, every business should proactively defend user data by partnering with the right solutions.

Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


THREAT FOCUS: UNICEF Charity - UNITED KINGDOM

Exploit: Accidental sharing

UNICEF: International fund providing emergency food and healthcare for children

Risk to Small Business: 1.888 = Severe: An employee accidentally sent an email to 20,000 recipients that contained the personal information of more than 8,000 people who enrolled in immunization courses. While the information is contained to those on the mailing list, it can easily be made available to a broad audience. What’s more, it’s impossible to recover the compromised information, underscoring the importance of implementing data security practices before a data breach occurs.

Individual Risk: 2.285 = Severe: The personal information exposed in the breach includes names, addresses, duty stations, genders, organizations, names of supervisors, and contact preferences. This data can be used to develop and deliver spear phishing campaigns that trick users into disclosing additional personal details through social engineering. Those impacted by the breach should be on the lookout for suspicious communications and stay vigilant about monitoring their accounts for potential misuse.

Customers Impacted: 8,253

Effect On Customers: Today’s data landscape is undoubtedly dangerous, but insider threats, can be avoided with comprehensive awareness training. When these initiatives are in place, everything from accidental sharing to weak passwords can be identified and avoided resulting in a devastating data breach.

Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


THREAT FOCUS: Travistock & Portman NHS Foundation Trust - UNITED KINGDOM

Exploit: Accidental sharing

Tavistock and Portman NHS Foundation Trust: Healthcare provider specializing in gender identity services

Risk to Small Business: 2 = Severe: An employee accidentally included the visible email addresses for thousands of clinic visitors, amounting to a significant privacy breach for a particularly sensitive patient group. The incident is classified as a “serious incident” by UK law, and the company will have to report the event to the information commissioner. In total, the provider believes that the breach could cost them millions of pounds in damages, along with intense regulatory scrutiny because of the nature of the breach and the privacy violation that ensued. Moreover, the breach is a deep stain on their reputation that could discourage people from seeking the clinic’s services in the future.

Individual Risk: 2.857 = Moderate: The data breach exposed patient email addresses that can be linked to identities, which is uniquely troubling given the private nature of the clinic’s offerings. While there is little risk of this information being used to perpetuate Cyber Crimes, those impacted by the breach could face untold personal repercussions if they are identified.

Customers Impacted: 2,000

Effect On Customers: Valuing your customers requires protecting their information, especially when that data is sensitive and private. Apologies and improvements are the right response, but companies can demonstrate they care by developing and implementing protocols to ensure that accidental sharing and other avoidable cybersecurity threats don’t compromise user data.

Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


THREAT FOCUS: Entrecom Communications - UNITED STATES

Exploit: Ransomware

Entercom Communications: Broadcasting and radio company based in Bala Cynwyd, Pennsylvania

Risk to Small Business: 2.111 = Severe: Hackers were able to spread ransomware across a company’s network using one company computer. The attack brought down email services, billing networks, and shared drives. While broadcasts continue uninterrupted, employees have been warned not to connect any devices to the company network, and Entercom expects several days of outages before services will be fully restored. Hackers are demanding $500,000 to decrypt the ransomware, but the company is choosing to use cybersecurity services to restore their network instead.

Individual Risk: No personal information was compromised in the breach.

Customers Impacted: Unknown

Effect On Customers: Regardless of the recovery methodology, recovering from a ransomware attack is incredibly expensive. In this case, hackers demanded US$500,000 to restore Entercom’s network, a cost that comes without guarantees that bad actors will follow through on their promises. However, restoring a network often carries similar or even higher costs, meaning that there are no good solutions once an attack occurs. In a similar breach early this year, a station estimated that they lost up to US$800,000 in revenue in addition to the US$500,000 recovery charge. Consequently, it’s clear that every business needs to protect its bottom line by ensuring that its cybersecurity standards align with today’s emerging threat landscape.

Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


THREAT FOCUS: Premier Family Medical - UNITED STATES

Exploit: Ransomware

Premier Family Medical: Comprehensive family healthcare provider

Risk to Small Business: 2.111 = Severe: A ransomware attack on Premier Family Medical has significantly restricted employees’ access to patient data and company services, halting key business operations. In some cases, the opportunity cost associated with a ransomware attack can be more costly than the actual recovery effort, placing a multifaceted strain on a business’s finances.

Individual Risk: No personal information was compromised in the breach.

Customers Impacted: 320,000

Effect On Customers: Ransomware attacks have been on the rise in 2019, often targeting SMBs with limited resources for cybersecurity initiatives. Unfortunately, whether companies pay a ransom or restore operations using other recovery efforts, the implications can lead to lower ROI, or even worse, closed doors. When it comes to protecting your network against a ransomware attack, a strong defensive posture is the only option, and it’s one that every business should consider to be mission-critical in today’s digital environment.

Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


THREAT FOCUS: Metro Mobility Transport - UNITED STATES

Exploit: Phishing attack

Metro Mobility: Shared ride public transportation service for riders with disabilities and health complications

Risk to Small Business: 2.111 = Severe: A company employee fell victim to a phishing scam that provided hackers with access to an email account that contained customer data. The breach was discovered on August 14th, and it includes information from rides starting on June 13th. The company issued an apology for the incident, and they are upgrading their email security protocols to prevent this from happening in the future. However, it’s impossible to retroactively secure personal data, and Metro Mobility will certainly incur a significant cost for failing to protect sensitive information in advance.

Individual Risk: 2.714 = Moderate: Hackers had access to personal information for over a month, which ranged from riders’ names, pickup and drop-off addresses, ride times, and, in some cases, phone numbers. Fortunately, financial data and Social Security information was not accessed in the breach. However, such seemingly innocent information can be used to perpetuate crippling attacks, and those impacted by the breach should be especially careful to monitor their accounts for suspicious or unusual activity.

Customers Impacted: 15,200

Effect On Customers: A data breach has far-reaching consequences for any company, which makes a preventable attack like a phishing scam especially problematic. Protecting customer data means protecting your bottom line, and cybersecurity training is a low-cost initiative to ensure that phishing threats are neutralized before they compromise customer data and put your company at risk.

Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.



POSTSCRIPT:


Data Breaches Put Small Businesses at Risk 

Data loss events are a huge risk for any company, but the aftermath of a data breach can be especially problematic for SMBs, a recent study by Bank of America Merchant Services concluded. 

The survey, which included 522 small businesses and 409 consumers in the US, questioned consumers and small businesses about the cybersecurity risks underscoring today’s digital environment. In response, one in five SMBs reported a data breach in the past two years, a 17% increase in two years. Moreover, 41% of small businesses endured a data breach that cost the company more than $50,000. This financial component is especially troubling for SMBs, which don’t have extravagant resources that large corporations can use to hasten their recovery efforts. Making matters worse, 30% of consumers indicated that they would never return to a small business that endured a data breach, a 20% increase year-over-year. These trends are taking place as SMBs are increasingly moving online. 51% of SMBs run their own websites, and 70% have some form of e-commerce component to their business. In total, it’s evident that SME’s have every reason to prioratise data security protocols as a foundational element of a successful, sustainable business model.


Brute Force Attacks are the Preferred Method for Spreading Ransomware 

Ransomware attacks are on the rise in 2019, making headlines as they afflict local governments and SMBs with frightening regularity. At the same time, the cost of a ransomware attack is rising precipitously, making these attacks one of the most complicated and feared cybersecurity risks this year.  However, cybersecurity researchers at F-Secure found that brute force attacks are one of the most prevalent methodologies deployed by hackers, occurring in 31% of ransomware attacks. This approach leverages common or weak passwords to access employee email accounts or company networks where malware can be deployed. Consequently, companies can reduce their exposure to ransomware threats by ensuring that employees maintain strong, unique passwords for all their accounts. This simple cybersecurity standard is just one best practice that employers can instill in their employees through comprehensive awareness training that can help thwart cyberattacks.



Disclaimer*: Avantia Corporate Services Pty Ltd and Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, and up to 56 other countries who provide cyber breach and cyber security information to us in real time. Given their international focus and experience in the cyberspace arena we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the contents accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.

Subscribe below to receive our weekly Threat Updates straight to your inbox.

Call (07) 3010 9711 

info@avantiacorp.com.au

 

Avantia Corporate Services Pty Ltd,                    Level 7, 320 Adelaide Street

Brisbane, Queensland 4000

AUSTRALIA.

  • LinkedIn Social Icon
  • Facebook Social Icon

DISCLAIMER*: Avantia Corporate Services Pty Ltd and Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, and up to 56 other countries who provide cyber breach and cybersecurity information to us in real-time. Given their international focus and experience in the cyberspace arena, we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the content's accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.

*COPYRIGHT 2020* Avantia Corporate Services  PTY LTD - All Rights Reserved.

© 2020 by Avantia CORPORATE SERVICES . All Rights Reserved.