Search
  • Avantia Threat Update

WINDOWS 7 "END OF LIFE" - URGENT UPGRADE REQUIRED TO STAY IN THE GAME.


This Past Week*: New Windows 10 vulnerabilities highlight the need to upgrade from Windows 7;

The top 3 ways to make Office 365 endpoint more secure; Insider threats highlight the need for “Deep Dive” cyber vetting of new employees; Laboratory results of 15 Million Canadians hacked and stolen; Hackers steal US$11 Billion in crypto currency since 2011; Experian Cyber Report: Reasons to be fearful in 2020; Phishing scams cost millions; Oversights compromise customer data; Magecart targets Australian brushfire donors and major breaches in AUSTRALIA; CANADA; GERMANY; UNITED KINGDOM and UNITED STATES.


Top Dark Web ID Trends*: Top Source Hits: ID Theft Forums

Top Compromise Type: Domain 

Top Industry: High-Tech & IT

Top Employee Count: 1 - 10 Employees 

______________________________________________________________________________


NEW WINDOWS 10 VULNERABILITIES HIGHLIGHT THE NEED TO UPGRADE FROM WINDOWS 7.*

It seems like just yesterday that Windows 7 was in our lives, but did you know that Microsoft has discontinued its support for the iconic operating system? That means you’ll no longer receive important security updates, and worse still, there’s a new vulnerability with Windows 10 you need to be mindful of that affects both the old and the new operating system. Over the last 40 years, the development of personal computer (PC) technology has been rapid, to say the least. When it comes to operating systems, however, we haven’t always been willing to adopt every shiny new incarnation. So, has the time come to finally say goodbye to Windows 7. Since its release on 22nd October 2009, Windows 7 has become one of Microsoft’s best-loved products. So much so that over 40% of PC’s are still running the software, despite the introduction of Windows 10

All good things must come to an end, and the time for change is upon us.

How much longer will Windows 7 be supported? Back in 2009, Microsoft made a commitment to provide extended product support — including technical assistance and security updates — for Windows 7 until 14th January 2020. So, what happens next? Having already ended mainstream support on 13th January 2015, Microsoft will discontinue Windows 7 extended support to focus on newer technologies. This will herald a new era for Windows 10, with businesses advised to upgrade to the current system before its predecessor’s end of life date arrives — the point at which product support ceases.

What’s the difference between mainstream and extended support periods?

Everything has a shelf life — especially in the fast-paced world of IT technology. The lifecycle of a Microsoft operating system begins with its release and ends with the termination of support. This typically includes two service periods: mainstream support and extended support.

Mainstream support

During an operating systems mainstream support period, Microsoft continues to implement security updates, release design changes, and provide paid online and phone support. This typically ends five years after the release date, at which point the extended support period commences. In Windows 7’s case, this first phase of support ceased on 13th January 2015.

Extended support

Extended support typically runs for a period announced by Microsoft until the operating systems end of life — 14th January 2020 for Windows 7. Rather than continuing to develop the product during this period, Microsoft simply releases security updates to keep it safe.

Will it still be safe to use Windows 7?

The constant evolution of computer viruses and other malware means security updates play a pivotal role in protecting a business’s data. Newly identified vulnerabilities will not be patched by Microsoft. Therefore, businesses that choose to continue running Windows 7 beyond this point will be doing so at their own risk. Leaving themselves vulnerable to cyber-attacks.

What’s the best route to change?

Implementing positive change can be expensive and time-consuming. To ensure your business experiences an efficient and cost-effective migration to Windows 10, you must understand your options: replace legacy systems with new devices that run Windows 10 or upgrade existing devices with a full version of the software.

Replacing legacy systems

According to Microsoft: “For most Windows 7 users, moving to a new device with Windows 10 will be the recommended path forward. Today’s PCs are faster, lightweight, yet powerful and more secure, with an average price that’s considerably less than that of the average PC eight years ago.”

Upgrading existing devices

Alternatively, it’s possible to upgrade compatible Windows 7 PCs by installing a version of the Windows 10 software. This is the most cost-effective option in the short-term. However, it’s worth noting that PCs older than four years often cost more to maintain than a new Windows device.

How to implement your migration project

Avoid a situation where you need service or support that’s no longer available, by carefully planning your business’s migration to Windows 10. Having decided whether to replace or upgrade existing devices, it’s time to devise your implementation strategy. Will you choose to budget ahead for this expense or adopt a phased approach over the coming months?

Budgeting ahead

Some businesses will choose to budget ahead for the cost of migrating to Windows 10, before delivering the project at a time that suits them. Including IT in the budget planning helps to control costs, while also keeping technology updated. The sooner this process begins, the more strategic the business can be in terms of budgeting, ensuring the project is delivered on time and within budget.

Phased approach

By implementing a phased approach to Windows 10 migration, businesses can control the impact of change on their operations and customers. This includes user training — the Windows 10 interface is about 70% the same as Windows 7, but that last 30% must be accounted for — and the perceived risk if something fails.

Common issues to avoid during the migration

As well as the financial and strategic implications of upgrading to Windows 10, there are several technical issues to consider. ..

Avoid compatibility issues — evaluate the compatibility of Windows 10 with your business’s applications — these might include finance, HR, CRM, and ERP. Despite being the most compatible version of Windows ever, take the time to liaise with your application vendors to confirm their compatibility and avoid disruption further down the line. Applications that need upgrading should be tested separately prior to the upgrade to minimise user impact.

Avoid post migration issues — mitigate against potential post migration issues by implementing a strategic plan for each application. Adopting a proactive approach to your Windows 10 migration will help ensure a smooth user experience.

Avoid integration issues — some applications may require integration setup — this might include Outlook and CRM integration on the client PCs, browser add-ins and Office application plugins. To prevent any disruption, setup processes should be tested when upgrading to Windows 10.

Unsupported applications — although some applications may not be supported by Windows 10, this does not rule out an upgrade.. Taking the time to implement your business’s migration to Windows 10 in a considered and well-planned manner will ensure a smooth transition for users and reduce risk.

Get help from the experts

When it comes to switching from Windows 7 to 10 there is much to consider — from strategy and risk to timeframe and budget. However, implementing such a major migration project doesn’t have to be a daunting prospect. Talk to your IT consultant or Managed Service Provider (MSP) before you embark on a migration strategy.


TOP 3 WAYS TO MAKE OFFICE 365 ENDPOINT MORE SECURE.*

As business confidence in the security of the cloud continues to grow, Office 365 usage becomes more and more prevalent. Today, the Office 365 suite is used by just about every organization on the planet. It allows users to access their files from anywhere (such as from home) and from multiple devices (thin client, laptop, tablet, mobile), and it empowers collaboration. This improves work productivity and efficiency. The large Office 365 user base makes it a prime target for cyber attacks. Cybercrime gangs are very keen to get their hands on sensitive organizational data. Apart from the value of sensitive data, compromised Office accounts can be used to impersonate the legitimate owner in phishing attacks, to siphon off sensitive data contained in emails, and to manipulate money transfers. Until now, much of the focus for Office 365 security has been on securing data transmission and safeguarding the data in the cloud. To achieve this, a number of security measures are available such as transmitting data using TLS and IPsec, containerisation in the cloud, multi-factor authentication via SMS or the Microsoft Authenticator app. Currently, the greatest vulnerabilities for Office 365 are on the endpoint. Although Windows Defender or equivalent anti-virus offers some endpoint protection, in today’s world with polymorphic malware, obfuscation and stealth technologies, anti-virus techniques are woefully inadequate. Application Guard blocks some malicious Office attachments, but current measures fall far short of ensuring the data is safeguarded on the endpoint. Having great security during data transmission and on the cloud is of little use if the data is stolen at the endpoint before it is even transmitted or arrives in the cloud. As evidence of the severity of threats for Office 365 users, we can examine the top 10 most prevalent threats on the endpoint as identified by Any.Run – they include (in order) malware such as Emotet, Agent Tesla, NanoCare, LokiBot, Ursnif, FormBook, Hawkeye, AZORult, TrickBot, and njRAT. All of these malware threats harvest keystrokes entered by the user on the endpoint device, and all incorporate techniques to evade Windows Defender and other AV products. Taking the Agent Tesla malware as an example, when researchers tested it against AV products, they found that McAfee, BitDefender, ESET, Microsoft Defender, TrendMicro, Cylance, and Kaspersky, all failed to identify it as malware at all. This is the realty of the world we live in today. Conventional AV protections on the endpoint are completely inadequate and should not be solely relied upon. Over-reliance on AV is the reason why the biggest security threats to Office 365 are currently on the endpoint – threats that steal sensitive data through key-logging and screen capturing.

Organizations should do three things to beef up their endpoint security, adding another security layer to mitigate against these vulnerabilities in Office 365 installations:

Deploy specific protections to securely wrap Office 365 and provide protection against all kernel level key-logging. This protection should not rely on identifying the key logger, but should work proactively against all present and future key logging threats, out the box without the need for regular signature updates.

Deploy safeguards which specifically prevent screen grabbing of Microsoft Word, Excel and PowerPoint installations, while allowing the user to continue using collaborative tools such as GoToMeeting, Google Hangouts and TeamViewer.

Check the integrity of Office 365 logon credentials in real-time when the user logs on, against known stolen credentials, and take appropriate actions in the event of a match.


INSIDER THREATS HIGHLIGHT THE NEED FOR CYBER VETTING OF NEW EMPLOYEES*

Insider threats perpetrated by current or former employees such as data theft, system compromise or malicious destruction are a growing threat for organisations with some experts quoting up to 70%+ of all damaging attacks can be traced back to this source. At Stoke-on-Trent hospital in the UK an administrator has avoided prison after hacking his NHS trust and helping himself to almost 9,000 heart scan images. Daniel Moonie, a 27-year-old of Waterlily Close, Etruria, Stoke-on-Trent, was cautioned by police in 2017 after he was caught remotely accessing the internal network of the Royal Stoke hospital, something he wasn't authorised to do. Moonie, who was employed by the hospital's heart and lung department as an administrator, was sacked. As part of the police caution he agreed not to access any IT system within the hospital, not to enter the hospital unless he was ill or visiting a patient, and not to contact hospital staff unless asked to by the HR department. He later unsuccessfully appealed against the caution. Crown prosecutor Paul Spratt told Stoke-on-Trent Crown court: "He made an error in March 2017 and was cautioned for accessing the hospital computer by a home computer. He had, in truth, not obtained any material of a sensitive nature at that time. "Nursing a grievance over his treatment, and believing he wasn't the only one remotely accessing the hospital network, Moonie changed the password for an admin account in order to maintain his illicit access. In December 2017, the Royal Stoke's head of cybersecurity discovered that changed password, as related in a report of Moonie's sentencing by the Daily Mail. Police were called in and they searched Moonie's home, discovering 14 files relating to his sacking – as well as 600 staff-related documents, "about 150 documents related to management matters", and photos of patients' medical procedures across two disk drives. Crown prosecutor Spratt told the court: "There were 8,895 images of cardiac tests but they were unattributed. He used the computer to reveal information to him that he had no right to. He was misguided and motivated out of a desire that he was not carrying the can for another." Another unnamed person, who was allowed to resign, was also said to have been involved with Moonie's illicit access. His Honor Judge David Fletcher told Moonie: "You are not lacking in intelligence. You clearly know your way around computers. You need now to concentrate very hard on utilising the skills you have in going forward in a positive manner and not resort to this behavior which could result in something that causes a massive blow to public confidence." Moonie admitted one offense under section 1(1) of the Computer Misuse Act 1990 between 1 August 2016 and 31 December 2017. He was handed a 12-month community order including 160 hours' unpaid work and must pay £2,000 in prosecution costs. Mark Bostock, director of Information Management and Technology at University Hospitals of North Midlands NHS Trust, said in a canned statement: "Concerns about Daniel Moonie's activity were raised by a colleague and immediate action was taken to launch an internal investigation, involve the police and notify the Information Commissioner’s Office." Bostock added: "The full extent of Mr Moonie's activity has only come to light during the police investigation and now that the trial has concluded we will be working with the Police and the ICO to establish what, if any action should now be taken in terms of notifying individual members of the public or staff about their data. We would like to reassure patients that there is no evidence of harm or risk to their care as a result. "Moonie's case has some similarities with that of Jet2 hacker Scott Burns, who was also sacked, held a grudge and was later caught logging back into his former employer's network. This case illustrates the need for ‘positive vetting’ of new and existing employees in senior or sensitive roles by a Cyber Security expert to “Deep Dive” into the individuals social media profile and other areas to uncover any areas of concern.


LAB RESULTS OF 15 MILLION CANADIANS HACKED.*

LifeLabs, which does blood work and other tests across Canada, said in a letter to customers recently that their names, contact information, health card numbers and lab test results were exposed in a cyber attack on its computers in early November. Most of those affected are in Ontario or British Columbia. The company also said it paid an undisclosed sum to the hackers to retrieve the data, and has retained cyber security experts to isolate and secure its affected computers, as well as determine the scope of the breach. "We want to emphasize that at this time, our cyber security firms have advised that the risk to our customers in connection with this cyber attack is low," the company said in a statement. It added that its security consultants "have not at this time seen any public disclosure of customer data as part of their investigations, including monitoring of the dark web and other online locations." Ontario and British Columbia Privacy Commissioners Brian Beamish and Michael McEvoy said they are conducting a joint investigation into the breach, calling the scale of the attack "extremely troubling”.


REASON TO BE FEARFUL IN 2020 - EXPERIAN CYBER REPORT.*

Cybercriminals will continue to exploit tried-and-tested fraud methods but also adopt a couple of new takes and targets in the year ahead. Predictions from fraud specialists at Experian suggest continued threats from careless use of public Wi-Fi networks. With ever more spots available, users need to be careful of what data they store on their phone and be wary when accessing public networks with unknown security. Experian expects more use of "smishing" – phishing attacks via SMS. Folk are also more likely to fall for scams from an online community they're part of – whether that is a group connected to a political candidate, issue or other theme. The company recommended people take the same precautions with text messages from unknown mobile numbers as they would with emails from unknown sources. Deep-fake video and audio has mainly been used for political purposes so far, but Experian warned that as the technology moves downstream, it will be exploited by cybercriminals. The company said there have been three cases in the US where fake audio of executives has been used to defraud their companies. It also warned that there are few tools to spot deep-fake audio and video content. Certain types of company are more likely to face cyber attacks in 2020, Experian believes. It predicted that cannabis retailers and cryptocurrency exchanges will face more attacks and as immature businesses may not have made the security investment needed to protect their customers. Medical marijuana facilities may store medical records which would prove valuable if stolen. Cryptocurrency exchanges have already been hit by crooks who got away with $41m in Bitcoin in one case. Finally, Experian warned that the increasing use of mobile payment systems – expected to hit US$4.5 trillion by 2023 – will be an ever more tempting target for fraudsters. It noted that most NFC payment apps have decent security, but some handheld point-of-sale devices for swiping cards used at venues and retailers are less secure. In a refreshing bout of honesty, Experian also rated the accuracy of the predictions it made last year. Firstly was its forecast that biometric security would be targeted in 2019. The credit agency gave itself an A grade for this – pointing to the discovery of a million people's fingerprints on an accessible database. But it only got a B grade for suggesting an enterprise-wide skimming attack could succeed in 2019. It marked itself with another B grade for suggesting that a mobile network would see a simultaneous and successful attack on both Android and Apple phones. But better marks for suggesting that a top cloud vendor would be breached. Capital One suffered a massive data loss and the hacker accused of the attack has been charged with targeting another 30 AWS-hosted companies. And a mixed A grade for Experian's prediction that online gamers would fall victim to attacks from crooks posing as fellow, friendly gamers. 2019 did see data losses at Zynga and distributed denial-of-service (DDoS) attacks on gaming servers, but no active attacks from people posing as gamers.


HACKERS HAVE STOLEN US$ 11 BILLION IN CRYPTOCURRENCY SINCE 2011*

More than US$11 billion has been stolen from supposedly secure crypto exchanges, wallets and mining platforms since 2011, mostly due to hacking incidents, research from Inside Bitcoins has revealed. For a form of currency that bases itself on safety and security, $11 billion is a pretty significant number. Stored on blockchain technology and protected by encryption keys, cryptocurrencies are supposed to be impossible to counterfeit or copy. In fact, the currency is so secure that when the co-founder and chief of Canadian exchange QuadringaCX Gerald Cotten died last year, it transpired he was the only one with the digital keys to the digital safe where all the coins were kept. Since then, there have been questions as to whether or not Cotton actually died at all. Lawyers for Quadringa’s investors have even called for his body to be exhumed in order to settle the matter once and for all. However, it turns out even crypto coins can be half-inched. According to US bitcoin publication Inside Bitcoins, there have been some 33 hacking incidents, globally, since 2011. The exchange that fell victim to the first reported crypto hack in 2011 was also on the sharp end of the biggest hack in 2014. In 2011, Tokyo exchange Mt.Gox was breached, losing about US$17.2 million in bitcoin. It recovered from the incident, and by 2014, it was the leading exchange in the world, managing about 70% of all bitcoin transactions. In February 2014, however, it suffered a second attack, losing about US$6.5 billion worth of bitcoin ⁠— or six percent of all bitcoin in existence at the time. Three years later, Mt.Gox was bankrupt. The Mt.Gox hack of 2014 is now infamous ⁠— it’s the subject of lengthy deep-dive articles, it’s explored in many tech podcasts and its even the subject of an ebook. Three additional hacks were recorded in 2014, bringing the total loss to US$6.7 billion, and making the year an almost comical standout on a graph detailing losses over the past eight years. By contrast, the second most-catastrophic year was 2016, which saw total losses of US$1.6 billion in cryptocurrency. Interestingly, 2017 saw an increase in the number of hacks, but a dip in the value stolen. It’s perhaps no surprise that there was more criminal interest ⁠— this was the year of the crypto-boom, in which prices reached a peak of US$20,000. However, the most hacks occurred in 2019, including that of prominent exchange Binance, which lost about US$60.5 million in bitcoin.

______________________________________________________________________________


THREAT FOCUS: Lime Leads - UNITED STATES *

https://www.zdnet.com/article/49-million-user-records-from-us-data-broker-limeleads-put-up-for-sale-online/


Exploit: Unsecured database

LimeLeads: B2B lead generation service

Risk to Small Business: 2 = Severe: LimeLeads failed to secure an internal server, allowing a prominent threat actor to acquire and subsequently sell the company’s data on the Dark Web. The data breach could have significant implications for the company, whose business model centers around brokering company data for marketing initiatives. Security researchers found that the database was publicly exposed since at least July 27, 2019, meaning that the company had ample time to secure the database before bad actors became involved. Now they must grapple with crippling losses, including the less quantifiable brand erosion that accompanies a data breach.

Individual Risk: 2.428 = Severe: Company data has been for sale since October 2019, spanning across personally identifiable information such as their names, titles, email addresses, employer/company names, addresses, phone numbers, and even total revenue numbers. This information can be strategically deployed in spear phishing attacks, so those impacted by the breach should be especially critical of online communications while also closely monitoring their accounts for suspicious or unusual information.

Customers Impacted: Unknown Effect On Customers: Customers and companies are increasingly unwilling to partner with organisations that can’t secure their data. Consequently, avoidable data breaches are an especially egregious way to compromise a company’s long-term viability. Inevitably, mistakes will be made, but identifying those errors and making corrections before hackers can capitalize on the information is critical to any defensive posture.

Risk Levels: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security to the Rescue: It’s critical that SME’s understand the importance of cybersecurity and the ‘cyber risks‘ to their organisation. Our Pinpoint Cyber Security Audits™ are an expansion of our White Glove Onboarding Support that includes a Certified 3rd Party holistic Cyber Security Audit incorporating the “Essential 8” mitigation strategies (as defined by the Australian Cyber Security Centers - a div. of the Australian Defense Signals Directorate) to evaluate our client’s Operational; Legal; Reputational & Recovery Risks with recommendations for remedies. Click on the link at https://www.avantiacybersecurity.com/cyber-security-audit for more information.



THREAT FOCUS: New Albany Airport - UNITED STATES*

https://www.cityandstateny.com/articles/policy/technology/albany-airport-authority-suffers-ransomware-attack.html


Exploit: Ransomware attack

New Albany Airport: New York-based airport authority

Risk to Small Business: 2.111 = Severe: A ransomware attack on one of the airport’s MSPs spread to its servers, encrypting backup files, administrative information, and other resources. Fortunately, the malware did not extend to the Albany International Airport or airline computers. However, the company was forced to pay a five-figure ransom to recover their information. The attack’s effectiveness was predicated on the organization’s outdated hardware and lax cybersecurity standards. In response, the New Albany Airport Authority terminated its contract with the MSP and is taking steps to upgrade its defensive posture.

Individual Risk: At this time, no personal information was compromised in the breach.

Customers Impacted: Unknown Effect On Customers: This incident underscores the cascading consequences of a data breach. For the New Albany Airport Authority, they will bear the financial cost of recovery while their MSP will lose an important contract since they failed to protect their customers’ IT. From both directions, it’s clear that data security failure is a deal breaker in today’s digital environment. Risk Levels: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security to the Rescue: It’s critical that SME’s understand the importance of cybersecurity and the ‘cyber risks‘ to their organisation. Our Pinpoint Cyber Security Audits™ are an expansion of our White Glove Onboarding Support that includes a Certified 3rd Party holistic Cyber Security Audit incorporating the “Essential 8” mitigation strategies (as defined by the Australian Cyber Security Centers - a div. of the Australian Defense Signals Directorate) to evaluate our client’s Operational; Legal; Reputational & Recovery Risks with recommendations for remedies. Click on the link at https://www.avantiacybersecurity.com/cyber-security-audit for more information.



THREAT FOCUS: Manor Independent School District - UNITED STATES*

https://www.usatoday.com/story/money/2020/01/17/email-phishing-scam-texas-school-district-manor/4498270002/


Exploit: Phishing scam

Manor Independent School District: Public school district

Risk to Small Business: 1.777 = Severe: Hackers successfully executed a phishing scam against employees, and they used the stolen credentials to siphon $2.3 million from the district. It took three separate transactions to acquire a significant sum, but their efforts were ultimately successful. The lost funds are just the start of an expensive process that will undoubtedly involve updating cybersecurity protocols, implementing employee awareness training, and upgrading IT infrastructure.

Individual Risk: 2.428 = Severe: While the phishing scam didn’t compromise the district’s data, those implicated in the scheme submitted their account credentials to cybercriminals. They will need to update their account information to ensure its long-term security. At the same time, they should closely monitor their other accounts for unusual or suspicious activity.

Customers Impacted: Unknown Effect On Customers: While some companies might be reticent to invest in employee awareness training, this incident demonstrates that the cost of a successful phishing scam far exceeds the expense of preventative measures. The district is working to recoup lost funds but is not likely to emerge unscathed. This news offers a cautionary tale for organizations of all shapes and sizes; preventative measures are only effective if they are implemented before a breach occurs. Risk Levels: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: BullPhish ID simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime. To find out more, please call Avantia on 07 30107911 for a no obligation discussion of how we can help you.



THREAT FOCUS: PlanetDrugsDirect - CANADA*

https://www.bleepingcomputer.com/news/security/online-pharmacy-planetdrugsdirect-discloses-security-breach/


Exploit: Exposed client data

PlanetDrugsDirect: Online pharmacy

Risk to Small Business: 1.666 = Severe: PlanetDrugsDirect sent emails and direct mail to its customers, notifying them of a data breach that compromised customers’ personal health information (PHI). In addition to customer blowback, PlanetDrugsDirect will face intense regulatory scrutiny because of the sensitive nature of the data compromised. Additionally, their response was ambiguous at best, minimizing the company’s ability to begin restoring customer confidence in the wake of the data breach.

Individual Risk: 2 = Severe: According to the company, hackers accessed customers’ names, addresses, email addresses, phone numbers, medical information, and payment information. Those impacted by the breach should notify their financial institutions of the event. PlanetDrugsDirect is asking all customers to closely monitor their bank account and credit account activity. Increased vigilance surrounding online communications is key, as this information is often used to execute phishing scams and other cybercrimes.

Customers Impacted: Unknown Effect On Customers: PlanetDrugsDirect sent emails and direct mail to its customers, notifying them of a data breach that compromised customers’ personal health information (PHI). In addition to customer blowback, PlanetDrugsDirect will face intense regulatory scrutiny because of the sensitive nature of the data compromised. Additionally, their response was ambiguous at best, minimizing the company’s ability to begin restoring customer confidence in the wake of the data breach. Risk Levels: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: With BullPhish ID, Avantia can provide a more complete picture of a company’s security posture and potential risk, transforming the weakest links of an organisation into their strongest points of protection. Find out how you can get started with us by phoning Avantia on 07 30109711



THREAT FOCUS: City of Corner Brook - CANADA*

https://www.cbc.ca/news/canada/newfoundland-labrador/corner-brook-privacy-1.5429593


Exploit: Unauthorized database access

City of Corner Brook: Local municipality

Risk to Small Business: 2 = Severe: On four occasions, hackers accessed private information on the city’s website that included peoples’ personally identifiable information. Specifically, the data related to a previous voters’ directory. After identifying the breach, the city brought the entire system offline to prevent further access while officials investigate the nature and scope of the attack.

Individual Risk: 2.428 = Severe: The data breach included a voters’ list comprised of residents’ names and dates of birth. While the city is designating the information “low risk,” those impacted by the breach should carefully monitor their accounts. Login information that is reused across accounts can be leveraged in phishing scams that can compromise even more critical personal data.

Customers Impacted: 10,000 Effect On Customers: Cybercriminals often pursue soft targets, organizations or institutions with weak cybersecurity standards. Budgetary restrictions are a real hurdle to cyber defense, but any organization can improve its defensive posture by implementing simple best practices, like two-factor authentication, to secure accounts and IT infrastructure. Risk Levels: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Avantia Cyber Security & ID Agent to the Rescue: With AuthAnvil, you can protect valuable IT but securing employee accounts. We offer integrated multi-factor authentication, single sign-on, and identity management solutions to protect your credentials and your data. Find out more by phoning Avantia on 07 30109711 to discuss how we can help you.



THREAT FOCUS: Bithouse Inc - GERMANY*

https://www.infosecurity-magazine.com/news/peekaboo-moments-data-breach/


Exploit: Unsecured database

Bithouse Inc.: App developer

Risk to Small Business: 2.111 = Severe: Security researchers discovered an exposed database for Bithouse Inc.’s Peekaboo Moments app. The software is used by parents to collect photos and videos of their children’s memorable moments, making the exposure of this information to the open internet a serious privacy violation that is certain to have significant consequences for developers. The exposed database included files dating back to March 2019, and security researchers described their IT infrastructure as “bizarrely done and grossly insecure.” Customer blowback and the subsequent financial repercussions will be considerable.

Individual Risk: 2.428 = Severe: In addition to user email addresses, photos and videos collected by app users were available on the exposed database. This information could be deployed in additional cyberattacks, including phishing campaigns, but the most significant violation is a profound privacy intrusion due to company negligence.

Customers Impacted: 800,000 How it Could Affect Your Customers’ Business: Bithouse Inc. is enduring serious media scrutiny because of the uniquely sensitive nature of the content. Ultimately, functionality, accessibility, or even novelty can’t supplant data security. The episode should serve as a lesson to every company collecting personal information and encourage developing digital platforms to rethink their data security postures.

Risk Levels: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security to the Rescue: It’s critical that SME’s understand the importance of cybersecurity and the ‘cyber risks‘ to their organisation. Our Pinpoint Cyber Security Audits™ are an expansion of our White Glove Onboarding Support that includes a Certified 3rd Party holistic Cyber Security Audit incorporating the “Essential 8” mitigation strategies (as defined by the Australian Cyber Security Centers - a div. of the Australian Defense Signals Directorate) to evaluate our client’s Operational; Legal; Reputational & Recovery Risks with recommendations for remedies. Click on the link at https://www.avantiacybersecurity.com/cyber-security-audit for more information.



THREAT FOCUS: Fresh Film Productions - UNITED KINGDOM*

https://www.verdict.co.uk/fresh-film-data-breach-dove/


Exploit: Unsecured database

Fresh Film Productions: Advert film production company

Risk to Small Business: 2 = Severe: The production company failed to secure a company database, accidentally sharing their personally identifiable information (PII) online. After learning of the incident, the company immediately secured the database, but the server has been publicly available since 2018 and was accessed by cybercriminals. Most notably, the database contained the personal information of 40 men who participated in a Dove Men ad campaign.

Individual Risk: 1.666 = Severe: The exposed database included personally identifiable information, including names, addresses, email addresses, telephone numbers, dates of birth, and bank details. Those affected need to notify their financial institutions of the breach and consider enrolling in identity and credit monitoring services to protect their information against additional cybercrimes or fraud attempts.

Customers Impacted: Unknown Effect On Customers: For many consumers, trust in a brand’s data security standards is a prerequisite for doing business. Therefore, companies that fail to avoid even the most preventable data disasters are not well-positioned for success in today’s breach-averse culture. To be a successful, impactful organization, data security has to be a top priority. Risk Levels: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: With Compliance Manager, any company can automate data privacy standards and documentation responsibilities, making compliance a simple, intuitive process for everyone. Phone Avantia on 07 30109711 for more information.



THREAT FOCUS: P&N Bank - AUSTRALIA* 

https://www.zdnet.com/article/p-n-bank-discloses-data-breach-customer-pii-account-information-stolen/


Exploit: Information breach

P&N Bank: Financial services provider

Risk to Small Business: 1.777 = Severe: A third-party partner with P&N Bank was accessed by hackers, compromising the bank’s customer data. The breach occurred during a December server upgrade. In response, P&N shut down the servers to prevent further access or infiltration. Unfortunately, they may not have acted quickly enough, and will now have to manage the trifecta of customer outrage, media scrutiny, and regulatory oversight that’s likely to accompany the event.

Individual Risk: 2.285 = Severe: Although the bank doesn’t believe that customer data was misused, hackers could have accessed customers’ names, addresses, email addresses, phone numbers, customer numbers, ages, account numbers, and account balances. Those impacted by the breach should carefully monitor their accounts for unusual activity and enrolling in credit or identity monitoring services can ensure that their personal information remains secure.

Customers Impacted: Unknown Effect On Customers: In every sector, third-party partnerships are proving to be a vulnerability when it comes to data security. While these collaborations are often necessary to provide a compelling customer experience, data security should be a central element of the vetting process. Otherwise, what companies gain from increased functionality could be lost to the steep consequences of a data breach. Risk Levels: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: Dark Web ID can find out how payment data is being used on the Dark Web, even in the case of a malware attack. We work with our Clients to strengthen their security suite by offering industry-leading detection. Find out more here by calling Avantia on 07 3010911



POSTSCRIPT:


Magecart Attack Targets Australian Bushfire Donations*

Australia’s bushfire natural disaster is one of the most profound in recent memory, inspiring donors from around the world to contribute resources to the cause. Unfortunately, a legitimate donations site was infected with a Magecart payment-card skimmer that stole donors’ personal information when making online payments. The breach was discovered by security researchers, who declined to identify the specific website impacted by the breach. Payment-card skimming malware is an increasing concern for e-commerce platforms, as it collects users’ most sensitive personal data. In addition, it undermines customer confidence in the online payment process, which could decrease their willingness to spend money online. In this case, payment-card skimming could cost valuable resources in a dire situation. For all companies relying on e-commerce to drive revenue, it’s a reminder that customer confidence is a crucial component of successful online sales initiatives. 

Two-thirds of UK Healthcare Organizations Breached in 2019* 

Healthcare companies store peoples’ most sensitive personal information, and data breaches in the industry are both increasingly prevalent and incredibly expensive. A compromised healthcare record is nearly twice as costly as that of the next highest sector.  The consequences of this new reality are especially acute in the UK, where two-thirds of healthcare organizations experienced a data breach in 2019. According to a study by Vanson Bourne, nearly half of these incidents were malware-related. At the same time, other factors, including unauthorized data sharing, phishing scams, and noncompliance with data protection policies, also represented serious threats to healthcare data. Notably, as the industry becomes increasingly tech-driven and comprised of third-party partnerships, these risks will continue to expand. In the year ahead, healthcare organizations around the world will need to reprioritize data security as an added element of quality patient care.
























Disclaimer*:

Avantia Corporate Services Pty Ltd T/A Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, and up to 56 other countries who provide cyber breach and cyber security information to us in real time. Given their international focus and experience in the cyberspace arena we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the contents accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.

*COPYRIGHT 2020* Avantia Corporate Services - All Rights Reserved.


810K +

Want The Information  Cyber Criminal's  Don't Want You To Know?

Subscribe below to receive our weekly Threat Updates straight to your inbox.

Call (07) 3010 9711 

info@avantiacorp.com.au

 

Avantia Corporate Services Pty Ltd,                    Level 7, 320 Adelaide Street

Brisbane, Queensland 4000

AUSTRALIA.

  • LinkedIn Social Icon
  • Facebook Social Icon

DISCLAIMER*: Avantia Corporate Services Pty Ltd and Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, and up to 56 other countries who provide cyber breach and cybersecurity information to us in real-time. Given their international focus and experience in the cyberspace arena, we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the content's accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.

*COPYRIGHT 2020* Avantia Corporate Services  PTY LTD - All Rights Reserved.