top of page
  • Avantia Threat Update


Updated: Jan 12, 2019

Will you carry a Virus from your Home to your Office?

This week, Work At Home workers cyber security under scrutiny, Netflix scammers raise their heads, the ‘Town of Salem’ game maker got breached, an Irish tram service dealt with ransom, and German politicians were besieged by cyber criminals.

This Past Weeks Dark Web Compromise Trends:

Top Source Hits: ID Theft Forums (98%) Top Compromise Type: Domains Top Industry: Manufacturing Top Employee Count: 11-50 employees (36%)

This Past Weeks Top Targeted Industries

Software Hits: 74 | Targets: Google, GitHub, Kaspersky Lab, OpenCoin, Yahoo

Healthcare Hits: 55 | Targets: Singapore Health Services

Retail Hits: 48 | Targets: The Neiman Marcus Group, Apple, Target Corp, Toys R Us, Forever 21, Barloworld Ltd

Information Technology Hits: 43 | Targets: Google, Yahoo, Facebook, Adobe, Apple

This Past Weeks Top Threat Actors:

Thedarkoverlord Hits: 32 | Targets: Netflix, United States, Larson Studios, American Broadcasting Company, Healthcare

Shadow Brokers Hits: 20 | Targets: Microsoft Windows, Microsoft, Cisco Systems Inc, Iran, China

APT28 Fancy Bear Hits: 20 | Targets: Democratic National Convention, United States, Democratic National Committee, Germany, United States Senate

Magecart Hits: 19 | Targets: British Airways, Newegg, Ticketmaster Entertainment, Magento, Feedify

Hezbollah Hits: 13 | Targets: Israel, Syria, Lebanon, Iran, United States

This Past Weeks Top Melware Threat

Wcry Hits: 49 | Targets: Boeing, Microsoft Windows, United Kingdom, Bitcoin, North Korea

NotPetya Hits: 37 | Targets: Ukraine, United Kingdom, Russia, A.P. Moller-Maersk, United States

Modlishka Hits: 15 | Targets: GitHub

Ryuk Ransomware Hits: 13 | Targets: United States, Bitcoin, Check Point Software Technologies Ltd, North Carolina

Sentry MBA Hits: 11 | Targets: Pastebin, Microsoft Windows 10


In Other News:

Working from home could land you out of a Job…..

As the historical debate surrounding work-from-home (WFH) policies continues in many businesses, an additional consideration has surfaced: IT security. Home networks in WFH environments can expose your company to security risks, as devices are connected to the internet and can serve as an entry point for hacks. With the advent of remote working arrangements and rising adoption of smart devices, employees are accessing enterprise software such as cloud-based apps, video conferencing software, and file sharing regularly, resulting in vulnerabilities that black hat hacker’s can tap into with little to no difficulty. Of course, this doesn’t necessarily mean you should discontinue working from home. Instead, consider how you can arm your employees with best practices for securing their devices and networks (including Home Wi Fi Networks) to avoid breach possibilities.

Netflix Mail Scam is a “doozy” with many victims…..

If you’re a Netflix subscriber, you may have received an innocuous email stating that your account is “on hold” due to issues with processing your bill. You may think, “huh, that’s weird. I’ll click the link and update my payment details.” You wouldn’t be the only one to fall for this. However, the email is not from Netflix at all; it’s actually a phishing scam designed to steal your account details. This is similar to scams that hit in September and October 2017. The way the scam works is like this: the hackers pose as a trusted company, in this case, Netflix. Their aim is to steal your personal info like account numbers, passwords, credit card details, or even your Tax File Number. This particular email asks you to click on the link and update your payment information. It claims that your account is “on hold” because Netflix is “having some trouble” with the billing information it has on file. This may sound reasonably legitimate, and at first glance, it certainly appears as if it was sent directly from Netflix. However, if you click the link, you could download malware which can then be used to access your accounts—or even lock you out of your computer. According to Netflix, it would never ask for a user’s personal information via email, including payment information, any type of identification number, or an account password. The trouble is that emails like this often send you to fake websites that look just like the real one. There, you enter your bank details and click save, unknowingly sharing you financial info with criminals.

How to tell if the email is fake:

If you received this Netflix email, or a similarly sketchy email from another company, here’s what you need to do. First, do not click on any link. It is recommended that you look for telltale signs of fraud when you receive an email asking you to click on anything. Take a look at the sender and see if the domain it’s from is correct. Often it’s a bunch of random letters. At first glance, the email looks reasonably legit. But as with any email, you must be on the lookout for bad spelling and grammar. On the Netflix email, the message begins with “Hi Dear.” Does this sound like something Netflix would say? This is a BIG red flag right out of the gate. Armed with just that info alone, we can be pretty certain the email is not actually from Netflix.

Australia’s Early Warning System cracks under pressure from hackers….

This past week Australians got texts, emails and phone calls from a trusted emergency warning service after a hacker broke into its systems and used it to send fake messages.On 5 January, the intruder compromised systems operated by the ‘Early Warning Network’, an Australian company that provides early warning information about severe weather events and bushfires to clients across the country. Started in 2007, the company provides emergency warning services to federal, state and municipal government clients to help protect their citizens. The hacker used EWN’s systems to send messages to citizens via email, landline phone calls, and SMS. The messages, sent were titled “EWM Hacked – Privacy Alert”.

The company moved quickly to fix the problem, catching the attack and shutting off the system. Nevertheless, a “small proportion” of its database received the alert, it said in a Facebook notice. Reports indicated that tens of thousands of people had been affected.On Monday the company updated its post, adding that the hacker had hijacked a legitimate account to login and post the nuisance spam. Comments on the Facebook post came mostly from people who said they had received the message and deleted it as suspicious, although a handful said that they had clicked on the link and were now worried. To its credit, EWN answered these comments – along with direct emails – reassuring concerned citizens that the message wasn’t a threat and their personal information was safe. Some municipal councils in Australia that subscribe to EWN services and distribute alerts to their citizens also reposted the company’s warnings.


THREAT FOCUS : BlackMediaGames (Town of Salem) – USA

Exploit: LFI/RFI attack that injected malicious code into database. BlankMediaGames: Game maker of ‘Town of Salem’. Risk to Small Business: 2 = Severe: With a number as high as 7.6M users exposed, this cyberattack has the potential to be game-changing. News broke that DeHashed, a commercial breach indexing service, discovered the successful attack before Christmas and tried alerting the company, but no actions were made to secure the hacked servers and notify users until later on. Cybersecurity experts are claiming that the company’s hashing technique (PHPBB) for securing passwords was relatively weak, meaning that it is only a matter of time until hackers were able to crack them. Customers Impacted: 7.6M users of ‘Town of Salem’. Effect on Customers: Although ‘BlankMediaGames’ clarified that it does not handle payment information, users may not fully grasp what this means. When they hear breach, they feel exposed. To further compound the issue, the company admitted that its hashing platform for passwords was not as secure as it could be. Overall, video game services are becoming “low hanging fruits” for cybercriminals due to the emphasis of user experience over security and increasingly growing value of digital “in-game” goods or purchases. Risk Levels: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk *The risk score is calculated using a formula that takes into account a wide range of factors related to the assessed breach.

THREAT FOCUS: Orange Telecommunications – FRANCE & SPAIN

Exploit: Device vulnerability in modems that reveals Wi-Fi credentials. Orange: Telecommunications operator that offers a router product. Risk to Small Business: 2.333= Severe: Although such an attack can be contained by finding all the hardware products with vulnerabilities, the breach can negatively impact customers and result in the erosion of brand loyalty. Individual Risk: 2.571= Moderate: Such a compromise can be dangerous because it enables hackers to execute on-location proximity attacks, which means they can travel to a company headquarters or home to access a network and then hack into connected devices nearby. Also, Wi-FI passwords might be reused elsewhere, such as the backend administration panel, allowing hackers to control the system infrastructure and create online botnets. Customers Impacted: 19,500 customers using Orange Livebox modems. Effect On Customers: Security vulnerabilities in hardware can be financially catastrophic, as they usually result in expensive patches, product recalls, reinvention, and customer churn. Risk Levels: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk *The risk score is calculated using a formula that takes into account a wide range of factors related to the assessed breach.


Exploit: Website compromise via newsletter hack. Luas: Light rail system in Dublin. Risk to Small Business: 2.111 = Severe: Since the investigation is ongoing, the extent of damage is not determined. However, the hacker responsible for the attack threatened to publish all compromised data if the demanded ransom of 1 bitcoin was not met within 5 days. Currently, no financial information has been exposed, but complete access to a company’s website can result in theft of IP, IT system interference, and entry into sensitive data. Individual Risk: 3 = Moderate: Given that the attack was limited to the 3,226 that signed up for the Luas newsletter and did not include payment details, the threat to individual compromises is relatively low. Nevertheless, it remains to be seen if there will be other repercussions. Customers Impacted: 3,226 people who signed up for the Luas newsletter. Effect On Customers: Situations where ransom is involved can be sticky, since there is no assurance that the hacker will not leak the data even if the ransom is paid. On the other hand, the group or person responsible has threatened to publish all data and send emails to the users, which could cause customers to avoid visiting the website or trusting their payment information with the tram service. Also, the hacker could virtually destroy the website, resulting in the company having to rebuild their entire platform. Risk Levels: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk *The risk score is calculated using a formula that takes into account a wide range of factors related to the assessed breach.

THREAT FOCUS: Victorian State Government - AUSTRALIA

Exploit: Phishing attack on government employee directory. Victorian Government: State Government of Victoria. Risk to Small Business: 2.333 = Severe: Even though the stolen directory included work details for 30,000 government employees, the list only contained work emails, job titles, work phone numbers, and in some cases, mobile phone numbers. However, there is the possibility that public servants who were compromised may feel exposed and choose to leave, causing employee turnover. Individual Risk: 2.714 = Moderate: Payment and banking information was not compromised, but the compromised information can still be manipulated by hackers to orchestrate future phishing, spam, and social engineering attacks. Those who were affected should remain vigilant in order to protect themselves. Customers Impacted: 30,000 government employees. Effect On Customers: It is clear that data breach notifications are piling up in Australia after the introduction of the Notifiable Data Breaches (NDB) scheme. Businesses and consumers alike are beginning to realize the magnitude of breaches that are seemingly benign but can be leveraged to execute complex cybercrime. Risk Levels: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk *The risk score is calculated using a formula that takes into account a wide range of factors related to the assessed breach.


German Politicians and Celebrities are ‘kaput’……

Hundreds of German parliament members, most notably Chancellor Angela Merkel, and celebrities are having their personal details leaked in what seems to be a politically motivated cyber-attack. Information including financial details, contact information, private conversations, and more was originally leaked in December on a Twitter account, which was only recently discovered and suspended.

Although six of seven main political parties were among those affected, no members from the far-right Alternative party (AfD) seem to be impacted. Officials are saying that the data could have been obtained by hackers using stolen passwords to log into email accounts, social networks, and cloud-based services.



* Disclaimer: Avantia Corporate Services Pty Ltd and Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, and up to 56 other countries who provide cyber breach information to us in real time. Given their international focus and experience in the cyberspace arena we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the contents accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions.

bottom of page