Search
  • Avantia Threat Update

WORLDS FIRST DEATH DIRECTLY ATTRIBUTED TO CYBER CRIME.



This Past Week:

The world’s first recorded death directly attributed to a Ransomware attack; A legislative change that could make Ransomware obsolete proposed; Cybercrime Gang stays hidden in a business IT system for 9 years undetected; AI “fuzzing”; A key component of Cyber Security; Hack for Hire group builds a fake online Empire; Ransomware hits the high seas at the United Nations International Maritime Organization; Aussie Scouts staffers aren't picking up a "Phishing Resistance" merit badge anytime soon; Rising ransomware costs and rates and Major Breaches in SWITZERLAND; INDIA; AUSTRALIA; CANADA; UNITED KINGDOM and UNITED STATES.

Dark Web ID Trends: 

Top Source Hits: ID Theft Forums

Top Compromise Type: Domain

Top Industry: Education & Research

Top Employee Count: 501+


________________________________________________________________________


WILL HOSPITALS WAKE UP TO THE THREAT OF CYBER CRIME IN THE WORLD’S FIRST RECORDED CASE, AFTER A PATIENT DIES DURING A RANSOMWARE ATTACK?

A patient at Dusseldorf University Hospital died during a ransomware infection in what is reportedly the first death directly linked to a cyber attack. The hospital was unable to accept emergency patients because of the attack, so the woman – who needed urgent treatment for a life-threatening illness – was sent to another hospital 20 miles away, the Associated Press reported. German prosecutors have since opened a homicide investigation into the incident, while the country’s cyber security agency, the Federal Office for Information Security, was recruited to get the hospital fully operational again. Bad luck or a ticking time-bomb? An already tragic story was made more so with a report from the German news outlet RTL, which claimed that the cyber attack wasn’t intended for the hospital. The ransom note was addressed to a nearby university, which suggests that the attackers weren’t aware that they had infected one of the largest hospitals in western Germany. The criminals stopped their attack when they learned that it had shut down the hospital, but by then the damage had been done. Although it might be easy to chalk this up as unfortunate, you could just as easily say that it was only a matter of time until something like this happened. Arne Schönbohm, president of the Federal Office for Information Security, confirmed that the attack exploited a vulnerability in a Citrix VPN system, which the hospital had been aware of since December 2019. “I can only urge you not to ignore or postpone such warnings but to take appropriate action immediately,” said Schönbohm. “This incident shows once again how seriously this danger must be taken.” Same old story. The healthcare sector has been a lucrative target for cyber criminals for years, due to its apparent unwillingness to commit to better defenses and, in particular, its widespread use of legacy systems. The UK saw the damage that can occur when relying on legacy systems with the WannaCry attack in 2017. Most NHS facilities were still using Windows XP, which Microsoft had stopped supporting in 2014 – and it was a vulnerability with that system that exposed 80 NHS trusts and led to £92 million in damages. Plenty of think pieces were written at the time about how hospitals needed to do a better job of preventing attacks, because future attacks might result in deaths. Yet, as of last year, more than 2,300 NHS PCs were still running on Windows XP, despite the government signing a £150 million deal with Microsoft to update its devices to Windows 10. Given the spate of attacks on hospitals during the coronavirus pandemic – both in the UK and the rest of the world – you would have thought it was only a matter of time before we were no longer talking about just the financial and logistical issues caused by cyber attacks, but the human cost. Hopefully this incident will be a wake-up call for hospitals, which desperately need to prioritise security strategies and realise that cyber attacks can be just as damaging as physical assaults.


RANSOMWARE IS THE BIGGEST PROBLEM ON THE INTERNET - THIS CHANGE COULD BE THE ANSWER:

Making it illegal for companies to pay up when hit with ransomware could finally halt the 'scourge of the internet'. Police always advise ransomware victims against paying off the criminal gangs that have encrypted their computer systems – and there are many good reasons for that.

At the most basic level, even after the companies have handed over the money, it's not always certain they will get their data restored. They are negotiating with crooks after all. But even if they do get their data back, paying up is still a bad idea. It gives the crooks a big payday, which encourages further attacks – perhaps even on the same organisation again. And that big payoff means that gangs can invest in hiring more software developers and hackers to go after even bigger targets. Paying the ransom might save you pain in the short term but means a bigger problem for everyone else in the longer run. Currently businesses in the UK are unlikely to be prosecuted for paying up to a ransomware gang – unless there is a reasonable chance of the payment being used to fund terrorism. But at least one senior figure in the security industry thinks that it should be a lot harder or even illegal to pay ransoms. In a speech earlier this month at security think tank RUSI, former head of the National Cyber Security Centre (NCSC) Ciaran Martin explained just how big a problem the agency considers ransomware to be. "Right up until my final hours at NCSC last month, I remained of the view that the most likely cause of a major incident was a ransomware attack on an important service," he said. "For the attacker, the choice of the service would be incidental. They were just after money. But from the point of view of national harm, that incidental choice of victim could be important. What most kept me awake at night was the prospect of physical harm inadvertently resulting from ransomware." He added: "Criminal ransomware used recklessly by amoral criminals is one of the biggest but least discussed scourges of the modern internet." Martin said if he had "one policy card to play in the next year", he would ask for "a serious examination of whether we should change the law to make it illegal for organisations in the UK to pay ransoms in the case of ransomware". "The case for doing so is not – and I stress is not – a slam dunk, and if the answer is no [to making paying ransoms illegal], we should think of something else to counter ransomware, because it's the single biggest contemporary scourge in cyberspace right now." Martin said it was a curious anomaly that UK extortion laws are largely based on the experience of kidnapping by terrorist groups.  That is, if you are ransomwared by a proscribed terrorist group, it is illegal to pay, but if the attackers are ordinary criminals, or even state attackers, then it's fine. "Surely that needs a look," he said. It's thought that as many as half of organisations pay up when hit with ransomware, which has made data-encrypting malware a major source of revenue for sophisticated criminal gangs. Some versions of ransomware have raked in tens of millions in ransom, usually in the form of hard-to-trace cryptocurrencies like bitcoin. Many victims feel they have little choice but to pay up if the alternative is rebuilding all their computer systems and databases effectively from scratch – and trying not to go out of business as they do it.  But critics have warned being able to pay the ransom means that ransomware attacks are viewed by some as just another cost of doing business, which means they are less likely to invest in the sometimes-costly security systems that would prevent such attacks. If paying the ransom were no longer a legal option, companies would have to make sure their systems were robust enough to stop the attackers in the first place. But it would also put much more pressure on police to track down gangs as well.


ESET SECURITY FIRM DISCOVERS A RARE CYBER CRIME GANG THAT STAYED UNDETECTED FOR 9 YEARS.

Active since 2011 but only discovered this year, the XDSpy hacker group targeted government and private companies in Belarus, Moldova, Russia, Serbia, and Ukraine. Slovak cyber-security firm ESET has discovered a new state-sponsored hacking group (also known as an APT). Named  XDSpy, the group is a rarity in the cyber-security landscape as it managed to remain undetected for nearly nine years before its hacking spree was discovered earlier this year. The group's operations have been detailed for the first time today by ESET researchers in a talk at the Virus Bulletin 2020 security conference. ESET says the group's primary focus has been reconnaissance and document theft. Its targets have been government agencies and private companies in Eastern Europe and the Balkans. Targeted countries included Belarus, Moldova, Russia, Serbia, and Ukraine, according to ESET telemetry data, but other XDSpy operations may still be undiscovered. ESET says the group's operations have now gone dark after one of its campaigns was detected and detailed in a security alert sent out by the CERT Belarus team. Using this security alert as an initial clue, ESET says it was able to uncover past XDSpy operations. Matthieu Faou and Francis Labelle, the two ESET security researchers who spearheaded the investigation into XDSpy, said the group's primary tool has been a malware toolkit they named XDDown. The malware, described to ZDNet by Faou as "not state-of-the-art" was, however, more than enough to infect victims and help the group gather sensitive data from infected targets. ESET described XDDown as a "downloader" used to infect a victim and then download secondary modules that would perform various specialized tasks. This prevented security tools from detecting XDDown as malicious itself, but also allowed the malware to posses some very advanced features. XDDown modules include:


XDREcon - a module to scan an infected host, gather technical specs and OS details, and send the data back to the XDDown/XDSpy command-and-control server.

XDList - a module to search an infected computer for files with specific file extensions (Office-related files, PDFs, and address books).

XDMonitor - a module that monitored what kind of devices were connected to an infected host.

XDUpload - the module that took files identified by XDList and uploaded them on the XDXpy server.

XDLoc - a module to gather information about nearby WiFi networks, information that is believed to have been used to track victim movements using maps of public WiFi networks. XDPass - a module that extracted passwords from locally installed browsers.


As for how victims got infected, XDSpy wasn't particularly original about its operations, using the tried-and-tested technique of spear-phishing email campaigns. In campaigns analyzed by ESET, the group used email subject lines with lures related to lost and found objects and the COVID-19 pandemic. These emails came with malicious attachments such as Powerpoint, JavaScript, ZIP, or shortcut (LNK) files. Downloading and running any of these files would usually infect the victim with malware. Based on the malware's features, its limited distribution, and targeting of government agencies, including militaries and Ministries of Foreign Affairs, ESET said the XDSpy group was an obvious APT —advanced persistent threat— a term used by the cyber-security industry to describe hacker groups carrying out operations on behalf of foreign governments, usually for espionage and intelligence gathering. But which government, ESET did not say. The targeted countries are usually in the focus area of both Russian and NATO countries. However, ESET also noted that many XDSpy malware samples were compiled on Eastern European timezones. There are certain details in the group's malware to support its classification as an APT. This includes the fact that many of the plugins didn't contain a persistence mechanism, meaning the main XDDown malware would have had to re-download each modules after computer reboots. Furthermore, ESET said it also discovered that some XDDown plugins also came with time-based kill switches that removed them after a certain date. These two features suggest XDSpy prioritized stealth over persistence in an effort to remain undetected and avoid exposing its tools, a common tactic and modus operandi employed by many state-sponsored groups. "Thus, they were able to use the same code base for 9 years while being able to evade some security products by tweaking the obfuscation,"


ARTIFICIAL INTELLIGENCE (AI) ‘FUZZING’ : A KEY COMPONENT OF CYBERSECURITY.

AI fuzzing may sound like something cute, but it’s a key component in testing applications or systems for vulnerabilities. The general idea of fuzzing is not new. Fuzzing is an automated testing technique that uses unexpected or invalid data to see if – or how – a system fails and has been a known computer science term since the late 80s. It’s found a new era, however, with the advent of Artificial Intelligence (AI). Traditional methods of fuzzing, which were often difficult to do and involved manual procedures, resulted in a time-consuming process for identifying issues. AI fuzzing takes the basic tenets of fuzzing and uses artificial intelligence or machine learning to offer continuous, scalable, and more efficient and effective results. “AI-based tools can identify potential attack options and generate probable test cases. Once a test case offers a promised path to explore, the new tool will follow suit and delve deeper to see if problems in one area of the application lead to exploitable vulnerabilities elsewhere,” reports Ensar Seker for Towards Data Science. Several companies, such as Google, Microsoft, and Synopsys, have developed AI fuzzing software. Google’s, known as ClusterFuzz, is an open source program accessible to anyone who wishes to use it through OSS-Fuzz. According to Google, as of February 2019, ClusterFuzz “has found more than 16,000 bugs in Chrome and more than 11,000 bugs in over 160 open source projects integrated with OSS-Fuzz.” Microsoft just made their fuzzing software available as open source tool in mid-September. Known as Project OneFuzz, the tool replaces Microsoft Security and Risk Detection, which was discontinued in June. “Enabling developers to perform fuzz testing shifts the discovery of vulnerabilities to earlier in the development lifecycle and simultaneously frees security engineering teams to pursue proactive work,” states Microsoft. AI fuzzing can also benefit the software development lifecycle, which has grown increasingly agile. “Because [agile software development processes] often takes many iterative cycles, advanced testing methods are not usually given high priority,” says Robert Lemos for DarkReading. With multiple companies offering AI fuzzing software options, fuzz testing may be more easily integrated into the software development lifecycle. The team behind Google’s ClusterFuzz agrees. “For software projects written in an unsafe language such as C or C++, fuzzing is a crucial part of ensuring their security and stability.” Though AI fuzzing may be beneficial to the software and system testing process, like many emerging technologies, it can be used by malicious agents. The same information that is used by cybersecurity professionals to identify vulnerabilities may be sold to cyber criminals allowing them to exploit those same vulnerabilities, says Seker.


SMOKE AND MIRRORS: HACK-FOR-HIRE GROUP BUILDS A FAKE ONLINE EMPIRE.

Hack-for-hire group BAHAMUT managed to build a fake online empire to leverage in cyber-espionage operations targeting the Middle East and other regions around the world, BlackBerry reports. Dubbed BAHAMUT, but also tracked as EHDEVEL, WINDSHIFT, URPAGE, and THE WHITE COMPANY, the cyber-espionage group was initially detailed in 2017, but its activity spans a much longer period of time. In fact, the threat actor’s activities appear to have been described in several other reports that lack attribution, including a 2016 Kaspersky report on attacks exploiting InPage word processor vulnerabilities. “BlackBerry assesses that the InPage zero-day exploit first identified by Kaspersky in 2016 and given CVE-2017-12824 but never attributed, was in fact used by BAHAMUT. We also assess that it was first developed by a Chinese threat group in 2009 for use in targeting a group in diaspora perceived to be a potential threat to the power of the Chinese Communist Party,” BlackBerry notes in a new report. The threat actor was able to fly under the radar through the use of a large number of fake identities, including social media personas, websites, and applications, some of which had original content and were meant to distort reality, but did not immediately show a malicious purpose. In fact, the use of original websites, applications, and personas across a wide array of industries and regions is what sets this group apart from similar threats. Its fake empire suggests legitimacy and is able to distort consumers’ perception of reality. Furthermore, the adversary strives to ensure campaigns, network infrastructure, and phishing tools are kept separate, it builds anti-analysis tools directly into backdoors and exploit shell-code, and immediately changes tactics when exposed. The group is also believed to be re-using tools from other groups and to mimic their tradecraft, to hinder attribution. BAHAMUT, BlackBerry says, has a diverse and long list of targets, including government officials, politicians, human rights activists and organizations, human rights NGOs, financial services and technology companies, Egypt-focused media and foreign press, military organizations, aerospace entities, and scholars. The group mainly focuses on South Asia (particularly India and Pakistan) and the Middle East (UAE and Qatar in particular), but victims were also identified in China and Northern and Eastern Europe. The hackers appear to be avoiding targets located in the United States. “BAHAMUT’s targeting is all over the map, which makes it difficult to concoct a single victimology. BAHAMUT appears to be not only well-funded and well-resourced, but also well-versed in security research and the cognitive biases analysts often possess. Taken together, these aspects present a considerable attribution challenge,” BlackBerry notes. The group is also believed to have access to at least one zero-day developer and to be operating over a dozen malicious apps for Android and iOS. Some of these apps were previously mentioned by Trend Micro in a report on Urpage. New applications were also identified, all accompanied by well-designed websites, privacy policies, and terms of service, thus increasing the sense of legitimacy. They were able to bypass Google’s static code safeguards and five of them were still in Google Play as of July 2020 (they appeared designed specifically for targets in UAE). Several other websites were employed for the distribution of additional applications, including seven of which were being distributed in recent campaigns. These included VPN and compass applications, but also apps that catered to the Sikh separatist movement. “A variety of modifications were made to the APKs we found, and most had limited to no detection in a commonly used malware repository. In most cases the APK files were comprised of completely legitimate code and well-known Android libraries which helped cloak the underlying activity from common static detection methods,” BlackBerry says. A total of nine malicious iOS applications attributed to BAHAMUT were identified in the Apple App Store, all of which were still available as of August 2020. The apps had generic themes with universal appeal: messaging, VOIP, prayer, file management, and password saver applications. According to BlackBerry, the threat actor also masters the art of phishing, at a level superior to other groups, with targeted spear-phishing operations lasting anywhere between a few hours to months. Additionally, the adversary has the ability to learn from its mistakes and constantly improves its tradecraft. The security firm, which claims to have “a solid grasp of BAHAMUT’s existing infrastructure,” assesses that BAHAMUT is a hack-for-hire group, just as independent security researchers Collin Anderson and Claudi Guarnieri suggested before. “For a group that historically set themselves apart by employing above-average operational security and extremely skilled technical capabilities, BAHAMUT operators are, at the end of the day, still human. While their mistakes have been few, they have also proven devastating. BlackBerry found that the idiom “old habits die hard” applies to even the most advanced of threat groups,” BlackBerry concludes.

______________________________________________________________________________

THREAT FOCUS:  Arthur J. Gallagher & Co - UNITED STATES

https://securityaffairs.co/wordpress/108925/malware/ajg-ransomware-attack.html


Exploit: Ransomware

Arthur J. Gallagher & Co.: Insurance Brokerage 

Risk to Business: 2.119 = Sever - Ransomware struck at insurance giant Arthur J. Gallagher last week, according to the company’s Untied States Securities and Exchange Commission filing. The report went on to note that a limited portion of its internal systems were impacted and its operations were able to continue. Security researchers suspect that bad actors were able to exploit a known security flaw in the company’s servers to gain entry.

Individual Risk: So far, no personal data from clients or employees was noted as exposed in the breach, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Business: Nowadays, ransomware operators aren’t just seeking ways to steal data – they also want to disrupt operations to cause damage.

Breach Risk Levels

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: Get Graphus, the powerful automatic phishing defender that evolves with your business, to protect your company from phishing-based email threats like ransomware. To find out more, call Avantia on 07 30109711 or Email info@avantiacorp.com.au



THREAT FOCUS: Cache Creek Casino - UNITED STATES

https://www.dailydemocrat.com/2020/09/30/cyberattack-shuts-down-cache-creek-casino/


Exploit: Ransomware

Cache Creek Casino: Resort

Risk to Business: 1.492 = Extreme - Ransomware cleaned up at Cache Creek Casino in California, shutting down operations at the popular gambling destination just as it began recovering from a COVID-19 closure earlier this year. No reopening date has been set as the investigation and recovery continues. Other businesses including a golf club and shopping at the complex remain open. Cache Creek Casino is part of Cache Creek Casino Resort, one of Northern California’s largest casino-resort destinations, is owned and operated by the Yocha Dehe Wintun Nation.

Individual Risk: No individual information was reported as compromised in this incident

Customers Impacted: Unknown

How it Could Affect Your Business: More than 60% of businesses that experience a damaging cyberattack close – and it’s even more dangerous now as businesses try to recover from COVID-19 closures.

Breach Risk Levels

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: BullPhish ID is the easy, cost-effective solution that helps companies train staffers to be aware of phishing (and ransomware) risks including “set it and forget it” campaign management and plug-and-play training kits. To learn more call Avantia on 07 30109711 or Email info@avantiacorp.com.au



THREAT FOCUS: USA District of Columbia Bar Association - UNITED STATES

https://techcrunch.com/2020/09/30/district-columbia-bar-exposed-personal-data/


Exploit: Unsecured Database District of Columbia Bar Association: Regulatory Body

Risk to Business: 2.077 = Severe - An unsecured Elasticsearch server appears to be at fault for a data breach involving the personal data of new lawyers applying to test before the bar at the District of Columbia Bar Association. A whistleblower complaint was first submitted to the association in August, but resolution was slow, and applicant data may have leaked for some time before it was fixed. The DC Bar claims that only one record was exposed, but researchers and applicants who discovered the breach dispute that claim.

Individual Risk: 2.206 = Severe - Documents uploaded by applicants that may have been exposed include documents containing personal information like names, phone numbers, email addresses, Social Security numbers, the applicant’s full employment history, previous home addresses, and any disciplinary records provided.

Customers Impacted: Unknown

How it Could Affect Your Business: Serious personal information deserves serious security. Any company that collects sensitive information about clients or applicants needs to do due diligence to determine that the information is properly secured.

Breach Risk Levels

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: Don’t let your business just walk into a preventable cybersecurity incident like the failure to secure a database. Make sure that staff are adhering to basic security best practices with security awareness training from Avantia Cyber Security & ID Agent. For more info please call Avantia on 07 30109711.



THREAT FOCUS: Clark County School District - UNITED STATES

https://www.wsj.com/articles/hacker-releases-information-on-las-vegas-area-students-after-officials-dont-pay-ransom-11601297930


Exploit: Ransomware

Clark County School District: Education System

Risk to Business: 1.871 = Severe - Cybercriminals have followed through on their threats to release the information that they’d snatched about students after officials refused to pay the ransom demanded to release it. Students in the Clark County School District, Las Vegas, Nevada discovered over the weekend that their school records had been dumped on the Dark Web.

Risk to Individual: 1.660 = Severe - The leak included detailed personal and student record information including students’ names, social security numbers, addresses, and some financial information as well as grades, testing, awards, and disciplinary reports. Impacted students should be wary of spear phishing or identity theft attempts.

Customers Impacted: 320,000

How it Could Affect Your Business: Failing to institute regular security awareness training including phishing resistance leaves organizations ripe for ransomware – and cybercriminals are more than willing to double down on ransom demands. Breach Risk Levels

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: BullPhish ID enables organizations of any size to implement phishing resistance training quickly and easily, bringing staff up to date on the latest threats without breaking the bank. Leran More by calling Avantia on 07 30109711



THREAT FOCUS: eResearch Technology - UNITED STATES

https://www.bleepingcomputer.com/news/security/uhs-hospitals-hit-by-reported-country-wide-ryuk-ransomware-attack/


Exploit: Ransomware

Risk to Business: 1.330 = Extreme - In a disturbing turn of events, eResearch Technology was severely impacted by a ransomware attack that slowed down progress on COVID-19 vaccine and treatment research. The provider of technology that enables clinical trials and data sharing at organizations including AstraZeneca, Oxford University, and Bristol Myers Squibb, reported that its employees could not access many systems. That in turn affected clinical trials in progress as researchers were forced to track patient data manually using pen and paper. Systems were down for several days for repair. Individual Risk: No personal data has been reported as impacted in this incident.

Customers Impacted: Unknown

How it Could Affect Your Business: Ransomware is a devastating weapon that bad actors are using to shut down essential services and attacks in the medical sector have been escalating – just last week healthcare giant Universal Health Services was walloped by ransomware and is still recovering.

Breach Risk Levels

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: Ransomware is almost always the nasty payload of a phishing email. Automate your company’s defense against phishing with Graphus to stop ransomware in its tracks. Call Avantia now on 07 30109711 for more info


THREAT FOCUS: Oaklawn Hospital - UNITED STATES

https://www.beckershospitalreview.com/cybersecurity/michigan-hospital-email-phishing-attack-exposes-26-861-patients-info-4-notes.html


Exploit: Phishing

Oaklawn Hospital: Medical Care Provider 

Risk to Business: 2.126 = Severe - Multiple successful phishing forays at Michigan’s Oaklawn Hospital netted a wealth of information for cybercriminals. After gaining access to several employee email accounts, cybercriminals were able to exfiltrate patient data. The attack is believed to have occurred in April 2020 but was just disclosed in a filing.

Individual Risk: 1.811 = Severe - Patient information exposed as a result of the incident included names, passwords, dates of birth, addresses, phone numbers, medical and health insurance numbers, Social Security numbers, financial account information, and driver’s license numbers. Impacted patients should be alert to potential phishing and fraud attempts. Customers Impacted: 26,861

How it Could Affect Your Business: Not only does a data breach leave a huge mess of expensive cleanup behind, in many industries like healthcare, a data breach can also mean your organization will be paying big regulatory penalties and fines too.

Breach Risk Levels

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: Information like the patient data obtained in this breach is a hot seller on the Dark Web. Prevent leaked credentials from giving cybercriminals a route into your systems and data with 24/7/365 credential monitoring using Dark Web ID. See if your organisations credentials are FOR SALE on the Dark Web - Call Avantia on 07 30109711 to schedule a FREE demonstration NOW



THREAT FOCUS: Piedmont Cancer Institute - UNITED STATES

https://www.beckershospitalreview.com/cybersecurity/piedmont-cancer-institute-email-phishing-incident-exposes-5-226-patients-info.html


Exploit: Phishing

Piedmont Cancer Institute: Specialty Medical Clinic

Risk to Business: 2.234 = Severe - Atlanta-based Piedmont Cancer Institute experienced a data breach exposing patient records and other sensitive information after an employee fell for a phishing attack. the incident occurred in a window stretching from mid April to early May and was just disclosed.

Individual Risk: 2.206 = Severe - Patient information exposed due to the email hack includes names, dates of birth, financial account information, and credit/debit card information. Patients who have been affected have been informed and should be alert for identity theft since payment card information was part of this breach.

Customers Impacted: 5,226

How it Could Affect Your Business: Securing access to sensitive data is essential. Piedmont Cancer Institute is adding multi-factor authentication to combat future incursions, a must-have for every business.

Breach Risk Levels

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: Passly packs essential secure identity and access management tools like multi-factor authentication, single sign-on, secure shared password vaults, and more in one cost-effective package. Call Avantia on 07 30109711 for more info.



THREAT FOCUS: Telus/Medisys - CANADA

https://globalnews.ca/news/7367127/medisys-data-breach/


Exploit: Ransomware Medisys: Healthcare Provider 

Risk to Business: 2.391 = Severe - Medisys just disclosed that it had been impacted by ransomware, exposing 60,000 patient records. A division of Telus, Medisys operates clinics in British Columbia and Alberta providing preventive health-care services under the name Copeman Clinics. The company chose to retrieve the stolen data by paying the ransom. Individual Risk: 1.866 = Severe - The company estimates that the breach disclosed information for about 5% of its clients, but the investigation continues. Stolen information for impacted patients includes names, contact information, provincial health numbers, and test results. Clients’ financial information and social insurance numbers were not affected.

Customers Impacted: 60,000

How it Could Affect Your Business: Phishing-based email threats are a danger for any company, and they’re only increasing as cybercriminals take advantage of a wealth of cheap data and software for conducting these attacks on the Dark Web. Breach Risk Levels

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: In tumultuous times, every company needs to have a strong suite of solutions in place to protect their systems and data in an increasingly dangerous threat landscape. Our digital risk protection platform provides that power at a price you’ll love. For more information please call 07 30109711  



THREAT FOCUS: International Maritime Organization (UN IMO) - UNITED KINGDOM

https://www.infosecurity-magazine.com/news/un-shipping-agency-offline/


Exploit: Ransomware

UN IMO: Shipping Safety Regulatory Authority  

Risk to Business: 2.071 = Severe - Ransomware chose UN IMO as it’s newest port of call last week, taking several key systems offline at the regulatory organization. in an announcement, UN IMO reported that its Global Integrated Shipping Information Systems (GISIS) database, document repository IMODOCS, and its Virtual Publications service had been knocked down by the attack. Restoration and recovery is underway, and most systems have been restored.

Individual Risk: No personal information was reported as impacted in this incident.

Customers Impacted: Unknown

How it Could Affect Your Business: The number one way for ransomware to land at your business is through a phishing email. Increasing security awareness training including phishing resistance training is essential for preventing cybercrime like ransomware from impacting your organization.

Breach Risk Levels

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: BullPhish ID makes your staffers more wary of suspicious messages. Featuring easy remote management and plug-and-play training kits in 8 languages, BullPhish ID is ideal for training an in-office or remote workforce. Call 07 30109711 now.

THREAT FOCUS: Swatch - SWITZERLAND

https://www.reuters.com/article/us-swatch-ch-cyber/swatch-shuts-down-some-technology-systems-after-cyberattack-idINKBN26K1F8


Exploit: Ransomware

Swatch: Watchmaker

Risk to Business: 2.301 = Severe - World-renowned watchmaker Swatch was hit with ransomware that impacted several of its systems, causing disruptions throughout its operations for several days. Some systems weren’t directly affected but were shut down to mitigate damage and stem the tide of the infection. The company did not identify the exact type of ransomware used but indicated in a statement that it was aware of the culprit and would be pursuing legal action accordingly.

Individual Risk: No individual information has been reported as compromised in this incident.

Customers Impacted: Unknown

How it Could Affect Your Business: Ransomware doesn’t always allow thieves to steal data – sometimes cybercriminals want to shut a business down by stopping production or impacting other business operations to cause disruption. Breach Risk Levels

1 – 1.5 = Extreme

Risk 1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: Don’t let ransomware shut down your operations. Put 3 layers of protection against email threats like ransomware and your business with Graphus, the automated phishing guardian that’s on duty 24/7/365. Call Avantia on 07 30109711 now.



THREAT FOCUS: Scouts Victoria - AUSTRALIA

https://portswigger.net/daily-swig/scouts-victoria-reports-data-breach-after-employee-duped-by-phishing-campaign


Exploit: Phishing

Scouts Victoria: Youth Organization

Risk to Business: 2.227 = Severe - Someone needs to spend more time working on their “Phishing Defense” merit badge at Scouts Victoria after an employee fell for a phishing attack exposing the personally identifiable data of thousands of members. The youth organization provides empowerment, community support, and job training for young people. The incident happened in late July and August 2020. Scouts Victoria said it has notified the victims of the breach and has contacted relevant government authorities, including the Office of the Australian Information Commissioner (OAIC) and the Department of Human Resources.

Individual Risk: 2.317 = Severe - Sensitive information including names, phone numbers, credit card information, ID documents including passport information and driver’s license details, and bank details were exposed ion the breach, but it’s unclear if that data belongs to youth members, parents of members, or adult volunteers.

Customers Impacted: 900 estimated at this time, but the organization’s full membership includes 17,000 youth members and 5,000 adult volunteers.

How it Could Affect Your Business: Phishing is a dangerous proposition that every business faces daily, but businesses who store sensitive information, especially about children, need to be sure that their data is protected even if a staffer falls for a phishing attack.

Breach Risk Levels

1 – 1.5 = Extreme

Risk 1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: Add an essential second layer of protection between the bad guys and your data with secure identity and access management controls like multi-factor authentication with Passly.  Call Avantia on 07 30109711 now.

THREAT FOCUS: Edureka - INDIA

https://inc42.com/buzz/edureka-suffers-server-breach-data-of-2-mn-users-exposed/


Exploit: Unsecured Database

Edureka: Education Technology Provider Risk to Business: 1.866= Severe - Cybersecurity researchers discovered an unsecured Elasticsearch server belonging to Indian education technology service Edureka that was overflowing with information for bad actors to savor – 25 gigabytes of fresh data, containing more than 45 million breached records of personal data from users. Many of the records were duplicates or fragments, obfuscating the real impact. After informing the company and not receiving a response, the researchers informed the Indian Computer Emergency Response Team (CERT-In) and the server was secured.

Individual Risk: 2.661 = Moderate - The exposed server contained names, addresses, and phone numbers for users primarily located in India, although some US users were also impacted.

Customers Impacted: 2,000,000 estimated

How it Could Affect Your Business: Failing to secure a server is a rookie move and an indication that a company may not be using cybersecurity best practices elsewhere in the organization.

Breach Risk Levels

1 – 1.5 = Extreme

Risk 1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: Data like this generally ends up in a Dark Web data dump, the fuel that empowers cybercrime with millions of PII records, email addresses, and passwords. Protect your company from password compromise due to Dark Web data dumps and be alerted if any of your protected credentials appear in one with Dark Web ID. Call Avantia on 07 30109711 now.

______________________________________________________________________________


POSTSCRIPT


Ransomware Incidents and Expenses Are on the Rise – and No Business is Safe  

Ransomware is a terrifying threat that every business is facing these days and a favored tool of cybercriminals. Ransomware incidents are becoming more frequent, and both ransoms and recoveries are growing more expensive. Here are our best tips for avoiding getting caught up by expensive, damaging ransomware.  Add an automated phishing defense solution. Your employees can’t click on a ransomware-laden email if they never get it. Automated phishing protection using a smart solution like Graphus reduces the chances of a dangerous email reaching your employees and also provides warnings to call out unusual communications. Never stop training. Cybercriminals are constantly updating their phishing attack play-books. Shouldn’t you be constantly updating your phishing resistance training to fight back? When you use BullPhish ID for phishing awareness training, you have access to more than 100 plug-and-play phishing simulation kits, with new kits added every month to ensure that you’re training for the latest threats. Lock your doors. Take the sting out of a stolen, phished, or cracked password by adding secure identity and access management to your defenses. It’s a recommended mitigation for cybercrime by the FBI. Choose a multifunctional solution like Passly to get all of the features that you need like multi-factor authentication, secure shared password vaults, and easy remote management, in one affordable package. By making a few simple and affordable tweaks to your defensive security plan, you can add several shields to protect your systems and data (and your bottom line) from the devastating effect of a ransomware disaster.


______________________________________________________________________________

AVANTIA CYBER SECURITY - PARTNER FOCUS


Without proper attention to the physical security of information assets, your IT Data and Infrastructure are subject to security threats from known or unknown sources looking to steal or compromise your IP.   The risk of physical security breaches, internally or externally, to your IT Systems, are critical to protecting your most valuable asset: Data.  Physical protection includes essential Alarms and Monitoring; CC TV Systems; Access Control Systems; Intercoms; Cameras and Backup Systems. At Perimeter Security, we are experts in  Assessing, Supplying, Installing and Monitoring robust  Security Infrastructure to suit all your needs.


FOR MORE INFORMATION ON PERIMETRE SECURITY NEEDS PLEASE CONTACT AVANTIA CYBER SECURITY ON

+61 7 30109711 / info@avantiacorp.com.au

________________________________________________


DISCLAIMER*

Avantia Corporate Services Pty Ltd T/A Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, other members of the 5 Eyes Alliance, the Australian Cyber Security Centers, and other sources in 56 countries who provide cyber breach and cyber security information in real time. Given their international focus and experience in the cyberspace arena we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the contents accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.

*COPYRIGHT 2020* Avantia Corporate Services - All Rights Reserved.

(635,987)

Want The Information  Cyber Criminal's  Don't Want You To Know?

Subscribe below to receive our weekly Threat Updates straight to your inbox.

Call (07) 3010 9711 

info@avantiacorp.com.au

 

Avantia Corporate Services Pty Ltd,                    Level 7, 320 Adelaide Street

Brisbane, Queensland 4000

AUSTRALIA.

  • LinkedIn Social Icon
  • Facebook Social Icon

DISCLAIMER*: Avantia Corporate Services Pty Ltd and Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, and up to 56 other countries who provide cyber breach and cybersecurity information to us in real-time. Given their international focus and experience in the cyberspace arena, we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the content's accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.

*COPYRIGHT 2020* Avantia Corporate Services  PTY LTD - All Rights Reserved.