Search
  • Avantia Threat Update

YOUR SOCIAL MEDIA PERSONA CAN DECIMATE YOUR CAREER PATH.



This Past Week, Social Media scrutiny sinks the unwary; Researchers Replace IP Camera Feed With Fake Footage; British teen fined for hacking an Instagram account through Telstra; Russian Law changes transforms global crime operations; Precipitous rise in Data Breaches in 2019 YTD; Google says 1.5% of all Passwords vulnerable to Spear Phishing; the growing threat of drones; and data breached in Malaysia, Australia, Germany, Denmark & USA.


This Past Week's Top Dark Web ID Trends: Top Source Hits: ID Theft Forums

Top Compromise Type: Domain 

Top Industry: Education & Research

Top Employee Count: 501+ Employees



Does Your Personal 'Brand' Need A Social Media Makeover ?

"It takes many good deeds to build a good reputation, and only one bad one to lose it”, this quote by Benjamin Franklin aptly defines the irony of reputation, especially in the digital age of social media networking. Be it the reputation of an individual, social group, organization or a business, it just takes a few inappropriate posts, candid photos, tweets or ill-advised comments to malign and trash an otherwise good reputation over the internet. Shared photos, sexting videos, angry posts or other ‘youthful’ engagements from the younger you, can have a devastating impact on your career later in life. In this day and age, social media plays the central role in offering perspectives and generalising thoughts which in reality are nothing but mere reactions given at a moment in time or questionable content provided that seemed OK at the time. A "trashed" personal reputation can be ‘death by a thousand cuts’ if you are not a celebrity, sport person, politician or a thought leader. These individuals have a lineup of PR Agents, Fans, and advantages that regular people don’t have. For them, even the negative publicity may work sometime but that’s unimaginable in the case of an individual, employee, or a senior level executive associated with a brand. Your online personal reputation is one of your most valuable assets. Whether you’re leading a company, starting a company, consulting for other companies or simply establishing your authority in the workforce, you need a good, not a bad reputation - it’s critical to your personal and professional success. Having a good reputation doesn’t come automatically. It is built -- one Tweet at a time, one Facebook ‘like’ after another, Blog after Blog, Guest Post after Guest Post. Once you build your reputation, you have to manage it. This isn’t easy. The web is full of smart people, critical people, and quite a few antagonistic people who are not interested in preserving your reputation - that’s your job alone, and it requires constant attention. Managing your online reputation requires effort - Here are some simple steps: There are two automatic tasks, four daily tasks and one weekly task. The entire time you spend monitoring your social media averages out to about five minutes daily, not counting the time you might spend commenting or updating your status. 1. Automatic Alert: Google Alerts - The best type of monitoring systems are those that happen automatically. Google Alerts automatically sends you emails based on specific queries that you set up. It is recommend that you set up alerts for: *Your name; *Your company name(s) or brand name; *Any common misspellings of you, your company name or brand name. (Bloggers don’t always get it right.) You can specify the exact search query (with operators), the result type, language, region, frequency, how many, and where the alerts are delivered (email or feed). Cast the net as wide as possible so you can keep up with anything that’s going on anywhere, as it happens. Tip: If you have a common name, like “Adam Smith,” then you may need to set up a carefully-curated search string to monitor personal mentions. If you subscribed for alerts on every mention of “Adam Smith” you would be completely overwhelmed with alerts. You may need to distinguish yourself from the Adam Smith of economics, the artist Adam Smith, and the golfer Adam Smith. You can do this by creating a search query with the minus sign operator for possible terms that don’t apply to you. 2. Automatic Alert: Comments on Your Posts - One of the most important areas of reputation management is on your blog articles or guest posts. Whenever you write an article, you have a responsibility to keep up with that article and stay engaged in the discussion. To do so effectively, you respond to the first comment and then subscribe to all future comments so you don’t miss any. Most commenting platforms have a good system for subscribing to comment threads through email. It’s important that you monitor the discussion on your blog articles and guest posts. This is where some of the most meaningful impact on your reputation is made. People are interacting with content that you created and published. They will agree, disagree, ask questions, form opinions, and talk about you - not all will be favorable (you can’t please all the people all the time. Any time you publish a guest post, make sure you subscribe to the comment thread so you can be notified whenever a new comment is posted. 3. Daily Check: Facebook - Do a daily check on Facebook, too. You should configure your notifications so that you’re alerted to any interaction with your brand or personal identity. If you prefer, you can set up Facebook alerts to be sent to your email. If get too many of these -- not to mention too many emails - do a quick check on Facebook. You can quickly comment in areas that you need to, respond to any important messages, and ignore everything else. 4. Daily Check: Twitter - Do your daily check-in on Twitter. If you’ve been mentioned, retweeted, followed, or otherwise interacted with, you need to see what your notifications have to tell you. The more active you are on Twitter and the more people following you, the busier things will get. Like Facebook, you can configure your Twitter settings to email you all your updates

5. Daily Check: LinkedIn - Your last daily check is LinkedIn. If you’ve been added to people’s networks, sent a message or endorsed. Don’t do nothing. People hate being ignored. It is recommended that you also check LinkedIn’s sidebar notifications, which give you more insights into your LinkedIn reputation: If you become a LinkedIn premium user with a paid subscription, you can find out even more details about profile views.

Note about daily checks: You can conduct this daily check on your mobile device. All of the social networks have apps with robust functionality and customizable alert settings. If you find that monitoring these social mentions is eating up too much time, it is recommended to use a social-media management platform where you can customise all your alerts and view all the data you need in one place. Usually, business heads and senior representatives shy away from social networks to keep a distance from trolls and a cacophony of interactions. Ignoring the value of your personal profile to not face the wrath of social media channels is not a good decision in this day and age because your competitors are.

That takes care of the present and future, but what about the past?

Social Media damage going back years can have a devastating effect on an individuals reputation whatever their age or status. Remember, once its on the ‘net’ its on the ‘net’ forever. Social Media profiles are increasingly being used to “screen” individuals for employment, finance loans, partner compatibility, partnership vetting; accommodation rental vetting; and this can come back to haunt you. "Cleaners" are digital experts in completing 'deep dive' forensic investigations into an individuals complete online presence and can remove content that is damaging to that individuals reputation.  Avantia Cyber Security 'cleaners' are practicing Lawyers who have the expertise to keeping your head above water and ‘washing’ your social media profile of damaging content whilst complying with the law. They provide a confidential written report with what they have found and what they have erased. More information can be found at: https://www.avantiacybersecurity.com/social-media-washing


Researchers Replace IP Camera Feed With Fake Footage

Forescout Security researchers have demonstrated an attack on an IP camera that results in fake replay footage being displayed to security operators.  Such an attack might sound like a movie script, but the security researchers have demonstrated that it is actually easy to sabotage a surveillance camera and replace the real-time footage with pre-recorded content. The attack, Forescout reveals, was carried out in only four simple steps and targeted the unencrypted video streaming protocols of the camera. A video demonstration of the attack was also published. 

First, the researchers performed a man-in-the-middle attack on the network (man-in-the-middle attacks are when data is sent between a computer and a server, a cybercriminal can get in between and spy on the data) to sniff and change passing traffic, then they started capturing the network traffic containing camera footage and record it for replay.

Next, the researchers forced the camera to end its current session with the associated network video recorder (NVR), to capture the NVR request for a new session and modify the specified client port to send the camera video to it. When the NVR attempts to set up a new connection, the attacker can send the recorded footage to it. “We replaced the actual video stream with one previously recorded, to simulate what could happen in critical facilities like airports and hospitals, where compromising the video surveillance system may be the first step of a physical intrusion,” the researchers explained. What makes this attack possible is the use of the unencrypted real-time transport (RTP) and real-time streaming protocol (RTSP) to stream video.

Another issue, the researchers say, is that these cameras are typically installed, configured and deployed by personnel with little or no cybersecurity knowledge. The use of alternatives over transport layer security (TLS) could reduce the risk associated with such attacks, but not all Internet of Things (IoT) devices include support for these protocols or are either not configured by default, or not enabled by the user.  A ‘Shodan’ query has revealed the existence of 4,657,284 devices with cleartext exposed on the Internet, most of them located in China (572,740), the United States (411,850), and Brazil (391,122). The assault, Forescout notes, is only one example of the cybersecurity challenges associated with the wide use of IoT devices, especially in smart buildings. Sensors, controllers, smart lighting, surveillance cameras, and other devices are not only cheaper and easier to install, but they also offer remote administration over the Internet.  “The security challenges presented by these devices are forcing organizations to rethink their cybersecurity strategies. Legacy security solutions are not enough to secure today’s networks in the age of IoT - new solutions are required,” Forescout points out. 


Teen hacker ordered to pay £400k by British Court after hijacking popular Instagram account hacked from Australian telco Telstra.

One of the crew who hacked TalkTalk has been ordered to hand over £400,000 after seizing control of a high-profile Instagram account following a hack on Aussie telco Telstra. Elliott Gunton, 19, pleaded guilty to breaching a Sexual Harm Prevention Order (SHPO), Computer Misuse Act crimes and money laundering at Norwich Crown Court. He was sentenced on Friday 16 August. The Instagram account he targeted, @adesignersmind, was used by an Australian designer to post innocuous lifestyle content – until Gunton got his hands on it. Boasting to his girlfriend in chat messages later found by police, the teenager bragged that he had "jacked a 1.2M IG". The account, meanwhile, had auto-replies configured to send abuse to people interacting with its content. It took two weeks for the hapless designer to regain access to it, with prosecuting barrister Kevin Barry telling the court: "He was both mortified by the hack and the content put on his account. It caused him considerable stress and anxiety." Gunton admitted illicitly finding his way into the systems of Telstra, according to the Eastern Daily Press which attended the sentencing hearing. He was said to be adept at "social engineering and exploitation of the network provider's inadequate systems", using that access to compromise social media accounts. He was also accused of preparing to carry out SIM-swap attacks as part of his account-compromising operation. On top of the social media chicanery, Gunton had also pleaded guilty to money laundering. Police workers became suspicious when a house raid and subsequent examination of his computers and devices revealed a Bitcoin wallet. Police said the wallet contained £407,359.35 worth of Bitcoin at the time of the seizure – which Gunton has now been ordered to hand over. As previously reported, the Bitcoin was the proceeds of Gunton's crimes. After compromising Instagram accounts, he would then trade the account details on cybercrime forums, earning thousands of pounds at a time thanks to his status as a "highly respected member". Gunton also pleaded guilty to breaking his SHPO after police found the popular CCleaner disk cleanup and file deletion utility on his laptop. A standard condition of SHPOs prohibits deleting one's internet history or otherwise obscuring it so unskilled police employees are unable to trawl through it for any evidence of wrongdoing. The SHPO was imposed when Gunton was being investigated for his part in the TalkTalk hack of 2016, to which he pleaded guilty. Police said they had found indecent images of children on the then 16-year-old's devices. Gunton had applied to have his SHPO removed, which triggered an increase in no-notice police visits to inspect his browsing history. It was the discovery of CCleaner that triggered the full investigation in the latest case. Defending Gunton, barrister Matthew McNiff said the SHPO had stopped his client from taking a job at a "multinational accounting firm", but added, addressing the full spectrum of Gunton's criminality: "It is not incorrect to describe him at the time as a young man, both in years and maturity... He has evolved from someone isolated from society into an individual who no longer sits in his room." Sentencing him, His Honor Judge Stephen Holt said: "It is quite plain over the last 18 months you have grown up and matured considerably." Gunton, 19, of Longland Close, Old Catton, Norwich, admitted five charges including money laundering and Computer Misuse Act offenses. He was sentenced to 20 months, though was immediately freed thanks to time spent in prison on remand. A 3.5-year community order was also imposed to restrict his internet and software use. 


How powerful are Russian hackers? One new law could transform global crime operations

The introduction of Russia's Sovereign Internet rules is having an impact on the way criminal hackers around the world do business. This is according to security house IntSights, which says that the law, set to become official in a few months, will force many hacking groups to change the way they operate both in Russia and in other countries. The rule would lead to Russia developing its own standalone network that could be cut off from all connections outside of the country if need be and continue to function. "It creates this infrastructure that kind of isolates Russia a little bit," Charity Wright, a threat intelligence analyst with IntSights, told The Register ahead of this week's Black Hat conference in Las Vegas. "A lot of outsiders feel threatened because they feel they may not have access to the Russian internet, but really Russia's intention is to become sovereign over their own infrastructure so if there is an attack to cut them off, they can go on with business as usual." While the Russian government is notorious for turning a blind eye to criminal hackers (and in some cases even enlisting them for official activities), the new law will still have a major impact on how cybercrime is conducted both within and outside the country. In particular, hackers operating within Russia will have to make sure that the services they use to conduct attacks, such as VPNs, are either Russian or operate in compliance with the strict sovereign internet requirements that have lead many VPN providers to already pull out of the country. "Although Russia is not known for cracking down on crime, this is really going to create a new culture for dark-web usage," Wright said. "They will really have to consider the VPNs they are using and make sure they comply or stop using them. Those sentiments were echoed by fellow IntSights security pro Andrey Yakovlev, who said that while Russia is tightening its grip on the internet and becoming more insular, it also gives its domestic hackers more motivation to launch attacks outside their borders. "The sovereign internet will make it much easier for Russian law enforcement to crack down on hackers that target Russian entities," Yakovlev explained in the IntSights Dark Side Of Russia Report. "But the government will still likely turn a blind eye to threat actors that target foreign entities – particularly those operating in enemy states, like the United States." In other words, as hacking within Russia becomes more difficult and dangerous, expect to see Russian hacking groups focus even more of their attention on western countries, where the attacks will not draw a police response. This is particularly bad news given the technological advantage many Russian hacking crews enjoy. The IntSights team noted that many of the major attacks and exploits to arise in recent months, such as the Windows BlueKeep flaw were weaponised in Russia long before hackers in other countries were able to get working attack code launched in the wild. "The Russian underground covers virtually any known type or method of malicious activity," noted Yakovlev. "If news outlets are talking about it, it is likely Russian cybercriminals have already had it for some time." Combine that with the stronger motivation to hack outside of Russian borders, and it is shaping up to be a long year for foreign companies in the crosshairs of Russian hacking crews.


The Growing Threat Of Drones.

UK environmental activists known as Extinction Rebellion (ER) are threatening to protest the development of a third runway at London’s Heathrow airport by flying drones right to the edge of the airport’s exclusion zone. ER cofounder Gail Bradbrook announced, “They’ve said, ok, there’s this exclusion zone around Heathrow where you can’t fly drones and we’ve gone, oh, that’s interesting because what we’re about is breaking the rules.”That, in a nutshell, is the drone problem: an explosive (potentially literally) new market with virtually no governance beyond ‘exclusion zone’ rules — a situation that applies as much in the U.S. as it does in the UK. By 2024, the U.S. drone market alone is expected to be worth $150 billion, split between military, commercial and hobbyist use. In the words of Matt Rahman, COO at IOActive, talking to SecurityWeek, “Who owns the drone problem?” And the answer today is, effectively, no-one. Military drones are not a domestic problem. They are well-controlled, heavily regulated, very secure and not used without planning. “Past attempts to breach a military drone requires the sophistication of a nation-state attacker,” says Rahman. Commercial and hobby drones are a different matter. They have been described as flying lawnmowers with an IoT heart, directed wirelessly and carrying a payload. And like all new technological developments, they have been rushed to market with little regard for security — either by design or in operation. “There’s a lot of ways you can manipulate the drone by hijacking it or by jamming the signals or by using a Raspberry Pi attached to it to be able to hack into wireless networks,” says Rahman. So, the lawnmower crashing into a human body is a danger. The IoT heart is vulnerable. The communications could be hijacked. And the payload (usually a camera but as easily a Raspberry Pi computer) can be used for video spying, privacy invasion or even WiFi sniffing above restricted locations. Controlled by a terrorist, that payload could equally be a hand grenade or nerve gas. And most drones are made in China. Drones have also been an increasing threat to industrial sites, enabling various attacks (both cyber and physical) that historically were only possible in close proximity to a facility or device. Some six years ago, Rahman had an assignment to test the security of an oil rig. His solution was to hire a small boat, sail close to the rig, and fly a drone fitted with a Raspberry Pi over the installation. He was able to listen into the oil rig’s network and communications and complete his assessment. “The major problem with drones,” comments Joseph Carson, chief security scientist at Thycotic, “is that they are easily available in all different sizes. Most carry recording equipment that can get to places which most people cannot access. This makes drones the perfect spy device.” This is already causing concern. In May 2019, the DHS issued an alert  flagging Chinese-made drones as a “potential risk to an organisation’s information”. It added, the U.S. government has “strong concerns about any technology product that takes American data into the territory of an authoritarian state that permits its intelligence services to have unfettered access to that data or otherwise abuses that access,” said the alert. Drones do have legitimate valuable uses, like delivering defibrillators directly to where they are required. “But the problem we see,” says Rahman, “is where is the security and where is the privacy with commercial drones — and almost more importantly, where is the safety? For example, if you had a high-profile VIP, you could identify that person and crash the drone into his skull.” The difficulty here is that when a hobbyist buys and flies a drone, how does he or she know they have full control. What is to prevent an attacker hijacking the controls, and, for example, flying the drone into the Heathrow exclusion zone and into the flight path of an aircraft? “Over the next few years,” Steve Durbin, managing director of the Information Security Forum, told SecurityWeek, “technological breakthroughs in drone technologies, combined with advances in 5G, big data, the Internet of Things (IoT), and the lessening of aviation regulations, will mean that drones will become increasingly important to operating models. Organisations will depend on them for delivery, monitoring, imagery and law enforcement, whilst attackers will embrace drones as their new weapon of choice. Literally, the threat landscape will take to the skies.” If the drone is a flying IoT device, then to some extent the security solution will be the same as for static IoT devices. “Like any smart device,” comments Chris Morales, head of security analytics at Vectra, “the manufacturer needs to provide a method for the owner to update the software for security patches as well as ensure they have strong device password authentication. Lastly, the device should use a form of remote encrypted communication that is reasonably strong and resistant from man in the middle attacks and device hijacking.” This will require pressure applied to the manufacturer. Business should “lobby drone manufacturers or providers to ensure that drones have security features incorporated,” says Durbin, “and keep up-to-date with future legal and regulatory requirements, considering that they may differ or conflict across jurisdictional boundaries.” Carson would like to see a form of kill-switch built into drones. “Drones should require a basic safety requirement, registration or automatic prevention from flying in certain areas that would require a code to unlock which is of course pre-registered.” These are all good ideas, but for now no-one is forcing anything. “This is a whole new aviation industry,” says Rahman. “The problem is that it is just coming so fast with so many different uses that we’re simply not looking at security anywhere in the development lifecycle. We’re not even pushing the vendors to add security. The real problem is, who is owning this new problem? Is it NASA? Is it the FAA? Who vets the regulations? Who is forcing the manufacturers to do what they should? Who is forcing the testing? Who is managing the governance of drones and pushing regulations? Right now, no-one is telling the manufacturers they need to have these security components, they need to have a minimum set of requirements, and it needs to be tested.” The problem is that drone technology and use is advancing much faster than any attempts at regulation. And it is likely to get worse. Two technologies currently being developed for military drones will inevitably migrate to commercial and hobbyist drones: artificial intelligence and self-power (such as solar power). “In a few years,” warns Rahman, “add autonomy and satellite communications, plus AI-based self-determination… and that becomes a bit scary.”

Imagine a hijacked or stolen or custom-made drone with that sort of capability, but armed with an IBM DeepLocker-style payload. That payload could be kept airborne indefinitely, doing nothing but fly around, until a precise target is located by facial recognition from a mile or more away. At that point the AI would trigger whatever the drone is programmed to do. It may sound like science fiction, but it is already possible. And so far, there is little regulatory control to prevent it.



THREAT FOCUS: Astro Malaysia Holdings - MALAYSIA

Exploit: Unauthorized database access Astro Malaysia Holdings: Media and entertainment holding company

Risk to Small Business: 2 = Severe Risk: Hackers gained access to the company’s Mykap database, compromising the customer data for 0.2% of the company’s millions of users. Although the company took immediate action to constrain the event, it’s their second data breach in 14 months, which raises serious questions about their data security standards while giving customers a reason to take their business elsewhere.

Individual Risk: 2.285 = Severe Risk: Customer’s financial information was not disclosed in the breach, but hackers still accessed personal details in their Mykad accounts. This includes names, dates of birth, addresses, gender, race, and NRIC numbers. Victims of the previous Astro breach had their data sold on the Dark Web, and those impacted by this week’s breach should assume that their personal information will be made available as well. Consequently, they need to enroll in identity monitoring services to know if this information is being deployed by bad actors to perpetuate other crimes.

Customers Impacted: Unknown

Effect On Customers: Surveys suggest that customers are often unwilling to work with a company after they are victimized by a data breach, and those prospects don’t improve when a company endures multiple cybersecurity lapses in a short time period. To put it simply, cybersecurity is a bottom-line issue for every business. What’s more, since stolen data can have long-term consequences for both the company and its customers, understanding what happens to data after it’s stolen data can help mitigate some of the consequences.

Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


THREAT FOCUS: Payment Platform for Australia - AUSTRALIA

Exploit: Exposed database

New Payments Platform Australia: National payment platform for Australia

Risk to Small Business: 1.888 = Severe Risk: An exposed database related to the platform’s PayID lookup function inadvertently exposed users’ personal information. The national payment platform is mutually owned by 13 of the country’s major financial institutions, and this data breach is its second cybersecurity incident this summer. Australians in particular have shown that they are often unwilling to return to platforms that compromise their personal data, which means that New Payments Platform Australia will need to launch a concerted effort to restore their damaged reputation while also working to repair the significant cybersecurity lapses impacting their platform.

Individual Risk: 2.285 = Severe Risk: Although officials are quick to assert that hackers can’t use stolen information to access or withdraw customer money, personally identifiable information was made available. Specifically, hackers accessed customer names, PayID usernames, phone numbers, and BSBs. While this information will not allow hackers to directly withdraw funds, it still has a long shelf life on the Dark Web where it can be used to perpetuate additional cybercrime. Therefore, everyone impacted by the breach needs to be critical of digital communications, and they should enroll in the credit and identity monitoring services that can provide long-term oversight of their personal information.

Customers Impacted: Unknown

Effect On Customers: Today’s consumers are increasingly wary of dealing with companies that can’t protect their customers’ data. Consequently, data breaches have cascading consequences that include IT repair costs, growing recovery expense, and the less-understood obligation to restore their customers’ confidence in their cybersecurity protocols. Rather than waiting to respond, every business should prioritize threat identification and response as a must-have priority.

Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


THREAT FOCUS: Fanatec Gaming - GERMANY

Exploit: Unauthorized database access

Fanatec: Maker and distributor of gaming peripherals

Risk to Small Business: 1.777 = Severe Risk: Hackers infiltrated the company’s global online store, gaining access to customers’ personal data along the way. The breach occurred on August 16th, and it’s unclear how long the hackers had access to customer data before Fanatec resolved the issue. In response, the company has reset all customer account passwords. The company hired a third-party IT security company to audit their protocols to prevent a similar breach in the future, but there is no way to retrieve the information now that it is available online.

Individual Risk: 2.142 = Severe Risk: Fanatec didn’t disclose the specific information compromised in the breach, but because hackers infiltrated the online store, users should assume that all relevant personal information and financial data could be compromised. In addition to contacting credit lenders, users should carefully monitor their accounts for suspicious activity, and they should enroll in monitoring services that can provide long-term oversight of their credentials.

Customers Impacted: Unknown

Effect On Customers:Online shopping is a critical outlet for many companies, allowing them to embrace a global consumer base while limiting their on-the-ground presence. Data breaches undermine customers’ confidence in these services, and many won’t return to an online store after it was compromised in a breach. Therefore, cybersecurity should be top-of-mind for every business with an online store, and a strong defense posture is the most beneficial expression of this priority.

Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


THREAT FOCUS: Tivoli Amusements - DENMARK

Exploit: Intelligent brute force attack

Tivoli: Popular European amusement park based in Copenhagen, Denmark

Risk to Small Business: 2 = Severe Risk: Hackers used an intelligent brute force attack to access the personal data for thousands of guests. The data breach impacted the amusement park’s My Tivoli website, a guest website providing information and payment opportunities for the park’s visitors. Not only does this breach bode poorly for the park’s customer relations, but these credentials are often acquired on the Dark Web, meaning Tivoli could be vulnerable to similar attacks in the future.

Individual Risk: 2.428 = Severe Risk: This extensive data breach impacted significant amounts of personal information. Those impacted by the breach could have their names, addresses, phone numbers, email addresses, dates of birth, and credit card information exposed. This information can quickly make its way to the Dark Web, and those impacted should take every precaution, including obtaining credit and identity monitoring services, to ensure their data’s integrity.

Customers Impacted: 1,000

Effect On Customers: Protecting customer data is critical for every company, and data breaches predicated on previously stolen information represent a real vulnerability for many platforms. To put it simply, preventing future data breaches often means determining the integrity of employee and customer credentials. By identifying compromised credentials, companies can take the necessary precautions to prevent a data breach before it occurs.

Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


THREAT FOCUS: Fargo Public Schools - UNITED STATES

Exploit: Unauthorised database access

Fargo Public Schools: Public school district serving students in Fargo, North Dakota

Risk to Small Business: 1.888 = Severe: An expansive data breach at a third-party vendor compromised students’ personally identifiable information. The breach is attributed to Pearson, but the cost of containment and restoration will fall squarely on the district’s shoulders. Consequently, the district will endure the cost of updating its data privacy protocols and the increased public and media scrutiny that often accompany a data breach.

Individual Risk: 2.285 = Severe: Hackers accessed students names, birthdates, and student ID numbers. However, Social Security numbers or payment information were not compromised. Unfortunately, even small amounts of personal information can be used to enact future identity or cybercrime. Therefore, those impacted by the breach should enroll in the provided identity monitoring services while also being aware that their information could be used against them in future phishing or other cyber-attacks.

Customers Impacted: Unknown

Effect On Customers:Today’s business environment often depends on third-party partnerships that can increase an organization’s capabilities. However, when it comes to data privacy, these relationships can also create vulnerabilities, so cybersecurity protocols need to be a top priority when entering into these relationships. Moreover, having customer protection services in place can help mitigate the risks of a data privacy event negatively impacting your customers.

Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


THREAT FOCUS: City Of Borger - UNITED STATES

Exploit: Ransomware

City of Borger: Local government administration serving Borger, Texas

Risk to Small Business:  1.666 = Severe: A ransomware attack on the city’s IT infrastructure has crippled their ability to conduct business. The attack was part of a targeted effort impacting 20 Texas municipalities, and it cut off access to basic city services like public records, bill payments, and communications systems were inaccessible. Fortunately, the city has been able to restore several functions without paying the ransom, but several services remain unavailable.

Individual Risk: No personal information was compromised in the Customers Impacted: Unknown.

Effect On Customers: Ransomware attacks increasingly afflict local governments and small businesses that often don’t have robust resources to devote to cybersecurity initiatives. However, cybersecurity experts that can identify and address potential vulnerabilities are a relative bargain compared to the tangible and less quantifiable costs associated with a ransomware attack.

Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


THREAT FOCUS: Massachusetts General Hospital - UNITED STATES

Exploit: Unauthorized database access

Massachusetts General Hospital: The largest teaching hospital of Harvard Medical School

Risk to Small Business: 1.555 = Severe: Massachusetts General Hospital (MGH) has begun notifying patients of a data breach in two of the hospital’s computer programs. The event first occurred in June, but the hospital waited more than two months before notifying patients, significantly restricting their opportunity to take precautionary measures before the data is further misused. Now, MGH is incurring the cost of third-party security analysts, and they will be subjected to additional regulatory scrutiny because of the sensitive nature of their business.

Individual Risk: 2.428 = Severe: The data breach exposed personal information for patients participating in select clinical trials. The information includes patient names, dates of birth, medical record numbers, and medical histories. However, Social Security numbers and financial data was not exposed to hackers. Despite the elongated timeframe, those impacted by the breach should review their accounts for suspicious activity, and they should enroll in identity monitoring services to ensure their information’s security moving forward.

Customers Impacted: 10,000

Effect On Customers: Especially for businesses operating in highly-regulated industries, protecting personal information is of the utmost importance. However, when a mistake is made, every business needs to supportive resources in place to hasten a full recovery and to begin repairing the intense reputational damage that accompanies a cybersecurity incident. In doing so, companies protect their customers, which could make a big difference when securing their loyalty in the future.

Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach


THREAT FOCUS: Rhode Island Ear, Nose & Throat Physicians Inc - UNITED STATES

Exploit: Unauthorized database access

Rhode Island Ear, Nose, and Throat Physicians Inc.: Specialty healthcare practice providing family care for diseases of the ears, nose, and throat

Risk to Small Business: 1.666 = Severe: Hackers accessed a patient database that contained personally identifiable information for patients served by the practice between May 1st and June 12th. Third-party forensic IT specialists determined that information wasn’t copied or downloaded. Regardless, the practice will incur the cost of updating their protocols, and also be subjected to regulatory scrutiny. This could eventually result in additional HIPAA fines, which will negatively affect their bottom line.

Individual Risk: 2.285 = Severe: For those impacted by the breach, personal information, including names, dates of birth, and clinical data was exposed. In some cases, patients had their Social Security numbers compromised as well. Since this information can quickly spread online and onto the Dark Web, identity monitoring services can help identify potential misuses in the future.

Customers Impacted: 2,493

Effect On Customers: Personal data can quickly make its way to the Dark Web marketplaces where it is often used to facilitate crippling attacks. Therefore, businesses bear the responsibility of protecting and informing their customers of what happens to compromised information. With the CCPA on the brink of being implemented, healthcare companies aren’t the only ones that face the threat of legal penalties.

Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.



POSTSCRIPT:


The First Half of 2019 Sees Precipitous Rise in Data Breaches 

The number of data breaches reported and records exposed both increased by more than 50 percent during the first half of 2019 compared to the same period in 2018 in the USA. The 2019 MidYear QuickView Data Breach Report by Risk Based Security found that there were 3,816 data breaches during the first six months of the year, up 54 percent, resulting in 4.1 billion records being compromised, up 52 percent. Although 3.2 billion of those records were part of just eight breaches and all were attributable to malicious actors discovering misconfigured databases.The report only tracked publicly disclosed breaches. “Looking over the first six months of 2019, it is hard to be optimistic on the outlook for the year. The number of breaches is up and the number of records exposed remains stubbornly high. Despite best efforts and awareness among business leaders and defenders, data breaches continue to take place at an alarming rate,” said Inga Goddijn, Executive Vice President of Risk Based Security. The healthcare sector suffered 224 breaches, retail 199, finance and insurance 183, government and information 160 each and education 99. Goddijn said the type of data being sought has also changed with email addresses and passwords being the most sought, or at least the most stolen. Email addresses were exposed in 70 percent of the incidents, followed by passwords, 64 percent; name, 23 percent; Social Security number, 11 percent; and credit card number, 11 percent. Regionally the report did not offer much detail, but it noted that 1,132 of the breaches took place in the United States, 353 were non-U.S. but a location was not given and in 2,449 cases the nation was not known.


Google Estimates 1.5% of All Internet Passwords Vulnerable to Spearphishing 

Using anonymous statistics collected during a period of one month between February 5–March 4, 2019, Google found that 1.5% of the 21,177,237 monitored logins were found in data breaches. This came out to 316,531 logins for the approximately 670,000 users who installed the Password Checkup extension. Of those users who were notified, only 26% of the warnings resulted in a password change. Of these password changes, though, 60% resulted in the user changing to a more secure password than their original one. "Nearly 670,000 users from around the world installed our extension over a period of February 5–March 4, 2019. During this measurement window, we detected that 1.5% of over 21 million logins were vulnerable due to relying on a breached credential—or one warning for every two users. By alerting users to this breach status, 26% of our warnings resulted in users migrating to a new password. Of these new passwords, 94% were at least as strong as the original." The category of sites that created the largest amount of warnings were adult sites and entertainment sites, like video streaming sites. Adult sites had a warning rate of 3.6%, while entertainment sites had a rate of 6.3% As compromised login credentials could be used in credential stuffing attacks, which is when attackers try to access other sites using leaked logins, it is important to use unique passwords for each site and to quickly change passwords that are exposed. While Google estimates that only 1.5% of all logins have been compromised in data breaches, it is very possible that this number is higher. "Our detection rate is lower than the 6.9% reported by Thomas et al. [54] for 751 million Google accounts and 1.9 billion breached credentials. Possible reasons include the user population that adopted our extension is more security conscious— thus avoiding reuse as a behavior—or that dormant accounts have a higher reuse rate, which by nature our extension cannot observe as we perform checks at login time" Therefore if you take into consideration the general population of users on the web, rather than those who take an active approach to security, the percent of compromised logins could be considerably higher.



Call now on 07 30109811 for a Confidential discussion.


Disclaimer*: Avantia Corporate Services Pty Ltd and Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, and up to 56 other countries who provide cyber breach and cyber security information to us in real time. Given their international focus and experience in the cyberspace arena we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the contents accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.

Subscribe below to receive our weekly Threat Updates straight to your inbox.

Call (07) 3010 9711 

info@avantiacorp.com.au

 

Avantia Corporate Services Pty Ltd,                    Level 7, 320 Adelaide Street

Brisbane, Queensland 4000

AUSTRALIA.

  • LinkedIn Social Icon
  • Facebook Social Icon

DISCLAIMER*: Avantia Corporate Services Pty Ltd and Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, and up to 56 other countries who provide cyber breach and cybersecurity information to us in real-time. Given their international focus and experience in the cyberspace arena, we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the content's accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.

*COPYRIGHT 2020* Avantia Corporate Services  PTY LTD - All Rights Reserved.

© 2020 by Avantia CORPORATE SERVICES . All Rights Reserved.