ZOOM ROLLS OUT END TO END ENCRYPTION
THIS PAST WEEK:
Zoom rolls out End To End Encryption; Self driving cares can be broken by billboard content; New ‘Emojet‘ virus attacks use fake windows update lures; 6 Russian Operatives indicted for destructive ‘Not Peteyta‘ virus attacks; Phishing fears causes workers to delete genuine business communications; Mystery cyberattacks do massive damage to Barnes & Noble, Robinhood, and the Hackney Borough Council in the UK; Dickie’s Barbecue gets served some skimming trouble; Ransomware puts a beloved Indian snack food brand in danger and major cyber breaches in UNITED STATES; CANADA; UNITED KINGDOM; EUROPEAN UNION; SWEDEN; AUSTRALIA and INDIA.
Top Dark Web Threats:
Top Source Hits: ID Theft Forum
Top Compromise Type: Domain
Top Industry: Education & Research
Top Employee Count: 501+
________________________________________________________________________
ZOOM ROLLS OUT ENT-TO-END ENCRYPTED (E2EE) CALLS FOR ITS PLATFORM.
Video conferencing platform Zoom announced plans to roll out end-to-end encryption (E2EE) capabilities. E2EE will allow Zoom users to generate individual encryption keys that will be used to encrypt voice or video calls between them and other conference participants. These keys will be stored locally and will not be shared with Zoom servers, meaning the software company won't be able to access or intercept any ongoing E2EE meetings. Support for E2EE calls will be part of Zoom clients to be released. To use the new feature, users must update their clients and enable support for E2EE calls at the account level. This green shield will contain a lock if E2EE is active. If the lock is absent, Zoom will use its default AES 256-bit GCM encryption scheme, which the company uses to secure current communications, but which the company can also intercept. However, the feature won't work if it's not also enabled by conference hosts, which also have options at their disposal to limit calls only for users with E2EE enabled at their account level. Once enabled, a green shield will be shown in the top-left corner of all Zoom conferences if E2EE is active. "In Phase 1, all meeting participants must join from the Zoom desktop client, mobile app, or Zoom Rooms," Zoom said today. The company said E2EE calls would support up to 200 participants, and the feature will be made available to all users, for both paid and free accounts. Zoom promised support for E2EE encrypted calls back in May when the company faced a rash of criticism because of its weak security posture.
SELF-DRIVING CARS CAN BE FORCED TO BREAK BY HIJACKED BILLBOARDS
Security researchers have demonstrated how hijacked billboards could be used to confuse self-Autonomous driving systems have come on leaps and bounds in recent years, but not without mistakes, confusion, and accidents occurring. Vehicle intelligence has a long way to go before it could be considered fully autonomous and safe to use without the supervision of a human driver, and as technology firms continue to refine their platforms, the focus tends to be on weather conditions, mapping, and how cars should respond to hazardous objects -- such as people in the However, as reported by Wired, there may be other, unseen hazards that humans cannot detect with the naked eye. New research conducted by academics from Israel's Ben Gurion University of the Negev suggests that so-called "phantom" images -- such as a stop sign created from flickering lights on an electronic billboard -- could confuse AI systems and prompt particular actions or movements. This could not only cause traffic jams but also more serious road accidents, with hackers leaving little evidence of their activities -- and leaving drivers perplexed over why their smart vehicle suddenly changed its behavior. Light projections spanning only a few frames and displayed on an electronic billboard could cause cars to "brake or swerve," security researcher Yisroel Mirsky told the publication, adding, "so somebody's car will just react, and they won't understand why." Tests were performed on a vehicle using Tesla's latest version of Autopilot, and MobileEye. According to Wired, a phantom stop sign appearing for 0.42 seconds fooled the Tesla, whereas only 1/8th of a second was enough to dupe MobileEye. The experiments are founded on previous research that used split-second light projections -- such as the shape of a human being -- to confuse autonomous vehicles on the road. While these tests had the same effect, a digital billboard, in theory, would be more convenient to attackers seeking disruption on a wider scale. The research is due to be presented at the ACM Computer and Communications Security conference.
NEW EMOJET ATTACKS USE FAKE WINDOWS UPDATE LURES:
In today's cyber-security landscape, the Emotet botnet is one of the largest sources of malspam — a term used to describe emails that deliver malware-laced file attachments. These malspam campaigns are absolutely crucial to Emotet operators. They are the base that props up the botnet, feeding new victims to the Emotet machine — a Malware-as-a-Service (MaaS) cybercrime operation that's rented to other criminal groups. To prevent security firms from catching up and marking their emails as "malicious" or "spam," the Emotet group regularly changes how these emails are delivered and how the file attachments look. Emotet operators change email subject lines, the text in the email body, the file attachment type, but also the content of the file attachment, which is as important as the rest of the email. That's because users who receive Emotet malspam, besides reading the email and opening the file, they still need to allow the file to execute automated scripts called "macros." Office macros only execute after the user has pressed the "Enable Editing" button that's shown inside an Office file. Across the years, Emotet has developed a collection of boobytrapped Office documents that use a wide variety of "lures" to convince users to click the "Enable Editing" button. This includes:
*Documents claiming they've been compiled on a different platform (i.e., Windows 10 Mobile, Android, or iOS) and the user needs to enable editing for the content to appear.
*Documents claiming they've been compiled in older versions of Office and the user needs to enable editing for the content to appear.
*Documents claiming to be in Protected View and asking the user to enable editing. (Ironically, the Protected View mechanism is the one blocking macros and showing the Enable Editing button/restriction.)
*Documents claiming to contain sensitive or limited-distribution material that's only visible after the user enables editing.
*Documents showing fake activation wizards and claiming that Office activation has been completed and the user only needs to click enable editing to use Office; and many more.
But this week, Emotet arrived from a recent vacation with a new document lure. File attachments sent in recent Emotet campaigns show a message claiming to be from the Windows Update service, telling users that the Office app needs to be updated. Naturally, this must be done by clicking the Enable Editing button (don't press it).
According to an update from the Cryptolaemus group, since yesterday, these Emotet lures have been spammed in massive numbers to users located all over the world. Per this report, on some infected hosts, Emotet installed the TrickBot trojan, confirming a ZDNet report from earlier this week that the TrickBot botnet survived a recent takedown attempt from Microsoft and its partners. These boobytrapped documents are being sent from emails with spoofed identities, appearing to come from acquaintances and business partners. Furthermore, Emotet often uses a technique called conversation hijacking, through which it steals email threads from infected hosts, inserts itself in the thread with a reply spoofing one of the participants, and adding the boobytrapped Office documents as attachments. The technique is hard to pick up, especially among users who work with business emails on a daily basis, and that is why Emotet very often manages to infect corporate or government networks on a regular basis. In these cases, training and awareness is the best way to prevent Emotet attacks. Users who work with emails on a regular basis should be made aware of the danger of enabling macros inside documents, a feature that is very rarely used for legitimate purposes. Knowing how the typical Emotet lure documents look like is also a good start, as users will be able to dodge the most common Emotet tricks when one of these emails lands in their inboxes, even from a known correspondent.
6 RUSSIANS INDICTED FOR DESTRUCTIVE ‘NOT PETEYTA’ CYBER ATTACKS.
The U.S. Department of Justice unsealed indictments against six Russian military officers on Monday, alleging that they carried out a series of major hacking operations, including deploying destructive NotPetya malware - tied to more than $10 billion in damages - and attacking the 2018 Olympics. All six suspects are allegedly members of Russia's Main Intelligence Directorate, also known as the GRU, and specifically part of GRU Unit 74455, which many security researchers refer to as Sandworm. At a Monday press conference to announce the indictments, the U.S. Attorney for the Western District of Pennsylvania, Scott Brady, said investigators suspect that GRU Unit 74455 was integral to Russia's attempts to interfere in the 2016 U.S. election. "The crimes committed by these defendants and Unit 74455 are truly breathtaking in their scope, scale and impact," Brady says. "These are not acts of traditional spying against governments. Instead, these are crimes committed by Russian government officials against real victims who suffered real harm." Authorities have named the six alleged suspects: Yuriy Sergeyevich Andrienko, Sergey Vladimirovich Detistov, Pavel Valeryevich Frolov, Anatoliy Sergeyevich Kovalev, Artem Valeryevich Ochichenko and Petr Nikolayevich Pliskin. They have been charged with seven counts each: conspiracy to commit computer fraud and abuse; two counts of conspiracy to commit wire fraud; intentional damage to a protected computer; and two counts of aggravated identity theft. All of the men remain in Russia, which has no extradition treaty with the U.S., meaning it's unlikely they would ever appear in an American courtroom. The DOJ alleges that the Russian group masterminded numerous cyberattacks over a wide-ranging timeframe, including:
*December 2015 through December 2016: Ukrainian government and critical infrastructure attacks using malware known as BlackEnergy, Industroyer and KillDisk, which disrupted parts of Ukraine's power grid in the middle of winter;
*April to May 2017: French election-related spear-phishing campaigns and related hack-and-leak efforts targeting French *President Macron's "La République En Marche!" political party;
*June 2017: NotPetya destructive malware attacks that compromised hundreds of organizations, including Danish shipping giant Maersk, the Heritage Valley Health System in Pennsylvania, FedEx's TNT Express and a large U.S. pharmaceutical manufacturer;
*December 2017 through February 2018: Attacks against the Winter Olympics - including hosts, participants, partners and attendees - as well as the Winter Olympics' systems themselves, using Olympic Destroyer malware;
*April 2018: Spear-phishing campaigns targeting investigations being conducted by both the Organization for the Prohibition of Chemical Weapons and the U.K.'s Defense Science and Technology Laboratory into the Novichok nerve agent poisoning of Sergei Skripal, his daughter and several U.K. citizens;
*2018: Attacks against Georgian companies and government entities.
Authorities say the attacks caused billions in damage. "NotPetya was the most destructive cyberattack in history, with approximately $10 billion in damages and over 300 victims worldwide," said Michael Christman, special agent in charge of the FBI's Pittsburgh office. Following the Justice Department announcement, the Russian embassy in Washington issued a statement denying any involvement in these attacks. "Russia does not and did not have intentions to engage in any kind of destabilizing operations around the world. This does not correspond to our foreign policy, national interests or our understanding of how relations between states are built. Russia respects the sovereignty of other countries and does not interfere in their affairs," an embassy spokesperson said. Expect Russia to respond following these indictments being unveiled in such a high-profile manner, says Tom Kellermann, the head of cybersecurity strategy at VMware, who also praises the DOJ's efforts, including the indictments. "The Russian regime launches destructive cyberattacks as a response to geopolitical tension," says Kellermann, who served as a cybersecurity adviser to former President Barack Obama. "I am concerned that we will endure numerous destructive attacks against our critical infrastructure this November." Jake Williams, president of cybersecurity consultancy Rendition Infosec and a former member of the U.S. National Security Agency's elite hacking team, says the timing of the indictments being announced only about two weeks before the U.S. election is suspect. He also says that Russia is likely to retaliate in some way. "It's a dangerous precedent because if we're going to do this to them, they are going to do this to us," Williams says of bringing criminal charges against operators - aka government hackers. "The looser and looser we get with who can be charged, the more dangerous it becomes. Are we going to charge the guy who has his hands on the keyboard? Are we going to charge the person that oversees this or registers the domain?" Authorities say the investigation into the GRU unit's activities drew on numerous organizations and resources, including the FBI's Atlanta, Oklahoma City and Pittsburgh field offices; the U.S. Attorney's Office for the Western District of Pennsylvania; Google's Threat Analysis Group; Cisco's Talos Intelligence Group; plus Facebook and Twitter.
Authorities in Ukraine, South Korea, New Zealand, Georgia and the United Kingdom's also shared information and intelligence. On Monday, Britain's National Cyber Security Center, part of intelligence agency GCHQ, separately issued a statement condemning a string of Russian government hack attacks, noting the group had also begun to target the 2020 Olympics in Tokyo before the event was canceled. The court documents unsealed Monday accuse the six GRU officers of having developed, procured, maintained and utilized servers, email accounts, malicious mobile applications and hacking infrastructure to conduct spear-phishing campaigns and gain access to victims' networks. The suspects are also accused of developing and deploying such malware as NotPetya, KillDisk and Olympic Destroyer, as well as using Industroyer malware. List of six Russian suspects and their alleged hacking activities (Source: DOJ) "To craft their malware, the conspirators customized publicly available malware and hacking [tools] and, in some instances, purposefully attempted to mimic the malware of other hacking groups - including Lazarus Group, a state-sponsored hacking team in the Democratic People's Republic of Korea - as part of a false flag operation," according to the court documents (see: Visual Journal: Black Hat Europe 2019). The GRU officers allegedly also used a variety of fake names and regularly leased computer infrastructure from resellers located outside Russia - paying with cryptocurrency to help obfuscate their attack strategy and mask their Moscow affiliation, according to the indictment. The Justice Department says that the GRU officers were extremely thorough and conducted extensive research on targeted organizations and computer networks, gathering technical and non-technical data - including biographical information - to support later intrusion efforts. Such information was allegedly used by the GRU team to craft spear-phishing emails that helped them gain initial access to targeted networks. Cisco Talos says its researchers contributed information that touched on both the NotPetya and Olympic Destroyer malware attacks to both the FBI and the grand jury. The NotPetya attack targeted a widely used Ukrainian tax-filing software firm. Matt Olney, director of threat intelligence and interdiction with Cisco Talos, says his firm's incident response team was part of the group dispatched to Ukraine in 2017 to help with the investigation. He adds that in this case, the attackers moved away from using disk-wiper malware to NotPetya as their main means of damaging the infrastructure, showing just how destructive this ransomware-like code could be. "[NotPetya] is possibly the best, highest-performing, scariest piece of malware that I have ever seen," Olney tells Information Security Media Group. "It was like the Ferrari of malware. It hit exactly what they wanted to hit and it moved laterally very fast and you were completely unable to recover from it." Olney notes that NotPetya could move laterally through a system and steal credentials in an unusually efficient way. But while the malware could take advantage of exploits such as EternalBlue and EternalRomance - both developed by the U.S. National Security Agency and later leaked by the Shadow Brokers hacker group - it only did so sparingly, he says. In addition, he says, the GRU hackers re-engineered the NSA's leaked DoublePulsar backdoor to ensure that after it was deployed only the GRU hackers could use it to gain remote access to a network (see: DoublePulsar Pwnage: Attackers Tap Equation Group Exploit ). Regarding the Olympic Destroyer malware, meanwhile, Craig Williams, director of outreach at Cisco Talos, notes that when his team first analyzed the malicious code, they found inside it pieces of other malware, including EternalBlue and code previously used by hacking groups in China and North Korea. Very quickly, researchers determined that whoever built the malware had been trying to trick malicious code analysts. "And so it was an intentional series of techniques that they used to ... cast doubt when it came to attribution," Williams says. In the online attack realm, "this was really the first 'false flag' operation."
PHISHING FEARS CAUSE WORKERS TO REJECT GENUINE BUSINESS COMMUNICATIONS
COVID-19 contact tracers are reportedly having difficulties alerting individuals who have been exposed to the coronavirus, because some of the people they are calling refuse to answer out of concern they are being scammed. This public health risk exemplifies a hidden cost of the fight against phishing and vishing scams: lost time and business inefficiencies caused by paranoid employees who filter out legitimate communications. “People aren’t opening everything… They are rationally resisting approaches that they can’t figure out how to trust,” said Peter Cassidy, co-founder and secretary general of the Anti-Phishing Working Group (APWG). “It’s making life hard for the bad guys. But it’s making things impossible for [efforts] like public health initiatives” or certain corporate communications. So how do public and private sector organizations ensure people strike the right balance? There are at least a few steps that callers, email senders and the message recipients themselves can take to reduce the odds that an important communication is missed due to phishing fears. Employees are trying to avoid suspicious emails and phone calls, and rightly so, as they can result in malware infections and business email compromise attacks. But hyper-vigilance also has its drawbacks. And it’s not just people refusing to respond to calls or emails. “The other side of it is internal security teams… are getting flooded with all these emails, because people think they’re malicious and they’re sending them into their SOC,” said Crane Hassold, senior director of threat research at Agari, and a former analyst with the FBI’s Cyber Behavioral Analysis Center (CBAC). The problem is that real communications and fake ones are getting harder to distinguish from each other. Attackers use current events as a trigger for people to engage, which has indeed led to a scourge of COVID-themed phishing scams since the pandemic started. Recipients are flooded with lures related to coronavirus maps, vaccines and, yes, contact tracing, to trick people. That forces legitimate contact tracers to fight through that noise. And the tactics raise flags. “I don’t know about you, [but] I have never gotten a text from the local health department in my local jurisdiction,” said Joseph Blankenship, vice president and research director, security and risk at Forrester Research. “If I got one, I would probably immediately be suspicious.” Hassold calls it a double-edged sword, where security professionals have successfully conditioned people to look out for potentially malicious messaging, but serious communications that may use similar themes as bad actors get ignored. The IRS is another organizations that is constantly impersonated by hackers, and as a result, may not be trusted when sending bona fide communications. And the skepticism extends to the corporate world, which can sometimes send emails to engage potential partners, clients or consumers that sound a little too much like the bad guys. “It’s really difficult,” said Hassold. “Especially if it’s an unsolicited email that someone’s not expecting. You need to grab their attention in some way, but a lot of those ways that you would grab someone’s attention are the exact same tactics that a cybercriminal would use in a phishing email.” “Now you understand the pain of the marketing department,” agreed Cassidy. Blankenship also noted how certain older encrypted email services used by health care providers and other organizations to remotely convey sensitive information send messages that “looked like a phishing email” to the average recipient. “Click on this and you will be able to get your x-rays or your medical report.’ You’re like, ‘yeah right,'” he said. Consequently, Blankenship hears from insurance companies, both on the healthcare payer side and on the casualty and property side: “‘How do we create a better experience for our users, so it actually looks like us?’ We train our users not to click on things that look like us, that aren’t us, and now we actually need to make [messaging] look legitimate for a good customer experience.” There are ways to cut down on the number of calls and emails that are wrongly rejected as spam, but a lot of the onus is on the senders to make their communications look as credible as possible. For starters, companies can implement domain-based message authentication, reporting & conformance, or DMARC, a protocol designed to protect their own email domains from being spoofed. DMARC works by authenticating an email sender’s identity using DomainKeys Identified Mail and sender policy framework standards. DMARC users also set a policy for whether emails that don’t pass validation should be rejected or quarantined or allowed by the email servers that receive them. But DMARC is not a panacea. While it blocks certain spoofed emails before reaching the recipient, adding an extra level of security for users, those emails that arrive in the inbox could still be ignored out of fear. “It doesn’t really address authentication at the user level. It’s supposed to keep us from ever seeing something that’s not authentic,” said Cassidy. But it fails at “satisfying the needs of someone [looking] to authenticate a communication.” There’s also brand indicators for message identification, or BIMI, an emerging specification standard that allows companies to display their branded logos within emails that are sent to participating inboxes. The email must pass DMARC authentication checks for the logo to be displayed. This provides the recipient with additional confidence that the message is truly from the sender, said Blankenship. Additionally, email or SMS senders may want to give their email recipients a secondary, “out-of-channel” option to contact them rather than directly replying. For instance, they could suggest contacting a publicly listed phone number. “ And you arrange to have an extension [set up] for you, so that inbound calls can find you,” said Cassidy. “Or tell them to place your name on the switchboard” so they can ask for you by name. Whatever the confirmation process is, “it’s got to be one step,” he added. It must be a simple process that doesn’t require a “great effort” or for the recipient to jump through multiple hoops. Another advisable tactic: Don’t rely on attachments or links. If you’re sending a press release or company communication, place the entire content within the body of the email so the recipient isn’t forced to open a document or click a link they don’t trust. “Having everything text-based is a great way to lessen the anxiety and the uncertainty,” said Hassold. “If you don’t have to click on a link or open an attachment, I think you’ve just mitigated a lot of the potential threats in that email.”
From a recipient’s point of view, companies can do more to help them distinguish between genuine and fake communications through a combination of better security training and email security solutions that filter out most phishing scams before they ever reach an inbox. “Security awareness training is great to get people conditioned to look for obvious bad stuff,” said Hassold. And then boosting those efforts with internal security controls that detect and eliminate scams increases trust in the emails that do arrive, since employees “don’t have to go through this super intensive review cycle, to make sure something’s legitimate. If they get something that checks all the boxes that makes it legit, then they can probably open it and feel safe.” But the question remains: Just how big of a problem is the misidentification of legitimate communications as scams? It’s hard to tell. The experts who spoke with SC Media were unable to cite any known studies that have attempted to quantify what percentage of genuine calls or emails are going unanswered due to suspicions of phishing, or how that translates into lost time and revenues. Blankenship said that if they were to look into this topic, a survey would be a good place to begin. “And then we would hope that people would actually open survey and take it.” Which, clearly, is no guarantee.
______________________________________________________________________________
THREAT FOCUS: Barnes & Noble Books - UNITED STATES
https://boston.cbslocal.com/2020/10/15/barnes-noble-cyberattack-hack-data-breach-personal-info/
Exploit: Malware
Barnes & Noble: Bookseller
Risk to Business: 1.411 = Extreme - Barnes & Noble has been starring in its own horror story in the last week, as a massive network outage for its Nook customers rolled into the discovery of a massive cyberattack. The bookseller informed customers on Monday that it had experienced a data breach that exposed customers’ transaction histories and PII. Recovery and restoration efforts are underway. It’s unknown if the Nook outage was a facet of the data breach or unrelated. Individual Risk: 2.206 = Severe - Barnes & Noble says that the only data stolen was transaction history information, names, and email addresses. The company doesn’t anticipate that any financial information was stolen, but the investigation is ongoing.
Customers Impacted: Unknown
How it Could Affect Your Business: No one can afford a data breach right now, not even a corporate giant. incidents that impact online sales are especially problematic as online sales remain a focus area during the pandemic. Guide to Risk Scores
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.
Avantia Cyber Security & ID Agent to the Rescue: Strengthening gateway security is a good data loss prevention strategy. Passly guards against intrusion with cracked, stolen or compromised passwords by adding simple but effective secure identity and access management protection. Call Avantia on 07 30109711 for more info.
THREAT FOCUS: Intcomex Services - UNITED STATES
Exploit: Ransomware
Intcomex: Managed Services Provider
Risk to Business: 1.772 = Severe - The Miami-based managed services provider suffered a huge data breach, exposing nearly 1Tb of very sensitive data. The leaked data contains a collection called “Internal Audit” at 16.6GB, and “Finance_ER” totaling 18GB. The most recent data was from July 2020. The data included credit cards, license scans, payroll, customer databases, and more. The company serves more than 50,000 resellers in over 41 countries.
Individual Risk: No individual information was reported as compromised in this incident, although the potential is there. No details about the uncovered data are available.
Customers Impacted: up to 50,000
How it Could Affect Your Business: Third party data breaches are a big risk to every business these days. Even if you’re keeping your company’s sensitive data secure, your vendors might not be.
Guide to Risk Scores
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.
Avantia Cyber Security & ID Agent to the Rescue: Dark Web ID keeps your business credentials safe by monitoring the Dark Web 24/7/365 to alert you right away if your protected credentials show up in a Dark Web data dump. For more information & Subscription costs please call Avantia 07 30109711 or Email info@avantiacorp.com.au
THREAT FOCUS: Robinhood App - UNITED STATES
https://nypost.com/2020/10/16/hackers-broke-into-nearly-2000-robinhood-trading-accounts/
Exploit: Hacking/Database Intrusion
Robinhood: Investment App
Risk to Business: 1.552 = Extreme - Robinhood informed its users last week that hackers had obtained access to funds and information in some of its accounts. The firm claims that there was no intrusion and that customer email addresses were compromised outside of the app, giving cybercriminals the ability to steal money and data, but investigators and clients say that’s not possible, citing the fact that most accounts were protected with MFA.
Individual Risk: 1.412 = Extreme - Personal and financial information about users was accessible and potentially stolen by hackers, and some users had money stolen directly from their accounts. Users should assume that their accounts have been compromised and act accordingly.
Customers Impacted: 2,000
How it Could Affect Your Business: Providing services that use highly sensitive information implies that you’re using the best technology to keep that data safe – especially at a fintech startup.
Guide to Risk Scores
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.
Avantia Cyber Security & ID Agent to the Rescue: Keep data safer by reducing the ways that thieves can get to it. With single sign-on through ‘Passly’, each employee has their own personalized LaunchPad, making it easy for IT staff to secure access points. Find out more by calling Avantia at 07 30109711 today.
THREAT FOCUS: Dickie’s Barbecue Pit - UNITED STATES
https://www.zdnet.com/article/card-details-for-3-million-dickeys-customers-posted-on-carding-forum/
Exploit: Malware/Skimming
Dickie’s Barbecue Pit: Restaurant Chain
Risk to Business: 1.691 = Severe - Dickie’s Barbecue Pit has been serving up a side of skimming to every customer. Between August 2019 and July 2020, cybercriminals were operating skimmers at 156 of Dickey’s 469 locations in 30 states, with the highest exposure in California and Arizona. The breach was discovered by cybersecurity monitors after hackers began advertising the data stash for sale as “Blazingsun”.
Individual Risk: 1.771 = Severe - Customers who made purchases at Dickie’s Barbecue Pit during that window have likely experienced a credit card compromise and should contact their card issuer for guidance.
Customers Impacted: 3 million
How it Could Affect Your Business: The number one cause of a data breach is human error. Failing to keep up with security awareness and phishing resistance training leads to expensive cybersecurity disasters.
Guide to Risk Scores
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.
Avantia Cyber Security & ID Agent to the Rescue: The ID Agent digital risk protection platform enables organizations of any size to implement security awareness training painlessly at a great price. Find out more by calling Avantia on 07 30109711 today.
THREAT FOCUS: Nez Pierce Tribal Casinos - UNITED STATES
Exploit: Ransomware
Nez Pierce Tribal Casinos: Gambling Parlors
Risk to Business: 2.002 = Severe - Two popular casinos owned and operated by the Nez Peirce Native American tribe were hit with ransomware, resulting in a complete shutdown for at least a week. Systems were frozen at both the tribe’s Clearwater River Casino near Lewiston and the Ye-Ye Casino at Kamiah in Idaho. Restoration efforts and investigations are underway, but the casinos are expected to reopen imminently.
Individual Risk: No personal data has been reported as impacted in this incident.
Customers Impacted: Unknown
How it Could Affect Your Business: Attacks aren’t always about stealing data. Ransomware is a devastating weapon that bad actors are using to shut down businesses too., and that can sometimes be even worse.
Guide to Risk Scores
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.
Avantia Cyber Security & ID Agent to the Rescue: Learn how to protect systems and data from ransomware by calling Avantia on 07 30109711 today.
THREAT FOCUS: Municipality of Westlake-Gladstone - CANADA
https://winnipeg.ctvnews.ca/nearly-450k-stolen-from-manitoba-municipality-in-cyber-attack-1.5146916
Exploit: Hacking/Intrusion Municipality of Westlake-Gladstone: Local Government
Risk to Business: 2.309 = Severe - Nearly $450K was snatched from the operating account of this Manitoba municipality in a hacking incident that could be the result of an insider threat. The money was stolen in a series of withdrawals or transfers beginning in November 2019 and continuing until at least January 2020.
Individual Risk: No individual information has been reported as compromised in this incident.
Customers Impacted: Unknown
How it Could Affect Your Business: Schemes like this are often the result of a business email compromise scam. It’s a devastating variant of phishing that preys on business relationships- and it’s consequently more devastating.
Guide to Risk Scores
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.
Avantia Cyber Security & ID Agent to the Rescue: Prevent business email compromise by boosting phishing resistance training for everyone, including executives who are frequently targeted in these scams. Call Avantia on 07 30109711 or Email info@avantiacorp.com.au to find out more.
THREAT FOCUS: Hackney Borough Council - UNITED KINGDOM
https://www.zdnet.com/article/serious-cyberattack-hits-london-council/
Exploit: Ransomware
Hackney Borough Council: Municipal Government
Risk to Business: 1.334 = Extreme - A devastating cyberattack shut down operations at websites for the Hackney Borough Council, bringing everything from bill payments to services for the elderly and vulnerable to a halt briefly. Many functions have been restored, but some business is still impacted. The incident has also been reported to the Information Commissioner’s Office (ICO). Experts from theNational Cyber Security Centre (NCSC), the National Crime Agency (NCA), external security experts, and the Ministry of Housing, Communities and Local Government are also assisting with investigation and recovery. The incident shows hallmarks of ransomware.
Individual Risk: No personal or financial data is reported as stolen or compromised in this incident
Customers Impacted: Unknown
How it Could Affect Your Business: Attacks on municipalities and municipal service providers have become more rare- and more damaging, especially from nation-state hackers and other highly organized cybercrime gangs.
Guide to Risk Scores
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.
Avantia Cyber Security & ID Agent to the Rescue: When ransomware comes calling, it’s usually part of a phishing attack. BullPhish ID is key to preventing these incidents, with 4 new plug-and-play phishing kits added every month to keep you up to date on the latest threats. Find out more by calling Avantia on 07 30109711 today.
THREAT FOCUS: Panion App - SWEDEN
https://cybernews.com/security/social-media-app-leaking-data-of-172000-users/
Exploit: Unsecured Database Panion: Social Media App
Risk to Business: 2.337 = Severe - Swedish social media app Panion committed an unfriendly blunder by failing to secure an AWS bucket, leaving personal information for its users exposed. All told, about 2.5 million user records were exposed. The data included full names, email addresses, genders, interests, location coordinates, and last login dates, as well as selfies and document photos.
Individual Risk: 2.227 = Severe - Users should be aware that their location data has been exposed, as well as personal information that can empower spear phishing attacks or other crimes.
Customers Impacted: 2 Million
How it Could Affect Your Business: Don’t make rookie mistakes. Companies that leave databases open tell their clients that they’re not committed to using cybersecurity best practices, making clients less likely to do business with them.
Guide to Risk Scores
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.
Avantia Cyber Security & ID Agent to the Rescue: Start using Passly for staff access to databases and files. If everyone who needs access can be given it quickly, it eliminates the chance of people taking shortcuts like not locking a database.Call Avantia on 07 30109711 for more info.
THREAT FOCUS: Kleenheat Energy - AUSTRALIA
https://www.zdnet.com/article/kleenheat-customer-names-and-addresses-exposed-in-system-breach/
Exploit: Unsecured Database
Kleenheat: Energy Company
Risk to Business: 2.894 = Moderate - Australia’s Kleenheat is warning customers that they may have had data exposed in a breach at a third party vendor. The data was collected and stored in 2014, and in a system that is no longer in use at a former data storage partner.
Individual Risk: 2.822 = Moderate - Clients impacted in the breach had what the company characterizes as general information exposed including names, residential addresses, and email addresses.
Customers Impacted: Unknown
How it Could Affect Your Business: Third party exposures aren’t just a risk for your business, they’re also a risk for your customers. Failing to provide quality security on data storage can expose you and your clients to unwanted consequences. Guide to Risk Scores
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.
Avantia Cyber Security & ID Agent to the Rescue: Data like the kind stolen in this breach lives forever on the Dark Web. Be certain that your staff’s credentials aren’t hanging around on the Dark Web from a past exposure with Dark Web ID. For a FREE DARK WEB SEARCH please call Avantia on 07 30109711 today.
THREAT FOCUS: Containerchain Logistics - AUSTRALIA
Exploit: Ransomware
Containerchain: Logistics Platform
Risk to Business: 1.921 = Severe - In yet another attack on freight and transport, Containerchain was hit with a ransomware attack. Systems for its shipping customers were briefly shut down entirely but were restored quickly. The company does not believe that significant data was lost and noted that impacted customers (if any) would be in AU, NZ, SG, and MY. The investigation is ongoing.
Individual Impact: No personal data was exposed in this incident.
Customers Impacted: Unknown
How it Could Affect Your Business: A spate of recent attacks against shipping, transportation, and logistics targets has raised fears of potential cyberwarfare targets and put these essential parts of our infrastructure on notice that their cybersecurity is vital to operations.
Guide to Risk Scores
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
.5 – 3 = Moderate Risk
Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.
Avantia Cyber Security & ID Agent to the Rescue: Our digital risk protection platform offers businesses multiple tools for securing their systems and data, even from unexpected dangers. To find out more, please call Avantia on 07 30109711 for a no obligation discussion.
THREAT FOCUS: Haldiram’s Snacks - INDIA
Exploit: Ransomware
Haldiram’s Snacks: Snack Food Manufacturer
Risk to Business: 1.451 = Extreme - Beloved Indian snack food maker Halidram’s has been hit with a ransomware attack that has brought chaos to its business and manufacturing arms. Bad actors encrypted much of the company’s essential data between October 12 and October 13, demanding a ransom payment for release. The negotiation, recovery, and investigation is ongoing.
Individual Risk: No individual information was reported as impacted in this incident.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware typically arrives as the nasty cargo of a phishing email. Phishing is today’s biggest cybersecurity risk, and this kind of damage is exactly what makes it every IT professional’s nightmare
Guide to Risk Scores
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.
Avantia Cyber Security & ID Agent to the Rescue: Staffers only retain what they learned from security awareness training for approximately 4 months. Refresh that regularly with BullPhish ID to reduce the chance of your business falling prey to a ransomware gang. Call Avantia on 07 30109711 for more info.
______________________________________________________________________________
POSTSCRIPT
Too Many Privileged Credentials Can Lead to Disaster
How many administrator or above credentials are around for your business systems? How many people have access to an administrator password who shouldn’t? Can you be sure that every former staffer’s access has been removed? How many of your staffers are reusing passwords at work and at home? Compromised credentials cause big business problems, and privileged credentials are Golden Tickets for cybercriminals. In a recent analysis, experts determined that as many as a fifth of employees with privileged user credentials don’t need them – a third of the respondents even said that everyone at their level has the same access, whether they need it or not. Playing fast and loose with privileged access to your systems and data is a disaster waiting to happen, as the US Government recently found out. Bad actors were able to gain access to critical data and systems with stolen access credentials for O365, including administrator credentials. The attackers were then able to conduct a complex malware attack, remotely logging into staffers’ computers. Sometimes it’s inconvenient to have to track down someone to click a button. But giving out privileged access to everyone is no good at all, and sharing administrator passwords is not the answer. Simple secure identity and access management is the solution. ‘Passly’ combines multiple security tools into one solution, giving you more for your money including multi-factor authentication and secure shared password vaults. But the most important feature that Passly provides to alleviate this headache is single sign-on. It makes everyone’s job easier. Instead of writing down administrator passwords to access a system or giving people blanket access, single sign-on allows every staffer to have a personalized LaunchPad that signs them in to all of the apps they’ll use at work in one swoop. It’s also a boon for IT departments. No need to go into every single application a staffer might use and grant them access permissions. No more endless password resets when somebody lost that sticky note. Every user has an individual LaunchPad that IT staff can access from anywhere, granting and removing permissions with just a few clicks. Secure identity and access management was cited as a top priority for next year in a recent survey, and it’s no wonder. Making it easier for IT staffers to control your access points while making it easier to make sure that the right people have access to the right things exactly when they need it just makes good sense.
______________________________________________________________________________
AVANTIA CYBER SECURITY - PARTNER FOCUS
ID Agent provides a comprehensive set of threat intelligence and identity monitoring solutions to private and public sector organizations and to millions of individuals impacted by cyber incidents. The company's flagship product, Dark Web ID, combines human and sophisticated Dark Web intelligence with capabilities to identify, analyse and monitor for compromised or stolen employee and customer data, mitigating exposure to clients’ most valuable assets – their digital identity.
FOR MORE INFORMATION ON GRAPHUS PLEASE CONTACT AVANTIA CYBER SECURITY ON +61 7 30109711 / info@avantiacorp.com.au
__________________________________________________________________________________
Disclaimer*:
Avantia Corporate Services Pty Ltd T/A Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, other members of the 5 Eyes Alliance, the Australian Cyber Security Centers, and other sources in 56 countries who provide cyber breach and cyber security information in real time. Given their international focus and experience in the cyberspace arena we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the contents accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.
*COPYRIGHT 2020* Avantia Corporate Services - All Rights Reserved
(5,052,000)