Search
  • Avantia Threat Update

ZOOM 'S SECURITY & PRIVACY VIOLATED


Zoom's Security and Privacy Woes just keep coming.

This Past Week: Zoom’s Security violated causing security issue; Microsoft warns hospitals of impending Ransomware attack; Emotet Malware shuts down Microsoft’s entire network by overheating PC’s; Bluetooth related flaws threaten dozens of medical devices; Remote work is not new - but its the ‘new normal’; FBI expects increase in COVID-19 Themed BEC Scams; Ransomware slows COVID-19 treatment development; Malware targets online shoppers; Phishing scams jump by 667% in a month and Major Breaches in UNITED STATES; UNITED KINGDOM; CANADA & AUSTRALIA.


Dark Web ID Trends:

Top Source Hits: ID Theft Forums

Top Compromise Type: Domain

Top Industry: Medical & Healthcare

Top Employee Count: 11 - 50

________________________________________________________________________


ZOOM’S SECURITY & PRIVACY WOES VIOLATED - EXPERT SAYS:

Home working and learning has led to a boom in videoconferencing, with Zoom a major beneficiary. But concerns over privacy and security raise important questions: is Zoom safe, and is it even GDPR compliant? The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information from individuals who live in the European Union (EU). Security concerns revolve around the recent discovery of several vulnerabilities taken with the length of time it has taken Zoom to fix earlier vulnerabilities. Privacy concerns focus on a lack of transparency around the user or meeting data retained by Zoom, and who else has access to it. We will concentrate on the privacy issues in this article. Data retention and third-party access concerns are typified by the recent discovery that the Zoom iOS app had been passing data to Facebook even where the iOS user had no Facebook account. There was no indication in Zoom's privacy policy that this was happening (Zoom has stopped this, but iOS users will need to download the latest app version to prevent it continuing). There are two concerns here: the lack of transparency and the distribution of information to a third party without user consent. "This is a clear breach of GDPR," Tara Taubman-Bassirian, a French-born, London-Based lawyer and privacy advocate, told SecurityWeek. "With the lack of transparency, the host holds many capabilities that are unknown to the participant, such as recording and further broadcasting." The consent issue is a complex one, which will require careful consideration by Zoom if it is to be solved. GDPR holds that consent for collecting personal data must be freely given, and that if there is an imbalance of power between the parties, it cannot be a free choice and that any consent obtained is invalid. There is already a precedent for this. In September 2019, a school in Sweden was fined $20,000 for using facial biometrics to track 22 students. The parents had given their consent, but the data protection regulator ruled, "consent was not a valid legal basis given the clear imbalance between the data subject [the students] and the controller [the school]." There is the potential for this same argument to be used in the current work from home environment, for both office workers and schoolchildren. Any invitation to a teleconference is effectively an instruction with an imbalance of power and little realistic option to decline. It is possible that many COVID-19 instigated teleconferences are being held in contravention of GDPR's consent rules. Zoom describes itself as the data processor rather than the data controller (which is the host). If this argument is supported by the GDPR data regulators, and the meeting hosts keep a recording of the meeting on their own servers, it means that the host is responsible for the data under GDPR.  This is an important aspect that might not be recognized by the hosts. Valid consent becomes even more important, and it should, suggests Taubman-Bassirian, "be of the higher standard as data collected and recorded are biometrics capable of identifying individuals" -- and in some cases will include children. Zoom appears to be making efforts to solve the issues that have been raised over the last few weeks. In a blog published Wednesday, it says, "We are looking into each and every one of them and addressing them as expeditiously as we can. We are committed to learning from them and doing better in the future." One immediately welcome statement is "we do not sell our users' data, we have never sold user data in the past, and have no intention of selling users' data going forward." The blog explains the pressure the company is under. Where last year the maximum number of daily meeting participants was around 10 million, it is now more than 200 million, which now includes 90,000 schools across 20 countries. But the issues pre-exist the current surge in use -- they have not been created by the expansion. Zoom further explains that the platform was designed for business users, and the influx of home workers and schoolchildren has been a surprise. But the need for privacy and security does not differentiate between corporations, individual workers at home, and schoolchildren -- so, neither of these arguments have any bearing on the current issues. Indeed, they rather raise another question since they indicate a lack of privacy by design or default -- which is a requirement under GDPR. One of the improvements Zoom is working on is to improve its transparency and clarity. It has admitted, in a separate blog, that that what it marketed as end-to-end encryption of its services is no such thing. Jarosław Kamiński, principal consultant at F-Secure, explains the relevance. The encryption used means that communication between the Zoom server and the participant is encrypted and not susceptible to a man-in-the-middle attack. "E2E," he continued, "means the communication is encrypted for the whole time and is inaccessible to the vendor. Without end-to-end encryption, a vendor has the technical capability to intercept / record the communication." That doesn't mean the vendor does this; but Zoom doesn't specify that it doesn't. Zoom is also introducing a new transparency report. This is very welcome. The firm says it is, "Preparing a transparency report that details information related to requests for data, records, or content." Notice the word 'content'. An updated privacy policy issued on March 27 makes it clear that the Zoom cloud will contain recordings of all meetings that the host wishes to be recorded -- so Zoom will always have access to some meetings' content. What it doesn't say is that it does not store any other meetings' content. We know that since it does not use end-to-end encryption, it can intercept and store everything. We don't know whether it does, nor how long it retains the content it says it stores. This raises another question, since Zoom says clearly that it obeys national laws for government access to content. But Zoom is global in operation, which means that via the CLOUD Act, the U.S. government will have access to foreign data. This is worth considering, since apart from possibly sensitive commercial information, that content might even include confidential foreign government data.  On March 27, UK Prime Minister Boris Johnson tweeted that he had just, hours earlier, "chaired the first ever digital Cabinet". The screenshot he shared makes it clear it was held on Zoom, and even shows the Zoom meeting ID number. Disclosing the ID number is not as concerning here as it might immediately appear because the meeting had finished and there was no chance for 'zoombombing' by third parties.  F-Secure senior researcher Andy Patel explained 'zoombombing'. "A Zoom meeting ID is a relatively short numerical string that can likely be guessed or brute forced. By constructing an URL to potential meetings (by synthesizing the URL -- usually just the Zoom URL, possibly expanded with the customer name, with the ID appended), someone can find and join meetings that aren't password protected, even if they weren't invited," he told SecurityWeek. "As an extra bonus, some people have been posting screenshots from their Zoom meetings that include the ID, so when people find those, they all pile into the open meeting." However, in our current example, we do not know whether the host (either Boris Johnson or the Cabinet Office) asked for a copy to be kept by Zoom for future reference, or whether Zoom kept a copy by default. In either case, US intelligence agencies now could demand access to everything said within the meeting. It would be natural to expect that the UK's cyber guardians -- in particular, the Cabinet Office and the NCSC -- would have ensured Zoom's privacy and security before allowing the prime minister to go digital. SecurityWeek asked both offices for clarification, but got none. The Cabinet Office did not answer our questions, but provided two unrelated comments, "National Cyber Security Centre guidance shows there is no security reason for Zoom not to be used for meetings of this kind." It also said, "The MoD [referring to false reports that the MoD had banned the use of Zoom] uses Zoom to conduct cross-government meetings for official level business. There are no plans to review this." The implication is that the NCSC has examined Zoom and found it adequate. This doesn't seem likely, since the only comment provided by the NCSC, so far, firmly passes the buck back to the Cabinet Office: "Cabinet Office are leading the response on Zoom, so for a statement I'd recommend getting in touch with press office via [their email address]." Whether the NCSC has conducted its own tests on Zoom or not, there nevertheless seems sufficient privacy issues (past and present) to wonder if Zoom is adequately GDPR (or the UK's Data Protection Act implementation of GDPR) compliant. Here SecurityWeek asked the Information Commissioner's Office for a comment. The reply was this: ""The coronavirus pandemic has led to a rise in use of video conferencing tools as a valuable way for people to communicate. Any such technology must be transparent with users about how their data will be processed, as well as giving users choice and control. At this stage we are considering various concerns that have been raised regarding video conferencing apps." There is no specific reference to Zoom, but we can assume that it is high on the list of videoconferencing tools being considered. Other European data processing regulators are likely to be doing similar. On the surface it would appear that Zoom has a case to answer -- but Zoom hosts must also consider their own exposure as data controllers -- especially regarding the valid consent issue. Whether Zoom should be investigated -- or even fined if found to be in violation -- is a different question. "It is my opinion," Brittany Roush, Director at the Crypsis Group, told SecurityWeek, "that having that kind of flexibility to ensure that critical services can carry on, especially in a crisis, does not take the teeth from the CCPA and GDPR. If anything, it demonstrates that the regulatory bodies are carrying out their essential function -- which is to ensure that companies protect consumer data... In many ways, the CCPA and GDPR should take a page from HIPAA, which lowered security standards for Telehealth in order to manage the critical healthcare demands of the pandemic... we do not have the luxury of time on our side to devise perfect solutions."


MICROSOFT WARNS HOSPITALS OF IMPENDING RANSOMWARE ATTACKS

Microsoft this week sent targeted warnings to dozens of hospitals that it believes are vulnerable to impending ransomware attacks. On April 1, Microsoft's Threat Protection Intelligence Team published the blog titled, 'Microsoft works with healthcare organizations to protect from popular ransomware during COVID-19 crisis: Here's what to do,' which states that Microsoft threat intelligence sources "identified several dozens of hospitals with vulnerable gateway and VPN appliances in their infrastructure." Microsoft said it sent "a first-of-its-kind targeted notification" to the hospitals about their vulnerable gateway and VPN deployments, warning them that ransomware threat actors are currently scanning the internet for such vulnerabilities. While there's been an increase in social engineering attacks amid the COVID-19 pandemic, Microsoft said it's seen evidence of more sophisticated and dangerous threat activity, which could put hospitals and healthcare organizations in jeopardy at a critical time. "We're seeing not just a rise in COVID-themed typical phishing/malware lure emails, but an uptick in the attempted compromise of legitimate services, such as healthcare and technology providers. Attackers are masquerading as these trusted entities using their services as a relay to get to users. Some of them are more sophisticated operations impersonating an individual/organization in need for several days," a Microsoft spokesperson said. "We have seen attackers with many motivations utilize these human-operated ransomware style vulnerabilities, including to target hospitals." According to the Microsoft Threat Protection Intelligence blog titled 'Human-operated ransomware attacks: A preventable disaster,' these type of attacks "are known to take advantage of network configuration weaknesses and vulnerable services to deploy devastating ransomware payloads." "In these hands-on keyboard attacks, which are different from auto-spreading ransomware like WannaCry or NotPetya, adversaries employ credential theft and lateral movement methods traditionally associated with targeted attacks like those from nation-state actors. They exhibit extensive knowledge of systems administration and common network security misconfigurations, perform thorough reconnaissance and adapt to what they discover in a compromised network," the blog post said. One adversary known to exploit gateway and VPN vulnerabilities is the ransomware group, REvil, also known as Sodinokibi. Microsoft has been tracking the group as part of a broader monitoring of human-operated ransomware attacks. "As organizations have shifted to remote work in light of the pandemic, we're seeing from signals in Microsoft Threat Protection Services (Microsoft Defender ATP, Office 365 ATP and Azure ATP) that the attackers behind the REvil ransomware are actively scanning the internet for vulnerable systems," Microsoft Threat Protection Team wrote in the blog. "Our intel on ransomware campaigns shows an overlap between the malware infrastructure that REvil was observed using last year and the infrastructure used on more recent VPN attacks. This indicates an ongoing trend among attackers to repurpose old tactics, techniques and procedures for new attacks that take advantage of the current crisis." According to the blog, once REvil is successful with an exploitation, "attackers steal credentials, elevate their privileges and move laterally across compromised networks to ensure persistence before installing ransomware or other malware payloads." Emsisoft threat analyst Brett Callow provided SearchSecurity with information that showed a healthcare organization was recently attacked by REvil; several ransomware groups recently pledged not to attack healthcare and medical facilities during the pandemic, though REvil was not one of those groups. REvil employs human-operated attack methods to target organizations that are most vulnerable to disruption, ones that haven't had the time or resources to install the latest patches or update firewalls, according to the Microsoft. Threat actors can remain undetected in networks, sometimes for months on end. "We recommend to hospitals that they prioritize patching any open VPN and gateway vulnerabilities, as attackers are actively taking advantage of them as people work and access information remotely," a Microsoft spokesperson said. Since the release of the blog on April 1, Microsoft said it hareceived replies from healthcare organizations asking for additional information and resources.


EMOTET MALWARE SHUT DOWN MICROSOFT’S ENTIRE NETWORK BY OVERHEATING PC’S

Emotet is one of the notorious malware wreaking havoc across industries by hacking systems. In that latest attack, it took down an entire network of Microsoft by overheating computers. According to a report by Microsoft Detection and Response Team (DART), Emotet tricked one Microsoft employee into opening a malicious email attachment. A series of events that followed led to a week-long shut down of the organization’s core services by maxing out CPUs. How was the attack executed? Emotet malware managed to evade all detection systems as it is regularly controlled by the attacker’s command and control (C2C) server. Five days after the employee’s credentials were extracted by the phishing email attachment, the Emotet payload was delivered and executed on Fabrikam’s (an alias used for the victim by Microsoft in its case study) PCs. Soon, malware actors started targeting more employees of Fabrikam and their external contacts using stolen credentials and more systems were affected. The malware took over the control of the entire network by gaining access to the admin account. Within 8 days since the email attachment was first opened, the entire network crashed despite the best efforts from the IT department of the entity. All the PCs connected to the network started experiencing overheating, freezing, abrupt shutdowns and reboot due to Blue Screen of Death. Emotet malware also chugged all the bandwidth thus slowing down the internet connection of the network. DART’s case study mentions: “When the last of their machines overheated, Fabrikam knew the problem had officially spun out of control. We want to stop this hemorrhaging.” The entire network was brought down to its knees including the 185-surveillance camera network due to Emotet malware. “Emotet consumed the network’s bandwidth until using it for anything became practically impossible. Even emails couldn’t wriggle through,” reads the report. Containment Efforts: 8 days after the first system froze, Microsoft’s cybersecurity team DART was called to Fabrikam. They controlled the malware attack by using buffer zones that isolated assets with admin privileges. They also uploaded new antivirus signatures and installed Microsoft Defender ATP and Azure ATP to get rid of the malware completely. Since Emotet paralyzed their own network, Microsoft recommends users to deploy email filtering tools to avoid potential phishing attacks and multi-factor authorization to evade illegal access to the system.


BLUETOOTH RELATED FLAWS THREATEN DOZENS OF MEDICAL DEVICES

Hundreds of smart devices—including pacemakers—are exposed thanks to a series of vulnerabilities in the Bluetooth Low Energy protocol. BLUETOOTH is used in everything from speakers to implanted pacemakers, which means that Bluetooth-related vulnerabilities can affect a dizzying array of devices. In the latest instance, a newly discovered round of 12 Bluetooth bugs potentially exposes more than 480 devices to attack, including fitness trackers, smart locks, and dozens of medical tools and implants. Researchers from Singapore University of Technology and Design began developing techniques for analyzing Wi-Fi security in January 2019, and later realized they could apply those same methods to assess Bluetooth as well. By September they had found their first bug in certain implementations of Bluetooth Low Energy, the version of the protocol designed for devices with limited resources and power. Within weeks, they had found 11 more. Collectively dubbed "SweynTooth," the flaws exist not in BLE itself, but in the BLE software development kits that come with seven "system on a chip" products—microchips that integrate all of a computer's components in one place. IoT manufacturers often turn to off-the-shelf SoCs to develop new products quickly. That also means, though, that SoC implementation flaws can propagate across a wide variety of devices. The SweynTooth bugs can't be exploited over the internet, but a hacker within radio range could launch attacks to crash targeted devices entirely, disable their BLE connection until a restart, or in some cases even bypass BLE's secure pairing mode to take them over. In addition to all manner of smart home and enterprise devices, the list includes pacemakers, blood glucose monitors, and more. "We were quite surprised to find these kinds of really bad issues." As problematic as the vulnerabilities could be in smart home devices or office equipment, the stakes are clearly higher in the medical context. The researchers did not develop proof of concept attacks against any of the potentially vulnerable medical devices, but the relevant SoCs contain bugs that could be used to crash the communication functions or the whole device. Manufacturers will need to individually test each of their products that rely on a vulnerable SoC to determine which attacks would be feasible in practice and what patches are necessary. And the researchers note that it's important for manufacturers to consider how an attacker could chain the SweynTooth vulnerabilities with other possible remote access attacks to cause even greater harm. Any device that wants to advertise Bluetooth as a feature and use the Bluetooth logo goes through a certification process to ensure interoperability across devices. In this case, though, the SoC manufacturers missed some basic security red flags. "We were quite surprised to find these kinds of really bad issues in prominent vendors," says Sudipta Chattopadhyay, an embedded systems researcher who oversaw the work. "We developed a system that found these bugs automatically. With a little bit more security testing they could have found it as well." The Bluetooth Special Interest Group, which oversees development of the Bluetooth and BLE standards, did not a return a request from WIRED for comment about the findings. Bluetooth and BLE implementation issues are common, though, partly because the Bluetooth and BLE standards are massive and complex. "Some of the vendors we contacted originally, the engineers said, 'Well, the reason you're getting these issues is that you're putting in values that are not expected, not within the specification,'" Chattopadhyay says. "But you can't only be testing for a benign environment. We're talking about an attacker here. He doesn’t care about what's expected." The researchers notified seven SoC makers about the vulnerabilities. Texas Instruments, NXP, Cypress, and Telink Semiconductor have all released patches already. Dialog Semiconductors has released updates for one of its SoC models, but has more coming for other models in a few weeks. STMicroelectronics recently confirmed the researchers' findings but has not developed patches yet, and Microchip does not currently seem to have patches in the works. Even when the SoCs release updates to their BLE software development kits to plug the holes, though, the challenge is that each individual manufacturer that uses any of the seven affected SoCs still needs to take those patches, adapt them to their particular products, and convince customers to install them.

"Imagine the time it takes for a single pacemaker to get an update and the kind of process to update it in the field," says Ben Seri, who has found similar chip-level BLE implementation issues and is vice president of research at the embedded device security firm Armis. "It’s not something that happens quickly or easily. For all of these affected devices, they either won't be patched at all or will require huge effort to be updated.” The researchers emphasize that even more products than the hundreds they've already identified are likely vulnerable, because it's difficult to know where manufacturers have used impacted SoCs. Now that the SweynTooth findings are public, it's possible that more vulnerable SoCs will come to light as well as the Singapore University of Technology and Design group and other researchers around the world continue investigating. "The FDA is assessing the SweynTooth Bluetooth Low Energy chipset vulnerabilities," an agency spokesperson told WIRED. "The FDA continues to assess new information concerning emergent cybersecurity vulnerabilities and will keep the public informed if significant new information becomes available." The vulnerabilities are difficult to exploit in practice, and expose different devices to different degrees. But they underscore just how critical chip-level security is, especially when those chips are broadly outsourced—not to mention how long it takes to fix these problems when they arise in IoT.


REMOTE WORK IS NOT NEW, BUT ITS THE NEW NORMAL:

Due to Coronavirus (COVID-19) outbreak, we have seen a huge shift with many people who typically spend 40 or more hours a week in the office now working from home and having to adjust in an accelerated timeframe. We’ve seen plenty of articles sharing advice on how you can be effective working at home and the like, but what experienced remote workers – and often the authors of these pieces – forget is that this is uncharted territory for most. Being forced to work from home without advanced notice to properly prepare can be a real challenge. To put it simply, this new norm is disruptive. The challenge now is that 50 percent or more of us are spending the whole week at home – and online. This is putting additional pressure on corporate IT and the IT teams who need to scale up services fast are working harder than ever to ensure a good user experience. Here are a few simple suggestions that may help during this time of change.

Stay off the (corporate) network

When we work from home, most of us will use a VPN (Virtual Private Network). It makes our work computer behave as if we are in the office, saves on extra authentication and, in some cases, is the only way to access corporate information. However, a VPN is also a chokepoint into the network and too many users can slow down access. It’s likely that some software like email does not require a VPN and other applications may be accessible externally with additional authentication or using a multi-factor token. As a reminder, in most organisations, the VPN is designed to protect access to business services. General online activities, such as banking and social media, are not affected. If your corporate policy allows it, don’t automatically load the VPN when you start work – use it when needed and unload when you don’t.

Working at home carries additional (online) risks

In the office, we are protected by a corporate security bubble – our employers invest heavily to ensure that the right solutions are in place to protect data and keep threats on the outside. As home workers, our corporate device will still carry a level of protection, but the risks are heightened by the environment. For this reason, security awareness is an important consideration. A corporate awareness program provides much needed information for workers. Beyond being part of an employee on-boarding process, this program should be continually updated and mandated with refresher training. One simple suggestion that goes beyond a program is to provide regular mini updates on what’s happening in the world of SCAMS and malware. This keeps employees up-to-date and, in return, they are more likely to share with friends, family and contacts, if the information is presented in an informative and easily digestible way. The onus is also on us to take extra responsibility applying corporate awareness to our own environments. There are plenty of distractions when working from home; children, deliveries, a sunny patio or a walk with the dog at lunchtime. The bad guys know this and will have malware targeted toward broadband connections, looking for remote workers on their home network.


• Watch for SCAM text messages with seemingly helpful links to more information. If you were not expecting the message and do not recognize the number, never click on the link.

• Keep a watchful eye on phishing and SPAM emails. Even something that appears to come from someone you know could be a fake. If you’re unsure about an email, take a look at this recent article on spotting phishing attacks. 


Learning from Experience 

People who work remotely are less visible with colleagues and management, often leading them to overwork. This is a common mistake and can lead to burn out or reduced overall quality of work. Our working habits certainly change when we’re away from the office, but this can be for the better. Here are a few tips for those working from home.


1. We are often more productive at home. Think about the distractions of a day in the office: coffee machine chats, smoke breaks, shuffling from room to room for meetings, etc. How much time do these activities take when added up? Your working day should reflect a day in the office, don’t be chained to the desk…exercise, make coffee and enjoy the experience.

2. When setting up conference calls for a remote audience, try not to put them to the top of the hour. That’s when everyone does it, making it more likely to cause issues with connectivity. Rather than a 10:00 a.m. call, try 10:15 and schedule it for 45 minutes rather than an hour. This accounts for what would be the walking time between meeting rooms and will give you a small break.

3. Have a non-work chat. This is so important. In the office, we regularly take time to chat with a colleague about their evening or maybe plans for the weekend – why not do the same from home, but with a 15-minute video catch up? You’d be surprised what a lift it can give to your well-being and mood.


Working remotely should be a positive experience. You may be able to get more done in a day (work-related and not) and, by avoiding the daily commute, will end the day in a much better frame of mind. We’re all in the same boat for the foreseeable future – we can make the most of it by understanding the risks and giving everyone (including ourselves) a little grace.


FBI EXPECTS INCREASE IN COVID-19 THEMED BEC SCAMS

The Federal Bureau of Investigation is expecting an increase in the frequency of scams related to the current COVID-19 pandemic, including those involving Business Email Compromise (BEC). BEC scams are a type of fraud targeting those in charge of an organisations finances, ordering legitimate funds transfers for a customer company to trick unsuspecting victims into sending money to the attackers. In BEC attacks, the victim typically receives an email apparently arriving from a company they normally conduct business with, requesting payments be made to a new account, or demanding a change in the standard payment operations. According to the FBI, losses in the USA surpassed $1.7 billion in 2019, and are only expected to increase. More recently, there has been an increase in BEC attacks targeting municipalities purchasing personal protective equipment or other supplies for the ongoing coronavirus crisis. One of the most recent examples of BEC fraud targeted a financial institution with an email allegedly arriving from the CEO of a company and related to a previously scheduled transfer of $1 million. The message requested the transfer date be moved up and to a new account, due to the COVID-19 situation. In another incident, a bank customer received a message from an alleged client in China, requesting that all invoice payments be changed to a different bank, claiming that their regular accounts could not be accessed due to audits. Several transfers were made to the new bank before the fraud was discovered. To stay protected from this type of fraud, organizations should look for specific red flags, including an unexplained urgency, last minute changes in wire details or in established communication platforms, refusal to communicate via telephone or online voice/video services, requests for advanced payment of services if previously such payment was not required, and requests to change direct deposit information. According to the FBI, being skeptical of any last minute changes in wiring instructions and verifying all such changes via the contact on file could help avoid falling victim to fraud. To stay protected, users should also make sure that URLs in emails are associated with the business they claim to be from, should be wary of hyperlinks that may contain misspellings of the actual domain name, and should verify the email address used to send emails. Immediately after discovering that they might have fallen victim to a fraudulent incident, users should contact their financial institution to request a recall of funds, and should also report the issue to the employer. Victims are advised to also file a complaint with the FBI’s Internet Crime Complaint Center or the equivalent in their country as soon as possible.

______________________________________________________________________________


THREAT FOCUS: Social Bluebook - UNITED STATES

https://techcrunch.com/2020/03/27/social-bluebook-hacked/


Exploit: Unauthorized database access 

Social Bluebook: Social media platform  

Risk to Small Business: 2.117 = Severe Cybercriminals exfiltrated a company database containing personal information from thousands of internet influencers. Embarrassingly, the breach, which occurred in October 2019, was identified by TechCrunch reporters who were sent a copy of the stolen database. In a statement, the company claimed to be ignorant of the breach, raising serious questions about the efficacy of its cybersecurity strategy. This incident is likely to have significant blowback from well-connected influencers on social media and invite regulatory scrutiny on many fronts. Individual Risk: 2.122 = Severe The stolen database contains account information for 217,000 users. This includes names, email addresses, and hashed and scrambled passwords. Those impacted by the breach should immediately update their login credentials for this website and any other service using the same information, plus closely monitor their accounts for unusual or suspicious activity.  

Customers Impacted: 217,000

Effect On Customers: Hackers frequently target social media influencers because of their large public following. Therefore, companies catering to this clientele need to be prepared to protect their users’ valuable personal data. If they can’t, these influencers will almost certainly tell their followers all about it, a principle that applies to a growing number of consumers in every sector.

Risk Levels:

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & Huntsman Digital Auditor to the Rescue: Helping SME’s to understand the importance of security is no easy task. With an ‘Essential8’ Digital Security Audit we offer a remote access, independent ‘real time’ audit of our clients critical operational infrastructure systems to determine where the gaps are with recommendations for remediation.

Its the first step to real cyber security. Call Avantia’s office on 07 30109711 or visit: https://www.avantiacybersecurity.com/cyber-security-audit

THREAT FOCUS: Ozark Orthopedics - UNITED STATES

https://ryortho.com/breaking/ozark-orthopaedics-data-breach-exposes-over-15000-patients/


Exploit: Phishing scam Ozark Orthopedics: Orthopedic healthcare practice

Risk to Small Business: 2.113 = Severe Four employees fell for a phishing scam and gave hackers access to email accounts containing patient data. The scope of the data breach that occurred in late 2019 was just released by the healthcare provider, creating questions about the practice’s cybersecurity practices. As a result, patients were unable to quickly take steps to protect their identities and Ozark Orthopedics has opened itself up to regulatory scrutiny that could result in substantial financial penalties.

Individual Risk: 1.775 = Severe Patients’ personally identifiable information was exposed in the breach, including their names, treatment information, Medicare or Medicaid identification numbers, Social Security numbers, and financial account information. In the wrong hands, this information can be used in a litany of financial or identity-related crimes. Those impacted by the breach should immediately enroll in credit and identity monitoring services to secure their personal information.    

Customers Impacted: 15,240

Effect On Customers: More than a trillion phishing emails are sent each year, some of which will inevitably make their way into your employees’ inboxes. Training employees to spot these scams is especially important to protect your company from a devastating data breach.

Risk Levels: 1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: BullPhish ID simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime. For more information call 07 30109711 (Office Hours) or Click the link to get started: https://www.avantiacybersecurity.com/overwatch


THREAT FOCUS: 10X Genomics Inc. - UNITED STATES

https://www.cyberscoop.com/covid-19-ransomware-10x-genomics-data-breach/


Exploit: Ransomware

10x Genomics Inc.: Biotechnology company

Risk to Small Business: 2.206 = Severe A ransomware attack disrupted operations at the biotechnology company, which is currently acting as part of a consortium working to quickly develop a treatment for COVID-19. Before encrypting IT, hackers exfiltrated company data. Although the company reports “no material day-to-day impact,” it’s unclear what the implications are for the stolen data or how this could impact its development of a COVID-19 treatment.  

Individual Risk: At this time, no personal information was compromised in the breach.  

Customers Impacted: Unknown

Effect On Customer: Companies in every sector have seen an uptick in cybersecurity threats as COVID-19 disrupts business-as-usual and puts many people on edge. This is especially true for the healthcare industry, which is experiencing a deluge of ransomware attacks, phishing scams, and other threats at a critical time.

Risk Levels: 1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: BullPhish ID simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime. For more information call 07 30109711 (Office Hours) or Click the link to get started: https://www.avantiacybersecurity.com/overwatch


THREAT FOCUS: GoDaddy - UNITED STATES   

https://krebsonsecurity.com/2020/03/phish-of-godaddy-employee-jeopardized-escrow-com-among-others/?web_view=true


Exploit: Phishing scam  

GoDaddy: Internet domain registrar

Risk to Small Business: 2.313 = Severe A spear phishing attack tricked a customer service employee into providing information that ultimately allowed hackers to view and modify customer records. As a result, several GoDaddy clients, including Escrow.com, which provides escrow services for several prominent websites, were impacted. The breach will have costly implications for both GoDaddy and its customers, who will have to decide if they want to continue partnering with a company that puts their sensitive data at risk.  

Individual Risk: At this time, no personal information was compromised in the breach. 

Customers Impacted: Unknown

Effect On Customers: Today’s online ecosystem is vast and interconnected. This incident is a reminder that failures at other companies can have significant implications for your own, which increases the importance of securing accounts to buttress your IT infrastructure against potential failure at third-party contractors. With simple cybersecurity features, like two-factor authentication, company accounts remain secure even when credentials or login information is exposed.

Risk Levels: 1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


Avanti Cyber Security & ID Agent to the Rescue: With Passly, get the secure identity and access management solutions that you need to protect your systems and data in today’s remote work landscape at a price that you can afford, including multi-factor authentication, single sign-on, and secure password storage. Find out more by phoning Avantia on 07 30109711 or Click the link to get started: Click the link to get started: https://www.avantiacybersecurity.com/overwatch

THREAT FOCUS: The Beer Store - CANADA

https://www.itworldcanada.com/article/some-ontario-beer-chain-outlets-forced-to-use-cash-only-after-cyber-attack/429003


Exploit: Malware attack

The Beer Store: Retail store outlets

Risk to Small Business: 2.187 = Severe: Cybercriminals infiltrated The Beer Store’s website and injected payment skimming malware into its online store. The online store allowed customers to place orders for pickup or delivery, two critical features as social distancing measures keep shoppers at home. This breach removed The Beer Store’s ability to accept payments via credit card, which could significantly impact its bottom line during this already challenging time.

Individual Risk: 2.311 = Severe Although the company quickly detected the intrusion and closed its online store, anyone who made an online purchase before the threat was identified likely had their payment credential compromised – including all sensitive identification and financial information entered during the checkout process. Those impacted should notify their financial institutions of the breach while also taking steps to secure their accounts and personal details from misuse.

Customers Impacted: Unknown

Effect On Customers: Customers are increasingly unwilling to do business with companies that can’t protect their personal information. At the same time, privacy regulators are backing them up, collectively ensuring that companies have millions of reasons to execute on this mission critical priority.

Risk Levels:

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & Huntsman Digital Auditor to the Rescue: Helping SME’s to understand the importance of security is no easy task. With an ‘Essential8’ Digital Security Audit we offer a remote access, independent ‘real time’ audit of our clients critical operational infrastructure systems to determine where the gaps are with recommendations for remediation.

Its the first step to real cyber security. Call Avantia’s office on 07 30109711 or visit: https://www.avantiacybersecurity.com/cyber-security-audit

THREAT FOCUS SOS Online Backup - UNITED KINGDOM

https://www.securitymagazine.com/articles/92042-data-breach-report-cloud-backup-provider-exposes-more-than-135-million-customer-records

Exploit: Unprotected database

SOS Online Backup: Cloud storage provider   

Risk to Small Business: 2.472 = Severe Cybersecurity researchers identified an exposed database containing nearly 70 GB of sensitive data. The database was discovered in November 2019, but it wasn’t examined until December 9, 2019. Although SOS Online Backup was notified of the breach the next day, it took ten days to have the vulnerability secured – and the company waited several months before informing customers of the event. The company has databases around the world, including in the United States and the United Kingdom, and will undoubtedly face intense regulatory scrutiny for the incident.

Individual Risk: 2.630 = Moderate The exposed database includes users’ personally identifiable information, including names, email addresses, phone numbers, internal company details, and account usernames. This information is often redeployed in spear phishing campaigns that trick unsuspecting recipients into disclosing even more sensitive data. Therefore, victims should carefully monitor their accounts and digital communications for suspicious or unusual messages. Customers Impacted: 135,000,000

Effect On Customers: Data privacy regulation is the new norm, as countries around the world enact regulations to support the public’s growing desire for online privacy. Consequently, companies that endure a data breach can expect that increased regulatory scrutiny of the way that information is stored will incur substantial financial penalties as well as other negative legal consequences.

Risk Levels:

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


Avanti Cyber Security & ID Agent to the Rescue: With Passly, get the secure identity and access management solutions that you need to protect your systems and data in today’s remote work landscape at a price that you can afford, including multi-factor authentication, single sign-on, and secure password storage. Find out more by phoning Avantia on 07 30109711 or Click the link to get started: Click the link to get started: https://www.avantiacybersecurity.com/overwatch

THREAT FOCUS: iStaySafe Pty  - AUSTRALIA    

https://www.bankinfosecurity.com/australian-kids-smartwatch-maker-hit-by-same-bug-again-a-14046


Exploit: Unauthorized database access

iStaySafe Pty: GPS smartwatch for children

Risk to Small Business: 2.434 = Severe This product lets parents track their child’s location and alerts them if the child leaves their designated safe location – but a coding error allowed hackers to download users’ personal data and mimic their location on the service. This dangerous vulnerability not only disrupted that functionality, it also gave hackers access to minors’ location and personally identifiable information. To make matters worse, this is the second time that the watchmaker has experienced this flaw. The same problem was discovered and repaired in 2019, raising serious questions about the platform’s commitment to cybersecurity.    

Individual Risk: 1.899 = Severe The breach allowed hackers to access users’ names, email addresses, phone numbers, and profile photos. In addition, bad actors could modify minor children’s location data. This information could be used to craft spear phishing campaigns or for exploitative criminal purposes, so users should be especially vigilant to assess their use of the product.    

Customers Impacted: Unknown

Effect On Customers: Customers are increasingly unwilling to do business with companies that can’t protect their personal information. At the same time, privacy regulators are backing them up, collectively ensuring that companies have millions of reasons to execute on this mission critical priority. 

Risk Levels:

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & Huntsman Digital Auditor to the Rescue: Helping SME’s to understand the importance of security is no easy task. With an ‘Essential8’ Digital Security Audit we offer a remote access, independent ‘real time’ audit of our clients critical operational infrastructure systems to determine where the gaps are with recommendations for remediation.

Its the first step to real cyber security. Call Avantia’s office on 07 30109711 or visit: https://www.avantiacybersecurity.com/cyber-security-audit

THREAT FOCUS: Commonwealth Federal Courts - AUSTRALIA

https://www.abc.net.au/news/2020-03-31/federal-court-in-protection-visa-data-breach-published-names/12102536


Exploit: Accidental data exposure 

Commonwealth Federal Courts: Federal Circuit Court of Australia   

Risk to Small Business: 2.805 = Moderate The Commonwealth Federal Courts have acknowledged a “systemic failure” that resulted in the publication of the personal details of hundreds of asylum seekers. The court system removed the discovery feature that compromised peoples’ information. Still, the court has known about the vulnerability for years, leaving many to question its commitment to privacy, especially as it relates to a uniquely vulnerable group of people. In addition to public blowback for the incident, the court system could face additional scrutiny from lawmakers.

Individual Risk: 2.667 = Moderate The exposed information included the names, nicknames, and birthdates of hundreds of asylum seekers. This information could put them or their families in danger, which is especially egregious given their already vulnerable position.

Customers Impacted: Unknown

Effect On Customers: Public sentiment and new regulatory standards are working to hold organizations accountable when they fail to protect private data. Consequently, any organization that handles this kind of information needs to account for potential vulnerabilities and take every step possible to ensure that their defensive posture can meet the moment, keeping sensitive information off the Dark Web.

Risk Levels:

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: We go into the Dark Web to keep you out of it. Dark Web ID is the leading Dark Web monitoring platform in the world. This award-winning platform combines human and sophisticated Dark Web intelligence with search capabilities to identify, analyze, and proactively monitor for an organization’s compromised or stolen employee and customer data. Schedule a remote demo today by calling 07 30109711 or Click the link to get started: https://www.avantiacybersecurity.com/overwatch



POSTSCRIPT:


Introducing Next-level Secure Identity & Access Management With Passly   

In today’s remote work world, every company needs a secure identity and access management solution to guard their systems and data against ever-increasing cyberattacks. We’re ready to meet that need with a dynamic solution that is quick to deploy and seamlessly scales to companies of any size. Introducing Passly, our new, comprehensive solution for secure identity and access management. Ideally suited for a remote workforce, Passly enables businesses to give the right people access to the right things in a flash, simply and securely. Passly features Secure Password Management, Single Sign-On, Multi-Factor Authentication, and Dark Web exposure alerting baked right in, making it the ideal secure identity and access management solution to solve the challenges that Clients face right now – at a fraction of the price of other solutions. 


US Healthcare Data Breaches See Significant Increase 

In late 2019, we wrote about the connection between healthcare data and the Dark Web, noting a troubling trend that saw bad actors increasingly targeting patient data. Unfortunately, that trend has only accelerated with the onset of the COVID-19 pandemic that is pushing healthcare providers to their limits. A study of the US Department of Health and Human Services’ HIPAA breach reporting tool found 105 breaches impacting 2.5 million patients. However, before February 19th, only 38 incidents and 1.1 million records were affected. Cybercriminals have upped their game to take advantage of the chaotic situation on the ground, and healthcare organizations need to be prepared. Notably, the study found that hacking incidents are, by far, the leading cause of data breaches. Many included various forms of email account compromise. Moreover, the report predicts that, as more employees work from home, incidents of phishing attacks will increase because employees are more likely to fall for scams when they are isolated at home. Fortunately, a comprehensive employee awareness campaign can thwart these attacks, helping ensure that healthcare providers are focused on patient care rather than being inundated with cybersecurity threats.


Phishing Scams Have Spiked by 667% in One Month

The global COVID-19 response has required millions of workers to work from home. When coupled with a general sense of unease and uncertainty, the situation has created a perfect environment for cybercriminals to execute phishing scams. As a result, the number of phishing emails has increased by 667% in the past month.    According to an assessment of 468,000 phishing emails, 2% were directly related to COVID-19. Meanwhile, 54% were labeled as scams, 34% as brand impersonation attacks, and 11% as blackmail. In addition, many are luring clicks by claiming to sell cures, face masks, and other critical supplies.  For businesses, the implications are clear. Nobody can afford a data breach in this environment. Now is the right time to update and reemphasise phishing scam awareness training to ensure that employees can repel these damaging cyberattacks. 




Disclaimer*:

Avantia Corporate Services Pty Ltd T/A Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources including the ACSC in Australia, the USA, and up to 56 other countries who provide cyber breach and cyber security information to us in real time. Given their international focus and experience in the cyberspace arena we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the contents accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.

*COPYRIGHT 2020* Avantia Corporate Services - All Rights Reserved.

(135,015,240)

Subscribe below to receive our weekly Threat Updates straight to your inbox.

Call (07) 3010 9711 

info@avantiacorp.com.au

 

Avantia Corporate Services Pty Ltd,                    Level 7, 320 Adelaide Street

Brisbane, Queensland 4000

AUSTRALIA.

  • LinkedIn Social Icon
  • Facebook Social Icon

DISCLAIMER*: Avantia Corporate Services Pty Ltd and Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, and up to 56 other countries who provide cyber breach and cybersecurity information to us in real-time. Given their international focus and experience in the cyberspace arena, we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the content's accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.

*COPYRIGHT 2020* Avantia Corporate Services  PTY LTD - All Rights Reserved.

© 2020 by Avantia CORPORATE SERVICES . All Rights Reserved.