The holiday season has begun, and most organizations are operating with less than half their employees. The time is perfect for cyber adversaries to launch cyberattacks and target organizations or individuals through various phishing scams. Read on to learn about the latest security incidents and ponder about the efficacy of your phishing prevention measures


Emotet Returns In Time For Christmas

The banking trojan Emotet is back in time for Christmas. Although, this time around, the lures involve Christmas and COVID-19 vaccine-themed lures. The phishing emails started surfacing in mid-December, and over 100k messages in English, Italian, Spanish, German, and other languages have been traced so far. The threat actors use thread hijacking with PW-protected zips and malicious Word files and URLs to infect users’ devices.

The trojan tricks victims into disabling a Microsoft 365 feature that blocks malicious documents to launch the attacks. Emotet is known for its ability to weave relevant matters into its malicious loop. As such, being extra cautious this festive season and taking phishing attack prevention measures is recommended.


Jerusalem Municipality Website Hit By Data Breach

A programmer named Hezkiyahu Raful was helping his uncle file an appeal for a parking ticket on the Jerusalem Municipality’s website when he discovered a significant security flaw. Merely changing the numbers in the numerical ID present towards the end of the website URL allowed him to access other citizens’ parking ticket files. Furthermore, by changing numbers from the middle of the URL, Raful could access tickets, building files, tax files, and other documents published by the municipality.

The breach virtually allowed anyone to access documents on the Jerusalem Municipality’s website since the links were public. Raful is concerned about the implications of such breaches when people are motivated by the wrong reasons. He says that sensitive information belonging to thousands of people can be misused by ill-motivated internet users as effortlessly as playing with digits. He informed the National Cyber Directorate about the breach, and the NCD was quick to adopt necessary anti-phishing solutions to fix the flaw within an hour.


Conti Ransomware Targets Freepbx Phone System Sangoma

The Conti ransomware, which first appeared in December 2019, is known for targeting corporate networks. Its latest target is the open-source FreePBX PBX phone system Sangoma. The ransomware gang brought down the systems of Sangoma and published 26 GB of their data on its ransomware data leak site. The compromised details include Sangoma’s financials, accounting details, employee benefits and salary, acquisitions, and legal documents.

Sangoma has acknowledged the breach in a recent post and is taking necessary anti-phishing measures. However, the company has assured customers that their details are safe and that the breach hasn’t infected Sangoma products with malware. Customers are advised to change their Sangoma passwords as an additional measure to protect themselves from phishing.


Facebook Bug Exposing Instagram Users’ Details

Nepal-based IT security researcher Saugat Pokharel recently discovered a Facebook bug. This bug was exposing the email addresses and birthdays of the users of Facebook-owned Instagram. Pokharel was a participant in the Facebook bug bounty program when he discovered this bug, making it easy for adversaries to get private information from Instagram users. And this despite the app’s privacy that assures users of protecting their data. The bug also existed in Facebook’s Business Suite tool that offered users access to a new feature that would link a Facebook account to Instagram.  

Facebook reported that the bug wasn’t active for very long. All business account holders who took the October experiment test with Facebook are possible victims of the attack, which is likely to reveal the PII of the people they conversed with using the social media app. However, Facebook quickly took measures to prevent phishing attacks and rewarded Pokharel for reporting the bug.


Medical Records Of 3300 Tenncare Members Compromised

A joint statement was recently released by TennCare, Gainwell Technologies LLC, and Axis Direct, Inc., notifying people of a security breach that has affected around 3,300 Medicaid members. These Medicaid members from Tennessee have already been informed about the breach via personal emails.

Investigations by Gainwell (which runs the Medicaid Management Information System) revealed that around 3300 emails were sent to the wrong addresses between late 2019 and early 2020. These mailings were sent by Axis Direct and contained the PHI of TennCare members.

TennCare is working in collaboration with Gainwell to identify the error and minimize the damage. They have reassured that privacy is a significant concern to them, and they are taking necessary measures for protection against phishing. The state is also offering free credit monitoring services to all 3,300 affected members.


Data Breach Hits NOW: Pensions

UK based Workplace pension provider NOW: Pensions recently notified its customers of a data breach that occurred when a service provider accidentally posted their data in a public software forum. The compromised details include users’ names, DOBs, email addresses, and National Insurance numbers. Only two percent of the total customer base was affected, and NOW: Pensions is offering free credit and dark web monitoring services to the victims for a year. Although the data was online for just three days, NOW: Pensions is taking necessary measures to ensure anti-phishing protection.

Furthermore, the company is training its staff to handle such cyberattacks. NOW: Pensions has sought the guidance of the Information Commissioner’s Office (ICO) and The Pensions Regulator and reported that no customer data had been misused so far.


Ransomware Attack Hits Roanoke College

Located in Salem, Virginia, Roanoke College was supposed to begin its spring semester on 19th January 2021, but a cyberattack on the college’s systems on 12th December 2020 delayed the process. The college will now re-open on 8th February 2021, giving them more time to restore systems and investigate the breach. The College website remains operational, although some functions are malfunctioning.

As a phishing protection measure, the college has asked students and the staff not to access email accounts, Office 365 applications, or use computers on the campus network.  Although the college hasn’t revealed much, it is believed to be a ransomware attack. It is a long time before authorities can say for sure when the services will be fully restored.


Ransomware Hits Jefferson County’s PVA Office

A ransomware attack recently hit the Jefferson County Property Valuation Administrator’s (PVA) office. Now the company’s data is encrypted until they pay the demanded ransom. Colleen Younger – the Property Valuation Administrator, said in an interview that the attack brought down their systems, but they are working towards restoring the encrypted data.

She made it quite clear that they don’t plan to pay any ransom to the adversaries as they believe that this isn’t a security breach. The PVA has hired a cybersecurity agency and also informed the FBI. With the right anti-phishing tools and strategies, the PVA’s systems are likely to be restored by the end of the week.