Phishing schemes continue to be highly effective as netizens continue to ignore basic cyber-hygiene practices. Today, it has become essential to stay abreast of the latest modus operandi adopted by malicious actors to lure users into disclosing their crucial information such as financial details, PII (Personally Identifiable Information), etc. The following top phishing headlines from the past week tell us that phishing protection is indeed a necessity for the cyber world.

Data Breach Hits The Kroger Co.

On 23rd January, the Cincinnati-based grocery and pharmacy chain – Kroger Co. was notified of its involvement in a data breach from the December Accellion attack. Kroger used Accellion’s services to share corpus data and email attachments but stopped the association soon after the breach discovery. It is now advising customers of its grocery retail stores and pharmacy to take anti-phishing protection measures to minimize data loss damage. The exposed information included the patients’ names, addresses, DOBs, Social Security Numbers, email addresses, insurance-related info, prescription details, medical history, etc. While Kroger claims that only 1% of its customer data was lost in the breach, some current and former employees’ details were also compromised. 

Impacts of the breach are also seen on beneficiaries of The Kroger Co. Retiree Health and Welfare Benefit Plan and The Kroger Co. Health and Welfare Benefit Plan. As investigations into the breach continue, Kroger is providing free credit monitoring to those affected by the breach.


Cyberattack Hits Lakehead University

A few days ago, the Canadian undergraduate research university Lakehead underwent a cyberattack that brought down its servers. The Thunder Bay and Orillia campuses had to shut down their computers to contain the attack’s spread. Although the school hasn’t disclosed the nature of the breach, it did mention that the adversaries targeted its file share servers.

The Technology Services Centre (TSC) of the University took immediate measures for protection from phishing and removed all access to servers. As investigations continue, all access to on-campus computers and servers is restricted. Stakeholders are advised to change their passwords, although the attack seems more like ransomware. The attack has disrupted many academic activities at the University, including virtual tours of the Thunder Bay and Orillia campus and webinars. As the University strives to restore operations at the earliest, students suffer academically due to their inability to access learning resources. The University has offered them temporary solutions.


Data Breach Hits Cashalo

The Filipino-based credit company Cashalo recently underwent a data breach that exposed customers’ sensitive personal details. The adversaries gained access to a database containing customers’ personally identifiable information. The compromised details include the names, email addresses, passwords, device IDs, and customers’ phone numbers. Fortunately, Cashalo had used encryption which ensured that no accounts were compromised because of the password leak.

Cashalo IT team proactively brought down the systems, began investigations, and reported the incident to the Philippines’ National Privacy Commission. They shall notify all affected customers about the incident soon and encourage them to take further phishing prevention measures. Additionally, customers are advised to change their passwords and look out for spam emails asking for passwords or other sensitive information.


Turkish Consultancy Firm Leaves AWS S3 Bucket Publicly Available

The Turkish actuarial consultancy – İnova Yönetim, had left an AWS S3 bucket unprotected online, which contained a 20 GB database with 55,000 documents. Anyone on the internet can access this database with just the URL. The documents exposed details related to 15,000 cases of people injured or killed in traffic accidents. The database was first discovered and reported by review site WizCase on 1st October 2020, twelve days after which the firm secured the server.

Victim information such as names, DOBs, marital status, national ID numbers, insurance details, accident details, etc., were compromised in the breach. In some cases, more intricate case details such as witness or complainant details, breathalyzer test results, and vehicle registration numbers were exposed. The revealed cases date from the beginning of 2018 to the summer of 2020. A range of cyberattacks can be launched using these details, such as phishing attacks, cloning SIM cards, insurance or bank fraud, extortion, etc. İnova Yönetim must consider adopting anti-phishing measures at the earliest to contain the breach and make sure no further damages happen to their clients.


Data Breach At Covenant Healthcare

Two Covenant healthcare employee email accounts were accessed by unauthorized third parties recently. Resultantly, the details belonging to around 45,000 patients were compromised. The hospital began its investigation soon after detecting the breach and is now working with cybersecurity experts to get to the attack’s roots. A more in-depth look at the incident revealed that the adversaries had access to the employee email accounts since 14th May.

These email accounts contained the patients’ names, DOBs, addresses, driver’s license numbers, Social Security numbers, clinical information, medical diagnosis, prescription number, doctors’ names, etc. Covenant regrets this unfortunate break-in and has informed all patients whose contact details were available. Although the hospital hasn’t found any evidence of data misuse so far, it pledges to take anti-phishing measures to prevent such an incident in the future.


Indian Govt. Leaks COVID Results Of 8 Million Citizens

The Health and Welfare Department of West Bengal has exposed the COVID-19 test reports of 8 million people because of its flawed online system implementation.

Cybersecurity researcher Sourajeet Majumder discovered that the Indian Government site is exposing the reports of everyone who took the COVID-19 test in West Bengal. These reports included the names, addresses, age, and date of sample testing of citizens. The URL leading to a COVID report contains a base64-encoded report’s ID number (SRF ID). This number can easily be converted to a numeric form that displays the results of other citizens’ COVID tests when used in the URL.

The authorities are taking necessary measures to prevent phishing attacks and have acknowledged the leak. The leaky URLs now return a 404 (not found) message.


Hackers Access Machines Of An Oxford University Lab

The Structural Biology research lab at Oxford University, often known as “Strubi,” was recently involved in a security incident. Third-party threat actors could access some lab systems at a time when the Strubi lab was engaged in COVID 19 related research.  Although the lab wasn’t associated with the Oxford Vaccine Group and Jenner Institute’s COVID-19 vaccine development, the nature of data compromised in the breach is unknown.

As Forbes investigates the breach, an Oxford spokesperson informs that no clinical research data has been affected. They further add that some machines handling biochemical samples were accessed but that only indicates the unlikeliness of the adversaries being linked to nation-state threat actors. Along with adopting the best phishing prevention practices, the University has informed the NCSC, which now investigates the breach.