Online phishing attacks are never going to stop, and their success rate will only increase if netizens continue to avoid basic cyber hygiene. Hence it is essential to be abreast of the global phishing patterns so that suitable phishing attack prevention measures can be adopted before a malicious actor could wreak havoc on your digital assets. Here are the top phishing headlines from the bygone week:

Three Android VPNs Leak 21M User Records

Three popular Android VPN services, namely, SuperVPN, GeckoVPN, and ChatVPN, were recently involved in a security incident leading to a leak of 21 million user records. The compromised details include users’ full names, usernames, email addresses, nationality, random password strings, payment details, etc. The seller also provides a country-wise categorization of data and suggests that the random password strings can lead to the victims’ Google Play Store accounts.

A closer look at the data put up for sale indicates that the exposed data can be used to extract user device information such as Phone types and manufacturers, Device serial numbers, Device IDs, and Device IMSI numbers. The adversaries claim that they exfiltrated the data from publicly available unprotected databases maintained by the three VPN providers. If such negligence has happened at the end of SuperVPN, GeckoVPN, and ChatVPN, then it’s a serious issue they need to think about. VPNs are the last services that are expected to disclose user identity. VPN service providers must adopt necessary anti-phishing protection measures to prevent such attacks in the future.


DDoSecrets Leaks 70GB Data Belonging To

Social network platform recently underwent a security incident, and the hacktivist group DDoSecrets has taken responsibility for it. However, the right-wing social network platform shared a post on its blog on 26th February denying the possibility of a data breach. Strangely, the company went offline a week ago and said that it was a Bitcoin wallet spam which caused temporary inactivity of a few accounts.

Andrew Torba (CEO of Gab) vigorously defends the company and says that there hasn’t been a breach. He also adds that they do not collect much personal information, suggesting that anti-phishing solutions aren’t necessary. He calls on the reporters and blames them for spreading rumors to tarnish the reputation of Gab. However, he does accept that their site was vulnerable to an SQL injection attack which was patched last week. DDoSecrets, on the other hand, takes ownership of the attack much denied by Gab. It has leaked a 70GB database containing the public and private posts, hashed passwords, user profiles, and DMs of Gab under the name of GabLeaks.


Ransomware Hits Food Products Wholesaler JFC International

Famous Asian food wholesaler JFC International recently underwent a ransomware attack that affected some of JFC International’s IT systems in the Europe Group. The wholesaler is now employing phishing protection strategies and investigating the breach along with in-house and external cybersecurity experts. They hope that services in Europe will be up again soon. The company is cooperating with relevant authorities and has secured the affected servers.

Although the ransomware strain or hacker group behind the attack hasn’t been identified yet, JFC International is doing its part and has informed all business partners and employees about the breach.


Data Breach At Malaysia Airlines

Malaysia Airlines recently underwent a significant data breach that has compromised Enrich’s personal information (its frequent flyer program members). These details belong to members who registered between 2010 to June 2019. However, the airline itself isn’t responsible for the breach – the attack originated from one of its third-party IT service providers.

The airline is now taking measures for protection against phishing and has notified all Enrich members about the breach. The leaked details include names, DOBs, contact details, frequent flyer data number, status, tier level, etc., of members. Malaysia Airlines has ensured that no travel-related data or internal infrastructure information has been affected in the breach.

Although members are encouraged to change their passwords and adopt anti-phishing solutions, there is no evidence of any misuse of personal data so far. No formal public statement has been released, but the airlines did confirm the breach on Twitter.


CallX Leaves Misconfigured Bucket Unprotected Online

Noam Rotem-led cybersecurity team recently discovered a misconfigured AWS S3 bucket online, which exposed thousands of CallX customers’ details. CallX is a US telemarketing company popular among clients for its analytics services, with Liberty Mutual Insurance, Lendingtree, and Vivint as its customers.

Around 114,000 files were left publicly available, including recordings of phone conversations between CallX clients and customers and 2,000 text chats. The personally identifiable information (PII) compromised in the incident includes the full names, phone numbers, home addresses, etc., of victims. These many details are sufficient to launch phishing or vishing attacks. CallX clients must adopt the phishing prevention best practices because the misconfigured bucket remains open and unprotected.


Ursnif Has Attacked Over 100 Italian Banks

Cybersecurity firm Avast has found the Ursnif Trojan responsible for attacks on over a hundred Italian banks. Avast argues that Ursnif has always had an interest in Italian targets and the vast expanse of credentials and financial gains they make out of these institutions.

More than 1,700 stolen credentials were found with an unnamed payment processor, and that’s just one instance. The recovered details include the usernames, passwords, banking, and payment information that appears to be of customers.

Ever since its inception in 2007, Ursnif has used phishing emails to steal data. Avast has asked the victim banks to stay cautious and take necessary measures for protection from future phishing attacks.


Ransomware Hits Rehoboth Hospital

Ransomware attacks on hospitals aren’t new, but the recent attack on the rural, not-for-profit Rehoboth hospital has caused much damage to the Navajo Nation members. The adversaries stole sensitive employee files and job applications before deploying the ransomware and have now leaked the files.

However, the hospital remained silent about the breach and refrained from notifying doctors or other associates about the security incident. It’s quite usual for adversaries to steal data and extort victims in a ransomware attack. It’s unclear whether the hospital paid the ransom and reconciled with the attackers, but the threat actors have removed the Rehoboth files from their website. Patients, doctors, and hospital employees are advised to follow phishing prevention tips to stay safe from threat actors.


Data Breach Hits Cybercriminal Forum Maza

The cybercriminal forum for Russian-speaking threat actors – Maza recently underwent a data breach that exposed users’ personal information. The compromised details include the usernames, user IDs, messenger app links (Skype, Aim, and MSN), email addresses, and passwords (both hashed and obfuscated).

After hacking Maza, the attackers posted a warning message on the forum saying that their data has been hacked. The attack exposed details from nearly 2,000 accounts. When asked about their strategies to prevent phishing attacks, some users said they would shift to another forum, while others said that the data was old and incomplete.