Phishing incidents never stop making it to the news headlines, and this week is no exception. Phishing prevention isn’t a tangible goal, but it can be avoided to some extent with an awareness of the latest phishing schemes. The following are the top cyber news headlines from the past week
Cyberattack Hits University Of Central Lancashire
University of Central Lancashire, Preston becomes the third university in the UK to be hit by a cyberattack in just one week. The incident caused a short downtime with the university system, making it difficult for students to submit assignments. The other two universities with similar incidents are Queen’s University, Belfast, and the University of the Highlands and Islands, Scotland.
It is uncertain whether all three attacks are linked, but the National Cyber Security Centre investigates the Central Lancashire University breach. A university spokesperson said that the university was quick to contain and rectify the error and has taken necessary phishing attack prevention measures. The university informed the police and shut down many of its systems, ensuring no data was lost.
210,000 More Americans Lose Data To The Netgain Ransomware Attack
The St. Cloud, Minnesota-based cloud hosting and IT services provider Netgain Technologies LLC, had been in the highlights in November last year due to a ransomware attack on its network. Netgain had warned customers of system slowdowns and outages soon after. Netgain reached out to Woodcreek Provider Service (one of its clients) on 3rd December and informed them that some of the protected Personally Identifiable Information (PII) of their patients, applicants, contractors, and employees stored in Netgain servers might have been accessed by cyber adversaries. Resultantly, the number of Americans affected by the Netgain attack has increased by 210,000.
After receiving a confirmed list of items compromised on 18th January 2021, Woodcreek released a statement for its stakeholders on 9th March informing them of the same. The exposed information includes the names, addresses, DOBs, medical record numbers, social security numbers, health insurance policy numbers, insurance claims, clinical notes, explanation of benefits, laboratory reports, benefit and tax forms, and employee health information, among other details. As the notice goes out, Woodcreek is taking measures for protection against phishing and enhances its cybersecurity practices. Woodcreek says that Netgain has assured them of protection from such attacks in the future.
Florida Water Hack Leads To New Cybersecurity Legislation
The Florida water treatment facility was recently the unsuccessful target of a cyberattack which has triggered lawmakers to enforce stricter anti-phishing protection laws and schemes. The John Katko headed Department of Homeland Security (DHS) has provided the CISA with more autonomy after this security incident. CISA can now assist critical infrastructure groups while making it mandatory for its director to identify and tackle industrial control systems attacks. The CISA director will also be in charge of collecting and distributing details about system vulnerabilities among operators and owners.
The new CISA roles get announced when it is already handling two severe cyberattacks involving Chinese and Russian attackers. Katko believes that a more robust and centralized cybersecurity domain can be created with CISA at its center. Such legislation would strengthen CISA’s role in protecting critical national infrastructure (such as industrial control systems) from cyber adversaries.
Another Attack On Norwegian Parliament’s Computer Systems
The Norwegian parliament recently underwent a second cyberattack in six months, and as per claims, this attack was fiercer. The Norwegian parliament’s computer systems were hacked to extract sensitive data, just months ahead of a parliamentary election and a time when the parliament is dealing with a pandemic. The parliament says that the attack was triggered by a vulnerability in Microsoft’s Exchange software, and hence is a global problem.
Tone Wilhelmsen Troen, the parliament President, says that this incident represents an attack on the Norwegian democracy. Hence, the government is adopting the phishing prevention best practices and investigating the attack. Russian hackers are suspected of being responsible for the previous attack on Norway; however, Moscow denies all allegations. It is too soon to tell if both these attacks are connected.
Vulnerabilities Found In Some Schneider Electric Products
Widely used provider of revenue and power quality meters – PowerLogic was recently found with vulnerabilities in some of its PowerLogic ION and PM series smart meters. These vulnerabilities tagged as CVE-2021-22714 and CVE-2021-22713 have been rated as critical and high severity, respectively. If exploited, they let an attacker send specially crafted TCP packets to victim devices. The flaws allow adversaries to send crafted requests while the main state machine engages in the packet-parsing process. Detection can be easily avoided because the request gets fully parsed before authentication checks are held.
While CVE-2021-22714 is a DoS condition that allows attackers to cause meter reboot and arbitrary code execution, the CVE-2021-22713 has limited power and can only force the device to reboot. While some of the vulnerable PowerLogic ION device models had patches released in July 2020, others were patched in January and March this year; still, others are unlikely to get patches as they aren’t supported now. All Schneider Electric products with the PowerLogic ION and PM series smart meters should consider getting the patches to ensure protection from phishing attacks.
A Third Of Office Workers Reprimanded Globally For Inappropriate Data Handling
A Veritas Technologies poll among 12,500 white-collar workers in the US, Europe, APAC, and the Middle East has revealed that almost a third of office workers globally get their superiors’ reprimand for sharing sensitive official files on non-approved online channels. While most of the respondents said they share business-related and sensitive PI only on IM, Teams, or Zoom, others were admonished for sharing such sensitive files on unofficial chatting forums. This is because sharing files on such platforms isn’t secure (despite end-to-end encryption) and may lead to compliance issues.
The vast majority admitted to sharing business-critical data (71%) and sensitive personal information (75%) via IM or online collaboration apps like Teams and Zoom. About 23% of the UK workers, 39% in the US, 40% in S. Korea, and 80% of workers in China have been warned by their bosses for inappropriate data sharing. The data shared in such a manner include client details, corporate passwords, banking, salary information, business plans, card details, and even COVID-19 and other medical details.
It’s disheartening to know that almost 79% of the respondents say they would continue sharing confidential information in such a careless manner despite the warnings. This echoes out to the bosses to change their approach to this security issue which can lead to possible cyberattacks. Small steps like this play a pivotal role in the battle to prevent phishing attacks.
Cyberattack Hits Molson Coors
A recent cybersecurity incident at the Chicago-based company Molson Coors has disrupted its beer-making operations. Shipments and productions remain interrupted because of the attack which brought down its systems.
However, the company is taking proactive anti-phishing measures to restore its systems at the earliest. An expert forensic IT firm’s investigation is ongoing, and the results would be shared as soon as something concrete is found.