Phishing prevention is a distant goal in a digital world where hundreds of attacks get launched every minute. However, being abreast of the latest attack trends helps us secure our systems a little better. This week’s cyber headlines are oriented towards that goal of phishing attack prevention.
Clop Ransomware Leaks Data Stolen From University Of Colorado & Miami
Clop ransomware which had previously attacked the Accellion FTA servers and compromised the data stored on them, is now leaking victim organizations’ data online. The most recent victims on the list to have their data exposed online are the University of Colorado and the University of Miami. While grades and social security numbers of Colorado university students have leaked, some of the patient data from Miami University’s health system have been posted online. The adversaries are now demanding $10 million in bitcoin from the universities in exchange for not publishing their stolen data.
The University of Colorado (CU) had posted about the breach and taken anti-phishing measures back in February. But the University of Miami had concealed the attack until recently when they notified that their file sharing service SecureSend (associated with Accellion FTA server) was temporarily unavailable. Study and research data, personally identifiable information of students and employees alike, and selected health and clinical data have been affected in Colorado University. Whereas demographic reports, medical records, email addresses, and phone numbers have been compromised in the University of Miami.
Ransomware Attack Hits Stratus Technologies
The renowned provider of high availability products – Stratus Technologies, underwent a ransomware attack recently. Consequently, it had to shut down some of its systems to stop the attack from spreading. Telecommunication providers, banks, healthcare, and emergency call centres are the typical clients of Stratus’ fault-tolerant server solutions. The Stratus post on the attack reveals that the cybersecurity incident took place on 17th March 2021. However, Stratus Technologies, Inc. quickly took anti-phishing protection measures and initiated its business continuity plan.
Among the servers brought offline were the Stratus ActiveService Network (ASN) and Stratus Service Portal offline. All Stratus ASN customers have been promised assistance in these challenging times to ensure minimal downtime on their systems.
FBS Leaves Misconfigured Server Unprotected Online Exposing 16B Records
WizCase researchers recently found an Elasticsearch server belonging to online forex trading broker FBS left unprotected and unencrypted online. The server contained 20 TB data, including 16 billion records of customers’ PII, FBS user ID, passwords, account history, etc. Misconfiguration of cloud databases isn’t new for organizations and has exposed the users’ sensitive user information before.
The compromised user information includes the full names, billing addresses, email IDs, social media IDs, IP addresses, phone numbers, passport numbers, driver’s licenses, credit card details, and FBS users’ bank account statements. Their FBS account details, loyalty data, login history, and password reset links were also affected. Since such data can be used to launch follow-on phishing attacks, conduct identity theft, and blackmailing, etc., users are advised to take measures to prevent phishing attacks and enable MFA for their other online accounts.
Solairus Aviation Discloses Security Incident
Avianis is the aviation’s business management platform provider for the private aviation services provider Solairus Aviation. Avianis underwent a cybersecurity incident last December, causing a data breach at Solairus’ tracking and flight scheduling system. Solairus had recently announced that some of their employee and customer data was exposed because of the Avianis attack.
The compromised information includes the names, DOBs, SSNs, passport numbers, driver’s license, and bank account numbers of its clients and employees. While Solairus regrets the incident and is taking all possible measures for protection against phishing, they have not been able to contact and inform all affected individuals (because of a change in their contact/address details). Solairus advises its clients and employees to be vigilant to keep themselves safe from any malicious threats.
Bad News Of Guns.Com Buyers And Sellers
Guns.com made it to the cybersecurity headlines in January this year when it underwent a cyberattack meant to disrupt its businesses. It had assured users that their data wasn’t affected by the breach. But in a recent post on the dark website Raid Forums, the adversaries give visitors free access to a vast guns.com data dump. While there is no indication to prove that both these incidents are linked, there are high chances of there being a connection.
All of Guns.com’s administrative and consumer data and its source code is available on Raid Forums for visitors to download. The incident’s devastating fact is that buyers’ home addresses have also been leaked along with their names, user IDs, phone numbers, email addresses, and hashed passwords. The sellers have to lose as well because some of their locations have also been published. Guns.com’s buyers and sellers must adopt the phishing prevention best practices and look out for scams and targeted cyberattacks.
Data breach at University of Northampton
The University of Northampton recently underwent a data breach which the BBC calls rather severe. The university announced the attack on Twitter and regretted the inconvenience caused to teachers and students. It is taking measures to ensure protection from phishing attacks and resolve the issue at the earliest.
The Information Commissioner’s Office (ICO), the Northamptonshire Police, and the National Cyber Security Centre have been informed, and they are all striving to get to the roots of this attack. The university offers temporary workaround solutions to its staff and students while it works on identifying the culprits.
Cyberattack Hits Dutch Company RDC, Data Now Selling Online
RDC, a Dutch company that provides garage and the Dutch maintenance and garage service provider, RDC recently underwent a data breach affecting millions of Dutch car owners. The adversaries have now posted their personal and vehicle details on the dark web for sale. The leaked details include the car owners’ names, email and home addresses, DOBs, phone numbers, car models, vehicle registration, and license plate numbers.
The Dutch television station NOS confirmed the data’s authenticity and further informed that this data trove sells for $35,000. The adversaries claim that they compromised an RDC database containing 7.3 million records and 2.3 million email addresses. Cybersecurity experts say that the threat from the cyber attackers is secondary because the real causes of worry are the car-jacking gangs who can easily use this data to trace expensive cars in the Netherlands. RDC has confirmed via a statement that the adversaries have compromised approximately 60% of its customer records. It further informed that RDC took phishing protection measures immediately after spotting the attack and hired the security firm Fox-IT to continue the investigations.
Hacker Selling 11M Apollo Users’ Records
The US-based digital marketing and sales engagement company Apollo recently underwent a cybersecurity incident. Consequently, the personal data of over 11 million of its French users was compromised. The worst part is that the adversaries are now selling this data on the dark web. The exposed details include the names, email addresses, location coordinates, phone numbers, office details, and social media IDs (including LinkedIn) of the France-based users.
The threat actor selling the data did not comment on how and when the data was accessed or whether the database of just Apollo’s French user base was affected. Any users suspecting that their details may have been affected by the breach are advised to adopt anti-phishing solutions.