Cyberattacks keep targeting organizations globally, and there is no escape from the notorious threat actors. However, one can secure their networks to a great extent merely by using phishing prevention measures. Here is a glimpse of the significant cyberattacks this week to help you plan with security moves better:
Ransomware Hits Law Enforcement Health Benefits
Last year, a ransomware attack targeted the Philadelphia-based health and welfare fund – Law Enforcement Health Benefits (LEHB). The LEHB provides services to police officers, county detectives, and sheriffs, and the recent attack reportedly affected 85,000 members. The adversaries claimed to have begun the encryption process on 14th September 2021. An investigation conducted after that revealed that specific files containing members’ personal details were probably removed from the network by the attackers.
LEHB reported the breach to the U.S. Department of Health and Human Services (HSS), informing that 85,000 members may have been affected by the incident. The compromised information includes their names, social security numbers, drivers’ license numbers, DOBs, health insurance details, financial account numbers, and medical information. However, LEHB mentioned that not all members had their data compromised, and not all the above information was compromised for the victims. So far, there is no reason for LEHB to believe that the compromised data was used for identity or other frauds. It asks members to place fraud alerts on credit cards and request a free credit report.
As part of its attempts to prevent phishing attacks, the LEHB has adopted additional security measures and is working on enhancing its internal policies.
Cyber Attack Hits France’ s Caisse Nationale d’assurance Maladie
France-based health insurance company – Caisse Nationale d’assurance Maladie (Cnam) underwent a cyberattack recently, which compromised the details of over 510,000 individuals. The adversaries accessed the email accounts of 19 employees of the healthcare center and then compromised the stored user information.
The compromised information includes members’ names, social security numbers, G.P. details, DOBs, and reimbursement levels. Fortunately, no contact, health, and financial information were affected. Cnam began informing victims of the breach on 24th March. While the investigation continues, the firm advises members to exercise caution and report suspicious activities as soon as they spot them. The compromise of social security numbers is a matter of concern since adversaries can easily forge one’s identity. Members are asked to adopt phishing attack prevention measures, create new passwords and change passwords for all accounts where they may have recycled the same password.
Data Breach Hits Shutterfly
After undergoing an attack by the Conti ransomware gang, the online retail and photography manufacturing platform Shutterfly recently disclosed a data breach.
The firm offers photography-related services to enterprises, consumers, and education through brands like Shutterfly.com, GrooveBook, BorrowLenses, Lifetouch, and Snapfish. The breach happened on 3rd December 2021 when ransomware operators gained access to Shutterfly’s corporate network and stole data from its system. The company’s data breach notification mentions that Conti actors deployed the ransomware on 13th December 2021, when Shutterfly first discovered the malware in its network. Like they usually do, the adversaries encrypted some systems belonging to Shutterfly. These systems stored users’ personal data such as their names, FMLA leave, salary and compensation information, or workers’ compensation claims.
As part of its anti-phishing protection measures, Shutterfly is offering 24 months of free credit monitoring to victims. It is working closely with external cybersecurity experts to get to the roots of the attack and has kept its employees on guard to look out for suspicious activity in their accounts.
Ukraine Releases Russian Intelligence Officers’ Data
Amidst the ongoing Ukraine-Russia war, the former’s Directorate of Intelligence has leaked the personal details of 620 Russian intelligence officers. The compromised details include their names, phone numbers, and addresses. Ukraine claims that these affected officers belong to Russia’s Federal Security Service (FSB), which usually deals with the so-called criminal activities in Europe.
The affected Russian FSB officers live in the agency’s Moscow headquarters – Lubyanka. Further, the compromised information also includes the agents’ vehicle license plates, SIM cards, passport numbers, signatures, and dates of their birth. As per reports, the Skype handle of one of the alleged agents is called “jamesbond007“.
The list of compromised agent details was posted on the Directorate of Intelligence’s official website along with a note in Russian that alleged FSB Russia employees were indulging in criminal activities. Russia has not commented on the issue so far, but such attacks on its agents are likely to continue.
Data Breach Hits Japanese Confectionery Manufacturer Morinaga
A data breach recently hit the online store of the Japanese confectionery manufacturer Morinaga which may have leaked the personal information of over 1.6 million customers. The compromised details include users’ names, DOBs, addresses, contact numbers, purchase histories, and email addresses. The email addresses were compromised for less than 4,000 Morinaga customers. The firm has every reason to doubt the intentions of the attack on accessing other servers managed by Morinaga.
The firm apologized to its customers, stakeholders, and business partners for the unfortunate incident and assured them that no credit card information was leaked. So far, there is no evidence proving the misuse of the stolen user information, but Morinaga is adopting every anti-phishing solution it can to ensure minimal loss.
All customers who bought products from Morinaga between 1st May 2018 and 13th March 2022 may have their data compromised. The invasion was first detected when Morinaga staff assessing the reason for error messages on its server first observed the unauthorized access.
Soon after detecting the attack, Morinaga shut down external access to its network and immediately hired third-party security experts to investigate the breach. Its investigation revealed that the initial threat vector exploited vulnerabilities on some unnamed network devices. Despite details being compromised, Morinaga doesn’t expect this breach to affect its business performance significantly. But in an abundance of caution and adherence to phishing protection measures, Morinaga has reported the breach to Japan’s Personal Information Protection Commission and law enforcement.
Major Data Breach At The New York City Public School
A significant data breach recently hit the New York City public school and affected the details of around 820,000 current and former students. This might be the largest data breach in the history of the U.S. to have affected this many students.
The breach reportedly occurred in January when the adversaries hacked the school’s attendance and online grading system. The state’s education officers blame the Californian company managing its systems – Illuminate Education, for violating security protocols that ultimately facilitated the attack.
So far, the company has not mentioned anything about the stolen data being misused. But as part of its measures to ensure protection from phishing attacks, the Department of Education has asked the FBI, the NYPD, and the state attorney general’s office to investigate the breach.
Suncrypt Ransomware Hits OKCIC
Central Oklahoma American Indian Health Council, Inc. dba Oklahoma City Indian Clinic (OKCIC) is a nonprofit corporation striving to improve healthcare and wellness services for American Indians living in central Oklahoma. It is a contractor of the (federal) Indian Health Service. Suncrypt, on the other hand, is a notorious ransomware strain that first emerged in 2019. After a year of inactivity, the threat actor is out of the dark again. The last time around, it had announced it would no longer target medical services, but it seems like OKCIC is an exception.
The Oklahoma City Indian Clinic had some of its computer systems locked and began an internal investigation soon after detecting this abnormality. Suncrypt has added OKCIC to its data leak site and claims to have access to over 350GB of OKCIC data, including financial documents and electronic health records databases. The threat actor announced that it would publish all the stolen data for free if OKCIC didn’t initiate a negotiation soon. It also attached two small files archives with the post as proof of stolen data.