Yet another week has gone by with cyberattacks causing the world much trouble. Following are some of the most recent security news updates
Email.it Customer Data Selling Online
The Email.it datacenter underwent a cyberattack two years back the repercussions of which have surfaced recently. The hackers had demanded a ransom, which the company refused to pay. They took a more reasonable way and adopted phishing prevention measures. Email.it also informed the Italian Postal Police (CNAIPIC) about the breach. But now, the hackers are selling data belonging to over 600,000 Email.it users on the dark web.
The adversaries posted on Twitter about selling the company’s data online under the name of NN (No Name) Hacking Group. This stolen data from Email. it is now selling for prices ranging from 0.5 and 3 bitcoin ($3,500 and $22,000).
Beware of Statue of Unity related frauds
As the world struggles with the deadly Coronavirus, hackers in India are creating fake pages under the name of “PM CARES Fund” or deploying other strategies like discounts on Netflix and Jio recharge for people during the lockdown to extract money from thousands of Indians.
Yet another innovation in this list is the fake ad, branding the phony sale of the world’s tallest statue, the Statue of Unity at Gujarat, to help the government of Gujarat fund its pandemic expenses. To ensure protection from phishing, the Indian police have lodged a case against the unidentified phisher.
Lawsuit Against Video Calling App Zoom
One of the investors of the app, Michael Drieu, recently filed a lawsuit against Zoom for misguiding users into believing that their privacy is looked after while secretly disclosing user’s personal information to third parties, including Facebook Inc.
Many organizations, including SpaceX, Tesla Inc., and New York City’s Department of Education and even nations like Taiwan, have banned the use of Zoom for official purposes. Zoom’s CEO Eric Yuan feels sorry for the embarrassment and breach of privacy that users and officials are facing because of Zoombombing and the leak of confidential virtual meetings online. Although Zoom is taking anti-phishing protection measures and adding end-to-end encryption, it still has a long way to go before establishing robust cybersecurity measures and regaining the trust of users.
Finastra Sets Security Goals
The London-based banking software maker Finastra underwent a breach in mid-March, which stole employee passwords and installed backdoors in several Finastra servers. Finastra Group Holdings Ltd. is significant to the global financial system, with 90 of the world’s 100 largest banks relying on its services. Initially, they hadn’t spotted the attack. Still, when suspicious activity on one of Finastra’s cloud servers triggered the company’s security team, they immediately got to work to ensure protection against phishing.
The hackers then used the ransomware Ryuk to lock up Finastra’s servers. Still, in a historic decision, the company brought down all infected servers, with the numbers going up to thousands. Although this decision temporarily disturbed their customers, Finastra saved itself from paying a vast ransom by using backup data to reestablish its systems.
Data Breach At Maropost
The email delivery and marketing firm Maropost recently left a database unprotected online, which has exposed the records of around about 95 million customers. The compromised details include 19.2 million unique email addresses and marketing logs with relevant metadata, including the exact date and time the emails were sent.
This data was stored on a Google Cloud server and was locked down on April 1. Although Maropost wasn’t aware of the same till then, it has been notified that no PII was present in the database. However, if email phishing prevention is not adopted, then the affected people might become victims of some phishing and BEC scams in the future.
Travelex Paid $2.3 M To Decrypt Data
In a ransomware attack that took place on New Year’s Eve, the hackers had copied files from Travelex’s network before encrypting them. They had demanded a ransom of $3 million to decrypt the data. Back then, Travelex refrained from making any comment, but when its systems were running again, Travelex announced to have paid $2.3 million as a ransom payment to revive their systems.
Although this has enabled them to work again, protection from phishing attacks is still not guaranteed, particularly for those whose data was compromised in the attack.
Zoom Classes Banned In Singapore
In trying to cope with the pandemic, schools have moved to the online space to complete lessons. However, Singapore’s Education Ministry banned the use of Zoom for online classes after a hacking incident in which hackers displayed vulgar messages while a Geography class was ongoing for 13-year-old students. The message posted pictures of genitalia and asked vulgar questions from girls. This incident infuriated all parents and teachers who are now working on other means of teaching students.
Many such incidents involving breach of privacy have happened on Zoom in recent times. While the app, too, is working on strengthening its security system, users are advised to take all necessary measures to prevent phishing attacks.
Cisco Used To Fool Victims
In yet another phishing scheme, hackers are using Cisco’s name to con people into giving away their Webex credentials. The adversaries are urging victims to update their accounts so that they can steal credentials for Cisco’s Webex web conferencing platform. This shall enable these hackers to barge into web conference calls where people share sensitive files and data.
Security researchers speculate that many more such attacks are likely to happen in the coming months and have requested people to watch out and rely on anti-phishing services.
Privacy Of Iranians At Stake
COVID 19 is not the only thing that Iranians need to worry about as a hacker has put up the personal details of 45,000 Iranians on sale recently. These details include the copies of their Iranian national ID cards, birth certificates, passports and debit cards, etc. the adversaries are selling 8.17 GB worth of data with 45,221 files. In these stolen files, the victims can be seen looking at the camera while holding their ID cards.
Research revealed that the online advertising and utility platform Niazpardaz[.]ir underwent a breach recently and that they offer taking selfies with ID cards as one of their features to store documents on the website. The victims are advised to take phishing protection measures and to look out for any suspicious activities.
FBI Forewarns Of BEC Attacks
The Federal Bureau of Investigation (FBI) has forewarned companies relying on cloud-based email services to take phishing email prevention measures to safeguard themselves from business email compromise (BEC) scams. BEC attacks have cost more than $2bn between January 2014 and October 2019 to US companies.
The attackers develop phish kits impersonating the concerned cloud-based email services to compromise business email accounts and request transfers of funds. FBI advises users of cloud-based email services to enable the inbuilt security features to protect themselves from threat factors, along with taking precautionary anti-phishing measures.