Phishing attacks are a recurring problem that individuals and organizations face worldwide. While there may be no end to these social engineering attacks, phishing attack prevention measures can be adopted, and these start with being abreast of the latest attack patterns. Here are the vital phishing news headlines from the bygone week:
Data Breach Hits Snap-on
The American automotive tools manufacturer Snap-on recently underwent a data breach that exposed its associate and franchisee data. The breach was an after-effect of a ransomware attack by Conti in March. Snap-on is a renowned designer and manufacturer of diagnostic services, tools, and software for the transportation industry and serves various brands like Blue-Point, Williams, Mitchell1, Blackhawk, and Norbar.
Soon after detecting the data breach in some areas of its IT environment, Snap-on shut down all its systems to contain the attack’s spread. An internal investigation and analysis by an external forensics firm revealed the nature of the attack. Snap-on was quick to adopt phishing prevention measures and notified law enforcement immediately. The investigation findings revealed that the adversaries stole employee data between 1st March and 3rd March 2022. The compromised employee data included their names, DOBs, social security numbers, and employee identification numbers. As part of its remedial measures, the firm is offering a year of complimentary identity theft protection to victims.
Reportedly, the Conti ransomware gang had leaked 1 GB of data belonging to Snap-on, but it was eventually removed, suggesting that perhaps Snap-on had paid a ransom to the gang. However, this information remains to be confirmed.
DDoS Attacks Target Finland’s Defense And Foreign Affairs’ Websites
Finland’s defense and foreign affairs ministries recently took to Twitter to announce the DDoS attacks that recently brought down their websites. Informing of the breach, the Department of Defense said that its website would remain down till the malicious traffic had passed and that its bulletins would still be available on http://valtioneuvosto.fi. The ministry of defense’s post was shortly followed by a tweet from the Ministry of Foreign Affairs informing citizens of the shutdown of its online services – http://Um.fi and Finlanabroad.fi sites.
Within hours of the incident, the Finnish government took to Twitter to notify that the affected websites were running again. The tweet mentioned that because website protection was already in place as part of their anti-phishing protection measures, the DDoS attack could not affect the central part of the sites. While the issue is patched and there isn’t much information on the adversaries, Russian attackers are suspected of being responsible for the breach.
Data Breach Hits SuperCare Health
The California-based respiratory care provider SuperCare Health recently underwent a data breach that affected over 300,000 individuals. Investigations into the breach revealed some unauthorized activity in specific SuperCare systems between 23rd and 27th July 2021. After over six months of the incident, the company discovered on 4th February 2023 that the compromised files included patients’ names, DOBs, addresses, medical record numbers, hospital or medical groups, patient account numbers, claim information, and health-related data. Their driver’s license numbers and social security numbers were also exposed for some individuals.
In its data security notice, SuperCare mentioned no evidence to suggest any misuse of the compromised details so far. It was only on 25th March that the company notified the affected individuals. As part of its anti-phishing measures, SuperCare informed the US Department of Health and Human Services about the breach and mentioned that a total of 318,379 people were affected.
Data Breach Follows Attack on East Tennessee Children’s Hospital
The East Tennessee Children’s Hospital underwent a cyberattack several weeks ago. It is now informing patients and parents of a possible compromise of their protected health information in the incident. The issue was previously reported where ETCH called the attack an ‘IT security issue’ that disrupted healthcare services for several weeks starting from 13th March. Cybersecurity experts at the hospital and those from external agencies worked closely to minimize disruptions and keep primary hospital services operational. While many affected systems were restored within two weeks, the restoration process continues.
In its breach notification, ETCH mentioned that while investigations continue, it is suspected that certain files stored within ETCH’s environment were accessed or copied between 11th March and 14th March. Consequently, patient information such as their names, DOBs, state IDs, Social Security numbers, non-resident IDs, driver’s licenses, medical data, other demographic details, health insurance information, financial details, etc., may have been compromised. The exact number of affected individuals remains to be found, but ETCH has improved its measures for protection against phishing since this attack.
Data Breach Hits Christie Business Holdings Company
A data breach recently hit the Christie Business Holdings Company (Christie Clinic) – an Illinois-based medical practice. Consequently, the personal information of over 500,000 individuals was compromised, and now the clinic is informing victims of the breach. Reportedly, the breach occurred last year when unauthorized third parties gained access to one of its business email accounts. The clinic suspects this breach to be inspired by the purpose of intercepting financial transactions.
The adversaries accessed the healthcare services provider’s email account between 14th July 14 and 19th August 2021. The initial investigation could not identify the extent to which email messages were accessed or viewed by third parties. However, no other systems, patient portals, or electronic medical records were compromised.
While the healthcare services provider is yet to determine the full scope of the attack, it is notifying all affected individuals of the breach. Christie Clinic notes that the compromised patient information may include their names, addresses, Social Security numbers, health, and medical insurance information, etc. As part of its measures for protection from phishing, the clinic has informed law enforcement and adopted additional network data security measures.
BlackCat Ransomware Hits Florida International University
The BlackCat (ALPHV) ransomware group attacked Florida International University. This comes as its second attack on an educational attack in recent times after North Carolina A&T University. The university sent out a breach notification saying that it experienced a ransomware attack that exfiltrated sensitive FIU data. So far, investigations into the breach have not indicated the compromise of any sensitive information. While the university has refrained from commenting much on the incident, external cybersecurity experts are evaluating the breach and claim that sensitive information belonging to staff and students was indeed compromised.
The ransomware attack makes FIU the eighth US university to have reported a ransomware attack in 2022. BlackCat has attacked over three US universities or colleges this year, and experts believe it could be a rebrand of the DarkSide and BlackMatter ransomware groups. Since such ransomware attacks on educational institutions are on the rise, it is recommended for institutions to adopt necessary measures to prevent phishing attacks from targeting them.
Cyberattack Hits Panasonic
A cyberattack recently disrupted the Canadian operations of the Japanese tech giant Panasonic. This attack comes just six months after the company recovered from another hack attempt. Panasonic mentioned that it endured this targeted cybersecurity attack in February, which affected its systems, networks, and processes. The company quickly adopted phishing attack prevention measures and hired external cybersecurity experts to investigate the breach.
The investigation attempted to identify the scope of the attack, restrict the malware’s spread, restore servers, rebuild applications, and inform affected customers and relevant authorities of the breach. Reportedly, the Conti ransomware-as-a-service (RaaS) group is responsible for this attack. The gang claims to have possession of more than 2.8 GB of data belonging to Panasonic Canada. Data belonging to Panasonic’s HR and accounting departments could be found on Conti’s leak page, suggesting that the stolen data has already been leaked.
Panasonic has refrained from sharing the specifics of the incident, such as the number of people affected, the nature of data stolen, etc. However, it clarified that only its Canadian operations were affected by the breach. The company is trying its best to restore services at the earliest and regrets the inconvenience caused to customers.