Phishing news this week includes updates on the latest modus operandi adopted by cyber adversaries to lure users into divulging their sensitive information. Being aware of the latest attack patterns is an essential aspect of ensuring protection against phishing, and therefore we bring you the newest phishing headlines from this past week.

Ransomware Hits UK’s Merseyrail

UK’s rail network Merseyrail recently underwent a ransomware attack in which the adversaries used the victim’s email system to notify all employees and journalists about the attack. The Lockbit ransomware gang is behind this attack on Merseyrail that took over its Director’s email account (

As part of its phishing protection program, Merseyrail has initiated an investigation and informed the UK Information Commissioner’s Office (ICO). They have refrained from commenting further into the incident till investigations continue. After attacking the rail network, the attackers used its Director Andy Heath’s email account to inform employees about the incident and the stolen data. The adversaries also attached samples of the stolen employee and customer data.


Wyoming’s Department Of Health Leaves Database Online

Wyoming’s Department of Health (WDH) accidentally published a database containing the personal health information of around 164,021 Wyoming residents‘ private and public repositories on servers. Consequently, unauthorized individuals could access the details of a quarter of Wyoming’s population between January 2020 and March 2021. The data breach was triggered by the inappropriate handling of data by a WDH employee. The compromised details include the COVID 19, Influenza, and breath-alcohol test results of citizens. These test results came with the names, DOBs, addresses, ID numbers, date of conducting the test, etc.

While WDH has begun its anti-phishing measures to this end and started notifying victims about the breach, it may not reach all patients as contact details aren’t available for all. Free identity theft protection shall be forwarded to all identified victims for a year. WDH apologizes to those affected by this security incident and assures that the files are now removed from GitHub.


Data Breach Hits First Horizon Corp. 

US-based financial services company First Horizon Corp. underwent a data breach recently where attackers exploited a software vulnerability to access login credentials to customer accounts. The attackers (believed to be an authorized third party) then stole funds from around 200 customer bank accounts amounting to less than $1 million.

As part of its phishing attack prevention measures, First Horizon notified the US Securities and Exchange Commission about the breach and patched the software vulnerability triggering the attack. Further, the bank has reset passwords for all customers and reimbursed the funds stolen from customer accounts.


Paleohacks Leaves AWS Bucket Unprotected, Doesn’t Respond To Security Alerts Either

Researchers at vpnMentor recently discovered a data breach at Paleohacks. Paleohacks is a health and lifestyle brand that suggests people to adopt a paleo diet using podcasts, customized courses, recipes, meal plans, etc. Over 70,000 Paleohacks customers were affected in this breach caused by the company’s oversight of security protocols.

The personal data of Paleohacks customers was stored on an unprotected Amazon Web Services (AWS) S3 bucket.  Due to the absence of any privacy protocols on the S3 bucket, almost anyone with basic hacking skills could easily access this database. Surprisingly, the company has been indifferent to the incident despite being informed about it. It hasn’t taken any corrective measures so far; vpnmentor had to reach out to AWS itself to get the database secured. All Paleohacks customers who signed up for their courses and newsletters were possibly affected by this security incident. The Personally Identifiable Information compromised includes the names, usernames, hashed passwords, email addresses, location, profile bios, DOBs, etc., of users. Since the company hasn’t exhibited any interest in correcting its security shortcomings, the same shall likely persist. Paleohacks customers should therefore adopt cybersecurity measures to protect themselves from potential phishing attacks.


Darkside Ransomware Hits Italian Bank Banca Di Credito Cooperativo

The DarkSide ransomware gang found itself a new victim in the Italian cooperative credit banks – Banca di Credito Cooperativo (BCC). The attack disrupted operations at 188 branches of Banca di Credito Cooperativo. However, the bank has notified customers that their services should be up and running by 3rd May, Monday. In the meantime, BCC encourages customers to use its home banking and ATM facilities to continue transactions.

The bank says that the attack isn’t as significant as one would think and that the real issue relates to its communication systems. The bank assures customers that the technical problems slowing down operations are being addressed and that phishing prevention measures are in place. There is no mention of the BCC attack on the Darkside leak site, which is probably because the negotiations are ongoing.


Revil Ransomware Attacks Brazilian Court System TJRS

The court system for Brazil’s state, Rio Grande do Sul – Tribunal de Justiça do Estado do Rio Grande do Sul (TJRS), was recently hit by the REvil ransomware. Employees describe the incident as horrific and the worst of all attacks while sharing the ransom note among themselves. The attack shut down the TJRS court network and encrypted employee’s files.

As part of its anti-phishing solutions, the TJRS took to Twitter to ask all employees to refrain from logging in to the TJ network’s systems or computers. As per sources, the REVil ransomware gang has demanded $5,000,000 in exchange for the decryption files.


Malware Hits Office Of The Public Defender In Southwestern Florida

Malware attackers have recently compromised the personally identifiable information (PII) of clients and staff of southwestern Florida’s Public Defender’s Office. The adversaries probably accessed a database with records of over 500,000 former and current clients and employees, although there is no evidence of the same. No criminal case details were exposed either.

The agency quickly adopted measures to prevent phishing attacks, immediately contacted law enforcement, blocked access to all technological resources, and investigated the breach. It is now hosting systems on the cloud to ensure continued operations till file recovery efforts are ongoing.


Shinyhunter Leaks 20 Million Bigbasket User Records

The Indian online grocery delivery store BigBasket underwent a data breach in November last year. The threat actor ShinyHunter has now put up a database containing 20 million BigBasket user records for free on the dark web. These records include the addresses, phone numbers, SHA1 hashed passwords, email addresses, and other details of users.

BigBasket has registered a case with the cybercrime police and has decided against sharing details about the incident till investigations continue. Despite phishing prevention tips always suggesting users create strong passwords for their online accounts, almost 700,000 users were found to be using the password ‘PASSWORD’.

All BigBasket customers should consider resetting their passwords to a strong combination of characters and do the same for other accounts which may have had the same password.