The cyber-world is the epitome of vibrancy and change. Some new technological advancement or out of the box hacking scheme always makes it to the headlines. Just when we think that innovations are at the pinnacle of uniqueness, there appears another critically thought and unique technological development. Keeping abreast of these many updates isn’t humanly possible, and yet it is essential. Awareness of the technological boons and the progress of the cyberbullies are extremely important, not just for your general knowledge but also to utilize the knowledge in case you happen to be a victim of a cyber attack someday. To help a cyber geek update his knowledge on the most recent news bulletins from cybersecurity by absorbing the underlying phishing prevention tips, here are the top security news headlines from this past week:

 

Are Indians Safe In Having Aadhaar?

Initiated as a means of uniquely identifying every Indian citizen, the Aadhaar card issued by the Unique Identification Authority of India (UIDAI) wasn’t made mandatory in India until recently. The apex court has also assured the people that their Aadhaar card information was completely secure and couldn’t be shared by even government authorities.

However, a recent incident brought to light by the Mumbai Mirror revealed that Aadhaar details might not be very safe for Indians. Ameya Dhapre – a 34-year-old computer engineer from Girgaon, says that his life has become hell because of Aadhaar. Three years after enrolling for Aadhaar, the officials from the Mundhwa police station in Pune come to Ameya’s house in 2015, accusing him of harassing a woman over the phone. It’s only after going to the police station to record his statement that he came to know that the harasser had used his Aadhaar card to get KYC done.

He thought that perhaps the issue was a one time thing and hence didn’t file any complaint, but when he went to a bank in 2017 to open a joint account, the bank told him that his Aadhaar was already linked to another account. Ameya brought the issue to the bank’s notice and randomly googled his name online to find that his Aadhaar card was posted on several websites.

He then contacted the Unique Identification Authority of India (UIDAI) and filed a complaint. The UIDAI informed that they could not change his Aadhaar number and advised him to cancel his card. However, he didn’t want to cancel his number as it was linked to his various accounts.

Ameya then went to the Mumbai police’s cybercrime division and filed a complaint. He has seen much trouble because of this phishing protection failure of the Indian government. He says that he receives at least two or three authentication-failure emails a day, in addition to several anonymous calls and messages, which indicate that people are trying to use his Aadhaar somewhere.

 

Ransomware Attack Hits San Antonio Mental Health Care Services

A major cyberattack hit the Center for Health Care Services in San Antonio last week, which forced them to shut down their computer networks. Center for Health Care Services is Bexar County’s largest provider of mental health and substance abuse services. This attack has pushed the case under the investigation of federal law enforcement agencies.

CEO of the Center for Health Care Services (CHCS) – Jelynne LeBlanc Burley confirmed the attack but said that she is unaware of whether the attackers demanded any ransom from the center. The attack is a part of a more massive attack, she added, and therefore the FBI and the Secret Service are investigating it.

She also informed that the federal officials had contacted the center last week about the attack, and also that the center’s techs isolated the threat to a single computer server. As an anti-phishing protection measure, Burley decided to shut down the entire computer system of the center. The administrators assume that the system will be back up by Thursday.

Burley said that they are in the process of reestablishing their system, beginning from the larger clinics. They are progressing gradually and cautiously to ensure that their security remains intact.

The Center for Health Care Services (CHCS) functions at many locations in San Antonio, providing various services such as crisis outreach team, a walk-in mental health clinic with substance abuse recovery facilities, along with special programs at the homeless services campus, Haven for Hope. Thus the ransomware attack comes as a fatal blow on their services, and luckily, they could endure it.

 

Ransomware Hits Systems Of Maastricht University

In yet another ransomware attack, the attackers have encrypted the Windows systems of Maastricht University (UM). On 23rd December, the University reported that almost all of its Windows systems had been infected by ransomware. For a University of such repute as the Maastricht with over 18,000 students, 70,000 alumni, and 4,400 employees, such a cyber attack comes out a serious one. The attack has also disrupted email communication, making things all the more difficult. The University is continuously trying to make things better and has also taken extra phishing attack prevention measures to protect (scientific) data. However, they are still investigating if the cyber attackers have had access to this data already.

Maastricht University is working to reinstate its operations and has also reported the incident to law enforcement. But they haven’t yet disclosed the details of the attack. What ransomware is behind the attack too remains undiscovered. The University will incur significant losses if the attackers have exfiltrated data from the systems before encrypting them – as is a trend in recent ransomware attacks.

Since the attack has affected a more substantial part of their domain, the university is unable to pinpoint which particular sector has been attacked, and which is safe. Additional research needs to be conducted for that. For any queries in the interim, students and employees are advised to contact the ICT Service desk via mail (info@m-u.nl) or call 043 38 85 101 during office hours.

 

Amazon And Ring Sued For Poor Camera Security

Ring and its parent company Amazon got sued for security issues in their cameras. It is not the first time that Ring has left people and children petrified of the various hacking experiences that it makes them go through because of its poor camera security.

The charges against the two companies include negligence, invasion of privacy, breach of implied contract, breach of implied warranty, and unjust enrichment. The lawsuit was filed in the U.S. District Court for the Central District of California against the two companies clearly mentions that they are both aware of the inadequacy of their system’s security.

The lawsuit further reads that Ring fails to fulfill its promise of providing privacy and security for its customers as hackers keep on terrorizing people time and again – invading into their privacy and undermining their sense of safety and security.

A user of Ring – Plaintiff John Baker Orange filed the lawsuit with complaints of his camera being hacked while his children were playing basketball. The hacker continually commented on the children’s game and even asked them to move closer to the camera!

But Amazon and Ring have something else to say. They are blaming owners of the cameras for not creating strong passwords while they haven’t taken their share of phishing prevention measures. The companies overlooked the importance of providing two-factor authentication and other security protocols to users.

The lawsuit also mentions other instances of hacking through Ring cameras in one of which, the hacker tried communicating with an 8-year-old girl in her bedroom, claiming that he was Santa Claus.

 

Data Breach At Cabinet Office In UK

The Cabinet Office accidentally uploaded the home and work addresses of over 1,000 recipients of New Years’ Honours. Among those who underwent a privacy breach are Elton John, Ben Stokes, Iain Duncan Smith, TV chef Nadiya Hussain along with counter-terrorism officials, senior police and Ministry of Defence (MoD) staff. This data was unintentionally uploaded to a government website on 27th December and also disclosed the details of Labor MP Diana Johnson, Alison Saunders, the former director of public prosecutions, broadcaster Gabby Logan and TV chef Ainsley Harriott. The director of a privacy campaign group calls this breach a ‘farcical and inexcusable mistake’.

A spokesperson from the cabinet office said that the issue was reported to the office of the Information Commissioners. He further added that the blunder revolved around the accidental upload of a version of the New Year Honors 2020 list online. This list contained recipients’ addresses. Although the list was brought down immediately, there is little that can be done now if attackers already have access to it.

The cabinet office apologized for this blunder and has taken measures to prevent phishing attacks. Those who have been directly affected have been informed, and the matter has been reported to the ICO.

Complete and detailed addresses of the affected people were published on the website, including the door numbers and postcodes. A London based person called Simon Winch told the BBC that he had accessed the leaked information through a ‘link’ on the gov.uk website and added that the document was a spreadsheet. The list remained online for about 90 minutes before the cabinet office finally brought it down.

The ICO later notified that it is making inquiries into the matter, but what’s certain is that nothing much can now be done to revert the situation. It appears to be a genuine mistake, and ensuring protection from phishing in the future is all that can be done now.

 

phishing email

 

Ryuk Blamed For Attack On US Maritime Facilities

Officials from the US Coast Guard opine that the point of entry of the malware that affected one of its maritime facilities was a phishing email sent to one of the maritime facility’s employees; it left the facility inactive for over 30 hours right after the attack.

This attached ransomware-infected file brought down the entire corporate IT network of a facility regulated by the Maritime Transportation Security Act (MTSA).

Upon being clicked, the attached link in the email allowed the attacker to access critical enterprise Information Technology (IT) network files. The attacker would then encrypt these files, thus stopping the facility from accessing these vital files. The Ryuk ransomware is supposed to be behind this massive attack, which has affected camera, physical access control systems, and critical process control monitoring systems. It also affected industrial control systems.

The Marine Safety Information Bulletin (MSIB) hasn’t yet disclosed the type or name of the facility. But considering that the ransomware infiltrated the cargo transfer industrial control systems, we can assume that it must be a port that got attacked.

The US Coast Guard had previously issued a safety alert after a cyber incident in February. And once again, it is reminding maritime stakeholders to verify the authenticity of any received email before replying to or opening it. It has forwarded the following measures to ensure email phishing prevention:

  • Having network segmentation incorporated to refrain IT systems from accessing the Operational Technology (OT) environment
  • Installation of intrusion detection and prevention systems
  • Maintaining backups of all critical files and software
  • Regularly updating detection software
  • Incorporating centrally monitored host and server logging

 

Email Server Of Special Olympics Hacked

Near the Christmas holiday, the email server of Special Olympics of New York was hacked by adversaries to launch a phishing campaign against previous donors.

Special Olympics New York is a nonprofit organization working towards competitive athletes with intellectual disabilities. Special Olympics NY renders sports training and athletic competition to over 67,000 children and adults with intellectual disabilities across New York State.

In a notification sent out by Special Olympics, they informed the affected donors about the attack and asked them to ignore the previous message received from their server. They went on to explain that the attack is not a cause of worry for the donors as it affected only their “communications system” that stores contact information and that financial data was not accessible in that system.

The attackers camouflaged the phishing emails as an alert of a donation amount that would be automatically debited from their accounts. The attackers were smart enough to mention at the time limit and said that the amount of $1,942,49 would be deducted from their account within two hours.

This short time-bound email gave out a sense of urgency, which was expected to make the donors of Special Olympics NY click on either of the two embedded hyperlinks. These links would then redirect the donors to a PDF version of the transaction statement.

The phishing email utilized a Constant Contact tracking URL that redirected the donors to the landing page of the attackers. Although that page has now been brought down, it was probably used to steal the credit card details of donors.

In a recent statement by Special Olympics’ SVP of External Relations – Casey Vattimo said that they have secured their server by incorporating phishing email prevention measures and that donors can now make donations fearlessly.

 

Tiktok Banned For US Soldiers

Following the steps of the US navy, the US Army, too, has banned TikTok’s use among its soldiers failing to do which results in their ban from the army intranet. It has been done to ensure protection from phishing because the government feels that the Chinese app poses a security threat to not just the US residents but also its army. The soldiers have been asked to uninstall the app and refrain from using it on government-owned phones as the app might be used for collecting the personal data of American citizens.

Huawei, too, has been on the ban list of the US government; however, it doesn’t have as broad a user base at that of TikTok. TikTok has been downloaded over 750 million times in the past year. It has a general appeal to all users because of its ability to create and share short videos set to upbeat music.

At the beginning of 2019, TikTok agreed to pay a fine of $5.7 million to the US to settle allegations of it collecting personal information from children under the age of 13, which included their names, email addresses, and their locations.

 

Security Threat Makes Poloniex Enforce Password Reset

The cryptocurrency exchange Poloniex has recently enforced a password reset upon users suspecting a leak of email addresses and passwords.

Poloniex reported that someone had posted a list of email addresses and passwords on Twitter on 30th December and claimed that these details could be used to log in to Poloniex accounts. However, Poloniex says that most of the email addresses listed on the Twitter post do not belong to Poloniex accounts. But the ones that belong to the exchange, password reset have been enforced to ensure protection from phishing attacks.

 

Printed Boarding Passes: A Threat To Personal Security

As tempting as it might be to post pictures of your boarding pass on social media, you should refrain from doing so because you might be giving hackers access to your frequent flyer account unknowingly. People should instead stick to digital boarding passes that are sent to their phones.

Once accessible, these boarding passes enable hackers to enter our frequent flyer accounts and to steal points from our cards that pay substantially in the black market. The CEO of a cybersecurity consulting firm called CynergisTek – Caleb Barlow informed that not much is required to get into someone’s frequent flyer account. Just a person’s name, booking reference number, and frequent flyer number are needed to break through, and these details can be found on the boarding pass.

Barlow added that attackers try to get these details because getting into our frequent flyer account isn’t very taxing for them and also because we barely care about our miles or points. The points seem trivial to us, but there have been instances in the past when hackers used these points stolen from random user accounts to buy themselves travel tickets or other expensive things in the form of gift cards.

The only anti-phishing measure people can adopt to protect frequent flyer points is to enable two-factor authentication on their account.