Festivals for cyber adversaries come in the form of new and improved cyberattacks on individuals, organizations, and systems. This time of the year witnesses the highest number of data breaches, and that’s why it is advised to adopt the phishing prevention best practices. Following are the top headlines from the cyber world.

Ransomware Hits City Of Cornelia

The day after Christmas saw the systems of Cornelia city being taken down by a ransomware attack. Donald Dee Anderson – the City Manager, says that they were prepared for such an attack since cyberattacks are so common during the holiday season. Emergency phone lines, utility work, garbage pickup, emails, and telephones of the city are working without interruption. However, the city’s administrative software was brought down by the attack. The city employees are unable to check balances or accept card payments.

The city is taking necessary anti-phishing protection measures and temporarily taken down its network. They have informed law enforcement and are investigating the breach. Anderson says the city was probably attacked with a motive of extracting a hefty ransom instead of selling the stolen data on employees and citizens. But further details about the breach are yet to be disclosed with the progress and revelation of facts post-investigation. The city requests citizens to be patient in these times of digital turbulence.


Malware Emotet Targets Lithuania’s NVSC

The malicious malware strain Emotet recently attacked Lithuania’s National Center for Public Health (NVSC) systems and other municipalities in a sophisticated attack campaign targeting state institutions. The malware used previous threads to send infected emails to victims, which made passing the phishing email prevention barriers possible.

Once a victim opened the infected message, the virus took over the entire organization’s internal network. And these infected systems, in turn, became propagators of the virus. Such virus-laden emails also made it to the inbox of epidemiological diagnostics experts, government officials, and ministry representatives associated with NVSC.  Consequently, the email system of NVSC was shut down to prevent phishing attacks.


Ransomware Hits Genrx Pharmacy

Arizona-based healthcare organization GenRx Pharmacy discovered a ransomware attack on its systems on 28th September, a day after the breach. They are now informing around 137,000 of their patients about the attack and a potential compromise of patient data. GenRx was quick to take measures for protection from phishing and even hired security experts to investigate the attack. The breach was resolved within a day. But some files from their system were compromised and removed by the adversaries. These included the full names, phone numbers, DOBs, addresses, gender, medical history, etc., of patients.

GenRx Pharmacy realizes the consequences of a compromise of sensitive customer data. Though there isn’t any evidence of the same, they are offering free email monitoring services to their customers.


Data Breach Hits Treasure Valley Community College 

A data breach was detected at the Treasure Valley Community College (TVCC) on 25th August, which let adversaries access and misuse an employee email account. Consequently, the personal information of several TVCC community members was compromised. The exposed details include the Social Security numbers, DOBs, and student ID numbers.

TVCC has adopted all possible anti-phishing solutions and notified community members of the breach. Although there isn’t any evidence of the misuse of compromised information, TVCC offers free credit monitoring services to affected members and provides phishing prevention tips. They have also set up a toll-free call center to assist victims of the breach. TVCC has incorporated necessary phishing protection measures to prevent such cyber incidents in the future.


Ransomware Hits General Medical Laboratory (AML)

One of the largest private labs handling COVID tests in Antwerp – the General Medical Laboratory (AML), was recently hit by a cyberattack. Ransomware was installed on the lab’s website, and now the adversaries are demanding a ransom.

Although there is no evidence of patient data breach, AML has adopted anti-phishing services and brought down its network. An extensive analysis of all infected files and devices is to follow. The lab also has informed the prosecutor’s office, and now the federal Computer Crimes Unit has taken charge of investigations.


Cyberattack Brings Down The Voyager

Leading cryptocurrency brokerage platform – Voyager recently underwent a cyberattack that targeted their DNS configuration. Voyager was in taking anti-phishing measures and shut down its trading platform immediately after detecting the attack. They initially said that investors should not be able to transact on the platform because it was under maintenance. But they later revealed the attack, which caused a temporary disruption in trading.

Voyager reassured stakeholders of their concern for customer funds and security information. The app is functional, and for protection against phishing, the Voyager had logged everyone out from the account and recommended implementing 2-factor authentication. The adversaries were unsuccessful in extracting any funds or information from the Voyager.


Data Breach Hits Koei Tecmo, Stolen Data Leaked

Japanese video game and anime company Koei Tecmo recently underwent a data breach that compromised data belonging to 65k+ users. Consequently, the company shut down its European and American websites. The adversaries do not seem to be interested in ransom because no financial data was stored on Koei Tecmo’s database. The threat actors accessed the koeitecmoeurope.com website via a spear-phishing campaign on 18th December. They have stolen a forum database and injected a web shell on the site to continue compromising forum databases.

The attackers pitched the same in their posts on the dark web to sell this database containing forum members’ names, email addresses, usernames, DOBs, hashed passwords and salts, IP addresses, nationality, etc. The forum database is being sold for $1,300 and web shell access for $6,500.

Koei Tecmo informed that only the forum was affected in the breach, and no other parts of their website were targeted. As they take phishing attack prevention measures, they reassure users that only optional details such as usernames, passwords, and email addresses were involved in the breach. As such, users must avoid using the same passwords everywhere.


Sophisticated Cyberattack Hits SEPA On Christmas Eve

A sophisticated cyberattack targeted the Scottish Environment Protection Agency (SEPA) on the midnight of Christmas Eve. However, the holiday season or the attached security vulnerabilities did not stop SEPA from implementing its business continuity arrangements. SEPA used its robust anti-phishing tools to minimize the damage of the ongoing cyberattack.

While core regulatory, warning services, monitoring, and flood forecasting remained operational, communication within and outside the organization was disrupted.  This major attack on SEPA affected their internal systems, contact center, and internal communications. SEPA is now working with the Scottish police, government, and the National Cyber Security Centre (NCSC) to get to the attack’s roots.