Global cybersecurity headlines constantly report on the latest ransomware and other social engineering attacks. This week is no different; here are the most significant news headlines from the past week:
Cyberattacks Hit K-12 School Districts, New Mexico
Cyberattackers recently targeted the Fort Sumner Municipal Schools, New Mexico, and Washington Local Schools. The data stolen from Fort Sumner was up on the Cl0p ransomware’s leak site soon enough. This data dump included sensitive and confidential data (such as drivers’ licenses) belonging to students, parents, and faculty members. As part of its measures for protection against phishing, Fort Sumner hired external cyber-counterintelligence experts to investigate the breach and contain the malware spread.
Around the same time, a cyberattack brought down the Washington Local Schools’ telephone, email, WiFi, internet, and Google Classroom systems. While the school refrained from commenting on the incident, it mentioned that external cyber forensic teams had been hired to investigate the breach. The Washington district apologized for its unreachability owing to the disruption in the calling and email networks. The school will assign an emergency phone number for each school and provide the same to the parents via a letter. The district officials have assured the parents of seniors in the school that the exam process will be smooth so that the students have a memorable time, just as they deserve.
Ransomware Hits Publishing Giant Nikkei
A ransomware attack recently targeted the headquarters of the publishing giant Nikkei in Singapore. The unauthorized access to Nikkei’s server was first detected on 13th May 2022, and the organization immediately shut down this server to contain the attack’s spread. The affected server collected customer data and Nikkei is investigating whether adversaries accessed this sensitive and confidential client information.
So far, the media giant has no reason to believe that the data has been leaked. Still, it has reported the incident to the Singaporean and Japanese personal data protection authorities. In its statement, the Nikkei PR team apologized for the inconvenience and resolved to take better anti-phishing measures in the future.
Data Breach Hits Dis-Chem
A data breach recently targeted the pharmacy retailer Dis-Chem that compromised the personal details of over 3.6 million customers. Dis-Chem reported hiring a third-party service provider and operator to manage certain services. The database shared with them contained various categories of customers’ personal information. On 1st May 2022, Dis-Chem got word that unauthorized parties had gained access to this database. Immediately after detecting the breach, Dis-Chem launched an investigation to get to the root of the attack.
Eventually, it was revealed that around 3,687,881 individuals had their names, contact numbers, and email addresses exposed in the security incident. These details can be easily used to launch more targeted cyberattacks such as email compromises, phishing attacks, social engineering, or impersonation attempts. Dis-Chem is working on its anti-phishing solutions but has refused to share any further details on the data breach.
Data Breach At Parker Hannifin
A cyberattack recently targeted the Fortune 500 engineering giant, Parker Hannifin, exposing the personally identifiable information (PII) of employees and their dependents. The attack was detected on 14th March 2022, and soon after, the affected systems were shut down to prevent the malware from spreading. An initial investigation revealed that unauthorized third parties accessed Parker Hannifin’s systems between 11th March and 14th March. By 12th May, Parker Hannifin had started notifying the affected current and former employees (and their dependents) of the breach.
Around 119,513 individuals were affected by the breach. Their details, such as names, DOBs, social security numbers, driver’s licenses, bank details, health insurance details, home addresses, online login credentials, etc., may have been compromised.
Parker Hannifin clarified that a small subset of individuals may have also lost other health information details such as date of service and coverage, clinical and medical details, etc. As part of its measures for protection from phishing attacks, Parker Hannifin is offering two years of free identity monitoring to all victims. The company has informed law enforcement and is taking additional security measures to protect its systems from further attacks.
Ransomware Hits Mercyhurst University
A ransomware attack recently targeted Mercyhurst University in Pennsylvania. The attack comes just one month after four colleges from the university participated in Cyber Impact 2022 and highlighted the progress they have made in cybersecurity. So far, the university has not confirmed the attack, and neither has LockBit (the attacker) provided any proof of the attack.
However, the ransomware group claimed to publish the stolen data (about 300GB) within 5–6 days. It must be noted that Pennsylvania recently approved a Senate bill forbidding the use of taxpayers’ money to pay ransom for cyberattacks. Still, Mercyhurst, being a private university, won’t fit into the purview of this bill. We can only hope that the university is taking measures to prevent phishing attacks.
22.5M Malaysians Lose Personal Data
A recent data leak from the National Registration Department (NRD) exposed the personal data of 22.5 million Malaysians born between 1940 and 2004. Reportedly, the database containing all these details (160 GB in size) is selling for $10,000 on the dark web. This database is an expanded version of the one sold in September 2021 by the same seller; the earlier database only included citizens’ data till 1998.
Both these data breaches happened by exploiting the MyIdentity API of the NRD. Government agencies commonly use MyIdentity API as a centralized data-sharing platform, and the data was not leaked directly from the NRD but through the many agencies that could obtain information from the NRD. The NRD has a mechanism that proves that the attack was not triggered by a breach in its systems but in one of the agencies. The September 2021 breach involved the sensitive and confidential documents of those born between 1979 and 1998 and sold for 0.2 BTC (US $11,160).
The NRD claimed that it has a strong firewall and that the data is stored safely. NRD instructed all agencies using the MyIdentity system to implement stricter security solutions as part of its phishing protection measures. The frequent attacks on Malaysian organizations have posed a question about the efficacy of their cybersecurity measures. Experts have urged the concerned agencies and the Department of Personal Data Protection (JPDP) to consider the matter and take necessary measures before it’s too late.
Data Breach Hits Omnicell
A data breach recently targeted the multinational company Omnicell, which eventually led to a ransomware attack affecting its internal systems. With its headquarters in Mountain View, California, USA, Omnicell disclosed the breach in a 10-Q filing with the SEC on 9th May 2022. In the 10-Q filing, Omnicell reported that adversaries attacked its IT systems and third-party cloud services on 4th May 2022.
The company has initiated an internal investigation into the breach, and more details are awaited. As of 17th May 2022, no update on the cyberattack was shared on Omnicell’s website. The attack on Omnicell is one of the numerous attacks on US healthcare providers that have taken place this year and re-emphasizes the importance of adopting adequate anti-phishing protection measures.
Hackers Steal ₹74 million (About US $ 940,000) Crore From Razorpay
Adversaries recently stole about ₹74 million (about US $940,461) from the Indian online payment services provider, Razorpay Software Private Limited. The hackers manipulated the Razorpay authorization process for three months, leading to 831 failed transactions, which ultimately cost the company a massive INR 73 million. The financial theft was detected when Razorpay was auditing its transactions and couldn’t tally ₹7,38,36,192 against 831 transactions. Soon after noticing the attack, the company filed a complaint.
The police have begun their investigation into the breach and are bent on finding the culprit. The initial investigations by Razorpay Software Private Limited revealed that the same hacker had manipulated the authorization and authentication processes and generated and sent fake approvals to Razorpay, leading to the loss. The company has shared the relevant transaction details with the police, such as the IP address, date, and time. Razorpay has taken the necessary phishing attack prevention measures to ensure security against such an attack in the future.