These days, ransomware attacks and data breaches target organizations even when they have anti-phishing solutions in place. That is why it is essential to be abreast of the latest cyber updates and think critically to predict and mitigate cyberattacks before they can cause damage. Here are the newest cyber attack headlines from the bygone week:
Regina Public Schools Confirm Cyberattack
Regina Public Schools recently reported a ‘network-wide incident,’ which they later confirmed was, in fact, a cyberattack. Although the school district has not disclosed the nature of the attack, it mentioned that several of its computer systems were affected. As a consequence of the attack, all internet-based systems like education tools and emails were unavailable. Soon after detecting the attack, the district brought down its systems to ensure phishing protection. The school notified later that all affected systems had been restored and secured.
Regina Public Schools has hired external cybersecurity experts to investigate the breach and help restore their systems. Since the website is down, the school district is using its social media accounts to convey official communications. The district mentioned that parents and guardians of students would be notified of the incident soon. So far, it’s not certain whether Regina Police Service has been informed about the attack, but the Ministry of Education said that it is aware of the unfortunate incident and trusts that the Regina Public School Division is taking appropriate cybersecurity measures.
Data Leak at Verizon
An anonymous hacker recently gained access to a Verizon database that contained the full names, corporate ID numbers, email addresses, and contact numbers of hundreds of employees. To check whether the data leaked by the hacker is accurate, cybersecurity experts called up the numbers mentioned in the database, and all the contacted people confirmed their association with Verizon and said that the details were indeed accurate. The hacker eventually confessed that he had conned a Verizon employee into granting him remote access to the company’s corporate computer.
The hacker said that employees (in general) are very susceptible and easily believe you if you claim to be from internal support. The threat actor also contacted Verizon and asked for a ransom of $250,000, but the company has no intention of complying with this request. It says that the hacker has access to some readily available employee directory information and that there is no threat to Verizon or its employees. The company stressed its commitment to protecting employees’ and customers’ personal information and mentioned that it takes all the necessary phishing prevention measures.
Ransomware Hits New Jersey County
A ransomware attack recently targeted New Jersey County, which disrupted many of its services. Somerset County in New Jersey, located to the north of Princeton University and with a population of about 350,000, recently notified citizens of a ransomware attack on its systems.
Due to the attack disruptions, the county had to create new Gmail accounts to keep communication with residents going. Accounts were created for critical departments like the County Commissioners, Emergency Operations, Health, the County Clerk, Surrogate, and Sheriff. While the county could perform most functions, it had to cancel a Board of Commissioners meeting owing to the incident.
The county adopted immediate measures for anti-phishing protection but said that restoring all services and systems would take at least a week. Fortunately, the attack did not affect the emergency 911 communications. However, the County Clerk’s office could not perform most of its services requiring internet access, such as gaining access to land records, probate records, vital statistics, etc.
Data Breach Hits Washington University School of Medicine
A data breach recently targeted the St. Louis-based Washington University School of Medicine, which exposed the personal health information of its patients. The Washington University School of Medicine mentioned on its website that the adversaries gained access to some of its employee email accounts between 4th March to 28th March 2022.
The school investigated the incident on 24th, 2022, but it failed to determine whether the hacker viewed any attachments or emails in the compromised accounts. But the health system could ascertain that the emails contained research participant and patient information, such as their names, patient account numbers, DOBs, addresses, and clinical data. Social security numbers and health insurance information were also registered in some cases.
While the health system has yet to reveal the number of patients affected, it has taken measures to strengthen its email security and prevent such incidents. Further, as part of its measures for anti-phishing protection, the Washington University School of Medicine has sent breach notifications to the affected individuals.
DDoS Attack Targets PLA website
A DDoS attack targeted the Port of London authority’s (PLA) website on 24th May 2022, which compelled it to bring out its website. Reportedly, this attack on PLA is politically motivated, and the ALtahrea team hacking group has claimed responsibility for the attack. The hacker group took responsibility for the attack on its Telegram channel on the same evening.
ALtahrea is a pro-Iranian hacker group that has previously targeted the Israeli Port Authority, the Jpost, the Israeli 9 channel, and other Israeli entities. It has also attacked the Turkish media platform Anadolu Agency and the Turkish president Recep Tayyip Erdogan’s official website. ALtahrea has government support and has targeted several national governments so far. Fortunately, PLA took adequate measures to prevent phishing attacks, and its website is back online now.
Black Cat Ransomware Attacks Carinthia
The Black Cat ransomware group recently targeted the Austrian state of Carinthia. The adversaries have demanded a ransom of $5 million in BTC from Carinthia for the decryption software. It claims to have compromised sensitive and confidential data belonging to the government. The ransomware attack culminated in the massive failure of the Carinthia government’s IT services.
The state of Carinthia refused to comply with the ransom demand as it found no evidence of the data being compromised. It further mentioned that it already has backups of the data and doesn’t need to heed the warnings of notorious threat actors. Around 3000 IT workstations were affected, and the state was confident about bringing the first of these back online within a week. In the interim, the delivery of traffic fines and the issuance of new passports remain at a halt.
The state’s website, email system, and COVID-19 tracing system remain unoperational. As part of its measures for protection from phishing attacks, the state informed the police and the State Office for the Protection of the Constitution and Counterterrorism.
Cyberattack Hits Wedding Planning Website Zola
A cyberattack recently targeted the renowned wedding planning website, Zola. The adversaries gained access to several user accounts and attempted to initiate fraudulent cash transfers from those compromised accounts. Zola users took to social media to report that their bank accounts linked to the website were used by unauthorized parties to purchase gift cards. Another user also pointed out that the compromised Zola accounts were being resold on the black market to buy gift cards.
Zola authorities mentioned that a credential stuffing attack was used to compromise the user accounts and that it wasn’t a direct attack on Zola. Therefore, all users who reused their passwords from other accounts (0.1% of Zola users) had their accounts compromised. Zola reassured users that all fraudulent cash fund transfer attempts were blocked on time. It further mentioned that no bank or credit card details were exposed.
As part of its measures to prevent phishing attacks, Zola reset the account passwords of its users automatically and informed them about the same. Furthermore, the Android and iOS versions of the app were temporarily disabled to contain the attack’s spread.