Cyberattacks and data breaches have rapidly increased over the past year. Hundreds of thousands of users lose their data to phishing attacks even today. Here are the top phishing headlines from the last week to enable an organization to accept and incorporate the best phishing prevention tips.
Scattered Canary Plots Against Texas Unemployment System
Defying all phishing prevention measures, a Nigerian cybercrime group named Scattered Canary is sharing detailed instructions on committing unemployment identity fraud on the Texas Workforce Commission website. The threat actors have formed a WhatsApp group where a 13-page guide to defrauding the Texas Workforce Commission has been shared.
The cybersecurity firm Agari, led by former FBI agent Crane Hassold was the first to get access to this document circulated among Scattered Canary members. The document contained everything to know about applying for unemployment benefits and introduced some red flags triggered by erroneous answers.
The Texas Workforce Commission has lost over $893 million to fraudulent unemployment benefits in the past, and this Scattered Canary endeavour is definitely not good for the Commission. The adversaries exploit a Gmail flaw caused by Google’s spam detection system, which ignored the position of periods in an email address. A joe.doe@gmail.com can be impersonated as a j.o.e.d.o.e@gmail.com, and Google will identify both these addresses to be the same person. The hackers use multiple addresses with slight variations from the primary email ID to generate multiple claims without getting detected.
Canada Post Undergoes Third-Party Breach, 950k Customers Affected
Over 950,000 customers and 44 clients of Canada Post were recently affected by a malware attack on one of its suppliers. The adversaries could access the email addresses, names, and phone numbers of receiving customers registered between July 2016 to March 2019. Canada Post’s electronic data interchange (EDI) solution provider – Crown Corporation, underwent the breach and is taking anti-phishing protection measures already.
Canada Post conducted its investigation but found no evidence of the compromise of any financial information. Although Canada Post wasn’t directly responsible for the breach, it regrets the unfortunate incident that affected many of its valued clients and customers.
Data Breach Hits Indonesia’s National Health Insurance Scheme
Indonesia’s national health insurance scheme agency underwent a data breach recently, which exposed the personally identifiable information (PII) of over one million citizens. The attack puts the country in a disadvantageous position as it had enthusiastically incorporated digital government services into its development model.
The Badan Penyelenggara Jaminan Sosial (BPJS) is an agency that runs the Jaminan Kesehatan Nasional (JKN). Indonesia’s Ministry of Communication and Information Technology found a database on a hacker forum leaked from BPJS and contained details of the national health insurance scheme (JKN). The Indonesian government has launched anti-phishing measures, but it did not reveal any further information about the leak or its entry point.
Sophisticated Cyber Espionage Targeted At The Belgian Interior Ministry
The Federal Public Service Interior, Belgium, has undergone a sophisticated cyber-attack recently. Although its communications director, Olivier Maerens, insists that no sensitive data was breached in the incident, an investigation was launched to identify the point of attack. Cybersecurity experts revealed that the adversaries had been inside the Belgian Interior’s system since 2019.
The attackers had no intention of jamming the Interior Ministry website or demanding a ransom. First uncovered in March 2021, this attack is believed to be aimed at espionage. Robust phishing attack prevention measures were adopted immediately to strengthen the server security and prevent the adversaries from infiltrating further.
Security Negligence Of App Developers Affects Millions Of Users
Researchers have recently found that several mobile app developers expose users’ data because of unfixed misconfigurations in some of their third-party cloud services. A total of thirteen apps, downloaded between 10,000 to 10 million times, were found to have left databases containing details of over 100 million users unprotected online, available for anyone on the web to download and misuse. The user details compromised because of this security negligence include email addresses, chats, passwords, photos, location details, etc.
Some of these apps (Screen Recorder, T’Leva, Astro Guru, iFax, etc.) came with unprotected push notification managers along with misconfiguration issues. Such unprotected notifications welcome adversaries to send fraudulent notifications with malicious content or links to users by impersonating the developer. Misconfigurations of real-time databases are no longer an uncommon phenomenon, but developers should be more careful. Users on their part should adopt the phishing prevention best practices to avoid being vulnerable to attacks triggered by such security ignorance of developers.
Cyber Attack Hits TPG TrustedCloud Service
Two customers of TPG Telecom were recently affected by a data breach targeting its TrustedCloud service. The TrustedCloud service operates in a standalone environment, and therefore the chances of this attack impacting the other telecommunications networks and systems of TPG Telecom is unlikely. No other customers were affected by this breach because the TrustedCloud service has a very limited user base.
Although the other TPG Telecom products, services, and brands are unaffected by this security incident, the company has adopted measures for protection against phishing to strengthen its cyber defenses.
Bergen Logistics Leaves Database Unprotected Online
Bergen Logistics is one of the most popular order fulfilment providers in the US, handling the shipment records and personal details of over 460k users. However, the firm has been exposing the PII of these users via an unprotected database it left publicly available online. The IT team at Website Planet discovered the unprotected database on an Elasticsearch server recently, which contained enough information about users to make them vulnerable to phishing, extortion, skimming, and a range of other cyberattacks.
The exposed customer details include their full names, addresses, zip, email addresses, passwords, and order numbers. The compromise of such information is definitely not good for customers. But Bergen Logistics also has a lot to lose from this oversight of phishing protection measures. The failure to adhere to data privacy laws makes the firm a violator of Section 5 of the FTC Act, making it liable to a punishable offence or a fine of up to $100 million. Further, the self-caused damage to goodwill among existing customers and chance with prospective customers is an added loss to business which will take months, if not years, to recover from. What is surprising is Bergen Logistics’ reaction (one of the company’s representatives had replied with “LOL”) when it was first notified of the data leak on 30th December 2020 and again on 15th January 2021.
Hackers Post Details Of 18 Crore Domino’s Order Records
Domino’s Pizza, operated by Jubilant FoodWorks, is a household name in India, but a recent failure of its anti-phishing solutions has left customers perplexed. It had announced a data breach in its servers back in April 2021 and assured customers that their financial information is safe because the company never stores the financial details of users. However, a recent data dump by adversaries on the dark web has worried all Indian customers who had ever ordered a pizza from the Domino’s app or website.
The adversaries leaked sensitive information from 18 crore orders such as the exact delivery address, the amount spent on the order, the date of placing an order, phone numbers, etc. Cyber adversaries have stolen 13TB of customer details and employee files from Domino’s India, which they promised to post ‘soon.’