In today’s times, it has become necessary to keep yourself abreast of the latest cyber-attacks, and various ways threat actors adopt to attack users and rob them of their monetary or digital assets. For instance, a mere click on the wrong link is enough for the threat to access your credentials and other critical information. Simply keeping yourself updated is one of the best phishing attack prevention strategies and can help you avoid the majority of phishing attacks. Here are the latest headlines from this past week.
Age Is No Bar To Be A Cybercriminal
When a forty-something-year-old lady with a degree in applied mathematics expresses her interest in computers and contemplates a career as a computer programmer, people don’t view it as a threat factor. However, federal prosecutors suspect a Latvian citizen called Alla Witte to be an active member of the Trickbot gang.
Witte, now 55, began her career as a computer programmer at 40, with the intent of helping clients. Instead, within six years, she evolved from an amateur developer to a furious cybercriminal under the Trickbot gang. She has been working under the pseudonym of Max ever since. Max (alias Witte) is now in Cleveland with six other Trickbot members, facing charges for her part in a major cyberattack in Russia, Belarus, and Ukraine. If Witte cooperates, then much of the Justice Department’s anti-phishing protection efforts will be rewarded.
Azusa Police Department Kept Ransomware Attack Private, Paid $65k
The Azusa Police Department in California City recently reported a ransomware attack it experienced last year. But it has been discovered that it hid another attack for three years. The department underwent a week’s downtime in 2018 because of an unreported cyberattack. An unnamed cyber-criminal gang had attacked the Azusa police department in the fall of 2018. The city’s cyber insurance provider had paid $65,000 as ransom to regain access to ten of the department’s data servers.
As per the department’s statement, no data was compromised from these servers, but they were down for a week, and the decryption key couldn’t be found without paying the ransom. Azusa city took necessary measures to prevent phishing attacks back then but did not publicly report the attack since no data was compromised. The attack began when an employee opened an unsolicited email and clicked on an embedded link.
Ransomware Hits Linestar, 70GB Of Internal Data Leaked
After the Colonial Pipeline ransomware attack, the adversaries have targeted another pipeline-focused business. LineStar is a Houston-based company providing pipeline customers with compliance, auditing, maintenance, and technology services. A ransomware gang called Xing Team attacked LineStar last month and stole 70 GB of internal files.
Xing Team dumped all this stolen data on its data leak website, where DDoSecrets first spotted it. The leaked data included 10 GB of human resources data, 19 GB of software code and data, and over 73,500 emails, contracts, and accounting files. The HR data also included copies of the Social Security cards and driver’s licenses of employees. While LineStar was initially quiet about the incident, it later commented and accepted having undergone a ransomware attack. It said that since there was no disruption in operations, the attack wasn’t publicly reported. However, LineStar was taking measures for protection against phishing and had informed the FBI about the incident.
Security Bug Detected In Hyperkitty
Private mailing lists on the Mailman newsletter management service –Hyperkitty were publicly visible because of a security vulnerability. Hyperkitty is a popular open-source mailing list that made it to the headlines for a security bug that keeps private mailing list archives open to public access while importing them. Amir Sarabadani (a software engineer at Wikimedia Deutschland) first discovered this vulnerability while upgrading Wikimedia’s test mailing lists. He said that the list was private and would become private after the upgrade, but during the upgrade, it was public.
Upgrades usually last for more than an hour. If private mailing lists remain public for that duration, a lot of publicly identifiable information can be compromised and misused. While Hyperkitty fixed the vulnerability in its latest version, the bug was categorized with a 7.5 severity score. Unfortunately, such software vulnerabilities aren’t uncommon, so taking phishing prevention measures is always advisable.
FINRA Warns Of Ongoing Phishing Campaign
Phishing campaigns use the same few techniques to trick people, and this time it’s FINRA that they are using to get victims. The adversaries have created a fake domain name called @gateway-finra.org, and they are using it to impersonate FINRA and trick their clients.
FINRA has issued a notice warning all member firms to watch out for phishing emails from this fake domain. A typical email asks the recipient to complete or view a request by clicking on embedded links. These emails instill the fear of attracting penalties on late submission, which seems to work for recipients almost all the time. FINRA urges all firms to refrain from clicking on images and links that come embedded in emails from this domain, delete all such spam emails and report the same to their anti-phishing solutions provider. In addition, in an abundance of caution, FINRA has asked the Internet domain registrar to suspend services for the fake domain – @gateway-finra.org.
Cyberattack Hits Spanish Ministry Of Labor And Social Economy
Just three months ago, the Spanish Servicio Público de Empleo Estatal (SEPE) underwent a ransomware attack. Now, an attack has brought down the Spanish Ministry of Labor and Social Economic Systems (MITES). MITES supervises and coordinates Spain’s social economy, employment, and corporate social responsibility policies. Unfortunately, its computer systems were recently hit by a cyberattack, impacting its multimedia and communications office.
The Ministry’s technical managers and the National Cryptologic Center are working on restoring the systems at the earliest. In addition, they have adopted necessary measures to ensure protection from phishing attacks. However, the MITES website, the Electronic Office, the State Public Employment Service, and some other services continue to operate uninterruptedly.
Ragnar Locker Attacks Storage Manufacturer ADATA
One of the top SSD and DRAM manufacturers from Taiwan – ADATA, recently underwent a ransomware attack. The company had to bring down its systems to contain the spread of the malware and experienced some downtime before operations were finally restored. ADATA informed all concerned international authorities and stakeholders about the breach soon after detecting it on 23rd May 2021.
ADATA did not mention anything about the threat actor, but it is suspected that the Ragnar Locker ransomware gang is responsible for the attack. The ransomware gang has already claimed ownership of the attack on the dark web. It also claims to have stolen 1.5 TB worth of sensitive data from ADATA’s systems. A screenshot of files stolen from ADATA accompanies Ragnar Locker’s post on the attack. While ADATA has not specified whether it plans to pay (or has already paid) the demanded ransom, its business operations are working now. Currently, the manufacturer is engaged in adopting anti-phishing services and restoring the affected devices. However, whether the business operations are back on track because of ADATA’s internal efforts or owing to the ransom payment remains unknown.