To protect yourself from phishing implies having a good knowledge of the kind of attacks launched by adversaries daily. Here’s the list of the top cyberspace news from the past week to help you enhance your phishing prevention measures
Anonymous Hacks Atlanta Police Dept Website
The Anonymous hacker group, which announced its comeback after the cruel killing of George Floyd by a Minneapolis police officer, has now taken upon its shoulders for bringing down the Atlanta police department website. They confessed this via a tweet where they condemned the Atlanta police department for the fatal shooting of Rayshard Brooks.
This is the second time that the police have outraged the Black Lives Matter activists by killing the 27-year-old black man Rayshard Brooks for resisting arrest. Anons posted the tweet on their handle (@AnonOpUSA) at 8:24 a.m. on 14th June. The police department needs to enhance its anti-phishing protection measures if it plans on continuing to use their website.
Unprotected CIA Unit Pays Heavy Price
A CIA unit specializing in the development of hacking tools and cyber weapons failed to protect its interests. Reports state that they barely had any measures to ensure protection against phishing attacks. This news comes after a 2017 data theft at the CIA by one of its former employees.
The leak comes after three years of the hack and only speaks of the CIA’s incompetence to protect its systems with security measures and backup. It has now been concluded that the leak was Schulte’s revenge for the dispute he had with colleagues and supervisors. But nothing can be said for sure because the CIA’s security measures were never sound and almost anyone could access their files with such poor phishing protection measures.
Lazarus Group And BEC Scams On Linkedin
Researchers at ESET recently revealed the reality of North Korea’s state-sponsored hackers – the Lazarus Group. This BEC scam was called ‘Operation Interception’ and used LinkedIn for cyber-espionage and financial theft attacks.
The adversaries impersonated job recruiters and sent out messages to their victims with the bait of a job interview. The victims received an archive folder that allegedly contained information on their salary and job description, whereas it contained malware-infected files. Once opened by the victim, a message would notify the victim that he hasn’t been selected for the job profile, and immediately the job recruiter’s profile vanishes from LinkedIn, but this happens while giving the attackers a foothold on the victim’s computer which they eventually expand.
So far, the main targets have been employees of the European aerospace and military companies, but protection from phishing such attacks on LinkedIn is advisable for all.
Magecart Attacks Increase
Magecart attacks are increasing by the day with web skimmers being used to compromise vulnerable networks. In two major attacks recently, Magecart has compromised the systems of two renowned retail chains – Claire’s and Intersport. Not only did the adversaries attack the firms, but they also hid skimmers to record payment card details of the customers of these firms.
Both the firms have incurred a huge financial loss because of these attacks, along with losing their goodwill among customers. Hence organizations must subscribe to some phishing protection service at all times to evade such malicious attacks.
Cybersecurity Index Reviews
A Cybersecurity Exposure Index (CEI) has been recently released, highlighting the most and least exposed regions in terms of cyberattacks. The index covers Europe, America, Asia-Pacific, and Africa.
The index marks Afghanistan as the most exposed country, shortly followed by Myanmar, Ethiopia, Palestine, and Venezuela. The least exposed country is Finland, followed by Denmark, Luxembourg, Australia, and Estonia. While Africa has the highest exposure score per country, Europe has the least.
This suggests why phishing attack prevention is important, irrespective of which part of the world you reside in.
Ariix Italia Database Left Unprotected
An Amazon Simple Storage Service (S3) bucket containing 7,515 PDF and 25,895 JPG files has been recently unprotected online. The database belonged to Ariix Italia and included the names, dates of birth, tax identification numbers, street addresses, email addresses, phone numbers, and Italian citizens’ signatures.
Although Amazon has now secured the database, it has remained public for quite some time. Ariix Italia customers and sales representatives are advised to adopt the phishing prevention best practices to ensure their safety.
Ransomware Hits Sbtech
A ransomware recently hit SBTech, which has now merged with DraftKings. The attack happened on 27th March, and soon after, the firm shut down its operations as an anti-phishing measure. There were disruptions in services because of this, but they duly compensated their customers for the inconvenience and loss.
They believe that the issue has been resolved and are now working on strengthening the security of their network.
Evil Social Engineering Of Sextortionists
Sextortionists are those malicious actors who aren’t satisfied with just stealing your data; almost always, they do worse. Now they are using social engineering techniques to take victims’ personal information from dating websites. The adversaries create fake profiles for young women on dating sites and use social engineering techniques to make the victim disclose his/her name, mobile number, location, sexual preference, and other information.
This information is then publicly posted on a Ukrainian forum. Although the sextortionists claim to delete a victim’s details on paying a fee, that’s unlikely to happen. Thus, the most reasonable thing to do to prevent phishing attacks of this sort is to refrain from sharing personal information with strangers online.
NHS Email Accounts Compromised
113 email accounts within the NHS have been compromised, and the adversaries are now using these accounts to send phishing emails to others on the victim’s contact list. The breach took place between 30th May 30 and 1st June and aims to steal victims’ log-ins.
NHS has collaborated with the National Cyber Security Centre (NCSC) and has also asked all affected people to take email phishing prevention measures.
Data Breach Hits Foodora
Delivery Hero’s brand Foodora underwent a data breach recently, which exposed the details of over 727,000 accounts from 14 countries. The compromised details include names, addresses, phone numbers, latitude-longitude, and hashed passwords of users. The breached data was posted on an online forum on 19th May.
Delivery Hero is now working with security experts and adopting anti-phishing solutions to get to the roots of the attack.