Phishing is one of the most effective entry points for threats to inject malware into users’ systems. This week’s headlines are all about them. Read on to know why it is essential to pay heed to phishing prevention tips.
Ransomware Hits Stillwater Medical Center
The Stillwater Medical Center in Oklahoma serves several Oklahoma hospitals, clinics, care sites, and specialist offices. In an unfortunate ransomware attack targeting Stillwater on 13th June, all of its operations were brought down. However, as the medical center undergoes an electronic health record downtime, its IT team has proactively accessed the affected systems and informed law enforcement.
To ensure protection against phishing, Stillwater has also hired a computer forensic firm to help restore its systems. Disruptions were observed in Stillwater’s application, phone system, online patient portal, and email system. In case of emergency, patients were asked to dial 911. However, patient care was provided just the same, with only a few appointment cancellations.
Gateley Reports Cyber Attack
UK-based Legal and professional services group Gateley underwent a cybersecurity breach recently. While the attack affected a small portion of Gateley’s data, its operations were brought down to contain the attack.
The company traced where the impacted data (0.2%) was downloaded and saved and deleted that altogether to ensure protection from phishing attacks. Nothing is suggesting further dissemination of the data. Therefore, the breach doesn’t affect Gateley’s daily operations and financial performance. Gateley will inform all affected clients about the breach and has already notified the relevant regulators as part of its anti-phishing protection measures.
Third-Party Vendor Exposes 1 Billion CVS Health Records
CVS Health recently confirmed a data breach caused by a misconfigured cloud database left unprotected online by one of its third-party vendors. Consequently, the 204 GB database exposed over a billion records of CVS Health. These included the visitor ID production records, device access information, session IDs, medication queries, details of COVID-19 vaccines and other CVS products, and a blueprint of the backend operations of the logging system.
When security researchers informed that one of its private databases was accessible to the public, CVS Health conducted an internal inquiry. As a result, it was quick to adopt phishing attack prevention measures and secured the database immediately. However, if any malicious actor could access the database in the interim, we can expect some targeted phishing attacks soon.
Cyberattack Hits South Korean Ocean Carrier HMM
South Korean ocean carrier HMM underwent a cyberattack on 12th June, which paralyzed its email system. HMM has restored most of the affected systems in Europe and America and claims that no data was compromised. But its email servers remain unoperational everywhere else.
All shippers outside America and Europe were advised to connect with the local HMM agency offices only via telephone and refrain from using the email system. All other HMM functions remain fully operational, it clarified. As its IT team investigates the breach, HMM’s email systems are gradually being restored.
123 AmeriGas employees affected by an attack on third-party vendor
AmeriGas – the largest propane provider in America, underwent a data breach, although not directly. Its third-party service provider JJ Keller experienced a cyberattack recently, which lasted for only eight seconds.
The adversaries had lured a JJ Keller employee with a phishing email and compromised this account. In the process, a database containing the personal information of 123 AmeriGas employees and one of its New Hampshire-based customers was leaked. The information exposed via this database includes the social security numbers, Lab IDs, dates of birth, and employees’ license numbers. However, there is no sign of the data being misused or copied yet.
JJ Keller quickly executed its anti-phishing measures and prevented the attackers from infiltrating further into the breached employee account. However, in the brief period of eight seconds that the attackers could access the employee account, they got access to the AmeriGas database. As per reports, that is all there is to this attack. AmeriGas has provided free credit monitoring to that one affected customer and done the needful to secure its systems.
Cognyte Leaves Databases Unprotected Online
The cybersecurity analytics firm Cognyte maintains a list of customers affected by third-party data exposures and alerts them of the same, leaving one of its databases unsecured online. Thus, Cognyte became the source of data leak for all records already leaked from other sources. Cybersecurity researcher Bob Diachenko first discovered this unsecured Cognyte database.
The database exposed over 5 billion records obtained from various data breaches over time. The data exposed through this database includes the names, email addresses, passwords, and primary source of the data leak. However, Cognyte was quick to adopt anti-phishing measures, and the database was secured within three days of notifying them!
Attackers Compromise SEIU 775 Benefits Group Systems And Delete Data
Service Employees International Union (SEIU) 775 Benefits Group is a Seattle-based benefits administrator. The SEIU 775 Benefits Group recently notified that it underwent a cyberattack which was first discovered on 4th April 2021.
The Group consulted third-party forensics experts who found that the adversaries gained unauthorized access to some of its systems and deleted the personally identifiable and personal health information (PII & PHI) of around 140,000 individuals. The compromised data includes individuals’ names, health plans and addresses, enrollment information, and Social Security numbers.
Once the anomaly was detected, the SEIU 775 Benefits Group proactively executed its phishing prevention measures and secured the affected systems. It also informed the relevant regulators and federal law enforcement authorities. In addition, the organization also provided free credit and identity monitoring to all 140,000 affected individuals.
Carter’s Undergoes Data Breach: 410,000 Records Compromised
Renowned baby clothes retailer Carter’s underwent a massive cyber attack earlier this year. The company’s third-party vendor Linc (which automates online purchases) was in charge of providing customers with shipping details for their purchases at Carter’s via shortened URLs. However, Linc wasn’t cautious enough in implementing cybersecurity measures, and consequently, the personal data of thousands of Carter’s customers was compromised.
The full names, phone numbers, addresses, purchase details, and tracking IDs for hundreds of thousands of Carter’s customers were leaked in this incident. Over 410,000 records dating back to 2015 were affected in this breach. While Carter’s didn’t respond very well when asked for comments, it removed all shortened URLs immediately after getting the update. Carter’s is probably doing its bit to prevent phishing attacks, and customers looking for clarification must contact the retailer directly.
3.3 Million Volkswagen Customers’ Data Leaked
A third-party vendor linked to Volkswagen America had kept one of its databases unprotected online between August 2019 and May 2021. Consequently, the personal details of 3.3 million Volkswagen customers (particularly Audi car owners) were compromised. Furthermore, while Volkswagen was notified of the public database, it was only after two months that the vendor secured its server.
The attack affected customers in different proportions – while for some, only their vehicle information and contact numbers were exposed, for others, more sensitive information was affected. Investigations revealed that details of US and Canadian customers from 2014 to 2019 were primarily affected. Audi owners in these places must adopt measures to protect themselves from phishing.