Anti-phishing protection has become a primary concern for all organizations working online. Every individual uses the internet, and hence vulnerability to cybercrime is the same for all. However, proper knowledge of the kinds of attacks happening around can help bring significant progress to an individual or organization’s digital security. Here are this week’s top cybersecurity headlines
Maze Attacks LG
Defying all phishing prevention measures, the Maze ransomware continues to terrorize the digital world with attacks and warnings. Maze warns its victims against trying to decrypt the locked files, failing which would mean an online auction of their company files.
The newest victim of Maze is the electronic giant LG, and the ransomware operators have released three screenshots of the stolen data. While one screenshot contains source code files of LG products, the other two include the official firmware or software update of their products.
Maze’s most frequently targeted organizations are located in the US, South Korea, Thailand, Canada, Latin America, and Brazil.
Infraud Members Plead Guilty
Infraud is an organization that rules the carding market. Their slogan goes, “In Fraud We Trust,” and they have caused financial losses to individuals exceeding $568 million. Infraud conducts a plethora of frauds such as sale and exchange of credit card numbers, unauthorized purchases, and money laundering using the stolen card credentials.
Infraud activities have been restricted since 2017. In a recent trial and an endeavor to prevent phishing attacks saw a 33-year-old Russian leader plead guilty before the US District Court Judge James Mahan. Legal actions are now being taken against 36 individuals across the US, Australia, the UK, France, Italy, Kosovo, and Serbia for involvement in Infraud’s activities.
Massive DDoS Attacks at Akamai
DDoS attacks are perennially striving to increase their impact, and a testimony to that is the frequent attacks that Akamai has undergone recently. The latest DDoS attack on Akamai happened on June 21, 2020, and generated traffic of 809 million packets per second (Mpps). The attack lasted for ten minutes and reached its peak size in two minutes.
Akamai needs to incorporate the phishing prevention best practices to avoid the kind of attacks it has been facing off-late.
Data Breach At Limeroad
Indian shopping app Limeroad underwent a data breach recently, which compromised the details of over 1.29 million users. These details are now being sold on the dark web.
The stolen customer details include the full names, phone numbers, and email ids of users. From the sample put up by the adversary, these records seem to be legitimate. Online shoppers should strictly follow phishing prevention tips when attacks on shopping portals are escalating like never before.
Chinese Companies Leak User Data
Two Chinese companies have been leaking user information, and the incident came to light recently. The two exposed databases belonged to the Chinese companies Xiaoxintong and Shanghai Yanhua Smartech. While Xiaoxintong offers services to the elderly, the latter is a service provider for artificial intelligent architecture.
The leaked databases compromised the GPS locations, mobile numbers, addresses, hashed passwords, easily-decoded audio files, names, employee ID numbers, heart rates, oxygen levels, etc. of over 5 million users.
To ensure phishing attack prevention, the databases have been brought down. Still, it is uncertain whether the adversaries could access them.
India Prepares For Chinese Cyber War
To ensure protection from phishing attacks, the Indian government recently banned 59 Chinese apps, including the widely used TikTok app. This move comes as a security measure to guard against unauthorized access of Indian user’s data by the Chinese nation for various conspiracies and other attacks on the country.
Physical wars are not to be seen these days, and that’s why cyber-attacks and digital espionage on governments have increased. India anticipates cyber attacks from China and has deployed security experts in various sectors that used to depend on Chinese resources previously. Yet another group of experts feels that the sudden ban of the 59 apps would create other security hazards that may impact the nation and its people.
Fakespy Returns, Complexity Increases
The mobile data-stealing kit FakeSpy, which affected android users two years back, has now resurfaced with mainly the same code DNA. Although FakeSpy comes with a few minor changes, it is dangerous as it impersonates various postal services.
The malware impersonates the U.S Postal Service and that of China and Europe and sends out fake messages to users, notifying them of a package pickup for them. These messages come with codes that, upon clicking, install malware that steals financial data from mobile applications.
Experts hint towards a Chinese origin of the mobile malware kit written and advise the receipts of the USPS messages to take anti-phishing protection measures.
Bitcoin Scam Affects Thousands Of Users
A multi-stage Bitcoin scam has led to the compromise of the personal data of 248,926 users belonging to the UK, Australia, South Africa, the US, and Singapore, among other regions.
The scam lures victims in a fraud Bitcoin investment scheme and exfiltrated data such as their phone number, name, and email. However, the concerned authorities have been notified, and phishing protection measures are now being taken.
More Security Measures Equal Less Security, Says IBM
In its fifth Cyber Resilient Organization Report, IBM states that organizations are less prepared to detect and withstand a cyber attack these days. They have too many tools and applications working towards ensuring protection from phishing. All organizations with security walls have shown a 13% decline in their ability to stop a threat factor.
IBM speculates that such an approach to cybersecurity will cause a loss exceeding $1.2 billion as compared to a cyber attack. The report also hints at the various aspects in which businesses have adopted a wrong or less effective approach.
The North Face’s IG Compromised, Hacker Launches Phishing Scam
An unsuspecting user seldom questions the authenticity of a message from a verified Instagram account. This time, the adversaries have used this to trick people and run a copyright infringement phishing scam.
The verified Instagram account of the American outdoor recreation product company The North Face for Chile was recently compromised and used to send out messages with phishing links to users. Such messages aren’t easy to identify for an unsuspecting user, and hence anti-phishing measures must be carefully evaluated by every user to guard against such scams.