Phishing is one of the most common and cyberattacks used by adversaries. As such, ensuring phishing prevention is not only wise but also necessary in today’s times. The following headlines from the first week in the digital world give a glimpse of the year ahead for phishing and related cyberattacks
Netwalker Leaks Stolen Namesouth Data Upon Refusal To Pay Ransom
The NetWalker ransomware strain (which surfaced in 2019) is terrorizing the cyberworld by leaking stolen data when victims refuse to pay the ransom. The latest victim of this brutal policy is the US-based auto parts shop to NameSouth. It appears that NameSouth was attacked on 26th November, and just days after that, when they missed the ransom payment deadline, the data archive was leaked. The compromised data contained 3GB worth of documents comprising financial and accounting data, customer details (names and addresses), credit card statements (dating back to 2010), personally identifiable information (PII) of at least 12 employees, etc.
The breach barely impacted the company customers and partners as the leaked data mostly belonged to NameSouth and its employees. Hence, the organization needs to adopt the phishing prevention best practices to avoid being targeted by serious impersonation schemes. In extreme cases, the threat actors might even apply for government-sponsored coronavirus relief loans on their behalf.
COVID Test Results and Patient Data Leaked by Indian Govt. Departments
Over 1500 patient records belonging to Indian patients who took the RT-PCR test have been found unprotected online by security researchers. And it is quite sure that there are more such publicly available records. These records containing the name, age, gender, report identifier numbers, dates of testing, hospital and doctors’ details, and patients’ test results were leaked by several .nic.in and .gov.in domains. The domains belong to many Delhi-based government agencies. The records were found in PDFs hosted on a shared Content Management System used by the government for posting updates on business tender bulletins, job interview notices, etc.
While some reports dated back to April 2020, most reports dated between November 2020 and January 2021, anti-phishing tools suggest that the breach must have occurred when the employees in charge of uploading the COVID-19 test reports onto the CMS misinterpreted a public system to be an internal one.
Data Of 10k American Express Credit Cardholders Leaked
Over 10,000 Mexico-based American Express credit cardholders recently had their card numbers, names, addresses, DOBs, gender, and contact numbers leaked on the dark web for free. The purpose of the threat actor is not to sell private data but to facilitate marketing spam. No passwords, credit card expiration dates, passwords, or sensitive financial data can be found in the leaked data, limiting the scope of unauthorized transactions.
While American Express has refrained from commenting on the attack, it has ensured that measures to prevent phishing attacks are being taken. The company further assured that American Express Card Members need not worry about fraudulent charges on their accounts. American Express cardholders should be on guard and report suspicious activity to the company. Detecting phishing emails or calls might be challenging when the adversaries use your card details and PII in the email. Still, to protect yourself from phishing, it is imperative to think beyond whatever emergency an email proposes.
New Year Brings New Ransomware – Babuk
New Year came with a new ransomware strain – the Babuk Locker, which has targeted at least five firms since its arrival, and one of them has succumbed to ransom demands of $85,000. Babuk’s victims include an elevator and escalator company, a car parts manufacturer, an office furniture manufacturer, a US-based air conditioning and heating company, and a medical testing products manufacturer.
The Babuk Locker executables come with a hardcoded extension (_NIST_K571_.), a ransom note titled ‘How To Restore Your Files.txt,’ and a Tor victim URL (where victims can enter into a negotiation with the ransomware operators). Though its coding seems amateurish, the ransomware comes with secure encryption (ChaCha8 and Elliptic-curve Diffie–Hellman), preventing free decryption. Upon entering a system, Babuk stops all Windows services and processes (such as backup software, database servers, mail clients and servers, web browsers), which usually prevent encryption.
Data Breach Hits Aurora Cannabis
Alberta-based Aurora Cannabis underwent a data breach on Christmas day, which has exposed many of its current and former employees’ personal information. The adversaries gained access to data stored in SharePoint and OneDrive, which revealed the home addresses, credit card information and banking details, government identification, etc., of employees.
An interviewed former Aurora employee (who got laid off in February 2020) was notified of the breach only on the evening of 31st December 2020. While Aurora spokeswoman Michelle Lefler has mentioned the company’s proactive anti-phishing solutions, she hasn’t commented on the nature of data compromised. She also informed that patient systems and company operations remain unaffected.
Data Leaked From The Hackney Council Breach
The UK’s Hackney Council underwent a cyberattack in October last year, and now the stolen data has been published on the dark web. The Pysa or Mespinoza group is believed to be responsible for this leak, which exposed the PII of Hackney Council staff and residents.
However, the council is working with the National Crime Agency, NCSC, Information Commissioner’s Office, and others to investigate the breach and reduce its effectiveness. Cyberattacks these days come with data-stealing motives, and as such, ransom payments do not guarantee the destruction of all files. Hence, it has become more of a necessity today to invest in the right anti-phishing services.
Challenging 2021 Predicted For Gaming Companies
The year 2020 has been full of security incidents for popular gaming companies like Ubisoft. Last year, the databases leaked online contained the credentials of over 500,000 users and employees of the 25 leading gaming companies. Gamers also reported identity theft, scams, and compromise of in-game valuables.
2021 will be no different; in all likelihood, the attacks will be more sophisticated and hard to detect. Hence, security experts advise the gaming industry to devote more resources to employee training and remove insider threats. They suggest the use of strong passwords and enabling MFA as additional anti-phishing protection measures.
Data Breach Hits Amazon India & Swiggy’s Payment Provider Juspay
The Payment services provider Juspay which renders services to Amazon, Swiggy, and other such businesses, has recently disclosed a data breach that hit its systems back in August 2020. The security incident came to light when adversaries shared a sample of the data dump with researcher Rajshekhar Rajaharia on the dark web.
Around 3.5 crore records were exposed in the breach, which contained the masked card numbers, card fingerprints, and customers’ data. While this data alone is insufficient to launch an attack, anyone who can decrypt Juspay’s algorithm gets to walk home with a rich collection of user-records. Juspay says that it noticed unauthorized activity in a data store where an old AWS access key got compromised. Phishing attack prevention measures were soon adopted, and the detected security flaw was mended. Juspay assures that customers are at no risk since the data store responsible for hosting confidential card numbers wasn’t affected in the breach. As an additional anti-phishing measure, new API keys were allotted to merchants in spite of the old ones being safe to use.