Phishing prevention is one of the most significant challenges businesses face today; the worrying part for business owners is that threat actors do not just target large conglomerates anymore. Small and medium enterprises (SMEs) are as lucrative a target for them as the larger organizations, given SMEs have limited budgets, and they can allocate only so much to robust anti-phishing measures. Hence, one of the easiest and most effective ways to thwart phishing attacks is to keep oneself updated and educated on the latest phishing and cyber trends. Here is how the past week in the cyber world looked like.
Misconfigured Amazon S3 Bucket At Artwork Archive
Colorado-based artwork software solutions Artwork Archive recently left one of its private databases misconfigured, leading to a data breach. The open S3 bucket notified the platform on 25th May, and it took immediate phishing attack prevention measures to secure the database. It further reported no unauthorized access of data then. But recently, researchers at the WizCase team found that Artwork Archive’s misconfigured Amazon S3 bucket exposed over 200,000 files (421 GB of data).
In its defense, Artwork Archive said that there is no evidence to prove that anyone outside the third-party cybersecurity company accessed the data. The compromised information includes records dating back to August 2015 and belonging to more than 7000 artists, galleries, collectors, and even their customers. It also had over 9000 invoices with names, email addresses, and addresses of involved parties.
Ransomware Hits Renowned Law Firm Campbell
The US law firm Campbell Conroy & O’Neil, P.C. is a famous law firm providing counseling to several Global 500 and Fortune 500 companies like Mercedes Benz, Apple, Boeing, British Airways, Marriott International, etc. Campbell underwent a ransomware attack in late February this year and has now disclosed the consequent data breach.
Soon after detecting the suspicious activity on its network on 27th February 2021, Campbell launched an investigation taking help from third-party forensic services. The FBI was also informed of the incident. In its data breach notification, Campbell announced that various data types were stored in the affected systems. The compromised information included the names, usernames, passwords, passport numbers, DOBs, Social Security numbers, driver’s license numbers, payment card information, financial account information, medical information, biometric data, and health insurance information of individuals.
Campbell offers two years of credit monitoring, identity theft restoration, and free fraud consultation services to victims as part of its measures to prevent phishing attacks. The ransomware operator responsible for the attack remains undisclosed.
Data Breach Hits Tokyo 2020 Summer Olympics’ System
A statement by a Japanese official took the internet by storm recently when he announced that a data breach had compromised the login credentials for the Tokyo Olympic ticket portal. However, the Tokyo 2020 International Communications Team later confirmed that this statement isn’t true: there has been no leak in the Tokyo 2020’s system.
As per investigations, the names, bank account details, and addresses of volunteers and people who bought Paralympics tickets were compromised in the incident. Though the sample size wasn’t large, Tokyo 2020 did its best to ensure anti-phishing protection for all victims. It has administered password resets for the affected IDs and collaborates with the government and regulatory bodies to resolve the matter.
The government official also indicated that the data breach was a result of the RedLine malware’s attacks. The incident was reported just a day after the FBI had warned the organizations associated with the Tokyo 2020 Summer Olympics to look out for cyberattacks.
Elekta Breach Impacts Jefferson Health’s Patients
US healthcare provider Jefferson Health recently announced that it was a victim of the third-party Elekta breach. The exposed patient information included the names, medical record numbers, DOBs, clinical information (treatment plans, physician’s details, and diagnosis information), and social security numbers (in some cases). However, no payment card information, financial, or insurance details were affected in the incident.
The data breach was limited to Jefferson Health’s Sidney Kimmel Cancer Center as Elekta has access to the database of just one of Jefferson Health’s 14 hospitals. It didn’t directly target the healthcare provider’s systems, but it regrets the security risks patients now have to undergo. As part of its measures to ensure protection against phishing, Jefferson Health will provide free credit monitoring services to all victims. It is also re-considering its association with Elekta.
Ransomware Hits Cloudstar
Renowned cloud hosting and managed service provider, Cloudstar underwent a ransomware attack over the last weekend, which has disrupted work for hundreds of its client companies. Cloudstar’s primary user base consists of the title and real estate industry. This unfortunate cybersecurity incident has forced Cloudstar to shut down its services, which has prevented the dependent real estate brokers from registering property closings and transactions.
Apart from its encrypted email service, Cloudstar’s entire infrastructure remains unfunctional at the moment. While the company is desperate to restore services and serve its clients uninterruptedly again, recovering from such attacks on cloud services usually takes a lot of time. Cloudstar has entered a negotiation with the unnamed ransomware operators and adopted phishing protection measures to restore systems at the earliest.
Cyber-attackers Stealing Identity Of Condo Collapse Victims
The unfortunate victims of the partial collapse of the Champlain Towers South condo building in Surfside, Florida, have not even settled in the graves. The cyber adversaries are already engaging in identity theft scams. The families of the deceased are receiving fake notifications to check the credit of the lost family member. This isn’t the first time cyber adversaries have exhibited their insensitivity and cruelty, but Surfside Mayor Charles Burkett is bent on identifying the perpetrators and punishing them.
The apparent link that can be established between the collapse and the hack is: the adversaries are probably following the news to get the deceased’s names being announced on the news for identification. This act of stealing the identities of victims at such tragic times is abominable. Law enforcement is trying its best to track down the malicious attackers.
While the exact death toll remains unstated, around a hundred people were affected by the condo collapse. Law enforcement urges victims’ families to keep an eye on their credit history and get in touch with the Social Security office.
Ransomware Hits Northern Trains
The British government-run Northern Trains recently underwent a ransomware attack that brought down its ticket machines. Fortunately, no other servers apart from the ones operating ticket machines were affected. Along with its supplier, Northern Trains is investigating the breach and taking necessary phishing attack prevention measures.
The adversaries are probably waiting for the ransom before they let Northern Trains function normally. No payment data or customers’ data has been affected in the breach. Northern Trains informed customers that they could continue traveling by buying tickets online.
86 US Municipalities’ Data Publicly Accessible
A team of ethical hackers recently discovered that 86 US municipalities taking services from PeopleGIS had their Amazon buckets misconfigured. This implies that any unauthenticated user could access and control the data left unencrypted in these Amazon S3 buckets. Around 114 Amazon Buckets with ties to PeopleGIS and its product mapsonline.net were identified. These belonged to different US cities. Of these 114 buckets, only 28 buckets were properly configured with encryption. The bulk of 86 Amazon S3 buckets containing over 100 GB of data (1.6 million files) was left open to public access.
The compromised information includes citizens’ email addresses, residential records, phone numbers, real estate tax information, photos, driver’s license numbers, etc. It also had the building and city plans and résumé of different government job applicants. Such confidential citizen data should not be accessible to anyone but the government. Though some of the documents were redacted, it was done using digital, transparent tools like markers which means that merely changing the contrast level would make the hidden portions visible. US citizens must look out for any suspicious activities or phishing attempts and adopt measures to protect themselves from phishing.