While an enterprise may agree to pay the demanded ransom, there remains the risk of attackers putting up the organization’s sensitive data for sale on the dark web. Therefore, it is necessary to stop ransomware and phishing attacks at their root. The easiest way to do that is by keeping abreast of the latest phishing news and adopting phishing protection measures beforehand. Here are the top phishing and ransomware headlines of this week.

Data Stolen From Electronic Arts Leaked

Last month, Electronic Arts (EA) underwent a ransomware attack. The cyber adversaries stole a significant portion of data stored on their systems, including the source code of the FIFA 21 soccer game and EA’s server-side services. The adversaries had first demanded a ransom from Electronic Arts (before 10th June). Still, after the company refused to comply with these demands, the data was dumped on an underground forum on 26th July 2021.

The adversaries were initially selling this EA database for $28 million, but since they could not find any buyers for these source codes (with no personal or financial data of users), they released a cache of the FIFA source codes (1.3 GB in size) for free on 14th July. Two weeks later, all of the data stolen from EA was available for free on the dark web. The adversaries claim they gained access to EA’s data by buying authentication cookies from their internal Slack channel available on Genesis (a dark market channel) and mimicking an EA employee whose account was already logged in.

780 GB of source code was compromised from EA’s internal code repositories; however, the company believes that no information affecting the privacy or identity of players was affected by this. Nonetheless, EA has adopted necessary phishing attack prevention measures to ensure that no such incident can disrupt its games and business in the future.


Thailand’s New Vaccine Site Exposes Details Of 20k Applicants

Thailand’s first vaccine booking site – expatvac.consular.go.th received applications from thousands of people within minutes of being launched. However, over 20,000 applicants reported that their data was publicly available online without any protection. A range of other problems has been reported about the site. But the officials dealt with these errors proactively and tried to resolve them as soon as possible. The data breach was quickly patched, and people received emails confirming their registration at the end of the process.

People reported that the site would frequently crash, and they would have to start their registration all over again, but after repeated attempts, they could finally get a vaccine appointment. As the Thailand officials strive to ensure phishing prevention, they urge foreigners to keep trying to register for the vaccine on the website.


Cyberattack At Guard.Me Affects SD73 Students

Guard.me – the travel and medical insurance provider for the international students of School District No. 73 (SD73, Kamloops-Thompson) recently underwent a cyberattack. Consequently, the personal information of some of the present and past international students were affected. These details include their identity information, contact details, and other data submitted for admission. Though SD73 isn’t directly responsible for the breach, it informed the students of the incident and took the required anti-phishing protection measures.

In addition to this, the school district has asked all affected students to keep a close eye on their financial statements and change their login details for all other accounts where they might have used the same password. Students are also advised to check with Guard.me for any credit monitoring services or measures provided to prevent further phishing attacks.


Personal Details Of 35 Million US Residents Exposed

An unprotected AWS database whose owner remains unidentified was recently discovered by the researchers at Comparitech on 26th June 2021. This publicly available database contained the personal details of around 35 million Chicago, Los Angeles, and San Diego residents. The strange thing about the incidence is that the time zone is set to Kolkata, India, for this database.

It is assumed that the database is the scraping attempt of a marketing firm that didn’t do a good job configuring the server. The information exposed through this database includes the full names, DOBs, gender, email addresses, ethnicities, residential addresses, contact details, and marital status of victims. The data was scraped between 2010 and May 2021 and remained publicly available until a month after being discovered. This database contained users’ personally identifiable information (PII), and it is not yet known where this data was collected from. The best thing to do for those affected by the breach is to take anti-phishing measures and keep looking out for anomalies.


Ransomware Hits Isle Of Wight Education Federation

The Isle of Wight Education Federation recently underwent a ransomware attack because of which the systems of six schools have been offline since 30th July, Friday. These schools include Barton Primary, Lanesend Primary, Hunnyhill Primary, Carisbrooke College, Medina College, and Island 6th Form. Along with encrypting the IT systems, the adversaries also stole data from the schools.

The federation is working with the Department of Education, Isle of Wight Council, and the Police Cybercrime Unit to get to the roots of the attack. The federation has resolved to adopt effective measures to ensure protection from phishing attacks in the future.


Misconfigured S3 Bucket Belonging To Reindeer Exposes Client Information

The American marketing company Reindeer, formerly associated with Tiffany & Co., Patrón Tequila, and other brands, was recently exposed to customers’ details through a misconfigured Amazon S3 bucket. Over 50,000 files (32 GB of data) contained in the database were left unprotected online by the company, which is no longer operational. Since Reindeer cannot be reached, the researchers who discovered the database had to approach Amazon directly to get the database removed.

More than 300,000 customers have their details compromised in this Reindeer data breach, with most of Patron’s customers (client of Reindeer) losing their PII. Around 1400 profile pictures and names, DOBs, residential addresses, email addresses, Facebook IDs, and hashed passwords of about 306,000 customers were exposed. One hundred thousand phone numbers were also leaked in the incident, which affected 35 countries (Great Britain, Canada, and the US being the top three countries). The information stored in the database dated back to 2nd May 2007. Affected individuals must adopt phishing prevention best practices to ensure that none of their compromised data can be used against them.


Customer Database Belonging To Starhub Found On A Dump Site

A customer database belonging to the Singapore telco – StarHub was recently found on a third-party data dumpsite. This database contained StarHub’s customer details (dating back to 2007), including their phone numbers and email addresses. The database was discovered by StarHub’s internal cybersecurity team in one of their regular online surveillance on 6th July. However, it’s only now that StarHub has begun notifying the affected customers.

A total of 57,191 customers (who had applied for StarHub services before 2007) lost their email addresses, phone numbers, and identity card numbers in this breach. While StarHub is reluctant to reveal whether any existing customers were affected by the incident, it is expected to take two weeks to inform and caution all affected individuals. StarHub regrets the incident and is taking necessary anti-phishing measures to create a secure system for its customers.


Data Breach Hits OT Group

The Singaporean real estate group – OT Group (the parent company of OrangeTee Advisory and OrangeTee & Tie) recently underwent a data breach. The company’s website has been down since 6th August after the adversaries emailed it claiming to have accessed its IT systems.

OT Group immediately launched an investigation and reported the incident to the concerned authorities. If the investigation indicates a possibility of data compromise, OT Group will take measures for protection against phishing and inform all affected customers. Till then, all customers seeking clarification must contact the company’s customer reps.