Ransomware and phishing continue to remain some of the major causes of concern for global organizations. This week’s phishing headlines highlight the most significant data breaches and other cyber attacks that you need to read about to keep yourself updated so you can learn to thwart such attacks. 


Ransomware Hits ForHousing and Liberty

The Salford-based social housing group ForHousing and Liberty recently underwent a ransomware attack in which attackers stole some of its data. While no staff or tenant data was affected, a small portion of data from the enterprise’s systems was stolen. The group had to bring down its systems for some time to ensure protection against phishing.

The investigations by the Liberty group have confirmed that it was only a small dataset that was affected in the incident. ForHousing and Liberty have reassured associates that their priorities always include the safety of tenant and staff data. The group is currently working in collaboration with the relevant authorities and partners affected by the incident.


Cyberattack Hits AT&T Just Days After Attack on T-Mobile

The notorious attacking group ShinyHunters has put up a database with records of T-Mobile users for sale recently. Within days, the group is targeting yet another mobile service provider – AT&T. The AT&T database contains personally identifiable information of users such as the names, email addresses, social security numbers, and DOBs of 70 million users. It is now being sold at a starting price of $200,000.

On its part, AT&T claims that the data doesn’t come from its systems and is either inauthentic or stolen from other websites. This is not the first time that AT&T is being targeted. The organization underwent a data breach in 2015, where it paid a penalty of $25 million for an insider breach. Even in May this year, adversaries tried to hire an AT&T employee to launch an insider attack. This incident highlights the importance of providing adequate cybersecurity training to employees for ensuring robust phishing attack prevention from attempts like these.


Data Breach At New York University

The New York University recently underwent a data breach that exposed the personal information of around 47,000 individuals. Although it’s not sure whether these are students, employees, donors, or other associates, such an attack is a cause of concern simply because of the extent to which the stolen data can be (mis)used.

The breach was detected by the Research Foundation for the State University of New York (SUNY), who confirmed that the attack took place earlier this year and was found on 14th July. The Research Foundation’s network was breached between 22nd May and 9th July. Investigations began immediately after detecting the attack, and an external cybersecurity organization was hired to address the issue. The most unfortunate detail to note about the breach is the leak of Social Security Numbers.

Apart from informing law enforcement, the university took measures to contain the attack. It has extended one year of free credit monitoring and identity theft protection to all affected individuals. It has also taken anti-phishing measures to avoid such attacks in the future.


Cyber Partisans Group Compromised Belarusian Citizens’ Data

The Cyber Partisans Group is a secretive hacking group that has recently attacked the Belarusian government and police. Their objective is to access enough information about the Lukashenka regime to highlight their crimes against Belarusian society. In this latest attack, a vast expanse of citizens’ data was stolen, starting from the PII of Belarusian citizens to phone call details of conversations between the supporters and opponents of the Lukashenka regime.

Associate Director at the Atlantic Council’s Digital Forensic Research Lab- Lukas Andriukaitis, calls this one of the most significant attacks by the Cyber Partisans group. The group managed to steal the personal details of some of the inner circle members of the Lukashenka regime, KGB employees, Belarusian security forces leadership employees, and intelligence officers.

The deadly attack stole the PII of all Belarusian citizens, including their addresses, passport photos, and office addresses, making it very difficult to ensure phishing prevention going forward. The Cyber Partisans group also compromised the police database, phone call details, CCTV footage, and work history of officers, details they will eventually use to overthrow the government. But everybody is aware of the brutal manner in which the Lukashenka regime handles opponents. It’s a matter of time before the anonymous members of the Cyber Partisans Group disappear.


Data Breach At Hoosier State

Thousands of Indiana residents had their data compromised owing to a data breach affecting a COVID-19 contact tracing survey by Hoosier State. The organization left a misconfigured software publicly available online. An unnamed vulnerability-hunting enterprise first noticed the loophole on 2nd July 2021. Soon after, the state officials were informed about it. The compromised information included the residents’ names, DOBs, gender, ethnicity, and email addresses.

As per the Indiana Department of Health and the Indiana Office of Technology, the misconfiguration was resolved immediately to ensure protection from phishing attacks. Additionally, the unnamed organization that detected the vulnerability returned all the sensitive information on 4th August and signed a certificate testifying that they have destroyed the data from their database.

The breach is unlikely to have any major implications as Hoosier does not store any social security numbers or medical records. But in an abundance of caution, Hoosiers will provide one year of free credit monitoring to all victims. Approximately 750k Indiana residents were affected by the breach, and breach notifications will be sent out to each one of them.


Ransomware Hits Brazil’s National Treasury

Brazil’s National Treasury underwent a ransomware attack on 13th August 2021. This particular ransomware attack comes after a series of attacks on the Brazilian government and organizations over the last year. Fortunately, none of the major structuring systems, such as the public debt administration, was affected. Operations of the Tesouro Direto were safe as well.

The Ministry of Economy was quick to take measures to ensure protection from phishing. The Federal Police was informed, and the Ministry noted that all vital information about the incident would be shared in due course of time.


Glitch At Chase Bank Website Exposes Customer Details

JP Morgan Chase was unintentionally leaking the banking information of customers, wherein a technical bug allowed users of its online banking website to view the banking details of fellow customers. The exposed details include the names, bank account numbers, transaction lists, and statements. The bug persisted for about two months between 24th May and 14th July 2021 and impacted the customers using online banking and the Chase Mobile app services.

Chase Bank posted a very vague notice informing customers of the technical issue causing the data breach. It said that the exact circumstances under which a customer could access other customers’ details are unknown. So far, there is no evidence that would indicate the misuse of any customer information. Chase Bank customers must adopt its free credit monitoring facility and follow cyber hygiene practices to protect themselves from targeted phishing attacks.


Ransomware Hits Memorial Health System, Ohio

Ohio-based hospital Memorial Health System is the latest to be hit by ransomware. Consequently, the hospital systems were disrupted, and it had to send its emergency care patients from three locations to other hospitals. The Memorial Health System restricted user access to the affected IT applications and implemented security protocols to ensure anti-phishing protection. The Federal law enforcement was informed, and measures were taken to restore information operations at the earliest.

So far, there is no evidence of the compromise of any personal or financial patient data. Cybersecurity researchers believe that the Hive ransomware group is responsible for this attack. However, Memorial Health System is yet to disclose whether it received any ransom demands.