The cybersecurity industry continues to be the most volatile sector of the 21st century. Every day, hundreds of individuals and organizations become victims of cyber-attacks globally, resulting in substantial financial and data losses. The only way to reduce the intensity of these attacks is by adopting apposite anti-phishing solutions. However, knowledge of recent cyberattacks is essential to know which phishing prevention measure is suitable. Here are the recent cyber headlines from this past week
New Ransomware Darkside Targets Brookfield Residential
DarkSide is a ransomware that emerged recently, and one of its first victims is the North American land developer and homebuilder Brookfield Residential which is owned by Brookfield Asset Management.
DarkSide breaks into a network and eventually spreads into other connected devices, while also stealing unencrypted data. DarkSide creates an entry for each victim on their data leak site and publicly accessible stolen data. However, DarkSide operators confused the names and listed the data of Brookfield Residential as that of Brookfield Asset Management.
The silver lining is that the Brookfield Residential took immediate phishing protection measures after discovering the breach and restored all affected systems. They have also notified affected individuals (mostly their employees) and are implementing additional security measures.
Malware Attack Hits Rialto Unified School District
The Rialto Unified School District was recently hit by a malware attack that disrupted the virtual classes for all the 25,000+ students from its adult education school, three high schools, five middle schools, and 19 elementary schools. The attack is now being investigated, and the schools shall remain closed until further notice.
In these challenging times, the IT staff at RUSD is working hard to ensure protection from phishing and resume teaching. The district has urged students to use a particular device for the district server and abstain from using it till things get better. They are also taking back school-issued gadgets for examination.
Second Consecutive Attack On NZX Exchange
Once again, the Wellington-based NZX exchange became dysfunctional yesterday because of a sophisticated DDoS attack. As a result, the NZX main board, NZX debt market, and Fonterra shareholders market were affected. The authorities at the NZX exchange hold foreign hackers responsible for this disruption.
Just when their operations were to get restored, this second attack came as a full stop to many of their systems and revealed the hitherto undisclosed aspect of the exchange’s anti-phishing services.
90 Japanese VPN Authentication Items Breached
Nine hundred authentication items for VPN server access provided by Pulse Secure LLC were breached and stolen recently. As many as 90 of these items were linked to Japan affecting Sumitomo Forestry Co., Hitachi Chemical Co., and 36 other Japanese companies in the process.
While companies encourage VPN usage, it would be wise if these Japanese corporations took additional anti-phishing protection measures to prevent hackers from illegally accessing their firms’ internal networks.
Although no damage has been reported so far, it’s high time for these Japanese firms to update the patches released by Pulse Secure back in April 2019.
India’s RailYatri Exposes 37 Million User Records
Leading Indian travel booking site backed with Government influence and over 10 million downloads on Google Play – RailYatri was exposing 43 GB data amounting up to 37 million records linked to over 700,000 unique users. However, this data was deleted by the notorious attacker Meow, leaving just 1 GB of the data available online.
When the unprotected database was found online, the IT team at RailYatri took measures for protection against phishing, but they were a little too late. By this time, the Meow bot had done its job, posing a plethora of security threats for the multitude of travelers associated with RailYatri.
The compromised details include a user’s full name, age, gender, physical and email address, phone numbers, booking details, GPS location, and names/first and last four payment card numbers. With these many credentials, an attacker can easily launch customized phishing attacks against the victims!
Ransomware Hits Canada’s Canpar Express
Leading Canadian shipping company Canpar Express recently underwent a ransomware attack, which brought down its website for several days. The episode also affected the package tracking and pickup scheduling facilities of Canpar Express – much to clients’ inconvenience.
The shipping company is trying its best to ensure phishing attack prevention and meet customer shipping needs. They haven’t detected any incidents of misuse of client information so far and hope to restore all operations as soon as they can.
Utah University Succumbs To Ransom Demands, Probably Of Netwalker
The University of Utah underwent a ransomware attack on 19th July 2020. Though the university hasn’t disclosed who the attackers were, it is suspected that Netwalker was behind the attack.
The university was mostly successful in evading the attack, and only 0.02% of the data was affected in the incident. They had initially decided to restore the systems using their back up. However, the ransomware actors threatened to release the encrypted student data, which forced the university to rethink their stance on the matter.
They approached their cyber insurance provider and paid a portion of the ransom – $457,059 to protect their students’ identity and interests. Though the university acted proactively and adopted phishing prevention best practices, these negotiations with hackers who agree to delete files after receiving the ransom are seldom effective. There is every possibility that the hackers won’t delete the stolen files and use them later for spear phishing attacks or demanding more ransom.
Cheap Androids Come With Hidden Malware
Chinese manufacturer of cheap Android phones – Transsion, has launched their Tecno W2 handset, which comes with a preloaded malware hidden to the user’s eye. The malware (identified as Triada and xhelper) works discreetly and subscribes to services without the user’s permission. Over 19.2 million suspicious transactions from more than 200,000 used or new phones have been carried out.
These smartphones were selling in Ethiopia, Egypt, South Africa, and Ghana – regions where users look for affordable phones with basic functionalities. It’s tragic that the malware secretly breaches the privacy of these naïve and hapless users.
Triada malware works as a software backdoor and spreads malicious code while being undercover. It becomes difficult to protect yourself from phishing when malware comes free with a newly bought phone and remains invisible to the naked eye. One can only imagine its impact on unsuspicious users who barely have access to education, let alone cyber awareness!