Phishing attack prevention is a global struggle, and cyber security experts strive to reduce the attack ratio every day. However, some adversaries continue to seem to be a step ahead. Here are phishing headlines of this week that lay down the importance of adopting adequate anti-phishing measures.
Dallas Independent School District Announces Data Breach
The Dallas Independent School District (Dallas ISD) discovered a data breach in its systems on 8th August 2021 and disclosed it in a data breach notice on 2nd September 2021. As per the details revealed, the data breach affected the records of employees and students associated with Dallas ISD since 2010. The adversaries gained access to the school district’s network, stole files, and stored them on an encrypted cloud site. Dallas ISD did everything in its capacity to ensure anti-phishing protection and address the vulnerabilities.
The adversaries eventually informed them that the stolen data had been taken down from the cloud storage site and has not been shared or sold to anyone so far. The compromised data includes the names, DOBs, social security numbers, addresses, salary details, phone numbers, etc., for employees and names, parents’ contact details, DOBs, grades, and social security numbers for students. In some cases, the medical information and custody status of students were also involved.
As part of its measures to prevent phishing attacks, Dallas ISD is notifying and providing a year of charge-free credit monitoring and identity theft recovery to all affected individuals. The district has initiated a hotline number to answer all attack-related queries. In addition, federal law enforcement authorities have been informed.
Fake Banksy NFT Auction, Funds Returned
The realm of Non-Fungible Tokens (NFTs) has begun attracting cyber adversaries. In the latest scam, an attacker hacked into the site of the famous street artist Banksy and created and sold a fake NFT for $336,000. Fortunately, the anonymous buyer, who goes by the name of Pranksy, could spot that it was a scam and hunted the attacker down. Intimidated, the attacker returned the entire amount, less the transaction fee of $6,918.
Pranksy had confirmed the legitimacy of the sale before bidding, but he got suspicious when his bid got accepted. The fraudulent NFT sale received media coverage, and Pranksy could track down the adversary, which probably compelled him to give up and return the money. On its part, Banksy put up a statement saying it had created no NFT artworks auction. While not every victim of cyber fraud may not be as lucky to get back the stolen funds, this incident does indicate that crypto hacks are slightly tricky to hide and that phishing protection measures can go a long way in preventing frauds like these.
Victure Users Need to Guard Against Unpatched Vulnerabilities in Baby Monitors
Chinese manufacturer of home baby monitors Victure has left some security flaws in its IoT devices unfixed because of which adversaries can access the camera feed, spy on users, and plant malware on devices. Cybersecurity researchers at BitDefender first discovered a stack-based buffer overflow vulnerability in Victure’s product PC420 smart camera. If exploited, the vulnerability can lead to remote code execution on victim devices with Victure PC420 firmware versions before 1.2.2.
BitDefender tried contacting Victure for a year, but after receiving no response, it published a breach alert for the public to adopt the phishing prevention best practices and change their video monitoring devices if required. Vulnerabilities in video equipment often remain unfixed, and therefore, users need to take precautionary measures at a personal level.
Data Breach Hits Career Group
Los Angeles-based administrative staffing and recruiting agency Career Group recently underwent a data breach that affected 49,000 individuals. The breach happened between 28th June and 7th July 2021 when adversaries gained unauthorized access to Career Group’s network. The breach notification letters were sent to affected customers only now. After detecting the breach on 2nd July, the organization took prompt anti-phishing measures to contain the attack. It initiated an investigation and also informed law enforcement about the incident.
The organization informed the Maine Attorney General’s Office about the nature of the breach and the types of information compromised, including the names and social security numbers of around 49,476 individuals. Although Career Group hasn’t disclosed the kind of cyber attack it underwent, it looks like a ransomware attack where it probably paid the ransom.
Bug in Francetest Can Expose Covid Test Results
A bug in the online platform of the Francetest pharmacy was recently detected that exposed the antigen test results of over 700,000 Francetest patients. The vulnerability was discovered by a patient with IT knowledge. She observed that WordPress was being used to maintain sensitive patient data such as names, DOBs, genders, addresses, phone numbers, social security numbers, and email addresses. This was in addition to their test results.
Francetest was quick to implement its anti-phishing solutions and fixed the bug within a day. However, it is challenging for the lay user without adequate cybersecurity awareness to identify which website is safe and which can be a threat vector. Hence, learning basic cyber hygiene is a necessity in today’s times that netizens cannot afford to ignore.
1500 Beaumont Health Patients Affected by Accellion Hack
Michigan-based hospital system Beaumont Health uses the file-sharing services of Accellion. Unfortunately, it was affected by an attack on Accellion wherein around 1,500 of the hospital’s patients had their data compromised. The breach was first discovered in February 2021, and Beaumont immediately began its investigations. The analysis revealed that patients’ names, medical record numbers, dates of service, physician’s names, etc., were exposed. However, no financial information was lost in the incident.
Beaumont shares the misfortune of the Accellion data breach (from December last year) along with 11 other healthcare facilities. It has been almost nine months since the Accellion hack, and even today, we hear about new organizations being- affected by the breach. Patients of Beaumont are advised to adopt measures for protection from phishing.
Cyberattack Hits DuPage Medical Group
Renowned physicians group DuPage Medical Group recently underwent a cyberattack that affected around 600,000 patients. The group went through a phone and computer systems outage on 13th July, which lasted for about a week. During this period, the adversaries accessed hundreds of thousands of patients’ personal information (names, DOBs, addresses, diagnosis codes, treatment dates, etc.). In some cases, even the social security numbers were exposed.
Although there is no evidence to indicate the misuse of any patient’s personal information, DuPage is taking measures to prevent further breaches and offers free identity theft and credit monitoring facilities to all affected patients. Additionally, the medical group has incorporated additional security measures and is currently reviewing its security policy.
Data Breach Affects Bangkok Airways Passengers
Bangkok Airways recently underwent a cyberattack that has exposed the passport details and other personal information of travelers. On 23rd August, the airways first noticed some unauthorized access of its information system. Although Bangkok Airways hasn’t disclosed the exact number of passengers affected, it has mentioned the types of information exposed in the breach. These include the names, genders, nationalities, email addresses, physical addresses, phone numbers, passport information, travel information, meal specifications, partial credit card information, etc.
Fortunately, the adversaries couldn’t get through the Airways operational security system. However, the organization recommends that customers who have received a breach notification monitor their bank accounts and change passwords immediately. It also asks all customers to look out for suspicious emails, messages, or calls claiming to be from Bangkok Airways and watch out for phishing attacks. Interestingly, this notification comes around the same time as LockBit’s data dump notification for 103 GB of data stolen from Bangkok Airways, ascertaining its roles in this latest breach.