Phishing is a recurrent problem in the cyber world, and if you are connected to the internet, then chances are you have witnessed or undergone some form of a phishing attack; whether you fell for it or thwarted it is another story. Here are the phishing headlines in the spotlight this week to help you plan your phishing prevention strategies and maintain robust cyber hygiene:
Data Breach Hits Texas Cancer Centres
The Austin (Texas) Cancer Centers recently notified the Maine attorney general’s office of a data breach that brought down its IT systems and affected the data of 36,503 patients. The malware deployed by adversaries was first discovered on 4th August 2021 and revealed to the public on 27th August. Soon after the attack disclosure, the cancer centers shut down their IT network as a phishing attack prevention measure.
The investigations into the breach suggested that the adversaries got into the network of the Austin Cancer Centres on 21st July 2021, a fortnight before the unauthorized access was finally detected and removed. Maine’s attorney general’s office was informed about the security incident only recently.
The cancer centers were working offline in the interim. Whether it was a ransomware attack remains to be disclosed. The compromised patient information includes their names, DOBs, social security numbers, addresses, credit card details, and health information. Affected patients can avail the free fraud insurance and credit monitoring service that Austin Cancer Centers are providing.
COVID-Test Results Leaked From French Hospitals in Paris
French hospitals were breached in the Paris region, which compromised the COVID-19 test results, medical data, and PII (Personally Identified Information) of over 1.4 million people. These details are from the middle of 2020. The Paris prosecutor’s office was informed on 12th September. The compromised information included the contact details, health information, test results, and social security numbers. Fortunately, no other health information was exposed.
The hospitals will eventually notify all affected individuals of the breach. The French watchdog CNIL investigated the breach and found that the adversaries were not looking for the national testing files. They were more interested in the contact tracing information available on a secure file sharing service used by the hospitals for storing COVID-tests-related data. The health ministry is bent on taking this matter to the next level so that no anti-phishing measures get overlooked or overruled in the future.
Ransomware Attacks on The US Hospitals
California-based LifeLong Medical Care and Arizona-based Desert Wells Family Medicine recently underwent ransomware attacks and are now sending out breach notifications to affected individuals.
Over 115,000 people were affected by the attack on LifeLong Medical, which took place on 24th November 2020. Although the breach notification does not mention which ransomware gang is behind the attack, it is known that LifeLong Medical’s third-party service provider Netgain first discovered the attack. The healthcare provider took six months to finish investigating the incident. It was found that the names, DOBs, social security numbers, treatment information, cardholder numbers, etc., of patients were compromised in the attack. As part of its measures for protection against phishing attacks, LifeLong Medical Care urges victims to avail its free fraud alert and credit monitoring services.
Similarly, in the ransomware attack on Desert Wells Family Medicine, 35,000 people were affected. The attack was discovered on 21st May, but the malware was probably deployed before that. The hospital immediately informed law enforcement and hired an external incident response team to recover the corrupted patient health records. The compromised information includes patients’ account numbers, DOBs, social security numbers, driver’s license numbers, medical records, social security numbers, etc.
Ransomware Hits South Africa’s DOJCD
The South African Department of Justice and Constitutional Development was recently hit by a ransomware attack that affected many of its services, including bail and email services. The department has reassured people that it takes cybersecurity very seriously and would do everything in its power to ensure phishing attack prevention in the future.
In this attack, the adversaries could not exfiltrate any data, and the child maintenance payments remained unaffected as the payments were already processed. The attack took place on 6th September and brought down all information systems. Law enforcement was immediately brought on a loop, and the department has adopted measures to prevent further phishing attacks. The ransomware gang responsible for the attack remains unnamed.
Ransomware Hits Medical Technology Organization Olympus
With a century-old history of working in medical technology, Olympus is a known name that recently underwent a cyber attack. Its IT systems in Europe, Africa, and the Middle East were affected in the attack on 8th September 2021.
Soon after detecting the attack, Olympus deployed its incident response team and forensics experts to investigate the breach and restore systems. All data transfers have been restricted to affected systems. Fortunately, no customer data was involved in the incident. While Olympus has not disclosed the name of the ransomware operators responsible for the attack, evidence points towards the BlackMatter gang (a new malware gang believed to be the successor of DarkSide). Olympus is taking all necessary anti-phishing protection measures to restore its systems at the earliest.
GetHealth Leaves Database Unprotected Online
New York-based wearable technology enterprise GetHealth recently left an unprotected database publicly available online, which affected over 61 million records. These records include the names, weight, gender, height, DOB, and GPS details of users of its apps, wearables, and medical devices. The security incident was first spotted on 30th June 2021 and was found to be primarily affecting Apple and Fitbit’s HealthKit users.
The leaked database was about 16.71 GB in size, but fortunately, the organization quickly rectified its error and resolved the issue almost immediately after being notified. The exact amount of time till when the attackers had access to this database is hard to tell, but GetHealth is working proactively to ensure protection from phishing in the future.
Ransomware Hits Digital Painting Platform Krita
Unlike usual ransomware attacks, this time, the adversaries have not directly targeted the organization Krita but have used its name to distribute malware among users. The phishing email seemed quite usual as it asked recipients to download the (fake) Krita app by going to a link and mentioning the app on a YouTube video. The email promised good money to these promoters based on their online popularity and number of YouTube subscribers.
Those falling for this email end up downloading a corrupt application hosting a ransomware dropper which takes over their systems, encrypts files and demands a ransom to undo everything. The emails come from legitimate-looking domains, which make them all the more credulous. The email recipients have been urged to adopt the phishing prevention best practices and delete all emails that do not come from Krita’s official handles krita.org and krita-artists.org. First spotted about a month ago, these Krita ransomware attacks persist, with the last recorded attack on 11th September. However, after the user reports, some fake sites have stopped responding, which means that at least one or more fake handles have been terminated so far.
Ragnar Locker Attacks TTEC
Provider of customer support and sales management services – TTEC is struggling to survive a system outage caused by a recent ransomware attack. The attack was uncovered on 14th September when an insider leaked a phishing alert email circulated among TTEC employees. In this email to employees, TTEC specifies that it underwent the attack on 12th September and suspects Ragnar Locker is responsible for it. The email urged employees to refrain from clicking on any message in their Windows start menu that reads: “!RA!G!N!A!R!”
The severity of the attack remains undisclosed, but TTEC is trying hard to contain the attack and restore systems. An investigation has been launched, and TTEC has confirmed that no customer data was affected in the breach. The enterprise is working on restoring systems and shall be back with strengthened phishing protection strategies.