Several organizations and institutions became the target of cyberattacks over the week, and there doesn’t seem to be an ideal phishing prevention scheme. However, cybersecurity is all about protection from phishing attacks since eradicating them is a near-impossible task. Here are the major phishing headlines from the bygone week


Hacker Group Thallium Targets Private Stock Investment Messenger

The North Korea based hacker group Thallium has found its latest victim in stock investors. The group is using supply chain attacks to inject malicious codes into a private stock investment messaging application. Stock investors are attacked with malicious Office documents and Windows installers, which then take on investors’ systems.

Intensifying its attacks further, Thallium has used the Nullsoft Scriptable Install System (NSIS) to develop a Windows executable with malicious code and launching spear-phishing attacks with the XSL Script Processing technique. Its ultimate objective is to infect devices with a RAT. Such sophisticated attacks are a hint for organizations to strengthen their anti-phishing protection plans.


Data Breach Hits The Reserve Bank Of New Zealand

An unknown hacker has compromised one of the data systems of the Reserve Bank of New Zealand. The breach has exposed some personally and commercially sensitive information of customers stored on a third-party file sharing service. The bank is taking phishing attack prevention measures and collaborating with international cybersecurity experts and relevant authorities to investigate the breach.

Although the breach has been contained, the systems are to remain down until the initial investigations are done. The bank has not disclosed too many details about the breach. Still, Dave Parry (computer science Professor at Auckland University) suggests the role of a foreign government in this bank attack.


100,000 UNEP Employee Records Publicly Available

A group of security researchers from Sakura Samurai found a vulnerability in the United Nations Environmental Programme (UNEP) network, which exposed the personal details of 100,000 of its employees for an unknown period.

The researchers found publicly accessible Git directories and credentials, cloning which they could access the PII of UNEP employees and even access UNEP’s source codebase. The exposed data includes the names, employee IDs, employee groups, and their travel history. After the issue was reported to the UN, Saiful Ridwan – the Chief of Enterprise Solutions at UNEP, acknowledged the breach and initiated measures to prevent phishing attacks. The UNEP is now notifying affected employees about the breach.


Google Indexes Private Whatsapp Group Links

A lot of commotion surrounds WhatsApp’s new privacy policy, which states that using the app is forbidden from 8th February 2020 if users don’t let the app share some of their data with its parent company (Facebook). Adding to this privacy issue is the latest discovery by security researcher Rajshekhar Rajaharia. He found that Google is indexing the invite links to private WhatsApp groups, and anyone browsing for it online can access the link and join any private WhatsApp group.

Recently, the issue became severe when more than 4,000 Whatsapp private group invite links were found on Google. Alison Bonny from WhatsApp says that it isn’t the app’s fault if users carelessly post group invite links (meant to be private) on a publicly accessible website. In conclusion, it’s safe to say that using WhatsApp is a personal choice we make. With or without the new privacy policy, it’s always recommended to adhere to phishing prevention tips and have healthy password habits.


Korean Teen Dating App Sweet Chat Releases 1 Million Sensitive Photos

Security researchers recently found an unprotected database belonging to the free Korean Dating app for teens – Sweet Chat. The database contained over 1 million photos of users, half of which were explicit. Although names or other personal details weren’t mentioned in the database, it did include user IDs, which can track a user via reverse-image searches.

A total of 1,000,993 files were discovered in two paths – feed and messages. While the path ‘feed’ seems to be containing publicly displayed images (113,944 images in total), the path ‘messages’ had explicit content, which was probably sent over the private chat (886,555 images in total). The file path also contained an ‘M’ or ‘F,’ indicating the gender (male and female) as pictures were categorized accordingly.

Sweet Chat users who are worried about being affected by this breach must consider adopting anti-phishing solutions. It is advisable to delete all images you uploaded on the app and be vigilant till the app announces that the incident has been dealt with.


Cyberattack Hits Car-Sharing Service Communauto

The Montreal-based car-sharing service Communauto recently underwent a cyberattack that brought down its computer systems. The attackers used the holiday season to target Communauto and steal the personal information of its clients. The compromised data includes the names, email addresses, civic addresses, and member numbers of clients.

The good thing is that the adversaries couldn’t compromise clients’ credit card information as the data was stored with a third-party service provider. The attack has disrupted the normal functioning of Communauto, but the company has hired an IT security firm to investigate the breach. They negotiated with the adversaries and were assured that all data stolen would be destroyed. As long as phishing protection is guaranteed, it is okay to pay a ransom, but the question remains, how true will the adversaries be to their words?


Muslim Prayer App Salaat First Sells User Data

Muslim prayer app Salaat First performs the noble task of reminding users when to pray. However, the app was recently found engaging in the less noble act of recording and selling the users’ location data to a data broker (Predicio), who then sells it to third parties.

The leaked data included users’ movement data – latitude and longitude, operating system, phone model, IP address, etc., which is more than enough to monitor the everyday movements of a Muslim user of the app. Salaat First mentions in its privacy policy that user data is shared with third parties, but this doesn’t justify selling the same information.

Following this breach’s discovery, Predicio released a statement on its website reinforcing its stringent measures for protection against phishing. This incident calls for all applications to review how their company handles PII and enforce strict anti-phishing tools where they see a loophole.


Europol Cops Take Down The World’s Largest Illegal Digital Marketplace

DarkMarket is the largest illegal dark web marketplace, and the Europol cops were successful in bringing it down recently. They have arrested an unnamed Australian citizen residing in Germany who is believed to be running DarkMarket. The said dark web has processed over 320,000 transactions to date, which amount to over $170 Million.

A special unit of cybercops from Koblenz, Oldenburg, and international organizations (such as the US’ DEA, IRS, FBI, and the UK’s National Crime Agency) was instrumental in bringing down the malicious dark web forum facilitating the sale of fake money, credit cards, drugs, malware, etc. Such progressive cybersecurity measures reassure us that protection from phishing can be attained with a bit of everyone’s effort.