Threat actors continue to target organizations worldwide to get their hands on sensitive organizational data, using which they can extort some money or use it for other nefarious purposes. Here are this week’s headlines that continue to highlight the importance of adopting phishing prevention measures, especially for SMBs.
Cyberattack Hits MCH Group
Apart from a series of attacks on Switzerland’s Easygov federal portal, municipality website of Montreux and Stadler Rail, and the price comparison website Comparis, the next Swiss enterprise to be targeted by the adversaries is the MCH Group. The Swiss marketing and events organizer enterprise MCH Group was recently hit by a malware attack that brought down its systems. With over 700 employees and 90 exhibitions, MCH Group is fairly occupied this time of the year. It is in charge of the Art Basel shows in Basel, Hong Kong, Miami Beach, and the watch and jewelry show Baselworld. MCH Group has clarified that the attack won’t affect the ongoing and immediate events and exhibitions.
The organization took immediate measures to ensure protection from phishing and engaged external experts to get to the roots of the attack. The federal authorities were also brought into the loop. Further details about the security incident remain to be disclosed. The Swiss National Cyber Security Centre (NCSC) received over 832 cyberattack reports this week, of which 315 were malware attacks.
IGBlade Leaves Social Media Details of 2.6 M Users Unprotected Online
An analytics firm was recently found exposing the social media profile data of over two million users. Cybersecurity experts from SafetyDetectives discovered a misconfigured Elasticsearch server database which contained the profile details of over 2.6 million TikTok and Instagram profiles. The marketing insights provider IGBlade paid no heed to phishing prevention tips and left a 3.6 GB database unprotected online. IGBlade was scraping user data off the internet by sharing it publicly and breaking TikTok and Instagram’s terms of service. This lack of phishing protection by IGBlade can help adversaries launch targeted phishing attacks. As per reports, the database remained publicly available online for over a month before researchers finally found it. IGBlade finally secured the database on 5th July after being notified by SafetyDetectives.
The compromised user information includes their names, usernames, bio, email addresses, profile pictures, contact numbers, and location details. The affected users also have renowned celebrities like Ariana Grande, Loren Gray, Alicia Keys, Kim Kardashian, and Kylie Jenner. This revelation means bad news for IGBlade as this data is an asset for the adversaries who can now launch mass robocalling scams, phishing attacks, or even create fake accounts using the information and profile pictures from the compromised accounts.
Cyberattack Hits Atento: Impacts its Brazilian Systems
Madrid-headquartered customer relationship management and business process outsourcing (BPO) firm Atento recently underwent a cyberattack that disrupted its Brazil branch (the largest branch in Latin America) operations. It informed customers about the breach and its impact on the Brazilian systems over the weekend. The firm is trying to get to the roots of the attack and identify the factors causing the attack. Atento ensured customers of its intent on identifying the adversaries and restoring systems at the earliest. To ensure anti-phishing protection, Atento had deliberately shut down the impacted systems, which might have caused service disruption for Brazilian customers.
As investigations into the breach continue, Atento works with relevant authorities and consultants to assess the extent of the attack and plan its next course of action. Atento’s services were disrupted for just 24 hours, and it was soon able to provide limited but continued services to customers.
Data Breach at Centre for Computing History in Cambridge
The Cambridge Centre for Computing History (CCH) recently underwent a data breach where its online customer data files were exposed. The adversaries impersonated HSBC to send a phishing email to CCH and book tickets from its website. Consequently, the threat actors gained access to the online customer data file and email addresses contained in the compromised email handle. Fortunately, no credit card or financial details and passwords were compromised in the incident. The exposed data includes the names, email addresses, addresses of customers, and the details of the product or event they purchased.
CCH was quick to implement its email phishing prevention measures and contain the spread of the attack. It informed the Information Commissioner’s Office and advised customers to be on guard. The museum apologizes for this unfortunate incident and is working on strengthening its network.
Data Breach at Professional Dental Alliance
The vendor of a dental practices chain, North American Dental Management, recently underwent a cyber-attack that might have exposed the personal information of thousands of patients. The adversaries gained access to the Pittsburgh-based vendor’s network between 31st March and 1st April 2021. This incident directly impacted the Professional Dental Alliance (PDA) offices that provide administrative and technical support services. Unauthorized third parties in the breach accessed PDA patients’ protected health information (PHI). The cybercriminals accessed some email accounts belonging to PDA in the North American Dental Management breach.
The PDA posted about the same on its website, where it clarified that only a limited portion of its email accounts was affected by the incident. The North American Dental Management was quick to adopt anti-phishing measures and restore the compromised email accounts. Fortunately, PDA’s investigations do not hint at the misuse of user data and suggest that the attack was limited to email credential harvesting. Although the full extent of the episode is not yet known, the compromised user information could include their names, email addresses, contact numbers, addresses, insurance, dental details, financial details, and social security numbers. To ensure protection against phishing for patients, PDA has extended two years of identity theft services and free credit monitoring to the affected individuals.
Hacktivist Targets Trump’s Website
The website of former US President Donald Trump was recently hacked by someone who then posted a YouTube video of the Turkish President Recep Tayyip Erdogan reciting and discussing passages from the Quran on Trump’s page. It further contained a message which asked people not to forget Allah, lest Allah forgets them. The threat actor behind this notorious defacement went by the name of RootAyyildiz and claimed to use Server-Side Template Injection for remote code execution and compromising into Trump’s page.
In May this year, Trump had launched the compromised site, soon after leaving office and being banned by prominent social media handles like Twitter and Facebook. The hacktivist behind the hack of Trump’s site also claimed responsibility for the attack on Joe Biden’s campaign website last year.
Accenture’s Proprietary Information Compromised in Ransomware Attack
Accenture had opened up about a ransomware attack in August 2021, and as per the latest investigation reports, its proprietary information was also stolen in that episode. The LockBit ransomware gang had taken ownership of this attack on Accenture and demanded $50 million as ransom. It had stolen over 6TB of data from the consulting giant, and when Accenture refused to pay the demanded ransom on time, the adversaries leaked over 2000 confidential files online. While Accenture had restored its systems from backup and contained the malware on time, it did not disclose the extent of the attack.
It’s only now that the nature of information lost (from its 10-K filing with the Securities and Exchange Commission) has come to light. Accenture has confirmed that the adversaries could steal some proprietary data from its servers. It further revealed that the adversaries had also released some of this information online. The enterprise clarified that such instances of unauthorized access and data breach do not affect its operations and only cause some financial loss. Once again, Accenture did not specify the type of proprietary information compromised. Breach notifications, too, have not been sent yet, but customers and associates are advised to take phishing attack prevention measures at a personal level.