Social engineering has become one of the most common means of launching cyberattacks today, and there can never be infallible protection against these attacks. However, being abreast of the latest attack vectors in various sectors can help you keep ahead of threat actors and ensure phishing protection for your organization. Here are the top headlines this week to help you in this endeavor of creating a safe cyberspace for everyone:
SCUF Gaming Discloses Cyberattacks
Renowned manufacturer of high-performance custom PCs and console controllers – SCUF Gaming International underwent a data breach in February 2021. However, it’s only now that the organization thought of sharing the news with customers via notifications on its website.
A web skimming or e-skimming (Magecart) attack was launched on SCUF Gaming, affecting over 32,645 SCUF customers. In such attacks, the adversaries inject JavaScript-based scripts (credit card skimmers) to the compromised website, which allows them to overlook and harvest the personal information and payment details of customers making payments on the compromised site. The data stolen from such attacks is later sold to third-party threat actors on carding forums who, in turn, use this information to launch targeted phishing and identity theft attacks.
The adversaries initially hacked into SCUF’s backend using the credentials of one of its third-party vendors. Within two weeks, customer credit cards began showing unusual activity. SCUF immediately deployed anti-phishing measures and investigated the breach. A month later, the payment skimmer was discovered on its website. It was revealed that all payments done through credit cards between 3rd February and 16th March were affected; however, payments made on PayPal remained unaffected. The exposed customer information includes their names, billing addresses, email addresses, credit card numbers, expiry dates, and CVV. While SCUF Gaming had reached out to customers and warned them of a possible data breach back in May, they merely asked them to be vigilant and didn’t state the details of the attack. Two months after this incident, SCUF Gaming was the target of yet another data breach which exposed an internal development database containing more than 1.1 million customer records. The official notification on its website was long due, and the recent update justifies both these attacks.
Fullerton Health’s Customer Data Compromised by Third-party Vendor
Fullerton Health recently notified its Singaporean customers of a data breach caused by the compromise of its vendor’s servers. Fullerton vendor Agape Connecting People Holdings was in charge of making appointments for patients. Fortunately, Fullerton Health’s own IT network and databases remain unaffected by the breach. However, the unauthorized access of Agape’s servers compromised Fullerton’s customer data.
The exposed customer data include their names and contact details. No passwords or credit card information was breached in the incident. Agape implemented its phishing attack prevention measures soon after detecting the attack. These quick measures of isolating and suspending the affected systems helped ensure that no other infrastructure was affected.
In addition to Agape’s measures, Fullerton also has notified all the affected customers. It has hired external forensic and cybersecurity experts to look into the breach and identify the exact number of people affected, the intensity of the attack, and suggest remedial measures for the future.
Vulnerability in Scoolio Exposes User Information
The German student community app Scoolio was functioning with an unidentified and unpatched API flaw which ultimately compromised the sensitive information of around 400,000 app users. The bug was first discovered and reported by cybersecurity expert Lilith Wittmann.
Scoolio operates as a middleman in the education sector by providing services like tutoring, time management skills, and homework planning. It then monetizes the collected user information with targeted advertising. Fortunately, the organization does not collect or store any information without the students’ consent. Scoolia has partnered with several German schools and government enterprises, making it the go-to or standard app for students.
Thus, the API flaw risks the privacy of the many students using the app. The compromised information could include their usernames, nicknames, parents’ email addresses, school’s name, class, interests, UUID details, last tracked GPS location, personality traits, etc. All of this extremely sensitive data can be used for various crimes, right from kidnapping, spying, extortion, phishing, and even identity theft.
The API flaw was made known to Scoolio on 21st September, but the enterprise took over a month to deploy a patch and fix the bug. In its breach notification, Scoolio mentions that it found no evidence of any user data being accessed or misused by third parties in the interim of bug detection and patch release. Students using the application and their parents are advised to adopt measures to protect themselves from phishing and look out for suspicious calls or texts.
Ransomware Hits PracticeMax
Arizona-based medical practice management services enterprise – PracticeMax underwent a ransomware attack between 12th April and 5th May, which affected the data of its health plan clients Humana, Anthem, and DaVita Inc. Not only did the adversaries access and copy the personal health information (PHI) of patients, they also removed the data from the database. PracticeMax took immediate measures to ensure protection against phishing attacks and regained access to its systems on 6th May.
The investigations revealed that all affected individuals were members of the VillageHealth program run by DaVita Inc and the health plans of Humana and Anthem. Over 4,400 Humana patients were affected by the breach. However, PracticeMax had reported the breach to the HIPAA Breach Reporting Tool, citing that only 500 individuals were affected by the incident. In addition, PracticeMax mentions in its statement that it found no evidence of the data being removed, stolen, or taken from its website. As mentioned in the breach notifications sent to Humana, DaVita, and Anthem, the compromised patient information includes individuals’ full names, addresses, DOBs, phone numbers, social security numbers, clinical details, membership numbers, etc.
As part of its measure to prevent phishing attacks, PracticeMax has reviewed and enhanced its security policies and measures. It is rebuilding its systems and installing additional firewalls and endpoint software. Further, the enterprise is providing 24 months of free identity and credit monitoring to all victims.
Data Breach Hits University of Colorado Boulder
The University of Colorado Boulder recently underwent a data breach that affected the personal information of thousands of present and former students. The adversaries exploited an unpatched software vulnerability in the University’s third-party vendor – Atlassian Corporation Plc, to access the personally identifiable information (PII) for present and former CU Boulder students. The compromised data includes their names, addresses, student ID numbers, DOBs, genders, and phone numbers. The University released the breach notification on 25th October, two months after Atlassian patched the flaw.
Fortunately, no social security numbers and financial information were stored in the compromised databases. Reportedly, 30,000 former students have been affected by the breach, and all of them were notified of the incident. The University shall provide free monitoring services to all affected individuals and further enhance its anti-phishing protection measures.
Desorden Group Attacks Centara Hotels & Resorts, Thailand
With assets exceeding $11.6 billion, the Central Group, run by the Chirathivat family, is a renowned leader of thousands of fashion, food, property, and building materials businesses in Thailand. The threat actors’ group Desorden recently targeted the Central Group in a series of attacks, the first of which was the attack on the Centara Hotels & Resorts, Thailand. The CEO of this luxury hotel chain – Thirayuth Chirathivat, was notified of the security incident on 14th October, and since then, extensive investigations have been ongoing around the breach.
The initial analysis revealed that 80 GBs of files, including the names, email addresses, phone numbers, residential addresses, booking details, and ID scans of hotel guests, were compromised in the breach. Although the nature of the exposed IDs has not been revealed yet, it’s probably the passports of guests that were affected since hotels like Centara often ask for passports as proof of ID. As part of its phishing prevention tips to customers, the hotel chain asks them to remain vigilant and rest assured that Centara never calls its customers seeking their PII. It further asks customers to change their account passwords and report suspicious calls, emails, or texts.