More than half of the emails you receive in a day are spam emails. The majority of the data breaches are channeled through phishing attacks. The frequency of cybercrimes is increasing, and they have become all the more sophisticated. Ensuring cyber protection has never been more challenging than in the present, and the worst part is that this isn’t the end! As we try to establish protection against phishing, let us look at some of the major attacks that took place in the past week, so that we can better analyze current trends of cyberattacks.
Company Access Being Sold In Dark Market
Earlier, networks were attacked for ransom, but now attackers have gone a step ahead and are targeting Managed Service Providers (MSPs) to gain access to client organizations. Once they manage to bring down an MSP, they gain access to several networks, and hence MSPs have become a lucrative target for the adversaries.
These levels of access are sold in the dark market for huge amounts that range from $1000 to $4500 based on how deep the attackers could infiltrate. Reports indicate that MSPs have been a primary target of attackers in the past 3-4 years, and ransomware such as Snatch, Sodinokibi, Ryuk, and Maze are commonly used to launch these attacks.
Not only can an MSP attack give attackers access to a network, but it can also help them evade security controls such as firewalls and Intrusion Detection Systems (IDS). The different levels of access that the attackers are selling include sets of executive-level credentials, administration of content management portals, and direct mail server access. The worst type includes full “root” access to everything and sells at the highest prices.
However, phishing prevention tips can come handy when you are considering your next move against the adversaries. Experts suggest that enabling multi-factor authentication, network segregation, etc.helps in ensuring phishing attack prevention. Besides, you may also try checking the network traffic to and from public sharing and collaboration services and limiting the use of known adversarial tools such as Mimikatz, PStools, VNC, TeamViewer, etc.
Public Regulation Commission Website Of New Mexico Hacked
The chief of staff of New Mexico’s Public Regulation Commission, Jason Montoya, notified that their website was recently hacked. They suspect the attacker to be of foreign origin, although there is no evidence to support their assumption. Their website has been down since last Thursday, and they are now working in collaboration with the New Mexico Department of Information Technology and a third-party contractor – RiskSense to get to the root of the attack and to ensure protection from phishing attacks in future.
Montoya informed that the PRC thinks this hack could be a part of a bigger cyber-attack scheme. They are yet to find out if any confidential information was compromised in this attack.
Nora Meyers Sackett, a spokeswoman for governor Michelle Lujan Grisham, said in a statement that the Department of Information Technology and Homeland Security and Emergency Management were informed about the attack immediately. The PRC also took quick measures to quarantine, address, and investigate the hack.
Coincidently, the website of the state Economic Development Department too was down for some time. However, they informed that it was due to some routine server maintenance and had no connection with the PRC hack.
$7 Million Lost To Cyber Attack: New Orleans City
The massive attack on New Orleans City that took place early on the morning of December 13th, 2019, had made a sensation throughout the cyber world. This ransomware attack could not cripple the city as they made all their employees disconnect from Wi-Fi and shut down their computers immediately. However, the city is still trying to recover from this attack, which began when an employee clicked on a link in a phishing email and provided their credentials.
This attack affected more than 3400 city computers. Currently, over 35 Louisiana National Guard personnel and 20 industry partners are working to reinstate the affected systems, which lost crucial data in the attack.
A total of $7 million has been spent so far on upgrading systems and cybersecurity investments. It is speculated that more investments need to be made. But the city shall be able to recover $3 million from the city’s cyber insurance.
Photos Of Women Leaked From Tinder
Pictures of over 70,000 women who use Tinder were recently found to be circulated in the dark market by members of a cybercrime forum. The photos, along with a list of around 16,000 unique Tinder profile IDs, were recovered by the New York City Cyber Sexual Assault Taskforce.
The motive behind selling these images remains unknown, but the probable reasons could be as varied and dangerous as blackmailing and harassing users, generating fake profiles on other social media platforms and other such frauds and privacy violations.
It has been found that the leaked images include pictures as recent as those uploaded in October 2019 and also reveal other details such as the model of the phone used to click the pictures. A spokesperson from Tinder said that the company shall take all the necessary anti-phishing protection measures and have the leaked photos removed immediately. They have claimed to have initiated work to prevent such attacks in the future and to safeguard the interests of their members.
Details Of Over 500,000 Telnet Users Leaked
Telnet – the communication service protocol which facilitates control of a remotely connected device over the TCP/IP network was recently affected by an attack wherein a bot list of devices connected with Telnet was exposed. This list had credentials of users spread across the globe. The leaked data was from October-November 2019, but it’s not known whether the credentials are still valid.
It is speculated that the hacker must have either used factory-set default usernames and passwords or tried attempting easy-to-guess password combinations to prepare this Telnet list. This list also included the IP address of the device and the username and password for the Telnet service. Most of the IP addresses were based on reputed cloud service providers, while some also operated on home networks.
This list contains the details of over 515,000 servers, home routers, and IoT devices, and hence the information shall prove very useful for any skilled attacker. The attacker who outsmarted anti-phishing measures claimed that he previously maintained a DDoS-for-hire service.
User Data Lost From A Government Job Portal
A portal job advertising for government employees recently underwent a breach in Ukraine, which exposed the personal details of some citizens. Although the National Security and Defence Council has not mentioned whether the leak was a part of a cyber attack or how much data had been compromised, it was announced that the vulnerability had been identified. As per their claims, they have incorporated the required phishing prevention measures and have secured the portal.
Ukraine and its institutions have been the target of several cyber attacks lately. In one such recent attack, a virus was downloaded in a tax accounting program. It was then spread globally to perturb the world. This week, the target is the Ukrainian government, where illicit transmission of information is making work go haywire.
Teenager Guilty Of SIM Swap Attack
Montreal based teenager – Samy Bensaci was recently charged with the theft of more than $50 million worth of cryptocurrency in a SIM-swapping scam. The eighteen-year-old Canadian boy managed to convince the customer support staff of cellphone operators to give him access to the victims’ phone number. Henceforth, all authentication tokens or reset password links belonging to the victim reached his phone instead of the users.
Lieutenant Hugo Fournier of the Sûreté du Québec said that Benasci stole $50 million from their neighbors to the south and $300,000 in Canada.
Victims of the SIM swap attack include Dan Tapscott (head of the Blockchain Research Institute), his son Alex (renowned advisor on blockchain technologies and cryptocurrencies), and other individuals who took part in ‘Consensus’ – New York’s annual cryptocurrency and blockchain conference.
Benasci was arrested way back in November and is currently on bail. He was made to pay a penalty of $200,000 and was asked to live with his parents in Northeast Montreal without any access to the internet and gadgets such as computers, tablets, mobile phones, and game consoles. He is also debarred from owning or exchanging any form of cryptocurrency. Law restricts Bensaci from even using PS3, PS4, Xbox, Nintendo Switch, and other devices with internet access.
SIM swap attacks are very rampant and cost millions of dollars to the victims. One such victim is Robert Ross, who lost one million dollars to a SIM swap attack. This happened when an AT&T customer service representative unknowingly redirected Ross’s number to a hacker operated cell phone. Within minutes the hacker had access to Ross’s Gmail and other accounts. All of Ross’s savings were used by the hacker to buy bitcoins. The hacker got pictures of even his birth certificate, passport, and driver’s license. Such attacks cannot be stopped; they can only be avoided with the help of some phishing protection service.
Ransomware Hits Oman United Insurance Company
Considered as one of the largest insurers in Oman, Oman United Insurance Company SAOG was recently hit by a ransomware attack. They notified the Capital Market Authority about the attack on January 1, 2020, and said that the attackers could encrypt some of their data. However, they did not reveal any information to the public.
A spokesperson from the company said in a statement that the central server of the company was affected in the attack which infected and encrypted some data. This data was from the period of December 10, 2019, to January 1, 2020. The insurance company was quick in adopting anti-phishing solutions and ensured that online operations didn’t remain suspended for more than a day. Their servers are now operating normally, and they have managed to recover the lost data. It is understood that the company had backups of all the compromised data, and hence the restoration process didn’t cost them much time.
Unusual Activity At Center For Neurological And Neurodevelopmental Health
In a recent announcement, the Center for Neurological and Neurodevelopmental Health said that it had begun the process of notifying patients who have been affected by suspicious activity. The CNNH first learned about this suspicious activity, which took place on an employee’s email account on 22nd November 2019. They immediately started taking measures to prevent phishing attacks and collaborated with a cybersecurity firm to help them through the investigation.
Post their research, they came to know that the questionable activity on the email account took place between October 7, 2019 and November 22, 2019. Some patient information such as their names, addresses, dates of births, health insurance information, medical/patient record numbers, and treatment and clinical information, such as diagnosis, lab tests, dates of service, provider names, and prescriptions were available on the affected email account.
The attack did not affect all patients, but only those whose details were stored on the email account. They CNNH found no evidence of misuse of patient information but is already mailing letters to patients whose details could be at risk. The CNNH has displayed an extraordinary preventive approach by taking several email phishing protection, such as setting up a toll-free number (1-855-852-8151) to answer queries of patients regarding the incident. It has also asked its patients to review statements received from their insurer or healthcare providers carefully. Besides, they have strengthened their email security, set multi-factor authentication, and are providing email security training to their employees.
Unprotected Cloud Database Leaks Microsoft Customer Data
The recording of call center phone conversations between service agents and customers belonging to over 250 million customers was recently left unprotected online by Microsoft. Researcher Bob Diachenko discovered several databases across five Elasticsearch servers, which contained a similar trove of Microsoft Customer Service and Support (CSS) records. Some of these records were from 2005. Data that went back to 14 years could be found online – unprotected and accessible to almost anyone!
These records contained the email and IP addresses of customers, the emails of the support agents, and internal notes and descriptions of CSS cases. These exposed details kept the affected customers at risk of phishing attacks and give attackers a good chance to impersonate call center agents from Microsoft and other companies to provide shape to their malicious schemes of data theft and spreading malware.
Access to these details would enable an attacker to impersonate any Microsoft employee, phish for sensitive information, and attack user devices using real case numbers. But, the company exhibited the right phishing protection tactics and locked the exposed servers immediately.
Data Breach At Hanna Andersson
The Oregon-based children’s clothing maker Hanna Andersson recently notified its customers of a data breach in the most unique way possible. They sent out postal mail to all affected customers, informing them that there has been a breach by a third party. All customers who made purchases between September 16 and November 11, 2019, stand a chance of having their details compromised. These details include the name, shipping address, billing address, payment card number, CVV code, and expiration date of the customer. If accessible, these details are enough for an attacker to make fake transactions and purchases online.
The company has barely revealed any details of the breach and were themselves notified about the attack by law enforcement. The claims of the company in its letter to the customers reveals that perhaps the customer details have already been compromised.
The very fact that the attackers could access the CVV number reveals that PCI DSS regulations were not being followed and that the CVV details were skimmed. But Hanna Andersson has assured its customers that they are taking all necessary measures to get to the roots of the attack. Coincidently or otherwise, soon after the attack, the company posted ads looking for a Director of Cyber Security. We are bound to think that perhaps they had no expert security team in place prior to this attack.
Although Hanna Andersson hasn’t provided too many details about the attack, they are offering an after-breach care package to all affected customers, which includes credit and CyberScan monitoring for a year, insurance reimbursements, and fully managed ID theft recovery services.