Phishing continues to be the most commonly used and effective form of cyberattack. The last week too, was a tough one for cybersecurity. The following headlines prove just how important it is to ensure phishing protection for your organization.
Data Breach Hits Bonobos Men’s Clothing Store
ShinyHunters recently attacked the men’s clothing store Bonobos and stole a 70 GB SQL database. The adversaries downloaded a cloud backup of Bonobos’ database and shared it for free on a hacker forum. Although Bonobos’ corporate systems remain unaffected, a lot of sensitive customer information was exposed in the breach. These include the addresses, credit card numbers, order details, passwords, and phone numbers of customers.
Bonobos says that phishing attack prevention was ensured from their end, and it’s a backup file hosted on the cloud that got compromised. They have approached the hosting provider to get the issue fixed. While Bonobos is doing everything in its capacity to contain the breach, customers are advised to change their passwords immediately, mainly if they used the same password for other accounts. Furthermore, customers should look out for seemingly genuine phishing emails that seek to extract their personal information.
Clop Ransomware Exposes Ad Agency 7stars’ Data
A London based ad agency, 7stars, was recently attacked by the Clop ransomware gang. After 7stars refused to pay the ransom, the adversaries dumped their data online, exposing invoices, passports, invoices, photos, and a data protection agreement.
It is suspected that data belonging to the clients of 7stars (Suzuki, Great Western Railway, Atlantic Records) have been compromised in the attack. When asked for comment, a 7star spokesperson confirmed that they indeed underwent an attack. The organization is now taking anti-phishing protection measures and has restored its systems using backups. As investigations into the breach continue, 7stars is providing phishing protection service and support to its clients.
Malware Linked To Russian Servers Found In Bradford School Laptops
The laptops distributed by the UK government to learners for homeschooling have been found infected with malware linked to Russian servers. The incident was reported by the Bradford school employees, who found that the laptops distributed for homeschooling students had viruses pre-installed on them. Marium Haque, the deputy director of education and learning at Bradford Council, said that the devices came preloaded with a self-propagating network virus, identified as Gamarue.1. The Gamarue virus is known for giving attackers full access and control over a device.
Although the virus can’t control webcams or mics, it stores and steals users’ data, such as their browsing habits and financial data. Only 10% of the total laptops received came infected with the virus, and anti-phishing solutions were adopted immediately to remove it before handing the device to learners.
Ransomware Hits Chwapi Hospital, Belgium
The cyber adversaries have a new target from the healthcare industry – Chwapi hospital in Belgium. The hospital was recently attacked using Windows BitLocker, and the attackers have encrypted 40 servers (from a total of 300 servers) and 100 TB of data. Consequently, Chwapi hospital had to shut down its activities and redirect patients to nearby hospitals.
While the hospital claims to have received no ransom demand, the adversaries say the opposite and claim to have left a ransom note (ransom.txt) on the backup servers and domain controllers. Many hospital services have been reinstated after adopting phishing prevention measures, but urgent cases are still being redirected.
Taylor Made Diagnostics Hack Leaks Truck Drivers And Rail Workers’ Records
In a December hack on Virginia-based Taylor Made Diagnostics (TMD by the Conti ransomware), multiple records of truck drivers and rail workers were stolen. Consequently, the names, driver’s licenses, medical examination reports, Social Security numbers, and drug testing reports of several Norfolk Southern Railroad and United Parcel Service (UPS) employees were leaked.
TMD has the US military, navy special warfare development group, the Secret Service, the Virginia Department of Military Affairs as its clients. While TMD has made no comments on the breach, the records of several of clients’ employees were compromised. The Norfolk Southern Railroad clarified that they always try to adopt the phishing prevention best practices for the safety of their employees. They are investigating the breach and hope to settle the issue soon.
MyFreeCam Hack Exposes Data Of Over 2 Million Users
Over two million users of the adult chat and web streaming app MyFreeCams lost their details to a cyberattack. The adversaries used SQL injection to steal the usernames, email addresses, passwords, and MyFreeCams Token (MFC Token) amounts of users. However, upon being informed about the breach, MyFreeCams quickly took measures for protection against phishing attacks and advised all users to change their account passwords. They further notified that the breach resulted from a security incident from June 2010 and that their latest measures to prevent phishing attacks would not lead to such violations.
The adversaries earned $22,400 in Bitcoin selling data stolen from MyFreeCam and have now deleted their post and account from the hacker forum. It is advised for MyFreeCam to reset their passwords and change the password if they use it for other accounts.
ShinyHunters Attacks Indian Cryptocurrency Exchange Buyucoin
The India-based cryptocurrency exchange and wallet, BuyUcoin, was recently hit by a cyberattack that exposed around 3.5 lakh users’ PII. The leaked data includes the names, mobile numbers, email addresses, encrypted passwords, order details, wallet details, bank details, KYC details, and users’ deposit history.
The breach was discovered by cybersecurity researcher Rajshekhar Rajaharia, who found a 6GB file on the MongoDB database containing three BuyUcoin backup files. The leak of financial details makes this attack a rather serious one. Researchers from Kela Research and Strategy Ltd. found evidence suggesting that the hacking group ShinyHunters is responsible for the attack on BuyUCoin.
Shinyhunters Attacks Photo Editing App Pixlr
In yet another security incident, ShinyHunters has attacked the online photo editing app Pixlr. Consequently, the personal information of over 1.9 million Pixlr users has been compromised. The exposed details include names, email addresses, nationality, SHA-512 hashed passwords and other internal information related to users.
ShinyHunters claims that the database was stolen from its AWS bucket and has made it available online for free. Pixlr users are advised to reset their passwords, use a password manager to store all their essential passwords, and adopt all necessary phishing prevention tips.
Cyber Attack Hits Atlanta Synagogue
Cyber Attackers are now into religious events and have targeted a service in Atlanta organized in honor of Martin Luther King Jr. The service was being broadcast on the internet when cyber adversaries used their malicious means to freeze the live session of the sermon being delivered by pastor Raphael Warnock.
Kent Alexander, the Atlanta Synangue’s president, regrets the inconvenience caused to viewers and says that measures have been adopted for protection from phishing. Further updates indicate that their website remained down for almost an hour before being functional again.