The world has undergone hundreds of cyber attacks in the last few days, and we cannot keep up with them all. But one can learn from the security mistakes of others and improve the overall cybersecurity posture for their organization. The following list of significant cybersecurity headlines is just the right thing for that
Blackshadow Attack On Israel’s Shirbit Insurance Company
Cybercrime group BlackShadow recently launched an attack on the Israeli insurance company Shirbit which has exposed the personal information of customers such as their drivers’ licenses, ID numbers, and registration forms. While Shirbit has collaborated with the National Cyber Directorate to investigate the attack, BlackShadow has taken to Twitter and announced the attack. The adversaries have also publicly posted photos of the stolen documents, emails, and forms, which have leaked the names, addresses, and other sensitive client information.
However, Shirbit CEO Zvi Leibushor has assured people of their robust phishing prevention measures and said that the leaked information could not be used against the clients. They have brought down their website temporarily and are doing everything possible to restore operations at the earliest.
Ransomware Hits Brazilian Airplane Maker
The Brazilian airplane maker Embraer recently became the victim of a ransomware attack that temporarily disabled some of its operations. Although the company hadn’t disclosed too many details about the attack, certain files from one environment were affected when Embraer’s IT systems were accessed by third parties.
Insider information suggests that Embraer employees working from home had difficulty accessing the systems because of the attack. However, Embraer was quick to deploy its anti-phishing tools, and its operations continue without any significant disruption. The company has refrained from sharing any further details till they land any concrete conclusions.
Data Breach Hits Netherlands’ Royal Dutch Cycling Union
Netherlands’ national cycling governing body – the Royal Dutch Cycling Union, recently underwent a data breach that compromised an undisclosed amount of member information from their legacy database. The Royal Dutch Cycling Union (KNWU) neither specified the nature of personal data compromised nor expressed any interest in paying the adversaries to get the data back. The KNWU believes that paying the ransom is no guarantee that the attackers wouldn’t misuse the stolen data later. Since they already have data backups ready, this decision won’t affect their operations.
Therefore, the KNWU has advised all members to change their passwords to something unique and strong. They have also asked members not to click on emails claiming to be from KNWU. Meanwhile, KNWU is working with the Dutch Data Protection Authority to investigate the attack and adopting measures to prevent phishing attacks in the future.
Alabama’s Huntsville City Schools District Hit By Ransomware
Alabama’s Huntsville City Schools district underwent a ransomware attack this Thanksgiving, which compelled the district to shut down schools for the remaining week and week after. As part of their measures for protection against phishing, the district instructed all parents, students, teachers, and employers to log off and shut down all district-issued devices and platforms.
The HCS district further instructed stakeholders to avoid accessing any HCS platforms at home or school until notified otherwise. Parents are demanding a detailed explanation of the nature of the attack, the impact on student information, and the security vulnerabilities leading to the attack; the district is advising parents on how to protect themselves from phishing. The ransomware actor responsible for the attack remains unidentified at the moment.
Beware Of Latest Zoom-Themed Attacks
The latest scheme of adversaries involves the use of Zoom logos to steal users’ login credentials. These Zoom-themed phishing schemes come with emails, messages, and social media texts asking victims to reactivate their suspended Zoom account or reschedule a missed Zoom meeting. Any unsuspecting user who clicks on the embedded links is redirected to a phished Zoom page where they are asked to enter their Zoom account details.
Hence, users must remain vigilant at all times and know that any domain that isn’t Zoom.us or Zoom.com is a scam. Users must keep the phishing prevention measures in mind in case such a Zoom-themed message pops up in your inbox.
Data Breach Hits Generalitat Of Catalonia
The Generalitat of Catalonia has recently undergone a SQL code injection attack, which has exposed over 5000 citizen records. The compromised details include the emails and passwords of citizens, among other sensitive information. The adversaries exploited a vulnerability in the Generalitat’s system, which affected four of its domains – applications.ensenyament.gencat.cat, https://jocdelsdrets.gencat.cat/, http://culturaeducacio.gencat.cat, login.regsega.cat.
Among the four domains, applications.ensenyament.gencat.cat (which belongs to the Catalan Department of Education) was most severely impacted. The Generalitat is taking anti-phishing protection measures and investigating the breach while the domains remain down for maintenance.
Egregor Ransomware Group Targets Kmart
Popular US department store Kmart (now owned by Transform Holdco LLC) has recently undergone a ransomware attack. The Egregor ransomware gang takes ownership of this attack. The attack has encrypted and locked all Kmart devices and servers on the Kmart Windows domain. The Transformco Human Resources Site, 88sears.com, remains offline while other online stores remain operational.
Egregor is a fairly new ransomware group that has emerged after the fall of Maze. Since all of Maze’s experienced partners are now associated with Egregor, the group has successfully attacked quite a few enterprises within a short span. The details of the attack aren’t known yet, but Egregor is known for stealing data before encrypting systems, so we can expect some data breach from this incident. Kmart customers must take anti-phishing measures and closely monitor their bank statements.
Philabundance Loses $1 Million To BEC Scam
Philadelphia’s largest non-profit food bank Philabundance receives millions of dollars every year in donations. They were to complete a $12 m community kitchen this year using these donations when a very unfortunate BEC scam robbed them of $923,533. The adversaries had compromised an employee email account and were closely monitoring all emails before impersonating a legitimate supplier and asking for payment via a fake invoice.
Oblivious of this scam, Philabundance sent out the $923,533 payment to what they believed was a payment request from the actual supplier. Now they are fund-less and running against a payment deadline to the original supplier. Business Email Compromise (BEC) scams have increased in recent times and are hard to spot unless phishing attack prevention measures are taken in advance. The FBI advises organizations to disable the automated email forwarding feature since BEC scammers often exploit it to forward messages from the victim’s inbox to their own and then delete all evidence.