The Christmas holidays are one of the longest periods of the year when the majority of the employees are on leave. This is usually a peak time for cyberattacks wherein threat actors remain active from the onset of December. As we step into yet another holiday season, more and more ransomware attacks are getting reported. To make this process of protection from phishing attacks easier, here are the top phishing news this week.

Desjardins Provides Settlement to Over 10 Million Customers Post 2019 Breach

The Canadian financial services organization Desjardins had undergone a massive data breach in 2019 when a malicious employee was found exposing the personal information of over 9.7 million customers. A class-action lawsuit was filed against Dejardins, which has been settled for CAD 201 million (about $156 million) compensation to all the involved customers.

The organization recently confirmed the settlement figure via a press release and specified that the amount compensates for identity theft and time loss. In addition, all members are entitled to five years of no-cost credit monitoring from Equifax, which can then be extended to at least another five years of availing Desjardins’ phishing protection services.

While the Superior Court of Québec has yet to approve the settlement agreement, attorneys representing the class action claim that members are pleased with the settlement amount and find it fair and timely.


Cyberattack Brings Down Virginia Museum of Fine Arts’ Website

A system security breach was detected in the IT system of the Virginia Museum of Fine Arts, which compelled it to bring down its website. Till investigations into the breach continue, the Museum has put up a temporary website to keep the necessary operations running despite the disruption.  So far, there is no reason to suspect that the Museum attack is linked to the ransomware attack on Virginia legislative agencies.  The Virginia State Police is currently investigating this attack on state legislative agencies.

The Museum is doing everything in its capacity to restore its website at the earliest. Its initial investigation revealed that an unauthorized third-party accessed its systems even before this attack vector was detected in late November. As the Museum works on its anti-phishing solutions, visitors are advised to go to the temporary website.


Cyberattack Hits IT Enterprise Finite Recruitment

The IT recruitment organization Finite Recruitment underwent a cyberattack in October 2021, which affected a small subset of its data. The adversaries downloaded the organization’s data and published it on the dark web. However, this incident did not disrupt the enterprise operations. Finite Group’s incident response team was quick to take measures for phishing attack prevention. They identified the attack vector and shut down the affected systems to ensure uninterrupted operations at other fronts.

Finite Recruitment is now in the process of contacting and notifying all affected individuals and stakeholders. Conti ransomware is believed to be responsible for this breach as it has listed Finite’s data on a data leak site. The ransomware operators claim to have stolen 300 GB of data from Finite, which includes information about its contracts and finances. The listed data also contains a customer database wherein their phone numbers, contact details, addresses, email IDs, passport details, and other relevant data was stored.

Finite Recruitment is known for listing profiles of individuals for casual support staff roles. Though the breach had no direct impact on any NSW government services or agencies, the Department of Customer Service is in close contact with the organization to get to the roots of the attack.


Ransomware Hits Coombe Hospital

The Coombe Hospital in Ireland recently underwent a ransomware attack which compelled the hospital to lock down its IT services. The hospital has confirmed the breach and said that services continue as usual despite this technical disruption. Discussing its measures to prevent phishing attacks, the hospital said it is working with the HSE to investigate the breach and has disconnected itself from the national network as a precautionary measure.

As Coombe tries to measure the extent of the attack, it urges assessors to be a little patient. So far, the hospital has found no evidence of any impact on external systems, but that remains to be confirmed.


Ransomware Hits Portland-based Enterprise McMenamins

Renowned brewpub and hotel chain of Portland – McMenamins recently underwent a ransomware attack. While all McMenamins locations remain operational, they suspect that a subset of their employee information may have been exposed in the breach. But there is no evidence to confirm the same. However, McMenamins is sure that no customer data (personal and financial information) was compromised in the attack. The organization discovered the ransomware attack on 12th December and took immediate measures for protection from phishing attacks.

In addition, McMenamins has informed the FBI and hired third-party cybersecurity experts to investigate the breach. The employee data that was probably exposed includes their names, social security numbers, DOBs, addresses, bank details, etc. McMenamins is offering free identity theft and credit monitoring services to employees through Experian as part of its phishing prevention measures.


Wizard Spider Targets CS Energy

Australian electricity utility organization CS Energy was recently targeted by the operators of the Russian threat actor group Wizard Spider. It looks like Wizard Spider (the creator of Ryuk and the designer and distributor of Conti) had CS Energy on its list for quite some time because the organization’s name recently appeared on Conti’s naming and shaming website.

The IT systems of CS Energy (owned by the Government of Queensland) were finally accessed by the malicious operators of Wizard Spider on 27th November. Consequently, over 3,500 MW of electricity production was hampered, which exposed more than 3 million homes to a possible power cut. Fortunately, the organization’s IT team could avert the attack at the right time using its anti-phishing protection measures, and nothing drastic occurred.


Experts Find New Financially Motivated Threat Group Called Karakurt

Accenture’s CIFR team has recently identified a financially motivated threat group called Karakurt, which remained unidentified until now. Karakurt has been associated with extortion and data theft attacks in over 40 enterprises between September and November 2021.

The CIFR team notes that Karakurt is an opportunistic group that targets small enterprises for monetary gains and is more interested in data exfiltration than ransomware deployment. Most of Karakurt’s victims are based in North America and Europe and include organizations across sectors like healthcare, entertainment, retail, industries, IT, etc. Karakurt uses living off the land (LotL) techniques wherein it abuses vulnerabilities in an organization’s software or operating system and moves laterally to exploit data.

Since Karakut’s intention is not to deploy ransomware, organizations should consider keeping regular backups of data, using strong passwords, minimizing access to confidential systems, and patching vulnerabilities from time to time to ensure protection from cyberattacks.


Beware of Magecart Attacks This Christmas

The Christmas holiday season is the most vulnerable period in cybersecurity as attackers constantly look for unguarded networks and unsuspicious shoppers to launch their next attack. Magecart attackers are no different – they are all set to target your systems with their advanced tactics. It isn’t surprising to note that a Magecart attack takes place every 16 minutes, and therefore, it is a need of the hour to ensure protection against Magecart attacks.

Lately, the WooCommerce WordPress plugin retailers have been targeted by Magecart attackers. This is because the plugin comes with customizable eCommerce technologies and is widely used by retailers. Cybersecurity experts have identified three skimmers targeting the WooCommerce plugin users. These include Select, WooTheme, and Gateway. Therefore, it is advised that retailers take anti-phishing measures against credit card skimming attacks and deploy robust malware detection methods.