Even if all patches are updated, and phishing prevention measures are taken, a cyber adversary manages to access online networks and steal sensitive personal data; such is the supremacy of cyber adversaries in today’s cyber world. Read on to find more instances of data breaches in organizations of repute that have taken place over the week
Severe Data Breach Hits Panasonic India
A group of attackers have compromised two internal Microsoft domains of Panasonic India and are now selling the stolen data and company network access to fellow attackers for $40,000 in bitcoin. They have demanded a ransom of $500,000 from Panasonic India, which needs to be paid in seven days. The compromised information includes the bank account details of suppliers, passwords for software systems, email IDs, details of customers, employees, etc. Panasonic has acknowledged the breach and assured stakeholders that the attack on Panasonic India doesn’t affect the global Panasonic fraternity.
Several revelations have come forth from this breach, which may be listed as:
- The adversaries behind the Panasonic breach are also responsible for the recent attack on Foxconn.
- Hold Security CISO – Alex Holden opines that Panasonic India portrays the damage to be minimal when it is quite significant in reality.
- Usually, attackers merely dump the stolen data, but in this case, the adversaries have categorized the stolen data to make it presentable.
- The victim company’s internal advice on anti-phishing protection was also compromised, suggesting that Panasonic failed to heed its advice on using strong passwords.
PDF Files Can Expose Details With New Injection Technique
PortSwigger researcher Gareth Heyes brings to light a significant vulnerability with PDF files that can expose all contents of documents with just a link. The vulnerability lets the adversaries inject code and launch cross-site scripting attacks on a PDF file.
The wide acceptance of PDF across all industries and aspects makes this a more significant threat because this code-injection technique lets hackers execute arbitrary JavaScript, hijack links, and steal PDF contents. The research by Heyes revealed that two PDF libraries are vulnerable to this code-injection method of exploitation – PDF-Lib, and jsPDF. PDF libraries need to take phishing protection seriously and parse codes correctly to avoid such threats in the future.
Marriage Tax Refund Exposes Over 100,000 Client Records
The UK-based company Marriage Tax Refund engaged in providing tax relief to clients has recently exposed more than 100,000 clients‘ personal information. The breach resulted from a misconfigured content management system (CMS) in the company’s WordPress domain. Consequently, PDF documents containing the PII of over 100,000 clients were publicly available without any password or anti-phishing protection. The compromised data included the full names of applicants, their home address, partners’ full names, and the refund amount on marriage tax that they can claim.
This combination of information is just what attackers need to forge a refund claim under the victim’s name, or worse, launch spear-phishing attacks later. But the good news is that Marriage Tax Refund fixed the misconfiguration soon after being notified about it.
Dental Care Alliance Breach Exposes 1M Patient Records
The American healthcare provider Dental Care Alliance (DCA) became the victim of an unidentified cyberattack on 18th September 2020. The breach was discovered on 11th October and contained within two days, but it has affected the personal details of over 1 million patients. DCA is now in the process of notifying all affected patients about the security incident. The compromised information includes the names, addresses, treatment information, bank account numbers, health insurance information, dentist’s name, etc.
However, the healthcare provider hasn’t extended any anti-phishing solutions like free credit monitoring to its patients because it hasn’t found any evidence of patient information being misused. DCA believes that the attack’s impact isn’t severe since malicious third parties accessed only 10% of all bank account numbers. At the same time, DCA has also assured to do the needful and extend measures for protection against phishing to affected individuals in the coming days.
Weak Credentials Exploited By A Malwareless Ransomware Campaign
A seemingly simple ransomware campaign targets Internet-facing SQL servers with weak passwords. The ransomware is delivered from UK IP addresses and attacks the many MySQL servers found online. After successfully hacking a server, the adversaries initiate a double extortion attack where they threaten the victims to publish all data if the demanded ransom isn’t paid.
The campaign has successfully compromised the details of 83,000 victims and collected over $25,000 from victims as ransom. Ideally, this should have implied that these threat actors won’t put up the stolen data for sale, but around 250,000 breached databases are currently up for sale on the dark web. WordPress MYSQL databases are a prime target of the adversaries. These reveal the usernames and login details of users – any user who recycles and uses the same password on other social accounts stands at higher risks of a cyber attack. Here comes the age-old tip to prevent phishing attacks: always use strong and unique passwords.
Data Breach Hits Tech Unicorn Uipath
Robotics Process Automation provider – Tech unicorn UiPath was recently hit by a cyberattack that compromised its users’ PII. The company is now informing all users who registered on or before 17th March about the breach. The exposed file was an old backup, but the usernames, real names, email addresses, company names, locations, and UiPath certification details of users were revealed.
However, no financial or account details were exposed in the breach. The company’s official products too remain unaffected. UiPath has refrained from disclosing further information to ensure phishing attack prevention.
Hackers Exploit Pickpoint’s Post-Gateway Network
Adversaries used an innovative way to exploit a post-gateway network flaw at PickPoint – Russia’s local delivery service. Consequently, around 2732 PickPoint delivery lockers across Saint Petersburg and Moscow were compromised. Customers used these lockers to track their orders and open their locker doors using their phones once the order arrives. The cyber adversaries used this same feature to open doors to the 2,732 lockers, thus exposing them to theft.
Though it was too late to adopt anti-phishing solutions, guards and landlords came to the locker owners’ rescue and prevented unfortunate thefts. All 2,732 affected PickPoint lockers have now been disabled. But organizations must take special care to update software and patch their systems regularly to avoid such attacks on the post-gateway network.
Card Details of 70 Lakh Indians Available On Dark Web
Cybersecurity researcher Rajshekhar Rajaharia recently found a large chunk of card details on the dark web that belongs to over 70 lakh Indians. The exposed details include the names, phone numbers, email addresses, employed firms’ names, types of the user account, PAN numbers and annual income, etc., of victims. The 2GB sized database containing 70 lakh Indians’ card records between 2010- 2019 shall prove to be quite a treasure for adversaries.
Though card numbers were compromised in the breach, the other details can still be used for targeted attacks, which is why netizens are advised to invest in anti-phishing services well in advance!