Experts estimate that COVID 19 related cyberattacks would escalate in 2021, and there is no effective phishing prevention measure to help evade those attacks. Hence, it becomes pivotal for us to be responsible netizens and stay abreast of the latest hacks and cyber incidents.

Cybelangel Discovers 2k Unprotected Servers Online

Digital Risk Protection Platform CybelAngel recently found 2,000 unprotected servers online. These servers contained over 45 million images related to patients and medical records from an array of healthcare providers. It was concluded that the data was lying out in the open, without security protection for a year now.

CybelAngel didn’t have to use any hacking tools to access the files, and there has been evidence of cyber adversaries accessing and infecting the servers with malware.  While the discovered data belongs to healthcare providers worldwide, 23k images of data belong to UK patients. CybelAngel believes that the use of DICOM medical data transmission protocol (infamous for its security limitations) and unsecured NAS storage resulted in this massive data breach, which exposed the PII (Personally Identifiable Information) of patients. Hence, CybelAngel advises healthcare providers to take measures for protection from phishing, lest the attackers compromise and misuse their data.


Ransomware Hits Sonoma Valley Hospital, California

A Russian threat actor had launched a ransomware campaign back in October, which impacted California based Sonoma Valley Hospital (SVH). Though the hospital was quick to respond to this broad attack on hospitals, it’s only now that they have notified patients about it. The hospital says that 67,000 patients’ data was compromised in the attack. These included their names, DOB, addresses, subscriber numbers, insurer group numbers, diagnosis codes, amount of claim, secondary payer information, etc. There is no evidence of misuse of any patient data as SVH had shut down its systems immediately to stop the malware from spreading.

The hospital collaborated with external cyber experts to ensure anti-phishing protection. However, the attackers may still have managed to delete a subset of data from their system. While some diagnostic tests were impacted, emergency care, surgeries, and SVH’s patient portal (Follow My Health) remain operational.


New IRS Form Scam Extracts Sensitive Personal Data

Though no malware traces are detected so far, a new IRS form scam is creating much havoc among Google’s G Suite users. Over 50,000 executives have already been affected by this PII extraction centered IRS form campaign. The campaign entails an IRS W-8BEN form in PDF format, which asks users for information far more personal than what’s ideally needed for a W-8BEN form. The W-8BEN form is a requisite to maintain a nonresident tax-exemption status and hence necessary.

Anybody who falls for this scam and gives out the asked credentials would bequeath the cyber adversaries with the power to launch malicious phishing attacks. Hence, it is advised to protect yourself from phishing by always assessing the authenticity of the data, forms, documents, or intimations that reach you.


Worst Cyber Attack In Years Hits Lithuania On The Eve Of Government’s Transition

With the government transition hours away, the Baltic state of Lithuania underwent a sophisticated cyber-attack, which seems like the worst in recent times. The adversaries compromised several content management systems to gain access to 22 public-sector managed websites. They then posted fraudulent news on these sites to create panic among users. Some of these fake news were:

  • The detainment of a Polish diplomat at the Lithuanian border for carrying illegal drugs, weapons, and money (shared on the State Border Guard Service’s website).
  • Discovery of corruption at the Šiauliai airport.
  • Portraying that more Lithuanians were admitted in the military.

The adversaries did their homework well and even launched an email spoofing attack by impersonating the Šiauliai Municipality Administration and the defense and foreign ministries to spread misinformation. Looking at the increasing cyber-attacks in the public sector, the NKSC has extended several phishing prevention tips to municipalities.


Spin The Wheel Scams Back For The Festive Season Sales

With the ongoing hullabaloo related to the Festive Season sale on Flipkart Amazon, a group of China-based threat actors used the “Spin the wheel” tactic to hack devices of Indian users. While Flipkart’s sale is called Big Billion Day, Amazon calls it the Great Indian Festival, but the hackers have created a Big Billion Day Sale scam for Flipkart and Amazon alike. They have used an OPPO F17 Pro smartphone as bait to lure unsuspicious users into participating in the so-called lucky draw.

Those who spin the wheel and ‘win’ are asked to share the lucky draw link with Whatsapp’s contacts. The experts at New Delhi’s CyberPeace Foundation are investigating this scam targeting Indian online shoppers. They found that all these domains were registered on Alibaba’s cloud computing platform from China’s Guangdong and Henan province. Surprisingly, the links are still operational and will probably fool many Indians before anti-phishing solutions are finally adopted!


Beware Of Lottery Prize Winner Emails

It’s not just the COVID 19 pandemic, which is after our jobs and money; cyber adversaries are also on the list. The recent phishing emails come with lottery prizes for lotteries you probably didn’t buy tickets to. Clicking on the links and claiming the so-called prize money will provide attackers with the names, DOB, addresses, nationality, occupations, phone numbers, and sufficient information to conduct identity and bank fraud.

These lottery messages use names and logos of legitimate lotteries such as El Gordo and the Camelot group and companies like Google, Yahoo, and Mastercard to increase credibility. They mention the purpose of the lottery (to help those worst hit by the pandemic) to either extract sensitive information or inject malware into users’ devices. Taking phishing protection measures and being reasonable is the only way to evade such lottery scams.


Data Breach Hits People’s Energy

Edinburgh-based company People’s Energy recently underwent a data breach that affected over 270,000 present and previous customers. An entire database was compromised, which has exposed the names, DOBs, phone numbers, addresses, tariff, and energy meter IDs of their customers. However, the financial information of just 15 small-business customers was exposed in the attack. While these 15 businesses have been notified, the rest have nothing to worry about financial loss.

The Information Commissioner’s Office, the energy regulator Ofgem, the National Centre for Cyber-Security, and the police have been looping it.  All People’s Energy customers should take measures for protection against phishing as the authorities continue their investigation on the breach.


PLEASE_READ_ME Ransomware Hits Mysql Servers

A new ransomware campaign by the name of PLEASE_READ_ME has emerged, which targets MySQL servers. The ransomware was first spotted in January, and the involved IP addresses appeared to be from Ireland and the United Kingdom. Two variants of the attack were discovered – the first contained a ransom note with a bitcoin wallet address and an email address for queries. This variant gave victims a time frame of ten days to pay the ransom. The adversaries collected 24,906 USD through this variant.

The second variant redirected victims to a.ONION site that collected infected tokens from victims and enabled them to buy 250k different databases with data of victims who refused to pay the ransom. This ransomware strain is a reminder to netizens to adopt phishing attack prevention measures at the earliest.