The headlines are crowded again with instances of cyberattacks on organizations, and the loss of information is immense, yet again. The following are the latest phishing updates that might convince you to renew that anti-phishing service bill you had been deferring!
Pakistani Company Bykea Exposes Over 400million User Records
In a recently reported security incident, the Pakistan based parcel delivery and vehicle-for-hire company Bykea was found exposing the details of over 400 million users. The exposed details include the names, addresses, and other PII of users. The 200 GB database was left unprotected and unencrypted online, thereby exposing its production server information.
Consequently, anyone in possession of the server’s IP address could access and make changes to the database. Further details revealed that Bykea was involved in a security incident back in September 2020, but it can’t be said for sure whether these two breaches are connected. Byker customers can only hope that phishing protection services can save them from targeted phishing attacks!
Woodland Trust, UK Discloses Major Cyberattack
The UK’s largest charity for wildlife conservation – the Woodland Trust, recently disclosed a security incident, which it described as high level and sophisticated. The charity was attacked on the evening of 14th December 2020 and claims to have taken phishing attack prevention measures soon after. Since investigations are ongoing, not many details about the breach has been revealed. However, the Woodland Trust has ensured that it will notify members if it finds that their data has been breached.
The charity has taken down a couple of its services as a damage-control measure. It has reassured its members that it is doing everything in its capacity to contain the attack, identify the threat actors and penalize them. The Information Commissioner’s Office and the police have also been approached to ensure phishing prevention.
Major Cyberattack Hits Georgetown County
Georgetown County in coastal South Carolina shelters around 60,000 people, and the county’s computer systems were hacked last weekend. The incident has rendered the county’s electronic and email system out of order and can be called a significant infrastructure breach.
It’s a relief that the county’s jail operations and 911 system are functioning normally. At this point, it is uncertain as to when the operations will be up and running again. Thankfully, the county had cyber insurance, which is likely to pay for the damage. Besides, measures for protection from phishing attacks are adopted, and security experts have been summoned to investigate the breach.
Vipgames.Com Leaves Misconfigured Elasticsearch Server Unencrypted Online
The renowned gaming platform VIPGames.com was recently found leaving a misconfigured Elasticsearch server unencrypted and unprotected online. The app has been downloaded over 100,000 times on Google Play Store and hence is quite popular among those playing any of its featured games (Hearts, Euchre, Backgammon, Crazy Eights, Ludo, Rummy, Dominoes, or Yatzy). Over tens of thousands of users lost their data in his breach, which gave attackers access to the usernames, IP addresses, email addresses, hashed passwords, Twitter and Facebook handles, device details, info about banned users, in-game transaction details, etc.
Security researchers could procure 66k users’ records from the public server and say that any hacker would be able to launch spear-phishing attacks with these details. There could also be the risk of defamation, blackmailing, and extortion. Hence, gamers using the platform must adopt the phishing prevention best practices and change their passwords for all online accounts where they may have used the same password.
Researchers Discovered A Misconfigured Database Which Believedly Belonged To Cook County Government
Cybersecurity researcher J. Fowler and others from Website Planet recently discovered a misconfigured database online that exposed the court records of over 320,000 immigrants and family or criminal court pleaders. The database containing the full names, addresses, case numbers, email ids, etc., of victims was believed to belong to the Cook County Government. The vast expanse of data stored on the publicly available database was accessible and open to the (mis)use of anyone with internet connectivity, which compelled researchers to call this the largest breach of internal records in the history of Cook County.
Though the database was secured two days after its discovery, the Cook Bureau of Technology later informed that the Cook County government didn’t own the server. It remains unclear as to who is the owner of the database. Still, the records contained therein can cause much harm to people, particularly the immigrants, who are quite often without resources to prove their innocence. The exposed records pertain to cases registered nine years ago but can still pose serious cyber threats for those involved. Affected individuals are advised to adopt anti-phishing protection measures as early as possible.
Tiktok Exposing The Phone Numbers Of App Users
In yet another security incident, researchers discovered a flaw with the popular video-sharing app TikTok which enabled adversaries to access the phone numbers associated with a user’s TikTok account.
The flaw was found in the app’s Find Friends feature, where a user had to sync their phone contacts to the app to find out which of their contacts has a TikTok account. The HTTP request, which displays contacts using TikTok, includes their usernames, photos, numbers, and other profile details. Though there is an upper limit of syncing 500 contacts per device, per user, per day, the adversaries have a way to manipulate this. They can modify the HTTP requests to fit the number of contacts they want to sync.
The breach of phone numbers is scary, especially when even our bank accounts are connected to our phone numbers. But we can only hope that the adversaries don’t use the personal details of users for attacks. The good news is that TikTok has responsibly fixed the vulnerability. Users are advised to be vigilant and adopt necessary security measures.
Cyberattack Hits Palfinger
Australia based crane and lifting manufacturer Palfinger recently underwent a cyberattack that brought down its IT systems. Palfinger’s website displays a message saying that their operations are down because of a cyberattack that has brought down their email and IT systems. Consequently, the enterprise won’t respond to queries on orders; the only way to contact them is via telephone.
Since the attack is still being investigated, Palfinger requests its partners to avoid making purchases and contact them via other channels like Whatsapp and phone calls. They are adopting the required measures for protection against phishing and hope to be back in business soon.
Records Of Dutch COVID Patients Selling On The Dark Forum
The Dutch police have arrested two criminals for selling the private data of patients registered on the COVID-19 systems of the Dutch health ministry. Advertisements of these sales were all over Snapchat, Telegram, and Wickr. The stolen records have been selling online at prices ranging between €30 – €50 per record. The records being sold include the addresses, phone numbers, email ids, DOBs, and patients’ social security numbers.
The two convicted men worked at the DDG call centers, which is how they had access to the COVID-19 systems of the Dutch government. This security breach poses a significant threat to the patients as their social security numbers can be used for financial fraud and blackmailing purposes.