Phishing continues to be a primary contributor to cyber news headlines. Following are the most significant phishing news headlines this week to help you plan your phishing prevention measures.

 

Ransomware Hits Swissport

A ransomware attack recently targeted Swissport – the Swiss airport management service that affected its IT infrastructure. In its statement, Swissport said that most of the attack had been contained and mentioned that it is taking necessary anti-phishing measures to restore systems, particularly its delivery system.

Switzerland’s National Cyber Security Center has been trying to establish contact with Swissport, but its website is currently down. Around 22 flights were delayed by about 20 minutes because of this incident. The company informed that its ground services at 307 locations, including Zurich Airport, remain unaffected by the attack. The NCSC reported that this attack on Swissport could be a part of a coordinated attack on European transportation and gas services.

 

Data Breach Hits Morley Companies Inc. After Ransomware Attack

The U.S-based business services provider Morley Companies Inc. underwent a ransomware attack on 1st August 2021, and now it has detected a data breach in its systems. The company provides business services to Global 100 and Fortune 500 firms and believes that the data breach affected over 500,000 contractors, employees, and clients. The firm is now sending out breach notifications to the affected individuals.

The adversaries believably accessed victims’ names, DOBs, social security numbers, health insurance details, client ID numbers, and medical diagnostic and treatment information. So far, Morley’s investigations have not found any concrete evidence of the misuse of the stolen credentials, but as a phishing attack prevention measure, it is providing two years of complimentary identity theft protection service to all affected individuals.

Disclosing further details about its preventive measures, Morley said it has collaborated with cybersecurity experts to investigate the attack. It began sending out breach notifications on 18th January 2022 when it was finally confirmed that client and employee information was compromised. The cyber-intelligence platform HackNotice arguably saw Morley’s sensitive data exhibited on the dark web last week.

 

Cyberattack Hits Pellissippi State Community College

Tennessee-based Pellissippi State Community College recently underwent a cyberattack that resulted in unauthorized access of the personally identifiable information (PII) of its staff and faculty, and current and former students. The attack primarily focused on encrypting the school’s data and leveraging a ransom payment, but when Pellissippi State refused to comply with ransom demands,  the adversaries stole sensitive data.

Fortunately, the college’s credit card payment systems and main database remained unaffected by the breach. Investigations into the matter revealed that adversaries accessed a system containing names, internal identification numbers, email addresses, and school passwords. So far, it is unclear whether adversaries accessed any other PII, but the school is taking necessary phishing protection measures. It has extended free credit monitoring services to all victims and continues investigating the attack.

 

Cyberattack Targets British Council Via Unsecured Azure Blob Container

In December 2021, cybersecurity researcher Bob Diachenko discovered an unprotected Azure blob container belonging to the British Council. Over 144,000 files containing British Council’s student records were exposed online. The exposed student records include their names, usernames, student IDs, email addresses, enrolment dates, student status, study duration, notes, etc.

Diachenko reports that a public search engine indexed the Azure blob container. It included thousands of Excel spreadsheets and other files and could be viewed by anyone online. The leak was first detected on 5th December 2021 and immediately reported to the British Council. Having received no response from the organization after two days, the researchers took to Twitter to communicate with the British Council. The council responded to the notification here and patched the vulnerability in two weeks.

In its statement, the British Council said that the security of personal information is of utmost importance to them. It is working with its third-party service provider to ensure that such an unfortunate incident doesn’t happen again. The British Council adheres to regulatory obligations and is in constant touch with the Information Commissioner’s Office. Reportedly, the 144,000 files contain the records of about 10,000 British Council students. To ensure protection against phishing, British Council students are advised to look out for suspicious phishing emails they may receive and change their login credentials for added security.

 

Unsecured Securitas Server Exposes Airport Employees’ Data

The Stockholm-based electronic security solutions, on-site guarding fire & safety services, and enterprise risk management provider –  Securitas recently underwent a data breach. First discovered by cybersecurity experts at SafetyDetectives, an unprotected AWS S3 bucket belonging to Securitas was exposing over 1 million files online. The server contained 3TB of data dating back to 2018 and involved the records of airport employees across four airports – El Dorado International Airport (COL), José María Córdova International Airport (COL), Alfonso Bonilla Aragón International Airport (COL), and Aeropuerto Internacional Jorge Chávez (PE).

The misconfigured AWS bucket contained two primary datasets with PII, national ID card numbers, and photos. In addition, the bucket also included details of fueling lines, planes, and luggage handling. The adversaries could exfiltrate the unstripped. EXIF data in the stolen photographs to procure the time, date, and GPS locations. After discovering the bucket, the cybersecurity experts notified Securitas of the issue on 28th October 2021. The latter responded and secured the database on 2nd November. Securitas also informed the Swedish CERT about the incident as part of its measures to prevent phishing attacks.

 

DDoS Attack Hits Microsoft Azure Customer in Asia

A massive 3.47 Tbps DDoS attack hit a Microsoft Azure cloud computing customer in Asia sometime in November 2021. But Microsoft made the incident public only on 25th January 2022. The attack reportedly lasted for 15 minutes and consisted of a botnet with over 10,000 compromised IoT devices. These devices were from countries like India, Russia, China, Iran, Vietnam, Thailand, Taiwan, South Korea, Indonesia, and the United States.

Microsoft’s anti-phishing protection measures in this incident culminated in its report “Azure DDoS Protection—2021 Q3 and Q4 DDoS attack trends.” The company claims that the attack was mitigated soon after detection, but the adversaries employed various methods of boosting the DDoS attack. The report further claimed that DDoS attacks had increased recently, with India, Hong Kong, and the US being prime targets.

 

Cyberattack Hits Major European Oil Terminals

Some of the major oil ports in Western Europe recently became victims of a cyberattack. The incident happens at a time when energy prices are soaring already. Belgian authorities have reportedly initiated an investigation into the breach, which hacked the oil facilities in maritime entryways like Antwerp. On the other hand, the German prosecutors are investigating the cyberattack, which looks like a ransomware attack on oil networks.

As a result of the software hijack, operations at various European ports have been affected, particularly the unloading of barges. The EU’s Europol police agency has extended its support to German authorities in this battle against the attackers. One of the worst-hit IT systems in this attack is the Amsterdam-Rotterdam-Antwerp oil trading hub. The German security services have found evidence proving that the BlackCat ransomware was deployed in the cyberattack in Germany. The Dutch National Cyber Security Centre also did its best to trace the attackers using cybersecurity tools.