The distinctive form of cyberattack that continues to jeopardize world organizations is phishing, and this week too, we can mention at least a hundred phishing attacks capable of shutting down institutions. The following are the latest phishing news bits from across the world. Let us consider effective phishing prevention solutions as we read through these attacks:
3.2B Emails And Passwords Leaked In The Largest COMB Till Date
The Compilation of Many Breaches (COMB) attack from 2017, which exposed the emails and passwords of 1.4 billion users, is now overtaken by the latest breach. Threat actors have made a database with over 3.2 billion unique passwords and emails publicly available for free on a hacker forum. The exposed details belong to multiple breaches of sites like Bitcoin, LinkedIn, Netflix, Exploit.in, etc.
As researchers add the leaked data to software like Personal Data Leak Checker, it is advised that users change their passwords as early as possible. Phishing prevention tips by experts always recommend the use of unique passwords for all online accounts. If users have the habit of using the same password for their Gmail, LinkedIn, and Netflix account, then a breach of just one of these websites is enough to make their other accounts vulnerable. The leaked database stored records in alphabetical order and uses the same scripts as the 2017 COMB.
16k Card Details Of Foxtons’ Customers Leaked
The Alexander Hall mortgage broking business of the estate agent Foxtons Group underwent a cyberattack in October 2020, which exposed customers’ card and personal details from 2010 and before. Now users have found a sample database on the dark web selling these records. While Foxtons claims that the exposed data won’t be much useful to launch an attack, a test done on a small sample of the leaked data reveals that one-fifth of the exposed cards are still functional.
The database contains 16,000 records, but the exact number of affected customers remains unclear. In the four months that the data has been available online, it was viewed 15,000 times, suggesting that the threat actors have probably made their copies of the data by now. Foxton customers are advised to adopt the phishing prevention best practices and regularly monitor their credit history for suspicious activities.
Data Breach Hits Escortreviews.com
The US-based site Escortreviews.com promoting female escorts and reviews recently underwent a data breach that exposed the details of over 4,70,000 of its members. The adversaries have now posed this stolen data from their vBulletin forum database on the dark web. The exposed details include the names, email addresses, Skype names, DOBs, MD5 hashed passwords, and IP addresses of registered users. While the most recent data on Escortreviews.com is from September 2018, the latest cached Google search page dates to January 21st, 2021.
Their website is currently showing visitors a vBulletin database error. EscortReviews runs on vBulletin 3.8.9, which is known for its vulnerabilities. Adding to this is the fact that passwords were hashed using MD5, which gets decrypted easily. Members of EscortReviews worried about their security must immediately use measures for protection from phishing and change their passwords to strong and unique alphanumeric combinations.
Cyberattack At Security Firm Stormshield
The France-based security firm Stormshield which provides its services to the French government, recently underwent a cyberattack. The adversaries could compromise one of its customer support portals and partially steal the Stormshield Network Security (SNS) firewall source code. As a phishing attack prevention measure, Stormsfield has collaborated with the cyber-security agency ANSSI to investigate this breach.
While the investigation continues, the Stormshield SNS and SNI products will remain under vigilance. The firm takes all possible anti-phishing measures such as reviewing its SNS source code, replacing digital certificates used to sign SNS software updates, resetting passwords for all support portals, etc. In addition, all customers and partners whose information may have been compromised have been notified of the same.
Spotify Undergoes Second Credential Stuffing Attack In Three Months
Over 100,000 Spotify users received a password reset notification following a credential stuffing attack targeted at the music streaming service. Credential-stuffing attacks target those users who reuse passwords for multiple accounts. Using an automated script, the adversaries can quickly try the stolen IDs and passwords on various accounts and see if they can make their way in.
The latest breach was discovered by security researcher Bob Diachenko who also attached a Spotify statement confirming the breach on this Tweet. The data was initially exposed in a misconfigured Elasticsearch cluster with lots of information on users’ activities, emails, passwords, etc. To ensure anti-phishing protection, Spotify has asked all impacted users to reset their passwords. They have also asked the concerned ISP to bring down the database.
To stay ahead of credential stuffing attacks like this, users must make it a rule never to reuse a password. ‘One password one account’ must become the password-setting norm along with enabling multi-factor authentication (MFA).
Ransomware Hits Major Brazilian Electric Utilities Companies
Brazilian electric utility companies Copel and Eletribras underwent ransomware attacks recently, which brought down their operations and systems. The Eletronuclear subsidiary of Eletrobras was attacked, which brought down their administrative network servers. However, the services at the Angra 1 and Angra 2 nuclear power plants were unaffected. The company quickly adopted measures to prevent phishing attacks and isolated its systems to contain the malware.
The attack on Copel was from the Darkside ransomware group. The adversaries stole data exceeding 1,000 GB, including the personal information of top management members and customers and confidential infrastructure details. The compromised information also includes password hashes, user objects, groups, group membership details, etc., of users. Copel first disclosed the breach in a filing with the Securities and Exchange Commission (SEC) and has been investigating the incident ever since.
Data Breach Hits Sitepoint
The online tutorials and books publisher SitePoint recently disclosed a cyberattack to a select group of users. The website was hacked sometime last year, and the adversaries are now selling a database containing details of 1 million SitePoint users on the dark web.
The email sent to users mentioned that their names, usernames, hashed passwords, email addresses, and IP addresses were probably compromised in the breach. The website advises its users to reset their passwords for all online accounts and make it at least ten characters long to ensure phishing protection. For enhanced security, SitePoint has hashed and salted passwords with the bcrypt algorithm.
Phishing Scam Uses Spoofed Microsoft Page Hosted On Google Firebase
In another phishing scam, the adversaries sent a fake email to users about an electronic funds transfer (EFT), which would require them to download an HTML invoice. The invoice then leads them to a spoofed Microsoft Office page hosted on Google Firebase. The page looks exactly like the Microsoft login page – entering details here, a user would give away his/her phone number, username, password, and alternate email address to the adversaries.
The fact that the page was hosted on Google Firebase made it difficult for email security systems and anti-phishing tools to check its authenticity. Users seldom doubt the legitimacy of emails that come from seemingly credible sources.