Phishing attack prevention is a perennial struggle for internet users, and oblivion to recent attack trends makes the process even harder, which is why it is recommended to stay updated on the top cyberattack news. Below, we bring you the latest phishing scams from the bygone week:
Massive Data Leak At Two U.S. Hospitals
The adversaries have leaked the patients and employees from 11 U.S. hospitals recently. These include Leon Medical Centers’ eight facilities in Florida and three Nocona General Hospital facilities in Texas. The leaked data includes the names, DOBs, addresses, medical diagnoses and letters to patients’ insurers and background checks on hospital employees.
Usually, adversaries do not post such massive corpora of stolen data at one go, but this one-time dumping of tens of thousands of records is a suspicious and mysterious move. The incident seems more intriguing because a Nocona General Hospital attorney claims that they didn’t experience any ransomware intrusion. However, the Leon Medical Centers announced last month that it underwent a data breach in November 2020. While we await more details about the breach, patients and employees of these two hospital chains are advised to adopt phishing prevention best practices and regularly monitor their bank statements.
40 Million Privatbank Customer Records Leaked
Ukraine’s largest commercial bank – PrivatBank underwent a data breach, and a threat actor is now selling the stolen database on the dark web. The database contains over 40 million records which include the personally identifiable information of customers. The Ukraine population comes to about 44 million, but it’s unlikely that a bank would have records of 93% of the country’s population (considering age and other factors). The database records are probably not unique, but this still doesn’t reduce the risk for those whose names, DOBs, passport details, Taxpayer identification numbers, family status, phone numbers etc. were exposed.
The adversary is demanding $3,400 in bitcoin for the PrivatBank database. While we await a statement from the bank itself, customers are advised to take measures for protection from phishing attacks and report any suspicious activities they notice.
After Accellion QIMR Berghofer Undergoes Data Breach
Brisbane based QIMR Berghofer Medical Research Institute became the victim of a data breach after using the file-sharing services of U.S. based company Accellion. The Accellion hack from 25th December 2020 had affected several associated organizations, and QIMR Berghofer is just another name on the list of enterprises. Accellion had asked QIMR Berghofer to apply a security patch on 4th January 2021, and the medical organization had done so immediately. Despite the phishing protection measures, QIMR Berghofer disclosed a data breach on 2nd February 2021.
Nine QIMR Berghofer employees were using Accellion service; hence just 4% of their data was accessed by Accellion. The compromised information includes the initials, DOB, gender, medical histories, clinical trial participants’ ethnicity, participant codes, etc. Around 30 resumes of current and former research employees were also compromised in the breach. QIMR Berghofer regrets this incident and extends its apologies to clinical trial partners and other stakeholders. While the compromised data cannot be used to trace down a person, it still doesn’t justify a breach, and the medical organization acknowledges this fact.
Data Breach Hits Law Firm CJH, Impact On 36,000 UPMC Patients
Pennsylvania based law firm Charles J. Hilton & Associates P.C. (CJH) which provides legal services to the University of Pittsburgh Medical Center underwent a security incident in June last year. The adversaries had compromised its employee email system and gained access to many employee email accounts because of which the sensitive information of over 36,000 UPMC patients was compromised.
CJH informed UPMC about the breach in December 2020 and is now following anti-phishing protocols and informing affected patients. The compromised details include the names, DOBs, bank account numbers, Social Security numbers, driver’s license numbers, patient account numbers etc. Although there is no evidence to prove the misuse of the stolen data, CJH and UPMC are informing all patients about the breach via letters and notifications. Further, CJH provides free credit monitoring and identity theft protection services to affected customers for better protection from phishing.
Ransomware Hits Mutuelle Nationale Des Hospitaliers
Popular health insurance company Mutuelle Nationale des Hospitaliers (MNH) recently underwent a ransomware attack that disrupted its operations.
The MNH website displays a notice informing of the cyberattack and remains down along with its telephone platform. The ransomware group RansomExx is behind this attack on MNH. The ransomware strain is known for its harvesting unencrypted files after infecting a system. A security researcher has shared a Tor web page belonging to RansomExx which acts as a ransom negotiation page between the victim (MNH) and the adversaries. The page contains instructions for MNH and provides them with an opportunity to negotiate the ransom amount with the attackers.
As we await an MNH statement regarding the breach, stakeholders are advised to closely monitor their bank accounts and take all necessary anti-phishing protection measures.
Data Breach Hits Syracuse University
Over 9,800 Syracuse University students, alumni and applicants had their names and Social Security numbers compromised because of a data breach caused by the unauthorized access of an employee’s email account. After a month of discovering the breach, the university is now informing all affected students.
They are unsure whether the adversaries accessed the student information from the compromised email account and misused it. As an anti-phishing solution, the university is offering free Experian credit reporting services to affected students. Further, the university has implemented stricter cybersecurity measures and is training its employees.
Data breach Hits Emsisoft.
New Zealand based cybersecurity company Emsisoft recently underwent a data breach owing to a configuration error. The company’s test systems were compromised and accessed by unauthorized third parties between 18th January and 3rd February.
While Emsisoft regrets the breach, this was an automated attack targeted not just at Emsisoft. The precise rows cannot be identified, but the good thing is that only parts and not the entire database were affected by the breach. The company has brought down its systems and initiated a forensic analysis to prevent phishing attacks. Investigations revealed that the breach affected 14 customer email addresses connected with seven organizations.
The compromised details include only technical logs and not the PII of customers or employees. Apart from the 14 customer email addresses, no customer data was compromised. Emsisoft says that it will conduct all future tests off the internet with artificially generated data to ensure that no customer data is compromised again.
KeepChange Sets Example With Robust Attack Prevention
The newly launched Bitcoin exchange portal KeepChange was recently targeted by cyber adversaries. But their robust measures for protection against phishing prevented the attackers from robbing user funds.
The attackers had initiated a withdrawal request from some customer accounts, but KeepChange control subsystems denied those requests. Though the hackers couldn’t steal user funds, they could steal PII of customers. The stolen details also included the hashed passwords of KeepChange customers.
Customers are advised to change their passwords to some strong combination of alphanumeric characters and do the same for all accounts for which they may have used the same password. It is unlikely that the adversaries will be able to crack the hashed passwords, but it’s good to protect yourself from phishing beforehand.