While breaches and attacks are very common, not many people are aware of the impact these have on organizational networks and the information stored and shared therein. Here are the most significant phishing news headlines this week to help plan your anti-phishing measures.


Data Breach Hits Extend Fertility

New York City (NYC) based fertility clinic – Extend Fertility recently underwent a cyberattack. Now it is notifying patients of the probability of the compromise of their data. Specializing in IVF and freezing embryos and eggs, Extend Fertility was attacked on 15th December 2021, and the clinic had hired external forensic experts to investigate the nature of the attack then. Its servers and networks containing patients’ personal and protected health information (PHI) were affected.

However, Extend Fertility quickly adopted phishing prevention measures and conducted a month-long investigation into the breach. The information compromised in the attack includes patients’ full names, DoBs, contact numbers, genders, email addresses, diagnosis and treatment details, medical history, lab test results, dates of service, prescription details, medical account numbers, provider name, financial details, etc.

While the full extent of the attack remains to be figured out, the clinic has started notifying patients about the threat to their data. Extend Fertility has not disclosed the exact number of patients affected in the incident, but it is offering free credit monitoring and identity protection to all victims. Fortunately, there is no evidence of the misuse of the stolen patient information so far.


Ransomware Hits San Francisco 49ers NFL Team

A ransomware attack recently targeted the corporate IT network of the San Francisco 49ers NFL team and encrypted its files. After the team confirmed the attack, the BlackByte ransomware gang took ownership of the attack by listing them on its data leak site. The San Francisco 49ers NFL quickly adopted phishing attack prevention measures and initiated an investigation immediately.

So far, the attack seems to be confined to its corporate IT network. The team also notified law enforcement and is working closely with an external team of cybersecurity experts. Had the team qualified for Super Bowl LVI, this attack would have been catastrophic, but it is still trying to restore systems at the earliest.


Ransomware Hits European Car Dealer Emil Frey

A ransomware attack targeted one of Europe’s biggest car dealers – Emil Frey, on 11th January 2022. It was later confirmed (on 1st February 2022) that Emil Frey had appeared on Hive’s list of victims. The Swiss company had initiated its restoration measures soon after detecting the incident.

Hive was first spotted in August 2021 and has attacked over 30 healthcare and other organizations since then. It is known for demanding huge ransoms, and one can expect similar consequences in the case of Emil Frey. While the company is taking necessary anti-phishing protection measures, it has refrained from sharing specific details about the incident, such as the number of customers affected by the attack.


Data Breach Hits Croatian Phone Carrier ‘A1 Hrvatska’

A data breach recently hit the Croatian phone carrier ‘A1 Hrvatska’, which exposed the personally identifiable information (PII) of over 200,000 people (10% of its customers). The breach notification merely notifies customers of unauthorized access to one of its user databases without further details.

Reportedly, the customer information compromised in the incident includes their names, addresses, personal identification numbers, and telephone numbers. Fortunately, the database did not contain financial details, and hence no online account or bank details have been compromised. A1 Hrvatska hired an external forensics team to investigate the breach and analyze the nature of the stolen documents.

A1 Hrvatska is now informing affected customers about the breach on a one-on-one basis. The Zagreb Police is also continuing its investigations in this regard. The Croatian phone carrier profoundly regretted this unfortunate incident and had adopted additional security measures to prevent phishing attacks in the future. It follows all recommended data protection protocols and has confirmed that no other A1 Hrvatska services or operations have been affected.


Baltimore City Loses Funds To Fake Vendor Transfer Requests

The Office of the Inspector General (OIG) recently reported that Baltimore city lost hundreds of thousands of dollars in 2021 in impersonation attacks where the adversaries requested payments posing as vendors. OIG began its investigation into the matter after receiving a notification from  Baltimore’s Bureau of Accounting and Payroll Services (BAPS) in October last year informing of a fraudulent Electronic Funds Transfer (EFT). A fund transfer from the Mayor’s Office of Children and Family Success (MOCFS) to a so-called contractor first caused a red alert.

It was a typical BEC scam where the adversaries asked for the bank details to be updated. It was later confirmed that the attackers compromised an employee email account belonging to the vendor. This compromised account was then used to demand payments from the city authorities. Unsuspicious city employees believed the email from the adversaries and made a transfer of $376,213.10 to the adversary-owned account on 7th January 2021. While funds reached the attackers, the actual vendor still did not receive its payment. Fortunately, it received $50,000 from its insurance provider. Such attacks have increased in recent times, and therefore it has become necessary to equip employees with measures for protection from phishing.


Gamaredon Cyberattack Group Targets Ukrainian Entities

A recent Microsoft report states that the Gamaredon threat actor group has been targeting Ukrainian entities since 2017. The latest attack vector is a DDoS attack breaking into multiple Ukrainian government websites. These attacks primarily targeted websites of the public radio, the armed forces, defense ministry, and national banks like Privatbank and Oschadbank. Reportedly, ATM services were also affected by these attacks.

As a consequence of the attacks on banks, customers were unable to log into their accounts on the bank portal. The attacks looked severe as the websites underwent a downtime of over six hours.

This wave of DDoS attacks is one of the most commonly launched and powerful attacks targeting websites today. And Ukraine is known to be the target of the highest number of malware attacks in Europe. Thus, there is a dire need for Ukrainian authorities to take a call to action and adopt stricter anti-phishing solutions.


South Shore Hospital Undergoes Cyberattack

The Chicago-based nonprofit South Shore Hospital discovered some suspicious activity on its network on 10th December 2021 and is now notifying over 115,000 former and current patients that their data was affected in the incident. The attack looked like a ransomware attack, but the breach notification did not mention this.

The hospital activated its emergency operating protocols soon after detecting the attack to provide uninterrupted medical services to patients. As part of its measures for protection against phishing, South Shore hired an external forensics firm to investigate the breach. The compromised patient information includes their names, DoBs, social security numbers, contact details, financial information, medical data, diagnosis details, health insurance information, etc. South Shore has extended free identity theft protection services to all victims to ensure patients’ safety. Further, to prevent such an incident from occurring again, the hospital has enabled MFA and is re-training its employees and spreading awareness on cybersecurity.


Data Breach Hits The Internet Society (ISOC)

The Internet Society (ISOC) is a nonprofit known for keeping the internet open and secure. It recently exposed the personal details of over 80,000 plus members owing to a breach at one of its third-party vendors. The members’ data (containing names, addresses, email addresses, and login credentials) was stored on an unprotected Microsoft Azure cloud repository. Consequently, all these details remained publicly available online for an undefined period.

Cybersecurity researcher Bob Diachenko and experts from Clario first discovered this exposed repository on 8th December 2021 and immediately notified the Internet Society about it. ISOC secured the database a week later, on 15th December 2021. Diachenko suspects that the data was exposed for at least a month before being discovered. Affected users are advised to change their ISOC passwords, look out for suspicious messages or links, and take necessary measures to protect themselves from phishing.