As a small business owner, one should be aware of the latest attack vectors targeting SMBs and SMEs to prevent phishing attacks. To that end, here are the latest updates on the most notable phishing updates of this past week.
Russian DDoS Attacks Repeatedly Target Ukrainian Institutions
Distributed Denial-of-Service (DDoS) attacks are targeting the websites of many Ukrainian government agencies and state-owned banks. Ukraine’s largest banks – Privatbank and State Savings Bank were among the affected institutions. Consequently, some of the affected systems remain temporarily unavailable.
The Ukrainian SSSCIP and other national cybersecurity agencies are trying to ensure protection against phishing by collecting and analyzing information available on the attacks. These attacks are on the same lines as the DDoS attacks that affected the Ukrainian banks and government websites last week.
The Deputy National Security Advisor for Cyber Anne Neuberger pointed out that the investigation suggests the role of Russian intelligence in these recent attacks on Ukraine-based IP addresses. Neuberger noted that the recent attacks might have had little impact, but they are laying the groundwork for more severe attacks that might be targeted at Ukraine’s territory.
New Wiper Attack Targets Ukraine, Latvia, And Lithuania
A new wiper malware is targeting Ukrainian enterprises, and its samples have also been found in Latvia and Lithuania. This malware attack comes after the DDoS and SMS spam attacks that targeted the nation earlier. Reportedly, the new wiper targeted large organizations and can be associated with the ongoing Ukraine crisis. The attack was first discovered by ESET Threat Research and reported via Twitter; Symantec eventually confirmed it. The technical director of Symantec Threat Intelligence said that at least two organizations were affected by the wiper malware. The malware primarily targets government contractors and financial institutions.
In its tweet, ESET mentioned that the wiper compromises legitimate drivers from the EaseUS Partition Master software and corrupts data. It further stated that hundreds of Ukrainian organizations had recently undergone cyberattacks. So far, it has not been confirmed that Russia is responsible for this new wiper attack as its strains have also been seen in other nations.
DeadBolt Ransomware Hits Asustor NAS Drives
The owners of Asustor NAS drives were taken aback by a ransomware attack that encrypted all data stored on their network storage devices, and now the adversaries are demanding a ransom. Meanwhile, Asustor users are posting left and right on Asustor’s support forum, explaining how they discovered that their NAS drives were encrypted with ransomware.
A ransom note greeted users on their drives where DeadBolt operators demanded 0.03 bitcoins (approximately US $1140) to release the decryption key. The DeadBolt ransomware operators played an excellent mind game with Asustor users and mentioned in the note that they were affected because of their vendor’s inadequate phishing prevention measures.
As part of its measures to prevent phishing attacks, Asustor has disabled remote access to its NAS drives – ASUSTOR EZ Sync, ASUSTOR EZ-Connect, and ezconnect.to. The company also released a list of recommendations for users to protect themselves from DeadBolt. These include creating data backups, disabling EZ Connect, Terminal SSH, SFTP services, and changing default ports. NAS owners must protect their devices with firewalls to ensure optimal protection against prying cybercriminals.
Cyberattack Hits Expeditors International
Expeditors International is a renowned American logistics and freight forwarding company with operations in over 100 countries. Recently, Expeditors International underwent a cyberattack that disrupted most of its operations and forced the company to shut down its global operations. The attack was first discovered on 20th February 2022, and Expeditors began its investigation soon after.
In its breach announcement, Expeditors International mentioned that the company voluntarily shut down its global operating systems to limit the attack’s spread. It further mentioned its anti-phishing protection strategies, where the company has collaborated with international cybersecurity experts to get to the roots of the attack. However, the good news is that some of its operations continue, such as freight shipments, customs management, shipment distribution, etc.
From its looks, the Expeditors incident seems to be a ransomware attack. The company has hired third-party cybersecurity experts to investigate the breach and help restore services and recover systems from the attackers. Expeditors International foresees an adverse impact of the attack on its business, revenues, goodwill, and operations.
Data Breach US Cookware Giant – Meyer
The US Cookware giant Meyer recently underwent a data breach that affected its employees. The incident occurred in October 2021, but it was only on 1st December 2021 that its impact on employee data was detected. Therefore, the company recently sent a breach notification letter to employees, which was later posted on the California attorney general’s office website.
So far, Meyer doesn’t know for sure which employees were affected in the incident, but the impact on victims could vary in intensity depending on what information belonging to them was stolen. The company has clarified the same on its breach notification, where it states that what type of personal information got compromised depends on what information the employees shared with Meyer. However, it mentioned the list of employee information that was possibly affected. This includes employees’ full names, addresses, genders, DoBs, race or ethnicity, health insurance details, social security numbers, medical details, COVID vaccination cards, random drug screening results, driver’s license, government-issued identification number, passports, immigration status, permanent resident cards, etc.
The breach notification further mentions that there is no way to find out whether an employee’s specific information was accessed or not. Therefore, to ensure protection from phishing attacks for all employees, Meyer is providing them with two years of complimentary identity protection service. The company continues its investigations into the breach and has strengthened its security measures. It has also sent breach notifications to employees of its other branches like Hestan Commercial Corporation, Hestan Vineyards, Hestan Smart Cooking, and Blue Mountain Enterprises.
Phishing Scam Targets Digital Banking Platform Users
Monzo is a famous UK-based digital-only banking platform, and a series of phishing messages recently targeted its users. An emerging network of malicious websites backs these phishing messages. Monzo was a pioneer in challenging the traditional financial system and has over four million active users. The ongoing phishing campaign targets Monzo users and attempts to steal their account details.
Monzo took to Twitter to inform customers of these fraud messages and suggested measures to protect themselves from phishing. In a typical attack, an SMS is sent to users, which appears to be from Monzo. This text asks recipients to go to the provided link and verify their account or reactivate their session. Following the link leads users to a phishing site that displays a fraudulent login page and asks users to enter their Monzo account credentials (username, Monzo pin, and contact number). Providing these details will give attackers complete access to users’ accounts.
It must be noted that Monzo never approaches users on SMS; for all notifications, it uses its official website, account portal, or built-in app notifications. In addition, the platform never asks its users to follow links outside its app; therefore, all such messages that seem to come from Monzo should be dealt with caution.
Vulnerability with WordPress Plugin UpdraftPlus
UpdraftPlus is a cloning plugin for WordPress that allows users to send installed links to their backup through email. People usually prefer UpdraftPlus because of its advanced features and user-friendliness. A new vulnerability has been detected in this UpdraftPlus plugin that allows anyone on the internet (even sub-level subscribers) to create valid links. The vulnerability poses a risk for millions of WordPress users because it allows almost anyone to acquire their backup files.
While this UpdraftPlus flaw is quite severe in itself, users can still prevent it from exploiting their identity information, passwords, and other sensitive data. WordPress has now patched the UpdraftPlus vulnerability and urges users to update their plugins at the earliest to ensure anti-phishing protection for all.