Several phishing attempts have been recorded over the last week, each forming or adding to an existing pattern of attacks. It is important to understand these phishing types so we can take anti-phishing protection measures for our organizations. To this end, the following are the major phishing news headlines this week:

 

Cyberattacks Target British Army’s YouTube and Twitter Accounts

The UK Ministry of Defense recently announced that the British Army’s YouTube and Twitter accounts were hacked by unknown threat actors. The compromised accounts were then used to promote cryptocurrency scams.

Details of when the accounts were attacked are unclear, but they seem to be restored now. The MoD has launched an investigation into the breach and mentioned that the Army takes cybersecurity and security, in general, very seriously and is striving to get to the roots of the attack.

The adversaries targeted the British Army’s  Twitter page and changed the profile picture, cover picture, and bio to associate it with The Possessed NFT collection. The hacked account sent out several retweets for NFT giveaways and directed users to a fake NFT minting website.

As for the YouTube channel, the attackers deleted all of its videos and changed the account name and profile picture to make it look like investment firm Ark Invest’s account. Fortunately, the British Army’s Twitter account has been locked and restored since then by taking phishing prevention measures.

The adversaries replaced the British Army’s YouTube videos with some old live streams of Tesla CEO Elon Musk and former Twitter CEO Jack Dorsey. These live streams were part of Ark Invest’s The B Word conference held in June. Four live streams aired at once and attracted thousands of viewers.

 

Cyberattack Hits Cedar Rapids Community School District

A cyberattack recently targeted the Cedar Rapids Community School District, which brought down its summer activities. Discovered during the holiday weekend, the breach has brought a district-wide closure, including a shutdown of field trips.

 

Kids on Course University, Scholar Camp, and Champions summer programming are to remain ineffective, but the high school baseball and softball games will continue as scheduled.

District leaders mentioned that the district was quick to adapt anti-phishing protection measures and hired third-party cybersecurity experts to look into the incident. Furthermore, they have strengthened their security measures to ensure that such an incident doesn’t occur again.

The school officials extended their apologies to parents and families and asked for their patient cooperation in resolving the matter.

 

Data Breach Hits Mattax Neu Prater Eye Center

A data breach recently targeted the Missouri-based healthcare clinic Mattax Neu Prater Eye Center. Consequently, the data belonging to over 90,000 individuals were affected. The breach occurred in December 2021 but was revealed only in June 2022. HIPAA reports indicated that 92,361 individuals were affected by the breach.

Mattax Neu Prater reported that a third-party security issue may have compromised patients’ data. The third party involved in this breach was myCare Integrity (an undertaking of the practice performance company Eye Care Leaders).

Eye Care Leaders noted that around 4th December 2021, hackers accessed the myCare Integrity data and deleted its system configuration files and databases.

The initial investigation by Eye Care Leaders did not find evidence for the compromise of any Mattax Neu Prater’s patient records. It further noted that because this was a data security incident affecting Eye Care Leaders’ network environment, no such remedial actions were available for Mattax Neu Prater.

Mattax Neu Prater’s anti-phishing experts confirmed that there is no evidence of any identity theft. But it has informed possible victims via postal mail, nonetheless.

 

Cyberattack Targets Marriott International

Unknown threat actors recently targeted Marriott International’s computer networks and extorted the hotel giant. The incident took place a month ago and was reportedly the work of an international attacker group that has been in operation for five years.

The hotel chain reported that the attackers used social engineering to trick a Marriott employee into giving away access to his computer. The unauthorized party could access these Marriott systems for a short period one day, and the hotel had identified and begun its investigation before the threat actors started their extortion attempt.

 

social engineering tactics

 

Marriott did not comply with the hackers’ demand and informed law enforcement of the breach.

The hacker group confessed that it stole over 20GB of data from Marriott, including the credit card and confidential data of guests and employees of the BWI Airport Marriott in Baltimore. To make matters worse, adversaries had also emailed several employees.

Fortunately, a Marriott spokesperson said that the size of the stolen file is not an indicator of the content involved. The spokesperson added that most of the stolen information was non-sensitive and involved internal business files.

The adversaries posted a sample of the Marriott data, which includes reservation logs of airline crew members from January 2022 onwards and screenshots of credit card authorization forms. As part of its measures for protection against phishing, Marriott would be notifying 300-400 regulators and people of the breach.

 

Cyberattack Hits Crema Finance

A cyberattack recently targeted the Solana-based liquidity protocol Crema Finance. Consequently, over $8.78 million worth of cryptocurrencies were stolen, and the smart contract was suspended.

As part of its measures for protection from phishing attacks, the decentralized trading platform is working in close association with several security firms to get to the roots of the attack.

A sharp dip was noted in the value locked on Crema; it went down from $12 million to $3 million after the attack. This could be one of its lowest values since its inception in January 2022, when Crema had recorded a trading volume of up to $1.34 billion.

The adversaries created a fake tick account and exploited a command by evading security measures and writing the data on the fake account. In the next step of the attack, the adversaries used a flash loan to play with the asset prices on liquidity pools. This, combined with the false data entries, enabled the adversaries to claim a huge fee out of the pool.

 

Data Breach Hits Professional Finance Company (PFC USA)

The Professional Finance Company (PFC USA) was recently targeted by a cyberattack that may have affected more than 650 healthcare providers across the country. PFC engages in debt recovery and collaborates closely with retail, financial, government and healthcare organizations.

As part of its phishing protection measures, PFC USA sent out breach notifications to all affected individuals informing them that their health and personal information may have been compromised in a ransomware attack in February 2022.

The company stated that since the adversaries could access and disable the company’s computers, there is a high chance that personal information stored on those systems was compromised. The exposed information could include individuals’ names, DOBs, addresses, payment details, health insurance details, social security numbers, medical treatment information, etc.

Although PFC did not share the exact number of affected individuals, it mentioned that 657 healthcare providers were impacted.

 

cyberattack

 

Cyberattack Hits Tel Aviv Metro

A massive cyber attack recently hit the servers of Israel’s Tel Aviv Metro. The news was first reported by Iran’s Fars News Agency which mentioned that the operating systems and servers of the Tel Aviv Metro were down because of a cyberattack. The agency later reported that the attack hit one of the construction companies involved in the Tel Aviv Metros project.

Later, a Palestinian militant group called Sabareen took to its Telegram channel to claim the attack. Local Israeli media suggests that this attack news could also be a part of propaganda (of Iran) against Israel.

This was the second time Iraq attempted an attack on the servers of Israel, indicating that Israeli government agencies need to find ways to enhance their measures to prevent phishing attacks. As per Sabareen’s post, Al-Tahera (a hacker group from Iraq) has attacked the Israeli digital intelligence agency.