Phishing attack prevention is a global problem, and together we can outsmart the adversaries. The first step to winning this battle against cyber attackers is to keep abreast of the latest techniques and methods they use to lure the end users. The following are this week’s major phishing headlines to help you stay updated:
Data Breach Hits OneTouchPoint
A data breach recently targeted the mailing and printing services vendor OneTouchPoint. Consequently, over 30 health insurance carriers and healthcare providers were affected. With its headquarters in Hartland, OneTouchPoint provides supply chain management, print, and marketing execution services to various healthcare-based organizations. A ransomware attack had targeted OneTouchPoint, exposing all the personally identifiable information (PII) stored on its servers.
OneTouchPoint first discovered some encrypted files on its systems on 28th April 2022. Soon after detecting the suspicious activity, the company took anti-phishing protection measures. The initial investigation revealed that the exposed customer details contained their names, DOBs, addresses, description of service, date of service, diagnosis codes, etc. Further, customers’ social security numbers were also compromised in the incident. So far, the exact number of affected individuals or the type of ransomware involved is unknown. But OneTouchPoint is sending out breach notifications to affected individuals.
Security Loopholes in FileWave MDM Products Expose Organizations to Attacks
Two critical vulnerabilities in mobile device management (MDM) products from FileWave are exposing multiple organizations to cyberattacks. The vulnerabilities include an authentication bypass issue tracked as CVE-2022-34907 and a hard coded cryptographic key followed as CVE-2022-34906.
While the first flaw would enable adversaries to achieve “super_user” access and gain full access over an internet-connected MDM instance, with this access, hackers can easily hack all FileWave-managed devices and steal information or inject them with malware. Security experts identified 1100 devices using the MDM server exposed to CVE-2022-34907. Fortunately. FileWave was quick to take measures to protect against phishing and patched both flaws in its 14.7.2. Furthermore, it reached out to all affected customers, asking them to fix their systems at the earliest.
Ransomware Hits Wooton Upper School in Bedfordshire
A ransomware attack recently targeted Wooton Upper School in Bedfordshire, and the adversaries are now demanding £500,000 for the decryption key. The Hive ransomware group is believed to be responsible for this attack on the school. It also targeted Kimberley College for 16-19-year-olds (another institution under the Wootton Academy Trust).
The threat actors messaged parents and students to inform them of the breached networks of the Wootton Academy Trust. The group stole the bank details, home addresses, medical records, and students’ psychological reviews from the school servers. The Trust reported that the attack had a limited impact on its operations as it closed down for the summer break. The attack affected scheduling for the coming year and the grade sheet production in some cases, but despite that, the Trust is optimistic that it will be able to revive from the incident within ten days.
Hive, on its part, has done its homework well and is aware that Wootton has cyber insurance of £500,000. The group now threatens to release stolen data if Wootton refuses to pay. The Trust expressed concern for the security of students’ data and mentioned taking all anti-phishing measures and investigating the breach.
Data Breach Hits St. Luke’s Health System
A data breach recently targeted St. Luke’s Health System affecting the data belonging to an unknown number of patients. Reportedly, the patients’ names, addresses, ID numbers, insured names, phone numbers, DOBs, description of services, last five digits of social security number, amount billed, payment due date, outstanding balance, and status of the account were exposed.
St. Luke’s mentioned that the breach occurred in late May 2022 and affected customers billed in that same month. St. Luke’s security vendor discovered the breach in June, and the hospital was informed of it on 6th July. After its initial investigation, St. Luke’s found that 31,573 individuals were affected by the incident. The vendor that became the initial attack vector remains unnamed, but St. Luke’s has reportedly stopped working with the vendor. The vendor is taking measures for protection from phishing. It is also working with the FBI and an audit firm to get to the roots of the attack. St. Luke’s is in the process of notifying all affected patients or customers about the breach and will also provide free credit monitoring services to them.
Akamai Blocks DDoS Attack
The cybersecurity and CDN company Akamai recently blocked one of the largest DDoS attacks to hit a European organization (its customer). DDoS attacks targeted its European client over 75 times in the last month with multiple attacks such as UDP fragmentation, ICMP flood, UDP, SYN flood, RESET flood, TCP anomaly, PSH ACK flood, TCP fragment, FIN push flood, and PUSH flood.
Akamai’s phishing prevention measures helped detect and mitigate the attack on 21st July 2022 when one of its European clients on the Prolexic platform received traffic at the rate of 853.7 Gbps and 659.6 Mpps in 14 hours. This marks the largest global horizontal attack Akamai has ever mitigated on its Prolexic platform. Akamai reports indicate that the adversaries had used a highly-sophisticated, global botnet to launch the attack.
Lockbit Steals 78 GB Data from Agenzia delle Entrate
The ransomware group Lockbit claims to have stolen 78 GB of files from the Italian Revenue Agency (Agenzia Delle Entrate). The group has also added Agenzia Delle Entrate’s name to its list of hacked government agencies, which goes up on its dark web leak site. The agency has been operating since 2001, and the adversaries claim to have stolen 78 GB of data from Agenzia Delle Entrate, including their company documents, financial reports, scans, and contracts.
This attack would mark one of the most severe cyberattacks endured by Italian government agencies. The Agenzia Delle Entrate is responsible for collecting taxes and revenue and enforcing Italy’s financial code. It provides a host of online services for Italian and non-Italian taxpayers. So far, the ransom amount is not known, but Lockbit usually gives its victims five days to pay the amount before leaking the stolen data. Hopefully, Agenzia Delle Entrate is adopting measures for protection against phishing.
Cyberattack Targets the City of Newport
A cyberattack recently targeted the City of Newport, which compelled the City to initiate an internal investigation and notify current and former municipal employees. The incident came to light when a suspicious email was found on the City’s internal network. While no external customer data was affected in this breach, there is a probability that municipal employees’ data was compromised. Fortunately, all online City functions were working normally, and those affected will receive breach notifications from the City of Newport.
First discovered on 9th June June, this incident received immediate attention, and the City of Newport quickly executed its response plan. Along with its internal IT staff, the City also collaborated with federal law enforcement. The investigation revealed that certain human resource information belonging to current and former employees and their spouses and dependents was exposed. These include their names, social security numbers, DOBs, addresses, group health insurance details, financial account numbers for direct deposit, etc.
The City of Newport advises all victim employees to review the statements received from health insurers carefully and to cross-check for service charges that they may not have availed. Employees are urged to adopt measures to protect themselves from phishing.