The past week saw cybercriminals targeting multinational organizations and governments to steal personal data and impact their work. Here are this week’s headlines to keep you updated on recent phishing and data breach updates worldwide.
Two Swedish Municipalities Declare ‘Crisis Situation’ After Getting Hit By Cyberattack
The Borgholm and Mörbylånga Swedish municipalities declared a ‘crisis situation’ after getting targeted by a cyberattack. They confirmed an intrusion into the joint IT system the two municipalities use, making up the Öland island with a total population of 25,000. Borgholm’s municipal manager Jens Odevall said that the staff worked overnight, disconnected the districts’ official systems from the internet, and roped in experts for the councils’ incident management response.
While Borgholm’s website, hosted by an external provider, is still accessible, Mörbylånga’s website is unavailable. However, various citizen services provided by both municipalities were unavailable, including email and healthcare services. Consequently, Healthcare providers in the area started using pen and paper.
Jens Odevall did not disclose the incident’s nature, but it follows the various ransomware attacks that hit European municipalities recently, including the Belgian city of Antwerp. When asked if it was sabotage or an extortion attempt, he said: “It’s too early to say because we don’t know the details.”
A Credit Card Processing Firm Exposed 9 Million Transaction Records
Security researcher Jeremiah Fowler and the Website Planet research team discovered a non-password-protected and open database containing 9,098,506 records and PII (Personally Identifiable Information). They linked the database to a California-based Cornerstone Payment Systems Firm.
The data contained credit cards processing information like partial credit card numbers, expiration date, email address, access or security tokens, merchant names, payee names, and more. Researchers discovered that most transactions were for recurring payments or donations to charity campaigns, religious organizations, or nonprofit groups.
What the Database Contained?
- Total Exposed Records: 9,098,506
- A Folder named “Transactions”: It contained internal transaction log records, including physical addresses and email addresses, merchants, users, and customer names, phone numbers, etc.
- In a random 10,000 records sample searched for common email accounts within the data, the researchers found 1,194 Yahoo addresses, 3,641 Gmail addresses, and a few MSN, Comcast, and private email servers.
- Hackers can target these individuals or spam or social engineering scams.
DolphinCape Malware Targets Ukrainian Railway, State Agencies
Ukrainian state railway and government agencies became the latest victims of a new phishing attack wave, according to Ukraine’s CERT-UA (Computer Emergency Response Team).
The attacks involved a malicious email campaign in which attackers sent messages on behalf of Ukraine’s State Emergency Service. They included tips on identifying a kamikaze drone, feeding on the targets’ fears of the Russian use of Shahed-136 kamikaze drones for targeting Ukraine’s crucial energy infrastructure.
The CERT-UA tracked the attackers as UAC-0140 distributed the DolphinCape malware in the emails. This malicious software collects information from the compromised computer like username, bitrate, hostname, and OS version, extracts other data, runs executable files, and takes screenshots of the targeted device.
Phishing attacks comprise 60-70 percent of all cyber attacks faced by Ukraine, said Yurii Shchyhol, Ukraine’s top cybersecurity official. Since ordinary citizens and government officials lack knowledge about recognizing a phishing email, Ukraine sees numerous Phishing attacks.
Uber Suffers a Data Breach After Attack on Vendor, Leaks Information Online
Uber recently suffered a data breach after a cybercriminal leaked employee email addresses, IT asset information, and corporate reports stolen from a third-party vendor. A threat group named ‘UberLeaks’ started leaking data it claimed was stolen from Uber Eats on a hacking forum. It includes archives claiming to be source code linked to mobile device management platforms (MDM) that Uber, Uber Eats, and third-party vendor services use.
The threat group created four separate topics, allegedly for:
- Uber MDM
- UberEats MDM
- the third-party Teqtivity MDM
- TripActions MDM platforms.
Security researchers said that the leaked data consists of internal Uber corporate information and that any of its customers are unaffected. “However, the leaked data contains detailed information to conduct phishing attacks on Uber employees and acquire more sensitive information, like login credentials.”
Therefore, Uber employees must remain vigilant about phishing emails impersonating Uber IT support and report them to IT admins before responding.
Ontario’s Vaccine Booking System Suffers a Data Breach Affecting Millions, Province Says
Millions of Ontarians’ information might have been compromised in a data breach targeting the province’s vaccine booking and management system last year. The Ministry of Public and Business Service Delivery issued a notice recently that over 360,000 people will receive notifications regarding a November 2021 data breach that affected the COVAXX system.
The ministry said it worked with the Ministry of Health, Ontario’s privacy commissioner, and the police to determine the breach’s scale and impact. The ministry’s statement does not mention how it occurred. The government charged two people in connection with the breach last year.
One of the accused was the vaccine contact center employee, a 21-year-old Ottawa’s Gloucester area resident. The contact center is the branch of the Ontario Ministry of Government and Consumer Services. The other accused was a 22-year-old boy from Vaudreuil-Dorion, Que.
Police stated at the time that the province received reports of spam text messages from several entities who had used the provincial booking system to schedule vaccine appointments or access their vaccine certificates. The “fraudulent spam” messages asked people to share their personal information, said Bill Dickson, OPP spokesperson. The ministry said in 95 percent of the cases, “only people’s names and phone numbers got impacted.”
UK Defines New Rules for Apps to Boost Consumer Security And Privacy
Consumers will receive better phishing protection from malicious apps which steal their data and money, thanks to the new security and privacy rules for app store developers and operators. Responding to a call for views earlier, the UK government will request the app industry to sign up for a new code of practice that boosts security and privacy requirements on various apps and app stores in the UK.
The voluntary code of practice for app operators and developers is the world’s first initiative to protect the UK’s app market, generating over £74 billion in revenue each year.
The new measures require apps to define a process allowing security experts to report software vulnerabilities to developers, ensuring security updates are highlighted adequately to the end-users. Furthermore, the code requires apps to provide security and privacy information to the users in an easy-to-understand way.
The new voluntary rules are part of the UK government’s £2.6 billion (about $3.13 billion) National Cyber Strategy, aiming to safeguard and promote the digital economy, improve the UK’s cyber resilience and ensure organizations define the best security standards to protect their users.
Australian Telecom Firm Exposes Data of 130,000 Customers
Australian telecommunications provider Telstra informed over 130,000 customers and apologized for accidentally publishing their names, numbers, and addresses. The company blamed a “misalignment of databases” and apologized for the error.
The company also stated, “We are in the process of communicating to the customers whose details we incorrectly made available through Directory Assistance or the White Pages.”
The Sydney Morning Herald reported on the story, claiming the breach spanned a year. Telstra CFO Michael Ackland said they removed the identified affected customers from the “The White Pages’ online version and The Directory Assistance service.”
“We are conducting an internal investigation that will help us understand how it happened and ways to protect against such incidents happening again,” Ackland said.
It’s Christmas Time: Amazon Warns Its Customers Of Phishing Text Messages In The UK
As Christmas approaches, Amazon is warning UK shoppers about a text scam currently in operation. Using an SMS, attackers access online accounts to steal personal data from the victims.
How does the scam work?
It works like most smishing scams:
The victim receives an SMS that warns them about a security problem and says they must log into their Amazon account:
- “Amazon: We detected a suspicious login into your account on 27/09/2022 at 15:10:08 UTC. If not you, you can terminate the session via [https://checkup-amazon.com].”
- The user opens the link in the message and gets redirected to a website that resembles Amazon.
- They use their Amazon username and password to log into the website.
- New page loads that request additional information (name, phone number, address, date of birth, etc.) to “confirm their identity” and terminate the malicious session mentioned in the text message.
- However, the website is entirely fake, and the scammers gather valuable personal data that they can use to break into the victim’s Amazon account – or commit other crimes like identity theft.