The digital world struggles to ensure phishing prevention at every step. While some attacks get withstood, most attacks are successful and rob organizations of their time, resources, and money. Following headlines describe such attacks from the past week:
Saudi On Guard Against Cyber Attacks
A good number of the CEOs from Saudi Arabia fear that cyber-attacks will pose a serious security threat for them shortly and hence are already taking anti-phishing protection measures. They are doing all that is within their capacity to evade such attacks and to strengthen their network and security infrastructure.
The KPMG CEO Outlook survey marks a 16% increase in the number of businesses who view security as a vulnerable aspect in Saudi Arabia. Some of the measures taken by them include:
- Hiring skilled people.
- Collaborating with cybersecurity providers.
- Training 800 youth via their program called CyberPro.
- They also propose to introduce a cybersecurity scholarship in association with the Ministry of Education.
Ransomware DoppelPaymer Up With A New Scheme
Earlier attackers used to blackmail victims for ransom and sell their data on the dark web in retaliation. But the latest trick is called ‘name-and-shame.’ The masterminds behind DoppelPaymer ransomware are now keen on harming the reputation of victim organizations.
They have launched a site called ‘Dopple Leaks‘ that will leak files and shame victims who refuse to pay the ransom. All sensitive information of the victims will be out in the open on the Dopple Leaks site. They are currently targeting four companies, but such malicious tactics can be avoided by taking proper phishing attack prevention measures.
Researcher Finds A Security Flaw In iPhone
German researcher Tommy Mysk recently discovered a flaw in the Cut-and-Paste feature in iOS devices. The vulnerability lets an attacker access the private information of users such as GPS coordinates, passwords, and banking data, among other details.
Mysk created a PoC app – KlipboardSpy and an iOS widget – KlipSpyWidget, which indicates the number of malicious apps on iOS devices. KlipboardSpy and KlipSpyWidget exploit any cut-and-paste data temporarily stored in an iPhone or iPad’s memory.
To ensure protection from phishing, Mysk seeks the introduction of new permissions by the app enabling users to allow access to the pasteboard data. The auto-deletion of location information from photos after copying them to the pasteboard is another safety measure he suggests for the operating systems.
Transavia Leaks Passenger Data
80,000 Transavia passengers suddenly get notified after five years that authorized people may have accessed their travel details. The low-cost Dutch airline Transavia recently announced about the breach that was caused by “unwanted access” of passenger details stored in an email inbox. These details include the date of birth, luggage reservations, and special assistance required by passengers.
The breach affects all those people who traveled with the airline from January 21st to January 31st, 2015 but doesn’t include passengers who flew to Egypt, the Canary Islands, or Lapland in Finland.
Although Transavia hasn’t disclosed the purpose of storing details dating back to five years, they did mention focusing on their anti-phishing solutions as one of their immediate goals. In its defense, the airline claims that no significant cyber attack can be possibly launched with details as minimal as names, dates of birth, and flight data of passengers.
Security Breach At Ordnance Survey
The U.K. based mapping agency Ordnance Survey recently underwent a security breach that affected 1000 of its employees. They believe that the attackers employed a phishing scam to get into the CFO’s email account. Although this attack compromised no customer information, it did affect the agency’s employees who are now being trained to ensure protection against phishing.
Ordnance Survey was quick to take anti-phishing measures and also got the privacy watchdog ICO involved. They claim that their preventive measures are sound enough and do not plan to take any further action.
Data Breach At Transmit Security
Security provider Transmit Security recently underwent a data breach that affected email addresses, passwords, phone numbers, and other sensitive information of customers. Initially, it was notified that more than a thousand clients were affected, but later, the firm announced that passwords weren’t compromised in the breach.
Transmit Security has an association with several large banks such as T.D. Bank and the First International Bank of Israel. The breach was identified by a researcher who informed customers about it. He claimed that the adversaries exploited NextCloud to steal data. Among compromised information are also the source code, binaries, and communications between Transmit Security and clients. However, Transmit security’s head for field engineering – Craig Currim denied the breach source code in the attack.
Skimmers Steal Reprint Mint Photo Card Data
For over 2.5 years, attackers have been secretly infecting Reprint Mint photo store with skimmers or sniffers – scripts that steal card details of customers. Eighteen skimmers or sniffers – scripts have been identified since August 2017 on Reprint Mint photo store with multiple skimmers working on the site on several occasions.
Sanguine Security found a skimmer on the Mint photo store that ran for 1.5 years before being replaced by another script on February 1st, 2019. Yet another skimmer was seen on August 1st, 2019. Six different scripts were identified by December 2019.
It is unsure whether the store is deploying anti-phishing tools as two malicious scripts continue to remain active even today.
Ransomware Hits U.S. Electricity Provider
The U.S. electricity provider Reading Municipal Light Department (RMLD) was hit by a ransomware attack last Friday. Although they didn’t disclose how the attack happened or the amount of ransom demanded, the RMLD authorities refused to succumb to the demands. They are instead using anti-phishing services and collaborating with an external I.T. consultant to recover their files.
The attack did not interrupt power supply, and neither has it compromised financial data of customers. They informed customers about the attack via Twitter. The issue has now been resolved, and nothing beyond a customer’s name, address, email address, and power consumption details are likely to have been affected.
Australian Banks Receive Ddos Attack Threatening
In line with the recent attacks on Australian organizations, their banks, and the financial sector recently received threatening DDoS on non-payment of a ransom in Monero. The attackers are emailing victims to propagate their attack.
Meanwhile, the Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) is taking every possible phishing protection measure. ACSC has extended a security threat advice requesting organizations to take steps to prevent phishing attacks so that their operations continue uninterrupted even if there is a DDoS attack.
Corona 19 Real-Time Status Scam
Attacks once again use CoronaVirus to install malware on users’ devices. This time the malware is an executable program (EXE) with file names like ‘Corona’s domestic status’ or ‘Corona’s real-time corona status.’ On the surface, the file shows actual statistics related to patient information such as release, death, and under test. But in the background, it automatically installs malicious code in the user’s device.