Here are the weekly news headlines from the cyber world that will leave you astounding and compel you to rethink your phishing attack prevention measures:
Cathay Pacific Pays Hefty Fine
Hong Kong’s flag carrier Cathay Pacific was recently fined $640,000 by the UK’s data privacy watchdog. This comes after the airline’s inability to protect customers’ personal data from a 2018 security breach. This breach had exposed the details of over 9.4 million customers, 111,578 of whom were residents of the UK.
On its part, the airlines said that it is now adopting phishing prevention measures to enhance its security in data governance, network security and access control, education and employee awareness, and incident response agility. They have spent extensively on security and have also extended their support to security watchdogs and authorities.
Why Avoid Easy Passwords?
The security company F-Secure tells why people must avoid using weak or default passwords. F-Secure witnessed a massive rise in threats to the Internet of Things (IoT) devices. As per their research, if the adversaries discover a vulnerable device, they immediately try and gain access to it.
F-Secure informs that hackers usually begin their attempt by trying the obvious passwords such as ‘admin,’ ‘12345’, ‘default,’ ‘password,’ and ‘root.’ UK’s National Cyber Security Centre (NCSC) found in research that the password ‘123456’ was used 23 million times in breaches.
The UK has recently circulated guidelines asking internet users to use strong and unique passwords as a phishing protection measure.
Barenpi Against Fraudulent Transactions
A group of scientist-professors from Lovely Professional University (LPU) in Punjab recently developed a digital security algorithm that promises to prevent phishing attacks and fraudulent online transactions. The algorithm is known as BaReNPI (after its properties of balancedness, resilience, non-linearity, propagation, and immunity). BaReNPI increases the randomness in the generation of user-authenticity tests like one-time passwords (OTPs) and CAPTCHA, thereby making it difficult for adversaries to crack compared to Advanced Encryption Standard 256 (AES 256).
Lead scientist Geetha G informs that algorithms like BaReNPI are also used by messaging apps like WhatsApp and are a global necessity. She claims that these algorithms promise better digital security.
Mailto Ransomware Uses Windows Explorer
Discovered in August 2019, the Mailto (NetWalker) ransomware uses Windows Explorer to evade detection. Mailto targets both home users and enterprise networks and tries to encrypt all Windows devices connected to the targeted devices.
After injecting the payload in a device, Mailto gains control over the compromised device and deletes system shadow copies. This stops a victim from restoring the lost files. Mailto is still being analyzed, and it remains uncertain whether there are any weaknesses in its encryption algorithm that can be exploited to decrypt locked files. Protection from Mailto (NetWalker) can be achieved by conducting thorough research on the malware and its characteristics.
Cyberattack Hits Coastal Bend College
The Coastal Bend College has been shut since this Monday due to a cybersecurity threat, and it shall remain closed till Friday, 6th March 2020.
The school notified students about the incident via a Facebook post where they mentioned that a network disruption had infected their phones, website, and other systems. It further informed the students that they’d extend deadlines for assignment submissions and payment plans.
To ensure protection from phishing, the school has hired a cybersecurity firm. Further updates are to be available only when the operations of the college are restored.
No Messing With US Elections
The leader of US Cyber Command (branch of the Department of Defense) Gen. Paul Nakasone announced that what happened in the 2016 presidential elections will not happen this time. Two hundred forty-four days away from the 2020 presidential elections, every anti-phishing protection measure is being taken to ensure election security.
Leaders from various federal agencies are warning citizens to be careful against foreign influence campaigns on social media. They claim that preparedness to election threats has never been more robust.
Ryuk Attack On EMCOR Group
The US-based Fortune 500 Company EMCOR Group announced on its website three weeks back that ransomware has brought down some of its systems. This attack has been identified as a Ryuk ransomware attack, which brought down the company’s systems on 15th February.
Although not much was disclosed about the attack, the company assured that no employee or customer data had been mishandled. They are now adopting anti-phishing solutions to restore their systems. It is unclear whether they have paid the ransom or are restoring from backups.
EternalBlue Remains A Threat
The exploit that leaked three years ago – EternalBlue is still a significant threat to unpatched Windows servers surfing the Internet. Although the vulnerability rate has decreased significantly, still, at least a 100 sources use it to attack systems every day. These findings of the cybersecurity firm Rapid7 suggest that over 600,000 servers still allow Server Message Block (SMB) connections on the Internet.
Chief Data Scientist for Rapid7, Bob Rudis says that malicious actors always find ways to do what they want and that there is no escaping them. He adds that there is no way to secure the running of SMB on the Internet. Chief Technology Officer of the security firm, McAfee, Steve Grobman, adds that the anti-phishing measures are not at par with the existing and rising vulnerabilities.
Data Breach At J.Crew
Specialty retail company J.Crew underwent a data breach about a year ago, which was concealed from customers until recently. The breach exposed the login credentials and personal information of users, such as the last four digits of their payment cards, expiration dates, card types, billing addresses, and other minute details like order numbers, shipping confirmation numbers, and shipment status.
To ensure protection against phishing, J.Crew has disabled affected accounts and asked customers to get in touch with J. Crew Customer Care Center to reset their passwords. They claimed that no additional customer information had been compromised.
Data Breach Throws Zynga Inc. In Trouble
Two litigants have filed a lawsuit against the gaming company Zynga Inc. for failing to safeguard the personal information of players. This data breach exposed the details of 173 million users. The company hasn’t been direct in informing users of the breach and only hinted at the breach in its posts online.
The litigants (one of whom is a minor) mentioned in the lawsuit that the player details like usernames, email addresses, login IDs, password reset tokens, Facebook IDs, Zynga account IDs, and passwords stored with outdated cryptography have been affected in the breach.
They further added that Zynga misguides users of having subscribed to sound phishing protection service but are only concerned about their reputation and safety in reality.