Phishing attacks and social engineering tactics are only the first steps involved in a threat actor’s modus operandi, which are deployed to lure the end-user into divulging a crucial piece of information, which malicious actors can misuse for nefarious purposes. Thus, if only you stay abreast of the latest phishing hacks and adopt measures for protection against phishing, you would be able to thwart a significant portion of cyberattacks on your business. To this end, here are the top phishing headlines this week.
Data Breach Hits Jefferson Dental and Orthodontics, Texas
Over a million Texans may have their data exposed owing to a breach at Jefferson Dental and Orthodontics – one of Texas’s largest dental care providers. Jefferson Dental has around 72 offices across Texas, and the latest breach has reportedly compromised the details belonging to 1,026,820 Texans. As part of its measures for phishing attack prevention, the dental care provider reported the incident to the Texas Attorney General’s Office. The episode also made it to the state’s website. This breach is significant because it is the largest cyber-attack reported to the Texas Attorney General since the new notification law was implemented in September 2021.
The new law mandates organizations to report data breaches impacting over 500 individuals to the Texas Attorney General’s Office, and the state then publishes the list of these data breaches online. Jefferson Dental and Orthodontics also sent out breach notifications to its affected patients, informing them that there is no evidence showing the misuse of the exposed information. The notice also mentioned the type of patient information disclosed, including driver’s license numbers, Social Security numbers, financial information, health insurance information, etc.
The malware attack was first discovered on 9th August 2021, and Jefferson Dental began its investigation soon after. The breach notification was released after the analysis was complete in January 2022.
Iranian Hackers Leak Personal Details of Mossad’s Director
Israel’s national intelligence agency (Mossad) director David Barnea recently became the target of a Telegram scam where Iranian hackers claimed to publish videos, photos, and documents obtained from a phone used by Barnea’s wife. The adversaries posted the said files on an anonymous Telegram channel which had less than a hundred followers and was created just a day before the Barnea dump.
Later reports confirmed that the video was posted on a Telegram channel called ‘Open Hands’ and was part of a lengthy intelligence operation against Barnea (who became the head of Mossad in June 2021) that started in 2014. A post on the channel read, “We’ve got a small gift for the Mossad; ‘With LOVE for David.’ Happy Purim.” The Mossad continues to investigate the incident. It further mentioned that the information leaked is old (hence irrelevant), but the leak exposed information on Barnea, including a copy of his ID card, plane tickets, tax documents, satellite pictures of his home in central Israel, photos from one of his family vacations at Copenhagen in 2014 and a video with captions in English, Arabic, and Hebrew.
Electoral Services Department of Wandsworth Council Exposes Residents’ Email IDs
The electoral services department of Wandsworth Council in the southwest of London recently sent out a routine email to registered voters but exposed their personal details in the process. This negligence by the council culminated in sending voter identity details to the wrong recipients. Resultantly, around 13% of local residents (43,000 voters) received the names, voting instructions, and addresses of people outside their households.
The council sent an apology email to affected victims and assured them that no electoral fraud could be conducted using the exposed data. In a follow-up email, the council asked recipients to delete the erroneously sent email and justified its own negligence by saying that the leaked data was available on a public electoral register anyway. This concluding comment does nothing to address the concerns and fears of voters and instead evokes the unreliability of the Conservative majority council, opines Fleur Anderson (Labor MP for Putney).
At this point, we can only hope that such incidents do not happen again and that the council adopts necessary phishing prevention measures. It is unlikely that the Information Commissioner’s Office (ICO) will launch any formal investigation on this.
Ransomware Hits Greek Postal Services ELTA
The state-owned postal services provider in Greece – ELTA, recently underwent a ransomware attack that brought down most of its services. ELTA announced the attack soon after discovering it and mentioned that the organization could contain the attack’s spread by adopting immediate phishing protection measures and isolating the entire data center.
ELTA eventually shared further details of the attack and claimed that the adversaries entered one of its workstations using an HTTPS reverse shell and exploiting an unpatched vulnerability. It is assumed that the adversaries wanted to encrypt systems critical to ELTA’s business operation. However, ELTA has not shared whether any ransom demands were made.
Since cyberattacks usually involve data theft, ELTA has informed the Greek consumer data protection authority about the incident. Its services largely remain disrupted, and ELTA is uncertain when it can resume services again. Further, users have taken to the ELTA Facebook page to report their failed attempts at tracking parcels or accessing its web labeling services.
ELTA’s IT team is currently working hard to scan its computers (over 2,500) for malware and is installing security tools to prevent such an incident from happening again. ELTA recommends that customers use its subsidiary ELTA Courier until all services are restored.
Anonymous Targets Omega Company
Omega Company is the in-house R&D unit of the Russian oil pipeline giant – Transneft. The ransomware gang Anonymous recently targeted Omega Company and stole its confidential data. The threat actor reportedly stole 79 GB of emails belonging to Transneft, the largest global oil pipeline company. The stolen data was then published on a data leak site – Distributed Denial of Secrets.
The data stolen from Transneft’s Omega Company contains the email accounts data of employees, technical equipment configurations, invoices, and product shipment information. An analysis of the leaked data revealed that some of the emails were as recent as 15th March 2022. On a somewhat surprising note, Distributed Denial of Secrets said that it dedicated this breach to Hillary Clinton, who seemed to have made some comments in an interview in support of cyberattacks against Russia.
Data Breach Hits HubSpot
Customer relationship management (CRM) tool HubSpot recently underwent a data breach that affected some clients like Swan Bitcoin, BlockFi, NYDIG, and Circle. Companies commonly use HubSpot to onboard new users and manage marketing campaigns. Fortunately, the breach did not affect the operations of HubSpot’s clients in any significant way, and their treasuries remain risk-free.
Clients use HubSpot to store their users’ details such as names, email addresses, phone numbers, etc. While the hack compromised these user details, the involved companies assured that passwords and other internal information remained unaffected. HubSpot claimed that the breach occurred because adversaries could access one of its employee accounts and used it to target around 30 stakeholders in the crypto industry. The list of these companies has not been released so far.
As a result of this attack on HubSpot, some users are receiving an increased number of phishing emails leading them to a fake credential-stealing website. While HubSpot does its part in ensuring anti-phishing protection, users are recommended to do their bit for enhanced security.
Cyberattack Hits National Rifle Association (NRA)
The National Rifle Association’s political action committee (PAC) recently submitted a filing to the Federal Election Commission (FEC) informing of a cyberattack it underwent last year. While this may seem like a measure to prevent phishing attacks, this PAC filing comes after the organization failed to resolve a financial discrepancy related to donations.
A ransomware gang called Grief took ownership of this attack on the gun lobby’s servers in October 2021 and claimed to have stolen its sensitive internal documents. Grief actors also attached screenshots of the stolen data to prove its claim. When Grief disclosed the attack last year, the NRA did not comment on the issue, but now when things seem out of control, it has admitted the truth and accepted that it got pwned on 20th October 2021.