Phishing prevention and ransomware protection are crucial to cybersecurity. However, to know the latest threats, one needs to be thorough with the news headlines as malicious actors are getting smarter by the day and adopting even innovative tactics to lure the typical netizen into disclosing their credentials. Following are the top phishing headlines from the last week:
Ransomware Hits 200 Networks, LLC
An unprotected database belonging to the Reno-based company 200 Networks, LLC was recently found online. The unencrypted database contained around 1,481,280 phone call records and Voice Over Internet Protocol (VOIP) data. What makes it a risky revelation is that the database was online for around 24 hours and kept registering more real-time call records. While some were call-backs, most of the registered calls were outgoing. Upon discovering the security flaw, 200 Networks, LLC quickly took anti-phishing measures and made the database private. While it was up and publicly available, any attacker could have easily accessed, edited, deleted, downloaded, and compromised the user records.
This exposed stakeholders to a plethora of attacks because of their leaked PII (personally identifiable information), caller ID, SIP (Session Initiation Protocol), IP addresses, etc. Researchers suggest that this could have been a ransomware attack since they traced signs of an automated Meow bot attack.
Ransomware Hits Harris Federation
Harris Federation – the London-based nonprofit comprising 50 primary and secondary academies that educate over 36,000 students underwent a ransomware attack on 27th March 2021. Its IT team quickly adopted phishing attack prevention measures and shut down all systems, including the landline and email systems and students’ devices. The federation calls it a highly sophisticated attack and investigates it along with the National Cyber Security Centre, the National Crime Agency, and a cybersecurity firm.
The attack on Harris Federation is not the only one on multi-academy trusts in recent times. The federation points out that at least three other multi-academy trusts were attacked in the same month. Such updates are quite expected as even the FBI had warned about increased ransomware attacks on the UK and US-based educational institutions in recent times.
Cl0p Ransomware Exposes Data From Six US Universities
Six US universities that fell victim to the attacks of the notorious Cl0p ransomware group now have their confidential data such as passport information and financial data posted online. These documents belong to the staff and students of these universities. Cl0p ransomware is known for its technique of infecting one compromised machine with ransomware first and then threatening to leak the compromised files on the dark web if the demanded ransom isn’t paid. The victim universities from the latest attack include the Yeshiva University, the University of Miami, the Stanford University, the University of Maryland, the University of California, Merced, and the University of Colorado Boulder.
The compromised files include the requests for tuition remission paperwork, federal tax documents, tax summary documents, passports, and applications for the Board of Nursing. The victims of the attack need to adopt phishing prevention best practices because their PII is at stake. Cl0p is known for its double extortion attacks. Even if the universities meet the ransom demands, there are high chances that the names, photos, social security numbers, and other sensitive details of victims will be sold to other threat actors on the dark web.
Ragnarok Ransomware Hits Italian Company Boggi Milano
With over 190 stores in 38 countries, the Italian men’s clothing brand Boggi Milano underwent a data breach recently. Although its online operations remain uninterrupted, the company lost 40 GB of data in the attack believed to be by the Ragnarok ransomware gang. Both Ragnarok and Boggi Milano share the same facts about the security incident: the 40 gigabytes of exfiltrated data include salary information and human resources files.
A further investigation revealed that payment PDFs, payroll files, tax documents, vouchers, etc., were compromised in the breach. The ransom details aren’t disclosed yet, but this incident proves that cyberattacks can target any industry and company. Hence, having a backup strategy and a phishing protection plan is essential for all businesses.
New York Foundling Organization Leaves Unsecured Database Online
One of the oldest and largest charities in New York – the New York Foundling organization, recently left an unsecured database online. This unencrypted database contained over 2,000 CSV and TXT files, with thousands of entries related to patients and employees. Apart from the PII of patients, the database stored over 13,000 records on vaccines, patients’ or their relatives’ contact details (even social security numbers in some cases), employee details (names, employee IDs, etc.), insurance details of notes, etc.
The publicly accessible database was stored on an unsecured Microsoft Azure Blob, and anyone with the URL could have easily accessed the data while it was online. However, Azure took measures for protection against phishing and secured the database soon after receiving the report by CyberNews. While the New York Foundling organization has not acknowledged the incident or made any comments, it’s advised for stakeholders to take anti-phishing protection measures and closely monitor their financial statements.
European Telecos Need To Stop Oversharing
Tala Security’s study reveals that data exposure caused by unaddressed problems is a significant cybersecurity issue among the top European mobile providers. Such negligence has a direct impact on over 253 million customers who share their data with these providers. The Tala Security research states that around 19 third parties have access to the banking, passport, and other credentials shared via forms. A majority of websites are vulnerable to Magecart and cross-site scripting (XSS) attacks.
Thus, unintentional data exposure is a very pertinent cybersecurity issue. Telecos need to make data security and anti-phishing solutions a part of the rich website experience they provide.
Conti Ransomware Demands $40 Million From US School
Increased ransom demands now accompany the increasing ransomware attacks. The Broward County Public Schools (BCPS) in the USA was attacked by threat actors last month. While the school refrained from revealing details about the incident, the Conti ransomware gang has taken ownership of the attack. Conti is demanding a ransom of $40 million, the highest ransom demanded to date after the REvil attack on Acer, where they asked for $50 million.
The Broward County Public Schools (BCPS) is the sixth-largest in the USA and facilitates free education for over 261,000 students and 110,000 adult students in 241 schools, technical colleges, and 92 charter schools. After the ransom negotiation process, the amount was brought down to $10 million, but it still exceeded the $500,000 budget of the BCPS. Consequently, the threat actors posted screenshots of the negotiation conversation with BCPS. The school representative was in shock hearing the demand. Whether the school decides to pay or not, students, parents, and staff must take measures to prevent phishing attacks.