Phishing continues to be a significant security threat for individuals and enterprises alike. This week’s cyber news is no different, but one can ensure that the same mistakes aren’t repeated for their organization with the proper phishing prevention measures and keeping abreast of the latest modus operandi adopted by threat actors. Therefore, we bring you the most recent phishing news
REvil Ransomware Hits Asteelflash
French electronics manufacturing services (EMS) company Asteelflash recently underwent a REvil ransomware attack. The threat actors are now demanding a $24 million ransom. Their initial demand was $12 million, but it was doubled because Asteelflash missed the ransom deadline.
A Tor negotiation page containing the conversation between Revil and Asteelflash reveals that the adversaries had shared a sample file containing the stolen Asteelflash records. The EMS Company has shared not much except the fact that their investigations are ongoing. Whether the attack was successful is still a mystery, but as long as Asteelflash adopts anti-phishing solutions, there is some assurance of security.
Major Linkedin Leak Exposes 500 Million User Records
An adversary has recently posted a data archive containing profile details of around 500 million LinkedIn users on a popular hacker forum. This data includes the full name, phone number, email address, occupation, designation, etc. The post author has also provided a proof-of-concept sample containing 2 million records. While the samples can be viewed with $2 worth of forum credits, the primary database won’t be given away for less than a 4-digit sum in bitcoin.
Just days after this post, another malicious actor posted a LinkedIn profile database, this time containing an additional 327 million scraped profiles. This takes the total count of scraped profiles to 827 million, which surprisingly exceeds LinkedIn’s actual user base of 740 million. However, the company has confirmed that its phishing protection measures are in place. They further informed that this data is perhaps an aggregation of data from other websites as their website or employee accounts haven’t been involved in any breaches.
Ransomware Hits National College Of Ireland and TU Dublin
The Technological University of Dublin and the National College of Ireland (NCI) recently underwent ransomware attacks. Consequently, their IT systems were disrupted. As the universities work on restoring their IT systems, students have been instructed to refrain from using campus IT systems until further notice.
The NCI is taking robust anti-phishing measures and working in collaboration with the national police service of the Republic of Ireland and the Data Protection Commissioner to investigate the incident. The Library service, Model, and the current students’ MyDetails service are reportedly down since the attack. The campus building remains closed, and IT systems are suspended. All classes and pending assignments have been rescheduled and postponed.
As for the Technological University Dublin (TU Dublin), its Tallaght campus was affected by the attack. While some ICT systems are affected, secure remote access to key services is mainly operational. An email from the college ensures students that the attack doesn’t involve any process on the City and Blanchardstown campuses or the ICT systems. The ransomware actor responsible for the attacks remains unidentified.
Data Breach at Carding Mafia
Carding Mafia is a credit card stealing and selling platform which recently underwent a cyberattack. An estimated 300,000 of their 500,000 users had their accounts compromised, but the forum is yet to notify them of the breach. The compromised Card Mafia account details include the usernames, email addresses, IP addresses, and hashed passwords.
Another threat actor surfaced parallelly on another hacking forum with details of the illegal carding site. He was giving away the database for free on his private messaging inbox. Researchers suspect that this move is in pursuit of creating a reputation in the dark market. The breach probably began from a zero-day vulnerability on Card Mafia’s software. If someone thinks that cyberattacks don’t threaten threat actors, this news is proof that protection against phishing is crucial for even illegal carding sites like this.
New Revelations in the Belden Breach
Belden is a renowned specialty networking solutions provider that underwent a sophisticated data breach in November last year. Information related to current and former employees and business partners was compromised in the attack. The PII of Beyden employees and partners was the only data that seemed to have been compromised in the incident.
However, the company has recently notified that the health-related information of users may have been exposed. Their investigations into the breach continue, and the recent revelation suggests that PII of dependents, spouses, and relatives of employees along with their Personal Health Information (PHI) was also exposed. Belden is notifying all affected individuals and offering them free credit monitoring services. Since the company is taking measures to prevent phishing attacks, affected users too should do their part and take necessary phishing attack prevention measures.
Major Data Breach at Illegal Carding Store Swarmshop
In another cyberattack at a hacker forum, the carding store Swarmshop was a target. The users of this illegal credit card and banking data stealing and selling platform had their data points exposed. Besides, the details of four site administrators, 12,250 buyers, and 90 sellers were compromised. The database also included the account balance, nicknames, hashed passwords, contact details, etc., of cybercriminals. While this attack may be befitting the cybercriminals, ordinary citizens are at an equal (if not greater) risk. This is because these hackers have a rich data trove of information stolen from citizens. Consequently, over 68,995 Social Security Numbers and 623,036 card details of US citizens are leaked.
While this data has been compromised before, the recent leak implies that it’s more widely circulated now, and hence there’s increased cyberthreat for victims. All those who have been victims of security scams in the recent past must adopt the phishing prevention best practices for security.
Data Breach Hits the CHPDC
The Community Health Plan District of Columbia (CHPDC) recently underwent a data breach. Consequently, the sensitive data of many of its customers were compromised. The CHPDC is working in collaboration with the Attorney General’s Office for the District of Columbia, the FBI, and the cybersecurity group CrowdStrike to get to the attack’s roots.
The CHPDC hints at some sophisticated, foreign cybercriminal enterprise to be behind this attack. The compromised customer information includes their names, DOBs, phone numbers, addresses, and Medicaid identification numbers. It has assured customers that their Social Security numbers were not involved in the breach. As part of its measures for protection from phishing attacks, the CHPDC extends free credit and identity theft monitoring services to all affected customers for two years.
Data Breach Hits Michigan State University
Bricker & Eckler LLP is the parent company of the MSU Title IX contractor INCompliance Consulting, which is in charge of handling discrimination, sexual misconduct, and relationship violence complaints on the campus of MSU. Bricker & Eckler LLP underwent a ransomware attack in January 2021 and took necessary anti-phishing measures. But a recent revelation suggests that data belonging to some 350 people at the Michigan State University (MSU) may have been compromised in this incident.
The exposed details include the names, driver’s license numbers, social security numbers, addresses, medical or education records. The records further included the scheduling emails, investigation reports, and final determinations of registered complaints. The MSU has informed the students, staff, and faculty of the latest update regarding this breach stemming from INCompliance Consulting. While MSU uses anti-phishing services for security, six people’s data associated with the MSU investigations have been exposed, and there isn’t anything they can do about it now!