Here are the most recent developments in phishing prevention across the globe. The attacks from the past week shall perhaps enable you to rectify all loose ends in your online networks.
Hacker Impersonates White House Home Page
In another COVID 19 cyber attack, the adversaries have sent out emails to American citizens from a “Valentina Robinson” impersonating the White House. The email comes with grammatical and spelling errors (“carantine” for quarantine and “pamdemic” for pandemic) and instructs users to download an attached document containing new guidelines related to the epidemic.
Downloading the document installs malware into a user’s system. Two emails are being circulated. One is titled “The White House Instruction for coronavirus”, and the other is titled “President Guidance for coronavirus”. Users are advised to take email phishing prevention measures to ensure safety.
Hacking Prank Targets Kremez And Malwarehunterteam
The security researchers Kremez and Malwarehunterteam are now targeted by MBRLockers to tarnish their image by first making a backup of the original MBR of the computer to a safe location and then replacing it. The malware downloads itself from free software and cracks sites before people realize that they are getting locked out of their computer before Windows starts.
The PC then displays a message saying that Vitali Kremez and MalwareHunterTeam have launched a malware attack on their system, which is bogus.
Although there are no anti-phishing solutions for this right now, research is ongoing, and victims can expect a recovery method soon.
SBI Warns Of Scammers
The State Bank of India (SBI) has warned its customers via Twitter to watch out for attackers using http://www.onlinesbi.digital (a fake website) and asking them to update their password or account information. These scammers are also impersonating SBI’s net banking page. Protect yourself from phishing and verify the authenticity of a URL before clicking on it. With so much that is similar to the real app, users get swayed by these fake apps.
Customers must inform about such fake pages through e-mail at firstname.lastname@example.org and email@example.com. They may also report such messages to the government’s cybercrime branch.
Pakistani Hackers Post 115 Million Users’ Data Online
The Pakistani cybersecurity company – Rewterz Threat Intelligence recently found a database on the dark web selling data belonging to 115 million mobile phone users. This data included the full name, complete address, mobile numbers, CNIC and NTN numbers of the victims. The attackers have put up this database for sale and are demanding USD 2.1 million for it.
The phishing protection service suspects the breach to be channelled through telecom companies who are perhaps not transparent about the same to their customers.
SFO Discloses Data Breach
The San Francisco International Airport (SFO) recently disclosed a data breach that hacked two of its websites – SFOConnect.com and SFOConstruction.com, in March 2020. The SFO suspects that the attackers may have compromised login credentials of users registered on the two breached sites.
All those users who accessed the compromise websites from outside the SFO network through Internet Explorer on a Windows-based device are more vulnerable to this hacking scheme. To ensure protection from phishing, SFO has instructed users to reset passwords for all SFO-related email and network.
500,000 Zoom Account Details Up For Sale
Hackers are selling over 500,000 Zoom accounts for less than a penny each and even giving away details for free. While some of these account details were collected in previous data breaches, they are still selling these details for giving hackers the option to try and see if people are again using the same passwords.
However, the cybersecurity intelligence firm Cyble has managed to purchase 530,000 Zoom credentials (email address, password, personal meeting URL, and the HostKey) for less than a penny each at $0.0020 per account. They are now informing the affected users of probable breaches.
Ransomware Hits Manitoba Law Firms
Maze ransomware hit two Manitoba law firms recently. The CEO Kristin Dangerfield hasn’t disclosed which the two firms are or whether they will pay the undisclosed amount of ransom. The computer systems of both firms have been brought down which has locked all their client lists, emails, accounting and financial information, photos and other digital files.
The CEO expects the law firms to inform affected customers and take necessary phishing protection measures.
Ransomware Hits Energias De Portugal
A significant energy producer Energias de Portugal (EDP) was recently hit by the Ragnar Locker ransomware which has locked all their files. The attackers have stolen more than 10TB of confidential company data and have demanded a 1580 BTC ransom ($10.9M or €9.9M), failing to pay which will lead to a leak of this data.
No anti-phishing measures seem feasible to EDP at this point as the adversaries have openly threatened them and have already leaked some files including an edpradmin2.kdb file which is a KeePass password manager database exposing login names, passwords, accounts, URLs, and notes of EDP employees.
12,706 Apps With Backdoors Identified
A recent study by researchers at Ohio State University, New York University and CISPA Helmholtz Center for Information Security identified 12,706 Android apps with hidden backdoors. These include secret access keys, master passwords, and hidden commands enabling users to access admin-only functions. But most importantly, these flaws allow an attacker to gain unauthorized access to a user’s account.
These findings were shared with the app developers, some of whom are already working on fixing these patches and ensuring protection against phishing.
New York’s Govt. Network Hacked
The computer network of New York’s state government recently underwent a cyber attack. This attack compromised motor vehicle records and payroll information for the 250,000 employees of New York’s state agencies and public universities.
For ensuring anti-phishing protection, the state has collaborated with the FBI. Some sources claim that a foreign actor is responsible for the attack. Richard Azzopardi (senior advisor to NY Governor) has informed that no personal data of any New York resident, employee, or other individuals have been compromised in the attack.