Phishing prevention cannot be assured with a single security measure, especially in recent times, when hundreds of cyberattacks take place every day. The following headlines from the past week in cybersecurity prove precisely why you need to strengthen your organization’s anti-phishing solutions.
NCSC Develops Email Reporting Service
The UK’s National Cyber Security Centre launched a Cyber Aware Campaign called Suspicious Email Reporting Service on 22nd April, in which over 5,000 suspect emails were reported within a day.
This reporting service was launched to ensure anti-phishing protection against fake coronavirus-related messages. Within just a day of its launch, the NCSC could suspend 83 web scams.
Apart from ensuring email phishing prevention, the Reporting Service will also assist the UK policing with live time analysis of reports and identification of new patterns in cybercrime. It encourages people to report any suspicious emails to firstname.lastname@example.org.
Zoom Becomes The Attack Hotspot
Off late, Zoom attacks have created serious security concerns. A recent Cisco Talos report states that attackers can attain a complete list of Zoom users within an organization.
Although Zoom has now taken measures for protection against phishing, the server vulnerability allowed any user to find all Zoom users in a network.
Based on the XMPP standard, Zoom’s flawed server setting enabled random users to request the contact information of users. Details compromised in such attacks include the auto-generated XMPP username and the user’s first and last name, email address, and phone number. These details could, in turn, be used for launching spear-phishing attacks.
UniCredit Employee Data Breach
A Romania based hacker has put up the records of around 3000 UniCredit employees on the dark web for sale. He is selling each row of 150,000 records for $10,000 and claims that he exfiltrated into the UniCredit system and stole the credentials.
It is suspected that the attacker used a malicious code insertion technique to steal the employee data. The compromised details include an employee’s name, email address, phone number, and encrypted password.
Payment Processor Leaves Database Unprotected
Security researcher Anurag Sen found a massive database left unprotected online. This database belonged to the New York-based card payments processor – Paay and contained 2.5 million card transaction records. Each exposed record contained the full plaintext credit card number, expiry date, and amount spent. Although the database didn’t include the cardholder names or card verification values, it still shows Paay’s failure at ensuring protection from phishing.
Ransomware Behind Torrance Attack
A recent post by DoppelPaymer hints at the seemingly false assurance Torrance has been giving its citizens after the breach it went through in late February. DoppelPaymer’s online post included a probation violation form from the Torrance City Attorney’s Office, a declaration in support of access to juvenile records filed with the Superior Court of California, County of Los Angeles, and a budget import audit listing. All of these suggest that their claims of zero damage to public personal data might not have been valid after all!
Though without evidence currently, if DoppelPaymer’s post proves authentic, then the city’s government will come out as unworthy of upholding phishing protection protocols. In times of an attack, all that the public expects is honesty, and the government’s reluctance to share information on the ransomware behind the attack is just not acceptable.
Stock Market Attacks Rise
The adversaries have now jumped from the government and banking systems to the stock market. They are creating fraudulent websites impersonating some of the leading brokerages.
Many customers have reported receiving phishing emails offering free brokerage during the lockdown period. Any unsuspecting user who clicks on the attached link unknowingly gives away details such as his user name, password, personal identification number, or date of birth. These details are then used to login to the investor’s trading account and buy or sell transactions on illiquid penny stocks, to the benefit of the attacker.
Such attacks have increased significantly, and hence brokerages are taking phishing email prevention measures to ensure minimal losses to their investors.
Attack on Rotorua Lakes Council
Rotorua Lakes Council is dealing with the rampant problem of phishing emails, which has been reported by some external contacts. With the most recent attack on the Council’s staff, the adversaries are impersonating their Accounts department and sending emails to the victims.
However, the Council is taking anti-phishing measures and urging the public to remain cautious and report suspicious emails. One fundamental way to distinguish between genuine and fake emails is to analyze the sender’s email address.
Security Breach At Renowned Institutions
Attackers have posted over 25,000 email addresses and passwords online. The compromised details belong to the National Institutes of Health, World Health Organization, Gates Foundation, and other groups who are leading the war against COVID 19. Australian security expert Robert Potter confirmed the authenticity of the WHO email addresses and passwords and noted that they used passwords as simple as “password,” their names, or “changeme.”
SITE Group’s findings show that NIH was the most affected with 9,938 compromised email addresses and passwords. It was followed by 6,857 records from the Centers for Disease Control and Prevention, 5,120 records from the World Bank, and 2,732 records from the WHO.
Ransomware Attacks On US Decline
The only silver lining of the pandemic COVID 19 is the surprisingly less number of ransomware attacks on the United States. Emsisoft researchers have estimated the attacks in 2020 to be as intense and frequent as in 2019, if not worse. But owing to COVID 19 and Work from Home, the number of attacks has declined, with only 89 reported attacks in the Q1.
But on the downside, attacks continue targeting the private sector despite attempts to prevent phishing attacks.
Chinese Hackers Target Gravity Co. Ltd
The Chinese Winnti Group of hackers has recently targeted South Korean video gaming company Gravity. They have launched attacks on several organizations in the immediate past. A public online malware scanning service analyzed a Winnti dropper and could extract the malware’s configuration file. They revealed that the adversaries had probably used this sample to target the video game company Gravity Co. Ltd., which is renowned for the massive multiplayer online role-playing game (MMORPG) Ragnarok Online.