Cyber adversaries who launch phishing attacks leverage the mindset of the unaware users; for instance, they assume the phishing email to be coming from a legitimate source and end up disclosing their critical information to the threat actor. The bad news is that there is no one-hundred-percent full-proof phishing prevention strategy, but the good news is that the majority of phishing scams can be avoided if users keep themselves abreast of the latest techniques and modus operandi of threat actors, which is why we bring you the top phishing headlines this week
Nobelium Attacks Constant Contact
The hacker group Nobelium is using the cloud email marketing service Constant Contact to launch a phishing campaign. This same group was responsible for the SolarWinds attack, and now it has reached around 3000 email addresses across 150 organizations. The entry point is believed to be the Constant Contact account of the United States Agency for International Development (USAID).
Constant Contact is a mass mailing service that essentially means an enormous infected population when a cyberattack strikes. Fortunately, most of the emails were blocked and marked as spam by the automated systems. It was a high-volume campaign leading to the auto-rejection of most of the infected emails. Still, there are high chances of the automated systems delivering at least some emails to targeted recipients. The Nobelium phishing emails contained a link which when clicked, installed a malicious backdoor on user devices. This backdoor can then steal user data and also infect other computers on a network. Constant Contact has taken phishing attack prevention measures and disabled the affected accounts. It has informed law enforcement and is notifying all impacted customers about the breach.
Ransomware Hits Fujifilm
Fujifilm is a renowned name in the world of optical films and cameras. Headquartered in Tokyo, Japan, Fujifilm or Fuji recently underwent a ransomware attack that partially shut down its network. As Fuji investigates the breach, it has kept external correspondence at a halt and suspended all affected systems.
The attack was first discovered on 1st June 2021. Fujifilm USA posted a notice about the same on its website, stating that its phone and email system might be unoperational owing to the cyber incident. As Fujifilm adopts anti-phishing measures and reinstates its systems, it apologizes to business partners and customers for the inconvenience caused.
Altdos Attacks Audio House
The electronics retailer Audio House was recently attacked by the hacking group Altdos, which may have led to the compromise of the personal data of about 180,000 customers. Audio House uses a third-party payment gateway to handle its transaction, which ensures that no credit card information was affected in the breach. However, users’ details, such as their names, home delivery addresses, email addresses, contact numbers, past sales transaction records, etc., were exposed.
Altdos claims to have access to the membership database of Audio House and is blackmailing the retailer based on that. Audio House has emailed all customers and reported the police about the breach. As part of its phishing protection measures, the retailer has hired a team of experts to investigate the breach. Its website shall be temporarily down as Audio House strengthens its firewall and incorporates necessary security patches.
Confidential British Army Database Circulating Freely On Whatsapp
The British Ministry of Defence maintains complete anonymity about the personal details of its Special Forces soldiers. This is because, if exposed, their identities might be used by adversaries to target them or their families. However, in a recent breach, an excel sheet containing the personal data of these British Army soldiers was found circulating on WhatsApp without any protection or encryption key. The database leaked from the British MoD contained details of 1182 soldiers who were recently promoted to Sergeant from Corporal. The soldiers belonged to the Special Reconnaissance Regiment, Special Boat Service, and the Special Air Service.
While commenting on this security blunder, a former army source said that sharing personal details within the Army was usual, but this data isn’t meant to be open to the public. He added that the MoD was taking measures to prevent phishing attacks, but nothing more could be revealed until investigations were over.
Biggest Health Data Breach Reported This Year – 3.3 Million Individuals Affected
The largest health data breach reported to regulators this year was by the 20/20 Hearing Care Network, Florida. The personal and health information of over 3.3 million individuals was stored on a company database on Amazon Web Services cloud storage bucket. The adversaries gained access to this bucket, downloaded the data, and deleted it altogether. While 20/20 Hearing Care Network came to know about the breach on 11th January, it was reported to the Maine attorney general’s office only on 28th May. The incident was also reported to the US Department of Health and Human Services and the FBI.
In its report to Maine’s attorney general, the company notes that 221 state residents were affected in this breach believed to be caused by insider wrongdoing. However, this bit on insiders’ role wasn’t mentioned in the breach notification sent out to victims. The company has adopted measures for protection against phishing and extended a year of free identity restoration, credit monitoring, and fraud consultation services to victims of the attack.
Ransomware Hits UF Health Central Florida
The IT network of two hospitals under the UF Health Central Florida was shut down recently to contain a ransomware attack. The University of Florida Health (UF Health) is a chain of hospitals catering to the healthcare needs across Florida. The ransomware attack on the hospital affected the UF Health Leesburg Hospital and The Villages Hospital.
The UF Health Central Florida detected the attack on 31st May, and portions of the UF Health Central network were shut down as an anti-phishing protection measure. IT experts from the Jacksonville and Gainesville UF Health campuses are investigating the breach. While no further information was disclosed about the attack, it was reported that the hospital branches had to switch to pen and paper to continue providing healthcare services to patients.
Cyberattack Targets Furniture Village
Furniture Village is a household name in the UK, known for being the largest independent furniture retailer in business with 54 outlets. Unfortunately, Furniture Village underwent a cyber attack sometime around 29th May, and its internal systems are struggling to operate ever since. The company website is very much in operation, but the technical issues in its phone, delivery, and payment systems have caused much inconvenience to customers.
Furniture Village shut down the affected systems immediately after detecting the attack and has taken necessary measures for protection from phishing attacks. In addition, it has asked customers not to worry about any data breach because no personal data was affected in the incident. Security experts suspect the attack to be linked to some ransomware gang; however, there is no evidence at the moment. Furniture Village, too, has refused to comment further on the attack.