There is not much one can do when threat actors have infiltrated their information assets and robbed them of their identity by stealing their Personally Identifiable Information (PII). This is why it is crucial to keep oneself abreast of the latest tricks and techniques malicious actors employ to attack users. Incorporating robust strategies from each cyber incident you may come across can go a long way in helping you in phishing awareness, ensuring protection from multiple threat actors. The following weekly phishing headlines have been written to help you with the same.
DreamHost Leaves Cloud Database Unprotected: 814 M Records Exposed
Cybersecurity researcher Jeremiah Fowler recently discovered a misconfigured cloud database belonging to US hosting provider DreamHost. The database was left without a password online and contained 814 million records (86 GB) of WordPress users. The records in the database dated back to 2018 and included user information such as full names, usernames, email addresses, WordPress login location URLs, security information, timestamps, host IP addresses, etc.
DreamHost was quick to secure the database after being informed, but it remains uncertain how long this database was public before Fowler discovered it. If the threat actors could access this database, then they can send targeted phishing emails with fake invoices to these users or launch man-in-the-middle attacks. WordPress users should take measures to protect themselves from phishing and view all payment emails with caution.
Data Breach At Indian Trading Platform Affects 3.4 M Users
Technisanct – the Kochi-based (India) cybersecurity startup has recently identified a data breach at an unnamed Indian trading platform. The PII of more than 3.4 million customers was compromised in the breach. This included users’ customer IDs, names, phone numbers, trade login IDs, email addresses, branch IDs, city, nationality, etc.
The CEO of Technisanct – Nandakishore Harikumar, says that the absence of a cybersecurity regulatory body in India is responsible for preventing breaches even after identification. Technisanct’s digital risk monitoring tool Integrite was used to identify this breach. Technisanct posted about the breach on 15th June and also informed the CERT. The users of this trading platform now risk being targeted by adversaries, especially if they do not have any anti-phishing solutions.
Data Breach At Pakistani Streaming Service Patari
Pakistan’s largest music streaming service – Patari (Patari.pk), left a misconfigured MongoDB database online, and now the adversaries have found it. The database contained the personal data (names, usernames, email addresses), login credentials (password hashes), Avatar links, and playlists of more than 257,000 users.
Cyber adversaries found this database online in May 2021 and informed (blackmailed) Patari about the same. Since the streaming service didn’t respond, the cyber attackers leaked the database on Russian and English hacker forums on 13th June 2021.
All Patari users are advised to change their account passwords immediately and adopt measures to prevent phishing attacks. Users must lookout for phishing emails and change the password for all accounts where they had used the same password.
Ransomware Hits French Collection (FCUK)
Renowned clothing brand French Collection (FCUK) underwent a ransomware attack recently. The notorious ransomware gang REvil is believed to be responsible for this attack where some of FCUK’s internal data was compromised.
The adversaries have the passport and other identification details of employees, including upper-level management. French Collection confirmed the attack, calling it an organized cybersecurity breach targeting its back-end servers. However, none of the front-end servers, payment processing systems, or high-street outlets were affected by the incident.
FCUK was quick to take measures to protect from phishing attacks and suspended all infected systems immediately. It also hired external cyber experts to investigate the breach and informed the Information Commissioner’s Office. The company further clarified that there is no evidence to suggest that any customer data was compromised in the breach.
Ransomware Hits Grupo Fleury
Grupo Fleury is a famous Brazilian medical diagnostic company that underwent a ransomware attack recently. Once again, REvil or Sodinokibi is believed to be responsible for the attack. The ransomware attack brought down the systems of the company and disrupted its business operations. On 22nd June 2021, the Grupo Fleury website began displaying an alert informing visitors of the breach and the temporal downtime.
Patients struggled to schedule their clinical exams and lab tests, but Grupo Fleury is adapting anti-phishing measures and trying to restore systems as soon as possible. As per sources, the REvil ransomware operators are demanding $5 million in ransom for the decryptor and have threatened to leak all stolen files otherwise. The company hasn’t made any more comments, but hundreds of thousands of Brazilians might have their PII and PHI (Personal Healthcare Information) exposed if their files are leaked.
Cyberattack Targets Wolfe Eye Clinic, Iowa
The Wolfe Eye Clinic, which has branches across Iowa, recently underwent a ransomware attack. Consequently, the personal information of around 500,000 customers was compromised. The Eye Clinic later revealed that the adversaries got into its network on 8th Feb 2021 and locked some of its systems. The clinic didn’t agree to pay the ransom immediately and launched an investigation instead.
External cybersecurity experts were hired to restore the systems and ensure phishing prevention. Their findings suggest that some patient data was compromised in the attack. In continuation of their efforts, the Eye Clinic is notifying all affected patients and providing them free identity theft protection and credit monitoring for a year. Furthermore, the clinic has set up a call center and website to handle all queries regarding the breach.
Ryuk Ransomware Attacks Liege City Network
Ransomware attacks on local city networks aren’t uncommon, and the latest victim is Belgium’s third large city – Liege. A ransomware attack brought down the city municipality’s online services and IT network on 22nd June 2021. Consequently, all appointments for weddings, birth registrations, burial services, and town halls were deferred. The population, civil status, paid to park, and event permit services were down as well.
As per sources, the Ryuk ransomware gang is responsible for this attack on Liege, but the city hasn’t commented on the same yet. The adversaries know that city networks operate without enough funds to invest in phishing attack prevention measures, and therefore the attacks on city networks are increasing.
Ragnar Locker Ransomware Attacks Storage Chip Maker ADATA
The Taiwanese memory and storage chip maker ADATA left 13 of its archived databases publicly available on a cloud-based storage service for quite some time. The notorious ransomware gang Ragnar Locker probably accessed these files during this time. Now, the threat actor has posted the downloadable link to 700 GB of ADATA’s archived data on the MEGA storage service.
The platform suspended Ragnar Locker’s account and brought down the databases soon after. While three of the databases were 300 GB, 117 GB, and 100 GB in size, respectively, their names revealed nothing about the content. Ragnar Locker probably stole files containing ADATA’s non-disclosure agreements, and financial information, among other details. The ADATA archives were up on the MEGA storage service for quite some time, but once the platform was notified, it suspended the malicious account and uploaded files within minutes.
The MEGA shows zero tolerance to illegal activities, and hence it was quick to take phishing protection measures. Ragnar Locker attacked ADATA on 23rd May, and ADATA chose to restore its systems from backup instead of paying the ransom. While ADATA’s strategy was a good one to evade paying a hefty ransom, it will have lasting effects on all its employees, customers, and stakeholders.