The need to adopt robust phishing protection solutions is more than ever before, as threat actors continue to invent new ways to lure users into divulging their critical information. The following phishing headlines from the world over indicate that anti-phishing protection involves a lot more than just email spam filters or cybersecurity awareness and why it is important to keep yourself abreast of the latest modus operandi malicious actors adopt to steal off your credentials.
Dragonforce Attacks Israeli Recruitment Network AcadeME
The Malaysian hacker group DragonForce recently attacked the Israeli student recruitment company AcadeME and stole the personally identifiable information (PII) of around 280,000 Israeli students. AcadeME is used by hundreds of thousands of college and university students to find jobs. The hacker group announced the attack with a Telegram message on 20th June. The compromised details include the full names, email addresses, passwords, addresses and contact numbers of students using AcadeME since 2014.
As part of their phishing prevention measures, AcadeME brought down their website with a notice stating that the website will be operational soon. DragonForce claimed to be against the terrorist activities of Israel and had leaked a large batch of Israeli passports on the same day. The hacker group had also attacked a couple of Israeli banks the week before.
GOD User Tomliner Leaks 700M Linkedin Records
After the April sale of 500 million LinkedIn profile records, a hacker called GOD User TomLiner has put up 700 million LinkedIn records for sale on RaidForums. The stolen records were posted on 22nd June, and one million records were added as a sample. The leaked details include the names, email addresses, gender, contact numbers and industry information of users. LinkedIn confirmed that there had been no breach of its network, and the leaked records were probably scraped off public profiles and other sources.
LinkedIn continues to investigate this breach further and has mentioned that it takes user privacy very seriously. All LinkedIn users are advised to take phishing attack prevention measures, change their passwords and enable 2FA.
False Alarm But Major Threat For UofL Health Patients
UofL Health in Kentucky recently notified around 40,000 of its patients about a security blunder where the healthcare system had mailed their personal health information (PHI) to the wrong email address. The same was notified to the Health and Human Services Office for Civil Rights, where the number of impacted individuals was stated at 42,465.
UofL had accidentally emailed the patients’ PHI to an external email address and feared that the patient data was at risk. However, the recipient did not access the email and deleted it after receiving it. The incident took place on 7th June 2021, and the next day, the external domain owner provided UofL with evidence of deleting all files received without accessing or viewing them. The healthcare system was quick in adopting anti-phishing measures and sent out a letter to all affected patients informing them of this erroneous email. Therefore, there was some commotion among patients. The notification of the harmless situation came in soon after, and there is no reason for worry for UofL patients. However, the healthcare provider must take this as a lesson and be more careful with its online operations henceforth. To protect themselves from phishing, all UofL patients must avail the free identity protection service that the healthcare system is providing.
PJobRAT Spyware Disguises As Dating App, Targets Indians
Spyware has been disguising itself as a dating app and stealing contacts, SMS and GPS data from Indian users and Indian military personnel. The spyware PJobRAT with believed ties to Pakistani or Chinese cyber adversaries has been targeting Indian military personnel since January 2021.
Cybersecurity researchers at Cyble and 360 Core Security Lab found PJobRAT replicating through the messaging app Signal and also in Android dating apps. PJobRAT has been in operation since December 2019, and investigations revealed that the spyware targeted NRIs via a dating app called Trendbanter. Other apps with traces of the spyware include Rita, HangOn, Ponam and SignalLite. This incident is a reminder that users must always verify an app’s authenticity before downloading it to prevent phishing attacks.
Cyberattack Hits the UK’s Salvation Army
The Salvation Army in the UK recently underwent a ransomware attack that affected several of its corporate IT systems. The Sally Army immediately informed the Information Commissioner’s Office and the Charity Commission about the incident. While the Salvation Army has refused to disclose any further details about the attack, it investigates the breach in collaboration with external cybersecurity experts.
Services for dependents and vulnerable people continue uninterrupted. Still, experts advise the volunteers and Sally Army staff to remain cautious, and the initial period after an attack is the most dangerous. The attack was detected a month ago and impacted a London data centre of the organization. All those who suspect that their details may have been compromised in this incident must approach their banks and implement additional security measures to ensure phishing protection.
Cyberattack Hits UMC, Las Vegas
The University Medical Center, Las Vegas, underwent a data breach in mid-June where unauthorized third parties accessed some of its computer networks. To contain the attack, UMC immediately removed external access to its servers. As investigations continue, the UMC has informed law enforcement about the incident.
Patients, too, have been notified about the breach. The hospital has warned them to watch out for suspicious messages or activities and provided free credit monitoring and identity protection to all patients to ensure protection against phishing. The UMC believes that the adversaries could access some servers used to store data, but there is no evidence to prove this. However, clinical operations continue uninterrupted.
Cyberattack Hits QSure
Financial Services Provider QSure underwent a breach around 9th June 2021, and all clients who made payments using debit cards may have been affected. QSure has informed the appropriate regulatory authorities and seeks help from three leading cybersecurity firms to investigate the security incident.
QSure has reconfigured its IT platform and implemented necessary measures for protection from phishing attacks. Its Chief Operating Officer – Ian du Toit, has informed that the compromised data includes the banking details (names, account numbers, branch codes) of the policyholders (clients of QSure customers). It has assured that no credit card details, policyholder identity numbers or policy content were compromised as QSure doesn’t store these details. While QSure claims that the compromise of bank details isn’t such a significant security threat, the adversaries can launch a host of targeted cyberattacks using these details.
REvil Ransomware Attacks Telecom Operator MasMovil
The fourth-largest Spanish telecom operator MasMovil Ibercom or MasMovil recently underwent a cyberattack, and the notorious Revil ransomware gang (Sodinokibi) is believed to be behind the attack. REvil posted about the attack on its official blog, claiming to have stolen critical databases from MasMovil.
A screenshot of the files stolen from MasMovil (as proof) accompanies the REvil post, and some of the file names include OCU, RESELLERS, Backup, OCU and PARLEM. MasMovil has acknowledged the attack and is taking necessary measures for protection from phishing. However, REvil has made no ransom demands so far.
Data Breach At Salesken.ai Exposes Byju’s Students’ Data
Salesken.ai is an Indian company providing customer relationship technology to Byju’s and other companies. Recently, Salesken.ai left one of its servers unprotected online, allowing anyone on the web to view and access the Indian education edtech startup Byju’s sensitive files.
As per reports, the server was public at least since 14th June 2021 and was pulled down only after Salesken.ai was informed about it on 29th June. Most of the exposed data belonged to WhiteHat Jr. – the online coding school for students in the US and India acquired by Byju’s in 2020. The compromised details include students’ names, the classes opted for, email IDs and contact numbers of teachers and parents, chats between parents and staff, comments by teachers on students’ work etc.