With the revival of the Anonymous group and a lack of awareness about phishing prevention and its importance among modern-day firms, cyber attacks have become more rampant and unavoidable. The following are some of the most recent headlines from cybersecurity to give readers an insight into the vulnerability that the cyber world is facing.
20 GB Data Lost At Intel
In a recent data breach, Intel lost over 20 GB of its proprietary data and source code to an online cyber attack. The attack is speculated to have happened earlier this year. A researcher first found the leaked database on BitTorrent feeds. Although no personal details of clients were exposed, the database contained data that Intel makes available to partners and customers under NDA.
Intel is now taking proper phishing attack prevention measures and investigating the attack, as previously, they barely made robust security measures in place as they were using passwords as primary as Intel123 and intel123.
Data Breach At ProctorU
ProctorU has been facilitating online exams for several universities in this pandemic. But in an unfortunate data breach on Jul. 27, one of their databases was breached, compromising the details of around 444,267 users.
The affected users come from different institutions and companies and have lost their usernames, full names, phone numbers, complete residential addresses, and password hashes in this attack.
It is argued that ProctorU did not adopt the phishing prevention best practices, and required students to show their rooms in an online exam. But they had no security measures to ensure that no third parties could transfer user data without their consent.
The data breach impacted many reputed universities like the University of Illinois Urbana-Champaign, the University of Texas at Arlington, Rochester Institute of Technology, QA Ltd, UK’s digital education and skills providers, the University of Melbourne, McNeese State University in Lake Charles, Louisiana, among others.
Notorious Hacker Instakilla Arrested
The Bulgarian law enforcement has recently arrested the notorious local hacker, Instakilla for hacking, extorting companies, and selling hacked data online. The police raided two of Instakilla’s houses in Plovdiv city and confiscated several computers, smartphones, flash drives, and cryptocurrency.
His arrest sends across a strong message to all hackers that the authorities do take protection from phishing seriously. Though the accused remains anonymous, he is detained on a three-day arrest warrant.
21k Indian Students’ Data Selling Online
Security firm Cyble recently found a database on a hacker forum with sensitive information belonging to more than 21,000 Indian students. These details included their Aadhar cards, university IDs, photos, full signature, date of birth, gender, complete address, college, course, graduation date, friend’s name, and friends’ number.
The firm noted that Indian tech companies become an easy target of adversaries because of their inefficient phishing protection measures. For the recent breach, hackers exploited a vulnerability in the Cloud storage facility used by the financial technology company to store user data. The offense is speculated to be a relatively recent one that probably occurred last month.
Avaddon Ransomware Creates Data Leak Site
Earlier, ransomware attacks were limited to encrypting system files until the payment of ransom. But these days, the threat isn’t mitigated even after paying the ransom because threat actors have begun executing data breach attacks along with ransomware campaigns. The most recent case is the Avaddon ransomware, which has launched a data leak site that shall publish the stolen data of victims refusing to meet ransom demands.
The Avaddon ransomware operators announced on a Russian hacker forum about the launch of their new data leak site. Their site has one entry so far, leaking about 3.5 MB data belonging to a construction company. Hence, companies must take phishing prevention tips seriously and notify employees and customers about a breach the minute it happens, so that they can adapt their anti-phishing solutions.
Magecart Attack On Michigan State University
For nine months, an unauthorized party had access to Michigan State University’s online store – shop.msu.edu. During this period from Oct. 19, 2019, and Jun. 26, 2020, the adversaries launched a web skimming attack on MSU’s online store and stole credit cards and personal information of around 2,600 users.
The names, addresses, and credit card numbers of users were compromised in this breach with no leak of their Social Security numbers. MSU is extra cautious now and is working with law enforcement to complete their investigation. They are doing everything to ensure protection against phishing with even the introduction of ‘mandatory training’ for the Administrators of the shop.msu.edu site. They have also extended free identity protection and credit monitoring to all affected customers.
Illinois Healthcare System Undergoes Data Breach
In February this year, the email accounts of several Illinois healthcare system employees were under a hacker’s control for two days. After discovering the breach, FHN took anti-phishing protection measures immediately and began an investigation that finished only on Apr. 30.
During the process, they reviewed the emails and attachments from the compromised email accounts and found that the adversaries accessed sensitive data belonging to some patients. These details included their names, dates of birth, medical record or patient account numbers, health insurance information, and limited treatment and clinical information (provider names, diagnoses, and medication information). Social Security numbers were also compromised in a few cases.
To protect themselves from phishing, affected users must avail of the healthcare facility’s free credit monitoring and identity protection service.
Two Years of Jail Served To Australian Woman For XRP Cryptocurrency Theft
The 25-year-old Australian woman Kathryn Nguyen was given a maximum of two years and three months in prison by the presiding judge Chris Craigie. The accused was involved in stealing XRP cryptocurrency worth nearly $400,000 from a 56- year old with the same surname as hers. She was arrested in October 2018 for her involvement in the crypto-heist.
She had used a Chinese cryptocurrency exchange to swap the 100,000 XRP tokens for Bitcoin (BTC).
Another Shady TikTok Practice Comes To Light
TikTok is on the headlines again for another of its malicious handling of users’ privacy. The app has been secretly collecting the MAC address and device advertising ID of Android users for over 15 months. The MAC address is unique to a device and is used as its network address in a network segment. It is often unchangeable and can track consumer behavior.
While this isn’t the first time TikTok has proved its sheer disregard of customer privacy, the new revelation serves as a warning to all those in support of the app. Anti-phishing services cannot undo the blunders we commit on our devices to grant permissions to apps like TikTok.