The cyber-world faces constant attacks from the bad actors. These breaches reveal companies’ and individuals’ private information and expose them to many online threats while also causing them financial losses. Hence, ensuring phishing attack prevention is a necessity in current times. The following updates of cyberattacks from the past week prove why having anti-phishing solutions is pivotal for an organization’s smooth functioning
Data Breach At American Payroll Association (APA)
Skimming malware exploited a vulnerability in the content management system of the American Payroll Association (APA). The APA noticed unusual activity on their login and checkout pages of their online store, which has existed since May 2020.
In the breach, the adversaries could steal the names, email addresses, job titles and roles, gender, DOB, card details, address, and company name of customers, among other sensitive information.
The APA is now adopting the phishing prevention best practices. It has installed additional antivirus software on its servers, updated the required security patches, and is offering free credit monitoring for a year to all victims along with identity theft insurance worth $1,000,000.
Pioneer Kitten Expands Domain To Corporate VPNs
The Iranian APT group linked with the Iranian government’s intelligence team – Pioneer Kitten, has been attacking the VPNs of US-based private and government sector firms for the last month. They usually target North American and Israeli organizations that seem like a threat to the Iranian government.
They have now expanded their domain, perhaps for extra income, and are also helping other hacker groups such as APT33 (Shamoon), Oilrig (APT34), or Chafer to exploit corporate networks.
Organizations need to be cautious and regularly change their security logins to prevent phishing attacks.
Lawsuit Filed Against Morgan Stanley For Two Major Security Blunders
Timothy Smith – a client at Morgan Stanley, has filed a $5 million lawsuit against the firm at the US District Court for the Southern District of New York, representing a 100 other customers. These people had their personal information breached in two incidents in 2016 and 2019, where Morgan Stanley was careless with its phishing protection measures.
Morgan Stanley shut down two data centers in 2016 and hired a vendor to erase all data from the discarded computer systems. However, the task wasn’t done appropriately, leaving behind unencrypted data belonging to Morgan Stanley’s customers. A similar incident happened again in 2019, where several computer systems at one of the company’s branches were carelessly replaced. The data left unerased and unencrypted in both incidents included the names, phone numbers, social security number, passport number, contact information, DOB, asset value, and customers’ data.
Smith’s lawsuit accuses Morgan Stanley of being incompetent to uphold its customers’ interest, repeating similar blunders, and failing to prevent an avoidable data breach. While the firm has extended free credit monitoring of two years to all victims, nothing compensates for the lifelong threat the victims would face.
Morgan Stanley claims that they are taking anti-phishing measures and continually monitoring access to the previously unencrypted data.
Telegram Becomes A Means Of Executing Magecart Attacks
Skimming codes have been hiding inside payment portals and stealing users’ card credentials for a long time now. The hacker group Keeper stole card details from as many as 570 payment portals in July 2020. These hackers use Magecart to steal the credit card credentials of users.
In the scam, the threat actors are using Telegram’s encrypted messaging platform to exfiltrate stolen data. Recently, Magecart actors were found involved in attacking e-commerce platforms to steal the banking details of customers. The details they exfiltrate include the name, address, credit card number, expiry, and users’ CVV. This stolen information is sent to a private Telegram Channel, thus exploiting a messaging platform’s security for malicious purposes.
View Media Exposes Over 38M User Records
Researchers at CyberNews discovered an unsecured bucket on Amazon Web Services (AWS) server belonging to the online marketing company View Media. The bucket was publicly available for an unknown duration and could have been downloaded by anyone with basic knowledge of Amazon buckets’ functioning.
The breach exposed the personal information of around 39 million US users and contained 5,302 files in total. It had 59 CSV and XLS files with records of 38,765,297 US citizens along with many marketing materials like banner advertisements, newsletters, and promotional flyers. These details include their names, email and street addresses, phone numbers, and ZIP codes.
All US citizens who suspect their email accounts to be affected by this breach are advised to take measures for protection against phishing and change their passwords to something more substantial immediately.
Cyberattack Hits Northumbria University – Exams Cancelled
A cyberattack brought down the systems of the Northumbria University campus in Newcastle-Upon-Tyne. The university notified students about the breach and informed them of a disruption in their operations, which was expected to be settled ‘soon.’ To ensure protection from phishing attacks, students won’t be able to access the student portal, blackboard, and other university systems until things get restored.
It is believed to be a ransomware attack that has compelled the university to cancel exams and consider removing parts of the academic calendar. Institutions must take phishing prevention seriously and audit their machines and the data regularly. They must impart cyber training and awareness among students and teachers so that they don’t fall prey to any online scams.
Twitter Account Of Indian PM Modi’s Personal Website Hacked
Twitter accounts of renowned figures have been on the radar of cybercriminals lately. The most recent figure to have his verified Twitter account compromised is the Indian Prime Minister Narendra Modi. Although the breached account belonged to the PM’s website – @narendramodi_in and wasn’t his personal Twitter handle (@narendramodi), it had about 2.5 million followers subjected to a series of tweets from the attackers for about an hour before they were taken down and the account was restored.
These tweets asked for donations to the Prime Minister’s National Relief Fund for Covid-19 in bitcoins. The hackers behind the breach go by the name of ‘John Wick’ and clarified via a tweet that they weren’t responsible for the recent attack on Paytm Mall that they were held guilty of by intelligence firm Cyble.
Ironically, Twitter keeps reassuring people of its proactive anti-phishing solutions, but time and again, the accounts of distinguished personalities keep getting compromised.