Cybersecurity continues to be the most critical aspect of the digital revolution. Every day, thousands of cyber-attacks are launched and assuring that one’s organization is not a victim of one such episode, it is imperative to take effective phishing protection measures. Here are the top data breaches in the last seven days to better understand recent attack trends
China Wants International Rules For Global Digital Governance
In a recent Beijing seminar, Chinese Foreign Minister Wang Yi opposed the United Nations’ “Clean Network” Program, which discourages nations from using Chinese technology. The U.S plans to ban the use of Bytedance’s TikTok among its citizens lest it finds an American buyer for the app, and security concerns from Tencent’s messaging app WeChat are in the discussion too.
Countering this, Wang Yi says in his speech that this is nothing but a move by the U.S to eliminate competition from the IT market, citing security as an issue. These are ‘groundless accusations,’ and Wang Yi says that China won’t be bullied. He stresses the importance of developing international rules on digital security that highlight all nations’ interests and preferences.
Over 30 countries and territories, including Australia and Britain, support the U.S Clean Network program, which boycotts the use of Chinese telecommunications companies like Huawei (or its 5G network) and ZTE, apps, and cloud service providers. However, China refuses to accept any of the allegations. Wang Yi says that they never ask Chinese companies to install backdoors in their products or transfer stolen details to the Chinese government.
Digital Point Leaves 800,000 User Records Publicly Available Online
Cybersecurity researcher Jeremiah Fowler found an Elasticsearch database online belonging to the webmaster forum – Digital Point. The database contained details of 863,412 Digital Point users and had their names, email addresses, and internal user ID numbers.
The database also contained internal records and user post details. Having a database left unprotected online exposes the involved victims to a plethora of attacks. Fowler notified Digital Point on the 1st of July, and soon after, the database was brought down. Perhaps Digital Point is taking anti-phishing measures, but they haven’t responded to follow-up requests as yet.
Sodinokibi Attack On Chile’s BancoEstado
Chile’s leading bank BancoEstado underwent a massive Sodinikibi ransomware attack on the 4th of September, 2020, which compelled it to close all its branches on Monday. Although the bank’s website, banking portal, mobile apps, and ATMs remain unaffected, their internal network remains inaccessible to employees.
The ransomware is suspected of having entered via a corrupt Office file received and opened by an employee. The Chilean police were informed immediately, and they sent out nationwide security alerts. Fortunately, the bank had followed phishing prevention best practices because of which customer funds remain safe despite the attack.
Ransomware Delays School Reopening For Hartford Public Schools
The schools of Hartford, Connecticut, were scheduled to reopen after months on the 8th of September for the students of PreK-Grade 2, Grade 6, and Grade 9. However, an unfortunate ransomware attack on several schools’ IT systems in the District has indefinitely pushed back the reopening dates.
The IT systems communicating with the bus company responsible for transporting students to school have been affected in the attack because of which schools are unable to regulate the bus routes. As the District works on phishing attack prevention, both virtual and in-person classes stand cancelled until further notice.
Netwalker Attacks Pakistani Power Supplier K-Electric
The only power supplier in Karachi, Pakistan – K-Electric underwent a ransomware attack on the 7th of September, 2020. Netwalker is believed to be responsible for the attack that has crippled online internal services for K-Electric.
The threat actors reportedly stole data from K-Electric’s database before encrypting their systems. While the company is taking measures for protection against phishing and has temporarily rerouted users via a staging site, Netwalker has demanded $3.8 million for the decryption key with threats to double the ransom if not paid within a week.
Vishing Scam Impersonating U.S Department Of Justice Targets The Elderly
A recently discovered vishing scam impersonates employees from the United States Department of Justice to extract PII from the elderly citizens of the country.
The DOJ is circulating a fraud notification and has urged all citizens to take anti-phishing protection. Often, the scammers leave a return phone number on voicemail. Calling this number plays a recorded menu, much like the actual DOJ phone number, but the investigator that finally connects to the victim is a scammer trying to get as much personal information out of the victim as possible.
Such suspicious calls should be reported to the National Elder Fraud Hotline and the Federal Trade Commission. One must abstain from sharing PII on phone calls to protect themself from phishing and other cyber scams.
Ransomware Hits Clark County School District
A ransomware attack exposed the PII of employees at the Clark County School District on the 27th of August, 2020. As per District reports, current and former employees are affected in the attack with even their Social Security Numbers compromised.
The District is adopting anti-phishing solutions and working with law enforcement and forensic investigators to analyze the attack. Meanwhile, it advises the affected individuals to take measures for protection from phishing.
Newcastle University Might Take Weeks To Revive From Recent Hack
Newcastle University recently underwent a hack which has disrupted many of its services. Although the email, office applications, and video conferencing tools remain unaffected, reviving from this breach is expected to take weeks. New students were scheduled to start their session from the 28th of September, and the university still hopes to make it on time.
The university extends security advice to its faculty and students on its website and is trying its best to reinstate operations at the earliest. They are using anti-phishing services and have also collaborated with police and the Information Commissioner’s Office.
Hacker Steals $7.5 Million From Maryland NPO.
As the world works from home, ensuring individual and company security has become more challenging. A recent example being the attack on Maryland’s The Jewish Federation of Greater Washington. Hackers allegedly stole $7.5 million from the nonprofit’s endowment funds on the 4th of August, 2020.
The attacker had access to the nonprofit’s system from early summer and finally stole the money through an employee’s email who was working on his personal computer. The organization has banned working from personal computers for now and is sharing phishing prevention tips among its 52 employees.