Threat actors continue with their nefarious activities to target organizations around the world. The following news headlines highlight the major phishing attacks in the past week and the mitigation measures adopted by concerned authorities.
AVOS Locker Ransomware Attacks Pacific City Bank
The Pacific City Bank is a leading American bank providing commercial banking services to Korean-Americans based in California. The Bank recently underwent a ransomware attack, and the AVOS Locker Ransomware gang was behind the attack. Several sensitive files were stolen from the organization’s servers, and threat actors warn of leaking them.
AVOS Locker added the Pacific City Bank to its data leak site and uploaded a ZIP folder containing some screenshots of data stolen as proof. In the message posted on the data leak site, the adversaries say that Pacific City provides outstanding financial services but has terrible phishing protection measures. The attackers have threatened to leak the data stolen if the Pacific City Bank does not come forward for negotiation.
Further Details on The Accellion-Linked Beaumont Health Breach
Nine months after the Accellion data breach, a victim was detected. Beaumont Health is a healthcare service that uses Accellion’s services. An unnamed adversary had exploited zero-day vulnerabilities in Accellion’s File Transfer Application to compromise files belonging to Beaumont. Around 1500 patients of the healthcare facility have been affected by the incident.
However, in this case, the primary attack point was the legal services provider Goodwin Procter LLP, as it used Accellion’s software to transfer large files.
Beaumont Health released a breach notification on 27th August where it mentioned that approximately 1500 patients were affected. The compromised details include the patient’s name, medical record number, procedure name, date of service, physician’s name, etc. The breach notification also mentions the phishing prevention best practices that the victims must use. It also specifies that there is no evidence to prove the misuse of any of the compromised data.
Data Leak at France-Visas Website
The data collection section of the France-Visas website was recently breached, resulting in the compromise of sensitive data belonging to around 8,700 Visa applicants. The targeted section of the website receives approximately 1.5 million applications every month. It is managed by the Ministry of the Interior and the Ministry of Foreign Affairs.
The ministries assured that corrective measures were adopted immediately after detecting unauthorized access. But despite the phishing prevention measures, the adversaries could steal users’ details such as their names, nationalities, DOBs, passport, identity card numbers, etc. The Ministry of Foreign Affairs was reluctant to reveal much about the attack but said that not all victims had these mentioned details compromised.
The good thing is no financial data was involved and using the compromised data, no fraudulent administrative processes can be initiated. All people whose details were affected will receive data breach notifications containing phishing prevention tips. Both the governing ministries have adopted measures to ensure that such an attack does not happen again.
Two Million Moroccans’ Details Compromised
An unidentified threat actor scrapped the personal details of two million Moroccans off LinkedIn just ahead of Morocco’s elections, and citizens are worried about this breach of their privacy. The details compromised by this cyber-snooping attack include the names, email addresses. Professions and employers’ names of 2 million Moroccan netizens.
Taking on the name of Adolphe Hitler, the attacker has posted the stolen data in three free cloud spaces, and this database had been circulating on the dark web for weeks. The same adversary has stolen 2,181 student resumes from the Mohammed V University of Rabat (between the years 2013 and 2020). How the malicious actor could access university students’ details is still a mystery. Moroccan citizens must watch out for suspicious job opportunities and adopt anti-phishing measures at the earliest.
Data Breach at NRS-Owned Dotty Fast Food Chain
Dotty, a popular US fast food and gambling services chain owned by Nevada Restaurant Services (NRS), recently underwent a data breach. Consequently, the personal details of customers across Dotty’s 175 locations were compromised. As per the statements of NRS, the adversaries used malware to access Dotty’s computer systems. The malware was discovered on 16th January when the attacker was found accessing and stealing customer data. The compromised details include the customers’ names, social security numbers, DOBs, passport numbers, driver’s license numbers, financial account numbers, credit card numbers, taxpayer-identification numbers, biometric data, health insurance details, medical records, and treatment information.
NRS has not revealed the exact number of people affected by the breach, but it sent individual breach notifications to all victims. It urges customers to take anti-phishing protection measures and check the press release for more details. NRS has taken the necessary steps for protection against cyber attacks and launched an investigation to get to the roots of the attack.
Ransomware Hits City of Bridgeport
Attacks on city governments are a common sight these days and the latest city to be targeted by a ransomware attack is Bridgeport. The residents of Bridgeport have been informed of the incident via a five-page letter. The attack took place in late May 2021 where the adversaries encrypted the IT systems of the city and refused to let go until a ransom was paid.
The notification goes on to say that the issue had now been resolved and all resident operations restored. The FBI Cyber Crimes Division was also notified of the attack, and the investigations revealed that the adversaries were able to access specific files stored on the city’s systems. The compromised information might have included residents’ dates of birth, social security numbers, driver’s license numbers, addresses, and other information they might have used to create city accounts. As a measure to ensure protection from phishing, Bridgeport residents have until 31st December 2021 to apply for a year of complimentary identity theft protection and credit monitoring.
Cyberattack Hits Bangkok’s Bhumirajanagarindra Kidney Institute Hospital
In a recent cyberattack, the personal details of over 40,000 patients from Bangkok’s Bhumirajanagarindra Kidney Institute Hospital were compromised. Dr. Thirachai Chantharotsiri – the hospital director, informed of the breach, saying that staff at the hospital in the Ratchathewi district were unable to access the patient database from their systems which led them to initiate an investigation. The system check revealed the adversaries had stolen patient information and treatment history from the hospital’s servers.
The hospital later received a call from an English-speaking man claiming to have hacked the hospital system. He said he would keep in touch till the ransom payment procedure was complete. The hospital took measures to prevent phishing attacks and informed the Phaya Thai police. Although the hospital had an active backup system, some of the data were still lost, which caused a delay in certain services. Tech experts are now trying to recover this lost data.
Cyberattack Hits The United Nations
The adversaries have made their way into the computer network of the United Nations by using the stolen login credentials of a UN employee. The attackers took over the employee’s Umoja account by obtaining the credentials from a data leak website on the dark web. Umoja is the UN’s enterprise resource planning system implemented in 2015.
The adversaries’ objective was to gain access to more UN employee accounts that facilitate long-term intelligence gathering. The breach first happened on 5th April 2021 and continued till 7th August. The adversaries were more interested in data collection and had not damaged the UN’s computer network.
The UN believes that the malicious actors only took screenshots of the compromised network, but security experts think that the data was stolen. The UN doesn’t seem to be worried about the intrusion as it is frequently subjected to such attacks. It has adopted corrective measures for protection against phishing attacks.