As the world goes online and transcends barriers that are not always physically surmountable, there is a parallel force that makes an equal and often more significant leap. This is the progress made by the bad actors who are never tired of inventing new means and ways of getting into our networks and systems, stealing our data either to demand a ransom later or to use our credentials and rob us of our money and identity. Hence, protection from phishing attacks is what the cyber world now seeks to achieve. We have presented below a list of the most recent cyberattacks to help you better estimate the technologies used by the adversaries and thus keep you prepared for any cyber-attacks.
Uighur Travelers Being Checked On By Chinese Hack
China is of the view that passengers flying via Uighur might be going to Iraq and Syria to get involved in some militant activity. Hence, they felt the ‘need’ to keep an eye on the airlines that flies from Xinjiang and Turkey with operation in Asian nations like India, Turkey, Kazakhstan, Thailand, and Malaysia. China has hacked into the system of the telecom operators in these nations.
This attack has been performed under the instruction of the Chinese government to track Uighur travellers in Central and Southeast Asia. This attack that defies anti-phishing solutions has been tactfully executed to evade state persecution and is a part of a more massive cyber-espionage campaign.
As this attack attracts global attention, China becomes the subject of criticism for all nations for its inconsiderate treatment of the Uighurs in Xinjiang. In its defense, China claims that the measures adopted at Xinjiang were necessary to stop Islamist extremism from propagating in their country.
Not surprisingly, China refuses to accept its ill-treatment of the Uighurs as well as the recent cyber attack. On the contrary, China says that they always strive to uphold phishing protection and the internet safe for all.
Prohibition Of Ransomware Payment Upheld By 40%
In recent research, it has been found that a majority of 58% of the respondents are okay with paying a ransom to get their data back and only 40% of the IT security professionals favor the idea of declaring the payment of ransom illegal. This research survey involved 145 IT security professionals who had visited the AT&T booth at the Black Hat USA 2019. The following figures were obtained from the survey:
- 69% of the respondents said that they were prepared for a ransomware attack. Whereas the remaining 31% displayed uncertainty.
- Their responses are surprising since the ransomware attacks on businesses have shown a 195% increase in the first quarter of 2019 as compared to the last quarter of 2018.
- On the topic of security programs and their increasing complexity, 30% of respondents claimed that they use at least 20 products. On the other hand, about 20% of the respondents claimed that they use between 1 to 5 products.
- 69% of the respondents said that they were in control of their security regime; however, some 29% of the respondents admitted that they were skeptical of their anti-phishing measures.
- On the question of whether the firms feel that inconsistent or incomplete integration of security solutions make their organization more vulnerable, a good number of 60% of the respondents answered in the affirmative.
The US Returns Seized Huawei Equipment
As per recent updates, Huawei withdrew a lawsuit against the U.S. upon the return of seized equipment by the latter. In an episode from September 2017, the U.S. authorities had confiscated the gear that was en route to China from its Huawei testing facility in California. Since the US had refused to return the equipment, China had filed a lawsuit against the U.S. Commerce Department, and some other government agencies.
The U.S government had unlawfully held back the equipment belonging to China, and this disappointed the Chinese nation. After two years of the incident, the U.S. government informed China that no export license was required to ship the equipment back to China. In its defense, the U.S. government said that they needed to take phishing prevention measures as Huawei equipment always probes a national security threat. Americans fear that China would use these pieces of equipment to spy on them. However, Huawei has consistently denied those claims.
Google Gets A Reply For Its Comment On Apple Security Flaw
Google mentioned in one of its recent reports that the security flaws in Apple could easily be exploited by hackers to steal personal data, including text messages, photos, and contacts of iPhone users. This explicitly made Google’s point that perhaps Apple was not able to provide the protection against phishing that is expected out of it. However, Apple did curtly respond saying that the attacks that Google spotted were in actual targeted at the Uighurs, a Muslim ethnic minority in China. It added that the American users of Apple and other people across the globe were safe.
The much talked about Google report (Google Project Zero) which was published last month said that some websites had exploited security holes in the iPhone software that have been existing for more than two years now. However, the report did not identify the nature of the websites.
This response from Apple, on the one hand, confirmed that the vulnerabilities are indeed existent, but it also shows that Google might have tried and framed the exploits. Apple accused Google of creating a false impression of ‘mass exploitation’. Besides, Apple adds that the flaws mentioned by Google were patched way back in February. Also, it clarified that the website attacks pointed out by Google began two months ago and have not existed for years as portrayed by Google.
DDOS Attack Hits Wikipedia In Europe & Middle East
A recent DDOS attack (Distributed Denial-Of-Service Attack) succeeded in bringing down Wikipedia in many nations recently. Wikipedia went offline Friday (5 September 2019) afternoon and remained shut through the morning of Saturday. This attack naturally hampered the functioning of millions of users spread throughout Europe and parts of the Middle East.
This attack that defied anti-phishing tools has been said to be a malicious attack on bad actors by a spokesperson from Wikimedia Foundation. They also informed the public of this temporary shutdown via Wikimedia’s German Twitter account. A typical DDOS attack overwhelms any server or network with more traffic than it can handle in the hopes of shutting it down and Wikipedia underwent something similar. The attack affected networks in the United Kingdom, Poland, the Netherlands, France, Germany, and Italy. However, Wikipedia has revived Poland and the Netherlands as per latest updates.
Hackers Can Order Food & Cabs From Your Uber Account
The online cab booking app Uber which is worth over $57 Billion and functions in 785 cities globally, has recently been found with a bug which if exploited shall let the attacker order cabs and food from a user’s account. This flaw enabled attackers to order food and cabs using the email address or phone number of the victim.
This bug was discovered by researcher Anand Prakesh in April and the company duly rewarded Prakesh with a sum of $6,500 (£5,300) for his discovery. The bug also enabled an attacker to track the location of an Uber customer.
Uber has shown excellent efficiency in getting the bug removed at the earliest and has also thanked the many researchers who continuously point out the security flaws and help make Uber safer for all with anti-phishing protection ensured.
Uber has however expressed that perhaps attackers haven’t been able to exploit this flaw as they have a system in place to identify any suspicious activity and inform the user of the same.
Ticket Fraud Scheme Found On Public Database
Security researchers at vpnMentor – Noam Rotem and Ran Locar recently discovered an unprotected database with 17 million email addresses and 1.2 terabytes of data. This database belonged to a group of cybercriminals, and as per the findings, not all email addresses available on the database are genuine. The scheme employed by the attackers is to purchase tickets from various sites using the credit card information that they steal from people and then resell these tickets online.
Only those users who purchased tickets from any website using the Neuroticket software were vulnerable to this vicious plot which again speaks of the failed email phishing prevention measures adopted by the software. Ticket vendors like Groupon, Ticketmaster, and Tickpick were the prime targets of the attack with Groupon being the primary source for stealing data by the attackers.
The attackers created fake accounts on the mentioned ticketing sites and purchased tickets using the credit card details they had previously stolen from people. They then resold these tickets to fans. Groupon suspects that the attacker behind this scheme is the same one they have been chasing since 2016. It further adds that about 2 million fake Groupon accounts were created in 2016 which were used to buy tickets and then resell them using the information stolen.
Groupon is now working on identifying and deleting as many of these fake email addresses as possible. They have also sought the assistance of the vpnMentor research team to handle this breach.
Souderton Area School District Systems Hit By Ransomware Attack
The computers of Souderton Area School District were hit by a ransomware attack recently. The attack has not been able to cause the desired intensity of havoc as there has been no disruption in the school calendar after the attack. They also have their financial data safe as it is stored offline.
Consequently, the computer network across the district was shut and disabled with a disruption in the internet connection of the area. The silver lining here is that the attack could not generate the mayhem it was supposed to create. The authorities say that there might be inconvenience initially, but there is no threat to the details of students, staff, or parents. Since the systems with the financial details have not been made available online, there won’t be any data loss. But efforts continue to reinstate the services to normalcy.
For anti-phishing protection measures, the school has instructed all students to disable all their school-issued devices and to return the devices to the school as soon as possible.
Phishing Group Cobalt Dickens Attacks Universities
The ‘Cobalt Dickens’ hacking group which is linked to Iran has recently launched a phishing attack aimed at stealing login credentials of users at more than 60 universities in the United States, the United Kingdom, Australia, Canada, Hong Kong, and Switzerland. This attack targets intellectual property theft by redirecting the victims to spoofed login pages, where their passwords are stolen. This attack by the Cobalt Dickens was brought to light by Secureworks – Dell-owned Cybersecurity Company that discovered the activity.
This group of attackers seems to be fearless of the multiple government orders and anti-phishing services that are in place as they continue to spread malware in the online world. This present attack makes use of the same domains used in their previous attacks even in this recent one. Twenty new domains have been registered for the campaign by the attackers, a lot of which employ valid security certificates to make them seem genuine.
As per the findings of Secureworks, the recipients of the phishing attacks by Cobalt Dickens include students, faculty, and staff irrespective of their department or unit divisions in the universities.
Major Blow To Attackers: Operation Rewired
In what seemed like the most unusual step towards phishing attack prevention, the Department of Justice recently announced the arrest of 281 suspects who were allegedly involved in email scams and wire transfer fraud. This comes as the much-needed step at a time when such attacks have taken a toll on businesses.
Business Email Compromise schemes involve convincing scam emails which fool the employees into sending money. These scams are very prevalent in the recent scenario and have cost billions of dollars to thousands of firms. This step has been referred to as “Operation rewired” and true to its name, the operation sought to make 167 arrests in Nigeria, 74 in the United States, 18 in Turkey, and 15 in Ghana. Apart from these, there were also arrests in France, Italy, Japan, Kenya, Malaysia, and the United Kingdom.
As per research findings, a majority of the email scamming attacks originate in West Africa, and particularly in Nigeria, but with the movement of the attackers to other parts of the world, the attacks too have begun to originate at diverse places.
Such operations for the eradication of cybercrime have taken place in the past but this operation of arresting 281 suspects involved global coordination among law enforcement agencies, a testimony to which is the Operation reWired conducted in the U.S.
The operation at the U.S. involved the DOJ, the Department of Homeland Security, the Treasury, the State Department, and the Postal Inspection Service.
According to the Federal Bureau of Investigation, there have been over 166,000 domestic and international reports of email fraud from June 2016 to July 2019, resulting in financial losses exceeding $26 billion. Operation reWired is just the right dose of anti-phishing measure needed at the moment.