Threat actors continue to launch phishing campaigns and ransomware attacks to lure netizens into giving away PII (Personally Identifiable Information) and other critical information. The best prevention against such threats is keeping oneself abreast of the latest methods that they adopt to launch cyber attacks. To that end, here are the major phishing and data breach events of this week.
Ransomware Attack At Debt-IN Impacts African Bank Customers
The African Bank recently confirmed an attack on one of its professional debt recovery partners – Debt-IN. The ransomware attack on Debt-IN took place in early April 2021. While the initial investigation suggested that no user data was compromised, it was later found that the personal data of several customers were exposed and among these victims were also some African Bank loan applicants. However, Debt-IN assured that no data shared after 1st April was affected in the breach.
Debt-IN was quick to take measures for protection against phishing, and the African Bank also collaborated with the recovery partner to address the incident. The concerned regulatory authorities were notified, and the affected customers shall soon receive breach alerts via SMS or email. In addition to all these phishing prevention measures, the African Bank has extended free Protective Registration to affected customers.
Port of Houston Successfully Evades Cyberattack
The Port of Houston recently evaded an attack attempt by a state-sponsored hacking group. The adversaries reportedly exploited a zero-day vulnerability in a Zoho user authentication appliance. Fortunately, the Port was able to defend against the attack and ensured that no data was lost or systems affected. In response to the attack, the FBI, CISA, and the Coast Guard sent a joint advisor to the US organizations on 16th September, warning them of the risks of leaving zero-day vulnerabilities unattended.
Dubbed as CVE-2021-40539, the Zoho zero-day was being exploited from late August until 8th September when CISA finally warned Zoho about the matter and asked them to adopt anti-phishing measures. The attack has not been attributed to any particular nation’s government or hacking group so far. The CISA is working tirelessly to analyze the incident and locate the threat actor. However, the Port of Houston has refrained from commenting further on the attack.
Coninsa Ramon H Leaves Database Unprotected Online
Colombian real estate firm – Coninsa Ramon H recently left a 1 TB database containing 5.5 million files unprotected online. The database was recovered by Ata Hakçıl and his team, where it was found that over 100,000 customers were affected by this negligence. Neither was the data encrypted nor was it protected by a password – anybody on the web could easily access it.
Investigations revealed a misconfigured Amazon Web Services (AWS) S3 bucket that leaked user information. The compromised data includes the clients’ full names, addresses, email IDs, contact numbers, asset values, and amounts paid for estates. The exposed financial details date between 2014 and 2021. In addition, the database also contains the usernames, hashed passwords, and profile pictures of users. The most concerning issue in this incident is that the adversaries have deployed a malicious backdoor code in the bucket to gain access to the website and redirect visitors to malicious pages. It is uncertain whether adversaries misused the stolen data, and Coninsa Ramon H is avoiding comments in this regard.
Ransomware Hits Agriculture Business Crystal Valley
Minnesota-based agriculture business Crystal Valley recently underwent a ransomware attack. The company updated about the same on 21st September. But its site has been down since 19th September when the attack occurred. The company notified that the breach has badly affected its computer systems and that all operations of the Mankato-based cooperative are to remain shut till they are safely restored.
The company requests the patience and cooperation of customers as they find their way back from this breach. All payment cards other than local cards (Mastercard, Visa, Discover cards, etc.) are unsupported in the interim. Crystal Valley’s phone system is also down. The company assists over 2500 livestock producers and crop farmers of the region, and this system outage is not good news. Crystal Valley’s IT experts are adapting all possible anti-phishing solutions to recover from the attack and restore its operations.
BlackMatter Ransomware Hits Marcus & Millichap
The real estate investment firm – Marcus & Millichap recently underwent a cyberattack, and the BlackMatter ransomware gang is suspected to be responsible for the attack. However, in its 8-K filing with the SEC, Marcus & Millichap claims that it doesn’t consider this breach a ransomware attack. It also mentions that there has been no evidence of any data breach.
The firm took immediate anti-phishing protection measures to secure its systems and launched an investigation into the breach. Cybersecurity researchers have found a resemblance between the Marcus & Millichap attack vector and a BlackMatter ransomware sample. Though the BlackMatter ransom note does not mention Marcus & Millichap directly, it refers to a domain called mmreibc.prv, which is identical to the firm’s domain. In addition, the note also mentioned that the gang stole 500 GB of data.
The company mentions in its 8-K filing that its cyber insurance shall cover all expenses incurred in recovering from this attack. When approached for comment, Marcus & Millichap refused to comment on whether it was a BlackMatter attack that disrupted its operations but mentioned that it could recover from the attack successfully.
Ransomware Hits Barlow Respiratory Hospital
Los Angeles-based Barlow Respiratory Hospital recently underwent a ransomware attack. The attack took place on 27th August 2021 and was launched by the Vice Society ransomware gang. In the incident, the adversaries gained access to the hospital’s electronic medical record system, stole patient data, and encrypted the files. They later posted the stolen information on the dark web.
As part of its measures for protection from phishing attacks, Barlow Respiratory Hospital notified the law enforcement agencies, hired third-party cybersecurity experts, and launched an investigation. Fortunately, emergency procedures remained uninterrupted by the breach of the hospital’s IT systems.
Cyberattacker Called Deus Attacks Voicenter
The Israeli communications firm – Voicenter was recently attacked by a cyber adversary called Deus. The unidentified attacker stole 15 TB of data from the firm and put the data up for sale, posting hundreds of samples to show the nature of the stolen data. The attack significantly affected Voicenter and the communications systems of firms relying on its services. These associated companies include we4G, Mobileye, SimilarWeb, CheckPoint, Expo, AllJobs, Partner, Gett, etc.
SMS notifications were sent to all affected clients where Voicenter claimed that its systems remain unaffected and that it found no evidence of any information leak. In contrast to Voicenter’s claim, its clients report having experienced some customer service malfunctions after the attack.
Sophisticated Cyberattack Hits Family Medical Center
A sophisticated cyberattack recently targeted a healthcare company with branches in several locations in Monroe County. The Family Medical Center (FMC) operates in Monroe, Temperance, Carleton, Adrian, and Hudson. Recently, the FMC reached out to its customers to inform them about a data breach that took place in July last year. The adversaries had demanded $30,000 for the decryption key, and FMC had complied with their demand.
FMC worked with a cybersecurity firm called IDX to investigate the breach and was advised to pay the ransom to get an idea of the extent of the attack. Investigations by IDX revealed that the attackers were based in Ukraine and were just looking for financial information. No patient medical files were breached in the attack. Thus, FMC felt the need to inform all patients to look out for suspicious activities or mismanagement of their financial assets. The hospital advises patients to adopt measures to protect themselves from phishing.