Phishing prevention tips can be best utilized when you are abreast of the latest cyber headlines. Here are the latest cyber attacks from this past week
Armenia-Azerbaijan War Exposes Navy Details
The recent warfare between Armenia and Azerbaijan for the Nagorno-Karabakh region has led to the leak of 18,872 entries belonging to over 10,000 Azerbaijan Navy personnel. The leaked database contained the full names and surnames, dates of birth, passport numbers, and expiry dates of Azeri navy sailors.
Luckily, some of these passports have already expired, but others remain valid up to 2025. In addition to the personal details, headshots of the sailors were also available in the leaked database. Although the file was small (2GB), it was protected with an obvious war-related password.
Cyberattack on Universal Health Services
The Universal Health Services underwent a significant cyberattack on the morning of 27th September 2020. The hospital system has been trying to re-establish its network and operations since then. Although some services have recovered, a lot still needs to be figured out.
Meanwhile, the hospital has reverted to the offline mode of operation and relying on backups to keep functioning. No patient or employee data was breached in the attack. The attack has certainly not affected the quality of patient care. However, the security incident and associated phishing prevention best practices have made life quite strenuous for the staff, doctors, and members.
Ransomware Hits Ashtabula County Medical Center
In another ransomware attack on a healthcare facility, the Cleveland-area Ashtabula County Medical Center has been a victim. The center is experiencing a downtown exceeding a week because of which all elective procedures have been postponed.
Their computer systems have been down since 21st September, but the emergency department has been operational. Besides adopting phishing attack prevention measures, the medical center ensures that services reach the needy and that emergencies are duly attended.
Ransomware Hits Arthur J. Gallagher & Co.
The global insurance brokerage firm Arthur J. Gallagher & Co. recently underwent a ransomware attack, the impacts of which were luckily not adverse. Although the firm hasn’t disclosed any further details on the nature of the attack, the security researcher Troy Mursch states that AJG was using two F5 BIG-IP servers vulnerable to CVE-2020-5902, which was probably exploited by the hackers.
However, the firm was proactive in adopting anti-phishing solutions and immediately brought down its global systems. They have also collaborated with cybersecurity and forensics professionals to investigate the attack. Their operations revived soon after, and they don’t speculate any significant loss to business because of the attack.
No Malware Impacts On CMA CGM Communications
The Container shipping group CMA CGM recently underwent a malware attack that brought down its online systems. However, the group has notified that no communications were affected in the cyber attack.
The group has adopted phishing prevention measures and offered alternatives to customers for uninterrupted services. They have reassured stakeholders that all communications made to and from the CMA CGM Group are secure. Also, it’s maritime and port operations are safe from the attack.
Indian Defense Force Targeted By APT Group
The Indian defense forces and armed forces personnel have been the targets of an APT group for quite some time now. The adversaries were working on a campaign called Operation Sidecopy, which was evading the anti-phishing tools of security researchers by copying tactics, techniques, and procedures of the Sidewinder APT group.
While no concrete proof exists, it is suspected that the Operation Sidecopy campaign has links with Pakistan’s Transparent Tribe (APT36) group. These threat actors continually evolve and use a template injection attack and exploit the CVE-2017-11882 vulnerability as the initial infection vector. They also use data exfiltration tricks and the DLL sideloading technique for their intelligence collection operations.
Flight Tracking Websites Hacked
Cyber Attackers temporarily disrupted the services of the two famous flight tracking websites – Flightradar24 and PlaneFinder recently. While Flightradar24 was attacked three times in two days, PlaneFinder was subjected to multiple attacks. Because of the episode, PlaneFinder users were unable to access live feeds as the website. On its part, PlaneFinder requested users to remain patient as they work on restoring their systems.
Flightradar24, too struggled to revive its services after three consecutive attacks. However, both platforms adopted anti-phishing protection measures and could successfully restore their services by 29th September.
Cyberattack Hits Cryptocurrency Exchange Kucoin
The cryptocurrency exchange KuCoin was robbed of around $150 Million from its hot wallets in a recent cyberattack. The hack was detected when KuCoin noticed some large withdrawals on 26th September. Soon after, KuCoin took phishing protection measures and initiated a security audit. The research revealed that the adversaries stole Bitcoin assets and ERC-20-based tokens, among other tokens.
As deposits and withdrawals remain inactive, KuCoin has assured users of reimbursing their lost funds.
Cyberattack On Scouts Victoria
The Australian company Scouts Victoria underwent a phishing attack in late July and early August this year. Recently, they sent out emails to the affected people. The adversaries got access to two staff email accounts and a shared dropbox because of which a plethora of private information belonging to their customers was compromised. These details included their names, email addresses, driver’s licenses, residential addresses, medicare details, passport numbers, tax file numbers, signatures, bank account, criminal history information, parenting orders, etc.
Scouts Victoria has notified the Office of the Australian Information Commissioner (ATO), and the ATO has taken necessary measures for protection from phishing. The Human Services Department has also been contacted to protect the affected people from any Medicare-related fraud. They advise people to refrain from opening any email attachments from suspicious senders.
The Penalty For Hacking – Nikulin’s Story
The United States has convicted Russian Yevgeniy Aleksandrovich Nikulin to 88 months in prison for hacking LinkedIn, Dropbox, and Formspring in 2012. Nikulin was also responsible for the 2013 cryptocurrency theft from BitMarket.eu. He has stolen credentials from an estimated 117 million Americans and earned over $6,200 by selling these credentials on the dark forum.
After the hearing, he was sentenced to 88 months in prison and three years of supervised release. He has also been ordered to pay $514,000, $1 million, $20,000, and $250,000 to Dropbox, LinkedIn, Formspring, and WordPress, respectively, as compensation.