Ransomware attacks have increased ominously over the last couple of years, and you would be surprised to know how innovative cyber adversaries have become in their modus operandi. Ensuring phishing protection becomes problematic when the attackers don’t stick to one strategy or name, and that is where the role of keeping abreast of the latest data breaches comes in. Following are the major data breaches in the past week.
Colossus Ransomware Gang Seems Very Active In The US
Security researchers at ZeroFox have identified that the Colossus ransomware gang has frequently attacked US citizens in the last week. The adversaries are primarily targeting Windows systems, and in one attack, they threatened to leak the 200 GB data stolen from a US-based automotive group of dealerships. Colossus had demanded a ransom of $400,000 for the decryption key and asked the victim organization to contact them on the support page of a custom domain.
It is suspected that Colossus is linked to one of the existing ransomware-as-a-service (RaaS) groups as its ransom note is quite similar to those from REvil and EpsilonRed. This also hints at the possibility of the same cybercrime group functioning under different names from time to time, appearing, disappearing, reappearing, and rebranding along the way. Colossus has used Tucows to register its domain for the support portal with DNSPod as its DNS provider. While no ransomware leak site exists for Colossus at the moment, it doesn’t mean that they cannot come up with one. Victims of Colossus attacks are advised to look out for suspicious activities in their accounts and adopt necessary anti-phishing measures.
Navistar Exposes 49k Records
After a cyberattack was detected in its IT systems on 20th May 2021, the American holding company Navistar hired external cybersecurity experts to investigate the breach and found that its systems were accessed and data stolen by unauthorized third parties. Soon after, on 7th June, Navistar filed 8-K papers to warn investors of the breach, which generated wide press coverage about the unfortunate incident.
By mid-August, the investigations revealed that the adversaries had indeed accessed the personal details of Navistar’s life insurance and healthcare plan participants. The compromised information includes 49,000 records of Navistar’s present and former employees. These records include their names, dates of birth, addresses, and Social Security numbers. As part of its measures for protection against phishing, Navistar is notifying all affected employees and offering them two years of complimentary identity theft protection and credit monitoring. Furthermore, the affected individuals are advised to look out for suspicious phone calls, texts, or emails as there are high chances of targeted phishing scams against them.
Data Breach Hits Horizon House, Inc. And Samaritan Center of Puget Sound
The Philadelphia-based mental healthcare provider – Horizon House, Inc., underwent a data breach in late winter, which compromised the personal health information (PHI) of 27,823 people. Soon after the intrusion was detected on 5th March, Horizon House began an investigation soon after detecting the attack, which revealed that its IT systems were infected with ransomware. Later, the mental healthcare services provider released a security notice informing people that its systems were hacked and data stolen between 2nd and 5th March 2021.
Horizon’s investigations revealed that patient data such as their names, social security numbers, addresses, driver’s license numbers, dates of birth, financial details, medical records, state identification numbers, health insurance details, etc., were exposed. As part of its measures for protection from phishing attacks, Horizon House has notified all affected individuals of the breach and asked them to remain vigilant.
The Seattle-based Samaritan Center of Puget Sound issued a similar data breach notice after adversaries stole their computers, servers, and other electronic equipment. While the stolen computers were password-protected, they could be easily compromised using brute-force attacks. The stolen server stored 20,866 patients’ names, addresses, social security numbers, phone numbers, appointment dates, charting content, insurance details, billing statements, training videos, etc., dating on or before 19th July 2021.
Ransomware Hits Lufkin ISD
The Lufkin Independent School District recently underwent a ransomware attack. As per its social media posts, the district’s anti-phishing measures worked in time to contain the attack by shutting down all systems. The school is currently investigating the breach and looking for any data that may have been compromised.
So far, Lufkin hasn’t received any ransom requests, and the ISD is working on restoring all systems. The attack also affected the air-conditioning units on different campuses. It has sought the expert help of Dell engineers from New York and hopes to be back in operation soon.
Forward Air Reveals Ransomware Attack After a Year
In November-December 2020, the trucking giant Forward Air underwent a ransomware attack that exposed the personal details of its employees. The attack, which was attributed to a new ransomware gang called Hades, disrupted the operations of Forward Air and shut down its network. Consequently, their business operations were affected, and the company was unable to release freight for transport, causing a loss of over $7.5 million in freight revenue.
Later investigations revealed that it was the Evil Corp ransomware gang that had launched the attack in the name of Hades. After this attack, the adversaries had even created a Twitter account to post all the stolen data, but fortunately, they did not leak the stolen information. One year after the incident, Forward Air is now sending breach notifications to the affected present and former employees. The notification clarifies that Forward Air detected the attack on 15th December 2020 and took immediate measures to prevent phishing attacks.
The compromised employee information includes their names, date of births, addresses, Social Security numbers, passport numbers, driver’s license numbers, or bank account numbers. Forward Air is quite confident that the adversaries have not misused the compromised data. Nonetheless, it is offering one year of free credit monitoring to all affected individuals. It further asks all victims to closely monitor their bank statements and credit reports for suspicious activities or phishing attempts.
Ransomware Hits Hawaii Payroll Services LLC
Hawaii Payroll Services LLC recently underwent a ransomware attack that exposed the personally identifiable information of around 4,500 customers. The compromised data includes their names, dates of birth, bank details, and social security numbers. Investigations into the incident revealed that an unauthorized third party accessed the payroll service’s systems between 15th to 16th February 2021. The attacker had compromised a client account number to launch a privilege escalation attack and disable the security software of Hawaii Payroll Services LLC.
Soon after detecting the attack, the payroll service approached the third-party vendor handling its IT operations and asked it to evaluate the extent of the attack and suspend all remote client access. As part of its measures for phishing attack prevention, the service sent letters to all victims in late May, but some of these letters returned unopened. The company is still trying to recover some of the encrypted data, and fortunately, there is no evidence of the misuse or leak of any compromised data.
Data Breach Hits Neiman Marcus Group
The American department store company Neiman Marcus Group recently underwent a data breach and is now alerting millions of customers about the same. The company has sent breach notifications to over 4.6 million customers, informing them of the compromise of their online accounts by adversaries in May last year. The compromised information includes customers’ names, usernames, passwords, payment card details, etc. The payment and gift card details of over 3.1 million of these 4.6 customers were exposed. However, 85% of these card details were invalid or expired.
As part of its phishing prevention measures, Neiman Marcus informed law enforcement and hired a cybersecurity firm called Mandiant to investigate the incident. Company CEO Geoffroy van Raemdonck has reassured people of Neiman Marcus’ integrity towards protecting and upholding customer interests and mentioned the enhanced security measures the company has adopted to prevent such attacks in the future.