Data is one of the most valuable information assets in the world today, and therefore data breaches are such a big deal. This week, the cyber news headlines highlight the significant instances of millions of people losing their data and funds to malicious cyber adversaries. Implementation of robust phishing protection measures is the need of the hour and here is why we need to rethink our digital security decisions.

Data Breach Hits Conti Ransomware Group

Popular cybercriminal group Conti was recently affected by a data breach which may seem ironic. A Swiss cybersecurity enterprise called Prodaft exploited a vulnerability in Conti’s recovery servers to access one of its most sensitive servers used for negotiating and receiving payments from victims. Using this server, the researchers could track down the actual IP addresses of Conti’s recovery website. The server is said to be hosted on ITL LLC-owned IP address 217.12.204.135. The Prodaft team used its privileged access to one of the most notorious ransomware operators‘ internal servers to monitor its network traffic for weeks before being vocal about the achievement.

However, limited information could be gathered about Conti as all the SSH IP addresses were owned by Tor exit nodes and didn’t lead to the ransomware operators. The Prodaft report still contains important details about the Conti server OS. It is, therefore, a threat to the ransomware group as it has now become vulnerable to attacks by rival attacker groups. Thus, Conti had to bring down its payment portal, which in turn extended the downtime at its victim companies who could no longer negotiate or pay ransoms. Such prolonged downtime at a ransomware gang’s server is unusual as they are usually aware of the phishing prevention strategies needed to overcome such incidents!  Conti took over 24 hours to restore its payment portal and posted an insult-filled statement on its blog announcing its return. The Prodaft findings can certainly be used to take legal actions against the threat actor and its affiliates.

 

Data Breach Hits Utah Imaging Associates

The radiology medical center Utah Imaging Associates noticed unauthorized third parties accessing its internal databases back in September. The center is now sending out breach notifications to current and former patients, informing them about it. The sensitive personal information of over 583,000 patients was compromised in the security incident. This data included their names, mailing addresses, DOBs, social security numbers, health insurance numbers, medical reports, prescriptions, etc.

As part of its phishing attack prevention measures, Utah Imaging Associates has informed the US Department of Health and Human Services about the breach and begun its internal investigations. No further details on the type of attack or nature of data loss have been released. However, the radiology medical center has adopted the necessary anti-phishing solutions to fight such an intrusion in the future.

 

Employee Quitting and Joining Pfizer’s Rival Organization Steals Confidential Information

A soon-to-be-formal employee of the pharmaceuticals giant Pfizer was recently caught making offline copies of its sensitive COVID-19 vaccine-related discoveries, just days before quitting her job at Pfizer and joining a rival enterprise. Pfizer filed a complaint against Chun Xiao (Sherry) Li at the California district court for allegedly transferring 12,000 files to a Drive account from Pfizer systems. These files also include information on new drug developments and analysis of vaccine studies. Interestingly Li was associated with Pfizer’s product development group in China for ten years before transferring to San Diego. She uploaded the files to the personal drive over three days and, when interrogated, defended herself by saying that she was only organizing her files offline. A copy of the offer letter from the pharma enterprise Xencor was also recovered from her mailbox. Soon after the official interrogation, Li deleted all files she had transferred, which is again proof of her criminal actions.

It is not uncommon to see pharmaceutical companies being spied on by state threat actors and financially motivated hackers, but seeing such an impulse in an employee with such prolonged association with an organization is rare. Pfizer took anti-phishing protection seriously and took immediate actions to secure its systems from the employee.

 

Ransomware Hits Swire Pacific Offshore

Swire conglomerate’s marine services division – Swire Pacific Offshore (SPO), was recently targeted by the Cl0p ransomware gang. Consequently, the classified proprietary commercial information and some personal information may have been exposed. Although SPO hasn’t mentioned how adversaries got into its network, it noted that the breach came to its notice because of Cl0P’s blog post update, where it flaunted its successful intrusion into their network. Global SPO operations remain intact, thanks to the many measures for protection against phishing the division took instantaneously.

In continuation of its anti-phishing measures, SPO has reported the incident to the concerned authorities and extended its cooperation for all related investigations. SPO employee records from Singapore, Malaysia, and even the UK, China, and the Philippines have been affected. The compromised employee information includes their names, addresses, email addresses, passport scans, bank details, enterprise names, email backups, and contact numbers.

 

Cyber Attack Targets S&R Membership Shopping

Philippines-based S&R Membership Shopping recently underwent a cyberattack that has potentially affected 22,000 S&R members. The National Privacy Commission (NPC) received the breach notification from the organization on 15th November and released a public statement nine days later. As per this NPC report, the personal information of S&R employees, including their gender, contact numbers, and DOBs, have been compromised.

Fortunately, no financial or payment card details of users were affected. S&R is now working on securing its system against further attacks, restoring its systems and compromised data. To ensure that victims adopt the phishing prevention best practices, the NPC has further instructed S&R to send individual breach notifications to all victims and engage third-party cyber experts to create a technical report of the entire episode.

 

Data Breach at Huntington Hospital

Due to an employee’s unauthorized access of patients’ personal health information, Huntington Hospital is now approaching 13,000 patients with breach notifications. A night shift employee had misused his access to patients’ electronic medical records back in 2018 and violated the hospital’s privacy policies. Soon after, the employee was fired, and an investigation was launched into the breach. To ensure protection from phishing for all, Huntington Hospital also notified law enforcement about the incident. The delay in sending breach notifications to patients, too, is a result of the much-thoughtful advice of law enforcement. The former employee now faces criminal charges for HIPAA violations.

There is no evidence to prove that the former employee accessed the card numbers, social security numbers, insurance details, or other confidential patient information. But he sure did access the demographic-type patient information, including their names, contact numbers, DOBs medical details, etc. Since Huntington Hospital already had a robust cybersecurity training program and stringent threat protection regulations in place, it could take the necessary measures to prevent such an incident from occurring again. Further, the hospital has extended a year of complimentary identity theft protection to all victims.

 

Cyber Attack Targets True Health New Mexico

A cyberattack has exposed over 62,000 US citizens associated with True Health New Mexico to the risk of losing their personally identifiable information to adversaries. The New Mexico-based healthcare insurer that provides health insurance services to employers across the region released a security alert informing people of the security incident where an unidentified third party accessed its IT systems. The breach occurred in early October 2021 and affected the files belonging to current and former True Health New Mexico members and some providers.

The compromised information could include policyholders’ names, addresses, DOBs, email IDs, insurance details, social security numbers, medical details, etc. While there is no evidence of the misuse of user data, True Health is sending breach notifications to all potential victims. In addition, the insurer is also providing them with anti-phishing services like a 24-month free credit monitoring option.