Threat actors just need one opportunity to infiltrate your device and accounts online and get access to all your PII (Personally Identifiable Information). And phishing is one of the primary ways they use to set their malicious plans in motion, such as for data breaches, identity thefts, etc. This is why it is crucial to adopt basic cyber hygiene, so you can easily identify signs of phishing. Here are this week’s news headlines to keep you abreast of the latest phishing happenings.
Data Breach at Planned Parenthood Los Angeles
The reproductive healthcare provider Planned Parenthood Los Angeles recently informed over 400,000 patients of a data breach where adversaries accessed their personal information. The unauthorized access of its system was first noticed on 17th October, and the hospital immediately informed law enforcement and took phishing prevention measures. So far, it has no evidence of patient data being used for fraudulent purposes, but the investigations suggest that it was a ransomware attack. Planned Parenthood is yet to announce the name of the ransomware gang and whether it paid a ransom.
The hospital solely focuses on informing and supporting the patients whose data was compromised in the incident. The compromised patient data includes their addresses, DOBs, insurance numbers, medical data such as treatments received, prescriptions, diagnoses, etc. Planned Parenthood Los Angeles has hired an external cybersecurity organization to investigate the breach as it holds patients’ data to be of utmost importance.
Cyberattack Hits Panasonic
Famous Japanese electronics giant Panasonic recently underwent a security breach where unauthorized third parties accessed their network and transferred files from one of its file servers. The breach took place between 22nd June and 3rd November, and Panasonic’s investigations revealed that some files from its system were accessed during that period.
The organization detected the breach on 11th November and immediately took anti-phishing protection measures to contain its spread. It also informed the relevant law enforcement authorities. In addition, the enterprise is working with an external cybersecurity specialist organization to examine the nature and extent of the breach. The tech giant has made no further comments.
Data Breach Hits DNA Diagnostics Center
The Ohio-based DNA testing organization DNA Diagnostics Center (DDC) recently discovered a data breach in its systems affecting over 2.1 million of its patients. The unauthorized access of DDC’s network was first detected on 6th August, and soon after noticing the intrusion, DDC launched an investigation into the breach.
The analysis revealed that the attack impacted patients’ data collected for its 2012-acquired national genetic testing organization system. This personal information was collected between 2004 and 2012. Though the system wasn’t very active in DDC’s operations, the center is doing everything it can to contain the attack’s spread. The adversaries are suspected of having stolen patients’ files between 24th May and 28th July. The data involved in the breach includes their names, bank account numbers, social security numbers, and payment card details. DDC offers free credit monitoring services to all 2.1 million patients as part of their remedial measures.
Beware of Banking Trojans Circulating on Google Play Store
Cybersecurity experts at ThreatFabric have discovered four Android banking trojans that had remained hidden and yet infected over 300,000 devices by listing malicious apps on Google Play Store between August and November 2021. Adversaries used multiple dropper apps to bypass Google Play Store’s security checks. They also use a variety of strategies to evade detection; these include the use of meticulously planned small malicious code updates, look-alike command-and-control (C2) websites to match the theme of the dropper app and avoid detection, etc.
These droppers are primarily designed to spread the Android banking trojan Anatsa, ERMAC, Alien, and Hydra. Some of the dropper apps available on Google Play Store include PDF Document, Protection Guard, Two Factor Authenticator, QR CreatorScanner, QR Scanner 2021, CryptoTracker, Gym, Fitness Trainer, etc. This growing use of droppers is because the adversaries are trying to minimize their malicious footprint to evade detection by the anti-phishing measures of the Google Play Store.
Ransomware Hits Supernus Pharmaceuticals
A ransomware attack recently targeted the biopharmaceutical enterprise Supernus Pharmaceuticals, which compromised a large amount of data from its network. The attack is supposed to have occurred in mid-November when attackers accessed some enterprise systems, deployed malware, and warned of leaking the stolen data. However, Supernus Pharmaceuticals claims that the attack had no impact on its business and operations. It further cleared the air and expressed its lack of interest in complying with ransom demands.
Supernus Pharmaceuticals could recover all of its impacted files and also took measures to ensure protection from phishing in the future. The Hive ransomware gang claimed responsibility for the attack and said it could exfiltrate over 1,268,906 files (1.5 TB data) from Supernus’ systems. It seems interesting to note the difference in the company’s statements and the ransomware operators – while the organization claims that it has made no ransom negotiations, according to Hive, Supernus has been negotiating the amount since the beginning. Hive further mentioned that it is in the process of leaking the data stolen from Supernus.
Cyberattack Hits Lewis and Clark Community College
Godfrey-based school – Lewis and Clark Community College recently underwent a cyberattack where adversaries accessed its computer network. While nothing indicates that the attackers gained control over any system, the college had to shut down its operations for a week to contain the attack’s spread. College president Ken Trzaska says that shutting down systems was necessary to analyze the breach and be better prepared for similar incidents in the future.
The college received a ransom request, and though the amount wasn’t revealed, the demand in itself is pretty significant to suggest that the college was perhaps affected severely. The attack timing collided with the academic pressure that usually accompanies the beginning of the holiday break. As part of its measures for protection against phishing, the college has informed the FBI and police. It is doing everything in its capacity to restore systems at the earliest.
Threat actors Target IKEA Employees
Malicious actors are using stolen reply-chain emails to target IKEA employees with an internal phishing campaign. The adversaries first compromise a mail server and then use this access to reply to internal organization emails using reply-chain attacks. This tactic automatically avoids detection as the emails come from legitimate internal IDs. The adversaries also use this strategy to target unsuspecting business partners. To prevent data breaches and other cyber-attacks, IKEA has warned its employees to look out for such reply-chain phishing emails.
In its email to employees, IKEA warns them that not only are adversaries sending emails to IKEA employees, but they are also creating confusion and launching cybercrimes targeting inter IKEA setups, business associates, and suppliers, etc. Since these emails come from people within the company’s network, detecting these becomes difficult. Therefore, IKEA urges its employees to follow phishing prevention tips and scan emails even from trusted sources.
Interpol Arrests 1003 Cybercriminals
In a mass arrest, Interpol takes 1003 cybercriminals under custody for indulging in several cybercrimes like investment and romance scams, money laundering, etc. Interpol conducted an international operation in collaboration with the law enforcement of 20 nations. This operation was code-named HAEICHI-II, and it could identify ten new attack schemes. The nations involved in project HAEICHI-II (from June to September 2021) include Cambodia, Brunei, Columbia, India, Angola, China, Japan, Ireland, Korea, Indonesia, Malaysia, Laos, Philippines, Maldives, Singapore, Spain, Romania, Slovenia, Vietnam, and Thailand.
The Interpol authorities blocked 2,350 bank accounts associated with malicious online practices and seized over $27 million. The operation results suggest that the increase in financial crime caused by the Covid-19 pandemic is nowhere near waning. Therefore, collaborative measures to prevent phishing attacks are a need of the hour.