With 1.5 million new phishing sites coming up every day, phishing prevention is not an objective that is going to be a success anytime soon. Besides, the war against cybercriminals is not just about phishing. The adversaries launch various destructive cyber attacks each day, and there is no escape from these. You might be the next target of the attackers, and therefore exhibiting preparedness is very important. Here we have a compilation of the top news headlines from the past week in cybersecurity that shall help you enhance your knowledge on the subject:
H&M Caught Spying On Its Employees
The world talks of phishing attempts by outsiders, but here we have an instance of the employer spying on its employees. The Swedish clothing retailer H&M has recently been alleged to spying on its German customer service representatives. 60 GB worth of personal details of employees was found on a hard drive, which contained information as sensitive as the health records of employees. These records were accessible to all company managers.
The fashion retailer kept a systematic track of the life of all its German employees by tracking a range of personal details, starting from whether they had bladder weakness or cancer to their family disputes or holiday experiences.
Law enforcement officials from the site obtained a hard drive containing around 60 GB of very personal information on the employees.
German privacy watchdog Hamburg is presently investigating the matter. The officials from the German unit of H&M have extended their cooperation to data protection officials to prevent phishing attacks from occurring because of the retrieved employee details.
The company is likely to be imposed with fines because of this major violation of employee privacy.
Hackers Target Servers Of The United Nations
In planned and adequately executed cyber espionage, attackers targeted some machines belonging to U.N. offices in Geneva and Vienna last year. They were very sneak in executing their plans and left absolutely no track behind.
Dozens of servers belonging to the United Nations were compromised, which included the server of the U.N. Human Rights Office. Although officials haven’t been able to trace the extent of data leaked in the incident, they have assured that the systems have now been restored. They assume that perhaps the attacker had tie-ups with someone in authority because nothing else explains the sophistication involved in the attack.
U.N. spokesman Stephane Dujarric said that the attackers targeted only those machines which they believed contained sensitive information. However, the losses are now under control, and phishing prevention measures are being taken.
An internal document from the U.N. Office of Information & Technology reveals that 42 servers were compromised, and 25 servers were most probably being spied upon – all at the Geneva and Vienna offices. Of these, three servers belonged to the Human Rights agency, and two belonged to the U.N. Economic Commission for Europe.
Security researcher Matt Suiche suspects that attackers entered the servers via an anti-corruption tracker at the U.N. Office of Drugs and Crime. A list of Romanian IP addresses was found, which were probably used to launch the attack.
More Social Security Frauds Reported By FBI
An increase in spoofing of FBI phone numbers has been reported by the U.S. Federal Bureau of Investigation (FBI). These spoofing attacks are mainly launched to get the social security number and other personal details of employees. The attackers spoof the real phone number of a government agency or service which appears on the recipient’s caller ID along with a fake name and badge number.
With so many seemingly legitimate details, an attacker easily convinces the people to send them money in various forms, and in most cases, the attacker prefers unconventional means of payment.
The FBI reported that the phone number of its headquarters (202-324-3000) is used most often for attacks by adversaries. In these scam calls, the attackers inform the victim that their Social Security number (SSN) has been suspended and can only be reactivated by making a payment. In their haste to save their SSNs from being suspended, people usually agree to pay the money which they attackers often demand in the form of gift cards. Once they get the code, the attackers abruptly hang up.
As many as 14,000 individuals reported government impersonation scams to the Internet Crime Complaint Center last year. And the reported losses were more than $124 million.
To protect yourself from phishing, you must ensure that you do not give out any sensitive personal information (banking information, SSNs, etc.) to outsiders, no matter what forms of the threat they use. If you happen to receive a phone call from such a number, immediately report it to the authorities, taking adequate anti-phishing measures.
Millions Of Customer Details Exposed: Wawa Breach
The payment card details of more than 30 million Americans and 1 million non-Americans have been put up on Joker’s Stash for sale. While the American cards are selling for $17/card, the non-American cards are selling for $210/card on the largest carding fraud forum on the internet.
Selling under the name of T BIGBADABOOM-III, the card details belong to a US East Coast convenience store chain called Wawa. Wawa had notified about a malware induced data breach last month where its 860 convenience retail stores were affected. These card details on Joker’s Stash are proof that the malware that silently stole Wawa’s details for months (from March 4 to Dec. 12) has perhaps launched the most massive payment card breach of 2019 and of all times.
Although Wawa claimed that it removed the malware from its systems after detecting it, yet the damage had been done, and now the credit and debit card details of over 30 million Americans and an extra million people from across the world are exposed online.
Wawa said that it had instructed its payment card processor, payment card brands, and card issuers to increase their anti-phishing protection measures and fraud monitoring activities to ensure that no more instances of breach of customer information take place. Wawa has extended its cooperation to law enforcement to get to the roots of the hack.
Wawa claimed that no debit card PINs, credit card CVV2 numbers, or other personal information were compromised in the attack, but researchers found CVV2 numbers in some of the card samples despite the claims of Wawa.
Beware Of Fake Singapore Police Sites
In the latest scam, the attackers are impersonating the Singapore Police Force by approaching the public from a fake police website that tricks people into believing that their web browsers have been blocked.
The Singapore police informed that the adversaries had developed a full-screen mode of a web browser that shows victims a Windows 10 desktop image displaying an impersonated website of the Singapore Police Force. This image fills up the whole screen of a victim’s computer, stopping them from clicking the Start menu, or close and open applications.
The impersonated site accuses victims of viewing materials forbidden by the law of Singapore and warns them of blocking their browsers because of this. The fake site then instructs the victim to make a payment of $1,000 fine through a credit card within six hours to unlock his Web browser. And, a message is displayed saying that in case he doesn’t make the payment, serious criminal actions will be taken against him.
The victim needs to enter his credit card details (card number, his name, card expiry date, and CVV) on this fake website. The police said that their actual website address is www.police.gov.sg, and any site other than this is an apparent impersonation attempt.
What To Do?
The following phishing prevention tips might come handy in case such a fake website tries to manipulate you to give out sensitive details:
- In case a person comes across such a phony police website, he must press his computer’s Alt+Tab keys and try to return to his normal desktop display.
- Alternatively, he can press the Ctrl+Alt+Delete keys to open the task manager to end any web browser processes.
- Under any circumstances, the user must not give out his personal information and bank details like bank account usernames, passwords, and one-time passwords (OTPs).
Cornerstone Payment Systems Exposes 6.7 Million Customer Records
Cornerstone Payment Systems – a US-based payment processor facilitating the online transactions of ministries, nonprofits, and other morally aligned businesses including churches, religious radio personalities, and pro-life groups was recently alleged to leave the details of 6.7 million customers unprotected online.
Claiming to be a Christian-friendly payment processing company, Cornerstone Payment Systems exposed the details of customer payment transactions since 2013. This database was found online by security researcher Anurag Sen. The database included details such as the name of the customer, their email addresses, and postal addresses (in some cases). Other exposed details included the name of the merchant, the card type, the last four digits of the card number, and its expiry date. The database also included the dates and times of the transaction and the payment status.
The database was not encrypted to ensure protection from phishing; it merely contained tokenization, wherein, a unique string of letters and numbers is used to protect the data. Security researchers contacted two people whose details were available in the database, and they confirmed that all their credentials were accurate.
Upon being informed, Cornerstone Payment Systems did not delay in bringing down the database. They have also claimed to have secured their server access. They are now adopting anti-phishing solutions and locking down all URLs. It is not known yet whether they will inform state regulators about this security lapse, although, they ideally should.
Iranian Ransomware Targets Industrial Control Systems
Tel Aviv-based Israeli cybersecurity firm – Otorio found that the Iranian ransomware ‘Snake’ can lock up and even delete industrial control systems. Otorio deals with industrial control systems (ICS), and hence its claims that the ransomware called “Snake” can encrypt programs and documents on infected machines cannot be taken lightly. Snake not only encrypts files, but it also deletes all files from the infected device, thereby making recovery of files nearly impossible.
Otorio research indicates that Snake looks for hundreds of specific programs that include many industrial processes of General Electric Co. to stop their functioning and encrypt them. Once ICS processes are deleted or locked, access to production-related operations such as analytics, configuration, and control get curtailed for the managing team.
The Iranian Foreign Ministry was contacted about this, but they did not respond to calls. General Electric, on their part, said that they are familiar with a ransomware family that targets the industrial control system. They said they would extend their support to all customers in need of anti-phishing services.
Bahrain Petroleum Co (Bapco) is another company that stands at the risk of a Snake attack. Otorio suspects this for two reasons; one, Bapco uses GE equipment, and two, its name was found in Snake’s code. Otorio’s findings suggest that it is almost impossible that some actors other than Iran could be responsible for this campaign. All attempts at establishing contact with Bapco have failed so far.
$80,000 To Go In After-Attack Expenses: Dunwoody
The last in the queue of cyberattacks on the Atlanta government, the attack on Dunwoody that was detected on Christmas Eve, is likely to cost the city at least $80,000 as per official estimates.
Although the quick phishing attack prevention measures of the Dunwoody staff ensured that zero data was compromised in the attack, yet the attack cost the city $79,853 in additional payments to InterDev. Jay Vinicki, the assistant city manager, has approached the elected council officials to sanction payment of $125,000 to the contractor to meet all probable expenses related to the cyberattack.
Police chief Billy Grogan recently informed The Atlanta Journal – Constitution that the attackers have demanded a ransom in Bitcoin, but he did not disclose the amount demanded. In assuring minimal losses, some computers and servers had to be formatted. The city’s computer network could be reestablished after quite a few days. The fact that they had data backups saved them a lot of trouble.
Although the police department had to work manually for some time, yet the price the city paid for the attack is meager compared to some of the ransomware attacks that happened in the past few years.
Fake Transactions At Chrome Web Store
Chrome Web Store has temporarily stopped all commercial extensions from being published or updated. This restriction has been brought in because of the enormous rise in the number of fake transactions in paid Chrome extensions targeted at exploiting and misleading users. These fraudulent transactions have been happening throughout the month, and hence the ban is effective for all paid extensions.
Chrome extensions that need an installation fee, monthly subscription, or one-time in-app purchase to get access to various features are among the services that come under the ban. But existing commercial extensions remain unaffected and can still be downloaded from the official Chrome Web Store. However, extension developers cannot publish new updates for these extensions.
Developer Advocate for Google Chrome Extensions – Simeon Vincent says that this is a temporary security measure implemented until any permanent solution is found. An automated message notifies all extension developers trying to publish a new paid Chrome extension or update their commercial extension, which reads: Spam and Placement in the Store.
National Football League Teams Have Their Social Media Hacked
Over twelve teams playing in the US National Football League underwent a hack of their Twitter and Facebook accounts recently. These teams included the San Francisco 49ers and Kansas City Chiefs, who shall be opposites in the Super Bowl Championship on 2nd February. The hackers responsible for the attack have owned up their act and said that they wanted to show that phishing prevention software still lags behind the sophisticated hacking schemes.
Twitter, Facebook, and Instagram accounts of 15 National Football League teams were compromised by hacking group OurMine. The compromised accounts were locked as soon as the hack was discovered. However, most compromised accounts had the same message posted which read: Hi, we’re back. We are here to show people that everything is hackable.
Other accounts had their profile pictures or headers erased. OurMine first attacked the Chicago football team early on Sunday morning and posted bogus tweets from their account. Other targets were the accounts of the Kansas City Chiefs, Green Bay Packers, Dallas Cowboys, Tampa Bay Buccaneers, Los Angeles Chargers, San Francisco 49ers, Denver Broncos, Indianapolis Colts, Houston Texans, New York Giants, Philadelphia Eagles, Cleveland Browns, Arizona Cardinals, and Chicago Bears.