Cyberattacks can be curbed significantly by adopting effective phishing prevention measures. This week’s news headlines demonstrate the importance of effective cybersecurity measures and re-emphasize the need for organizations to incorporate them to safeguard their information assets.
Ransomware Hits Swissport International
The aviation services company – Swissport International Ltd. recently underwent a ransomware attack that disrupted its operations across its 307 locations in 50 countries. Though the ransomware operator’s name has not been disclosed, Swissport International said that the attack caused a delay in operations and flight departures. Reportedly, limited sections of the company’s IT system were affected, and Swissport’s Twitter post confirms that most of the attack has been contained already.
A spokesperson from the Zurich airport mentioned the attack on Swissport caused 22 flights to be delayed by 3-20 minutes. While ground services continue to be provided, flight delays are bound to happen. No ransomware gang has owned the Swissport attack so far. Despite the attack affecting many Swissport locations, it did not have the desired impact on the aviation services company, primarily because of the robust phishing attack prevention measures adopted by Swissport International.
Cyberattack Hits Washington State Department of Licensing
The Washington State Department of Licensing recently detected some suspicious activity in its licensing system that may have exposed the PII (Personally Identifiable Information) of millions of licensed professionals. After detecting the attack, the agency shut down its online platform to contain the attack’s spread. The data stored on the agency’s system (known as POLARIS) includes professionals’ DOBs, social security numbers, and driver’s licenses.
So far, there is no evidence proving access to stored data or the exact number of individuals affected. As part of its phishing protection measures, the licensing agency has collaborated with the Attorney General’s Office, the state Office of Cybersecurity, and an external cybersecurity firm to evaluate the extent of the attack.
As a result of the attack and the consequent shutdown of the POLARIS system, firms and professionals have not been able to apply for new licenses, renewals, or modifications. While the size of the breach remains uncertain, one can estimate the extent by looking at POLARIS’s clientele which includes around 23 business types and professions.
Cyberattack Hits Memorial Hermann Health System
A cyberattack recently hit the Memorial Hermann Health System, and thousands of patients could have been affected by it. The attack was announced by the health system’s contracted vendor Advent Health Partners. Reportedly, the protected health information (PHI) of over 6,000 Hermann Health patients was compromised in the breach. The exposed details include patients’ full names, social security numbers, DOBs, driver’s license numbers, health insurance details, financial details, and treatment information.
So far, there is no evidence proving the misuse of the stolen information, but Advent Health Partners continues to investigate the breach. According to Advent’s statement, suspicious activity has been detected on employee email accounts containing Memorial Hermann data. All victims shall receive a breach notification from Advent Health Partners soon. Free credit monitoring service will also be provided to the affected patients. The company advises Memorial Hermann patients to adopt anti-phishing solutions and monitor their credit reports for suspicious activities.
Data Breach at EasyVote Solutions Exposed Georgia Voters’ Details
The voting software company EasyVote Solutions recently underwent a data breach that exposed Georgia voters’ registration information. This information includes voters’ names, races, addresses, and dates of birth. It did not have any driver’s license numbers or Social Security numbers.
It must be noted that EasyVote’s software isn’t in charge of generating or counting ballots. In addition, it has no role in election results and is not connected to Georgia voter registration computers. It merely provides software to streamline voter check-ins in counties across Georgia. It is suspected that adversaries accessed voter information from an EasyVote online storage location. However, the precise number of affected users is unknown; the attack came to EasyVote’s notice only on 31st January 2022.
Soon after locating the attack vector, EasyVote launched an investigation, restricted access to its storage location, and transferred all data to a safer environment. The company was quick to adopt its measure for protection against phishing. Reportedly, the Georgia voter registration system is secure at the moment. EasyVote has informed law enforcement of the breach and is working with an external cybersecurity firm to determine the extent of the attack.
Data Breach Hits Sportswear Manufacturer Puma
Renowned sportswear manufacturer Puma’s management service provider Kronos was hit by ransomware in December 2021, and now Kronos has announced that the attack compromised some of Puma’s data. Kronos sent a data breach notification to many attorney generals’ offices informing them about the data breach affecting Puma employees and other Kronos Private Cloud (KPC) dependents.
Ever since the attack took place, Kronos has undertaken several investigative and comprehensive review tasks to evaluate the extent of the breach. It notified Puma of the breach on 10th January 2022. Although the breach notification doesn’t specify the number of affected Puma employees, it mentioned the figure as 6,632 individuals in the information provided to the Maine Attorney General’s office.
The stolen Puma employee documents include their Social Security Numbers, among other details. As part of its measures to prevent phishing attacks, the company has provided all victims two years of free identity restoration, credit monitoring, and identity theft insurance. This information comes from Kronos, but the latest news from Puma mentions that the attacks on Kronos did not affect any of its customer data.
Cyberattack Hits Ohlone Community College District (OCCD) Network
A sophisticated cyberattack recently targeted the California-based Ohlone Community College District (OCCD) network, which disrupted access to some files and compromised the details of some staff and students. Reportedly, the DOBs, social security numbers, US alien registration numbers, driver’s license numbers, bank details, medical details, etc., of some current and former staff and students were exposed in the attack. Health insurance details, student IDs, grade cards, IEP/504 plan information, etc., may also have been accessed.
As a consequence of the attack, the online student portal remained inactive for 17 days, and the college’s email and phone system were also down for ten days. In addition, a student information system was also affected.
The college is currently investigating the breach with third-party cybersecurity experts. So far, there is no evidence of the misuse of the stolen information, but the college is following breach protocols and informing all affected individuals. Apart from informing law enforcement, the college is also providing free identity protection and credit monitoring services to victims. The college is now taking anti-phishing measures to prevent such an incident from happening in the future.
Cyberattack Hits Blockchain Infrastructure Company Meter
A cyberattack recently hit the blockchain infrastructure company Meter, and the adversaries stole around $4.4 million from the company. Reportedly, the Meter and Moonriver network were affected in the incident, and a total of 2.74 BTC and 1391 ETH were stolen.
To ensure protection from phishing attacks, the company asked users to refrain from trading unbacked meterBNB that may be circulating on Moonriver. Having identified the vulnerability causing the attack, Meter announced that it is trying to compensate the stolen funds to all affected users. It further mentioned that it is working with the concerned authorities and has found some early traces of the attacker. Lately, hacks on decentralized platforms have become a common phenomenon – it’s time for DeFi platforms to take cybersecurity seriously.