Phishing scams are all over the place – from big enterprises to small governments, hospitals to universities. Hence, it is essential to discuss these phishing scams and observe the common vulnerabilities that help adversaries surpass anti-phishing protection measures. Here are the top phishing scams from the past week
Adorcam Exposes 124 Million Rows Of User Data
Adorcam is a webcam app providing a P2P connection for the IP camera series, which has over 10,000 installs on Google Play Store. Cybersecurity researchers have recently found an unprotected Adorcam database online containing around 124 million rows of data with thousands of users’ details. The exposed details include users’ live location, Wifi network name, email address, hashed password, images captured using the webcam, details of whether the microphone was active, among other crucial information.
With these many details, an attacker can quickly launch social engineering attacks targeting the victim with content specific to his/her region and interests. Adorcam users must consider changing their Wifi and email passwords and adopt phishing prevention measures at the earliest.
Darkside Targets Discount Car And Truck Rentals
This month, the Canadian car rental company – Discount Car and Truck Rentals was recently attacked by the DarkSide ransomware gang. Their website discountcar.car was brought down by the ransomware gang who then stole 120 GB of data before encrypting their systems.
A special team was immediately deployed to contain the attack and investigate the breach. Meanwhile, visitors to the website trying to book rental cars received a message that the website was down due to technical problems. DarkSide claims that the stolen data includes marketing, finance, banking, marketing, account, and franchisee data. The ransomware gang has also provided a sample of the stolen data. As Discount Car and Truck Rentals endeavors to restore its systems and ensure protection from phishing attacks, users are advised to contact only the provided numbers.
Data Breach Hits Citybee
The car-sharing service CityBee recently underwent a data breach that exposed the details of over 110,000 Lithuanian users. The compromised details include their usernames, full names, user IDs, hashed passwords, national identification numbers, etc. This database was posted on 15 February. The following day, a second database was posted by adversaries, which included the driver’s license numbers, credit limits, and credit card details of CityBee users.
The data was stolen from a CityBee database stored on an unsecured Microsoft Azure blob since February 2018. The hackers used a Rapid7 Open Data Forward DNS tool to search the reverse DNS lookup. CityBee has been proactive about this breach and has extended full cooperation to police and cybersecurity experts. They are taking necessary phishing attack prevention measures and have already informed all affected customers.
The unsecured Azure blob has been brought down, and passwords reset for all users. All those who think this attack might affect them should consider resetting their passwords and doing the same for all accounts where they used their CityBee password. Users must use anti-phishing techniques like MFA for better security.
Credential Stuffing Attack Hits RIPE NCC
A credential stuffing attack was recently targeted at the sign-on (SSO) service of the Regional Internet Registry for Europe and part of Asia (RIPE NCC). Consequently, there was a short outage. However, RIPE NCC’s robust phishing protection and risk management system could successfully mitigate the attack.
RIPE NCC members received a notification informing them that measures have been incorporated to prevent similar attacks in the future. The RIPE NCC has further stated that there is no evidence of any SSO account compromises so far. Still, they shall inform individuals of the same the minute they locate an abnormality. RIPE NCC members are advised to enable 2FA for their accounts and report any suspicious activity they notice.
Amber Group’s Security Negligence Makes Jamaicans Suffer
Due to the security negligence of Amber Group – the contractor hired by the Jamaican government, there has been a compromise of the COVID-19 test results and immigration records of thousands of citizens and travelers. Amber group was in charge of building the JamCOVID19 website and app, which records the covid results and other travelers’ records and is used to post the daily coronavirus figures. The group was not careful enough and left a cloud storage server unprotected online, exposing the details of a significant number of American travelers.
The server was left online for an unknown period and contained over 70k covid negative reports, 250k quarantine orders, 425k immigration documents, and 440k scanned signatures. Travelers had been instructed to use an Amber Group-developed-app that records their locations and reports it to the Jamaican Ministry of Health in the form of videos. The unprotected server also exposed over 1.1 million such videos, among other details. The Jamaican government is investigating the breach and adopting measures for protection from phishing.
Amazon And eBay Customers’ Records Selling Online
In a recent data breach, an unknown seller has offered the data of 14 million eBay and Amazon users for sale on the dark web. While eBay and Amazon’s investigation doesn’t hint towards any attack, it might be possible that the adversaries used password spraying to get into these user accounts. The data being put up for sale belongs to eBay and Amazon users from 18 countries between 2014 and 2021.
The stolen records included the names, postal and delivery addresses, phone numbers, and retailer names associated with buyers. The database sold twice for $800, soon after which the seller made it unavailable. Amazon and eBay customers must take cybersecurity measures to protect themselves from potential phishing attacks.
Data Breach Hits Simon Fraser University
An IT services staff at Simon Fraser University recently discovered a cyberattack on one school server. As a result, the records of over 200,000 students (current and former), staff, and faculty and student applicants were compromised. The server was immediately isolated to contain the attack. The school also started informing the affected individuals about the breach.
Although no financial or other sensitive details (such as passwords and social insurance numbers) were affected, the server did expose the personal information, employee ID numbers, admission status, and other such records of students and employees. Affected individuals must closely monitor their accounts, change their passwords and take measures to prevent phishing attacks.
Olybet.lt Database Selling Online
A database belonging to the Lithuanian online betting service Olybet.lt (previously called orakulas.lt) is selling on the dark web. The database contains over 257,000 Olybet users’ records, including their email addresses, hashed passwords, passports, credit card details, ID cards, etc.
Olybet General Manager Palevičius states that the database leaked does belong to Olybet, but it’s under the license of Orakulas.lt (the former owner of the company). Olybet is investigating the breach and taking phishing prevention measures but hasn’t found any matching data in its databases. A detailed look at the database reveals that many exposed email addresses are obsolete and no longer in use among Lithuanians. With the first name in the database belonging to orakulas.lt’s administrator, it becomes even more critical to determine the age of the database.