Phishing and ransomware attacks target global enterprises daily, and to prevent your organization from being affected by such attacks, it is important to stay abreast of the latest phishing headlines. Here are this week’s major hack updates to help plan your phishing prevention measures:
Misconfigured Database Causes Data Breach at ACY Securities
Leading Australian company ACY Securities (acy.com) was recently found exposing sensitive and confidential information belonging to its users and businesses. Cybersecurity researcher Anurag Sen notified the company of its misconfigured database published online, but the company refused to acknowledge the breach and said that the exposed database was an insignificant one.
The exposed database contained 60GB of data, comprising logs from February 2020 and real-time updates happening at the moment. Consequently, anybody with a functional knowledge of platforms like Shodan (used to find unsecured databases) could have easily accessed and downloaded this database. The compromised user data includes their names, addresses, DOBs, email addresses, postcodes, genders, hashed passwords, phone numbers, and other trading details. The affected ACY users and businesses are located in India, Spain, Brazil, China, Russia, Malaysia, Australia, Indonesia, Romania, the UK, UAE, and the US.
Reportedly, the researcher had approached ACY with relevant evidence, but it took the company some days to get back. Furthermore, they tagged the database containing users’ personal details as an ‘insignificant one.’ The company’s uncaring reaction is a testament to the factors leading to increased data breaches caused by misconfigured databases. But, ACY probably adopted anti-phishing protection measures because the database was eventually secured, and its IP address was made private.
Hackers Target BAYC for the Third Time in 2022
Bored Ape Yacht Club (BAYC) recently underwent a cyberattack, marking its third security breach in 2022. The adversaries stole over $250,000 worth of Ethereum (142 ETH) and even sold NFTs from BAYC by setting up a phishing site impersonating BAYC. They used the official BAYC Discord to spread fake claims that BAYC, OthersideMeta, and MAYC holders could claim free NFTs from this site for a limited period.
Investigations revealed that a previously hacked community manager account was used to post this message, which created a sense of credibility among NFT holders. So far, it is unclear how the adversaries managed to hack the community manager’s account. The adversaries began selling the collected assets shortly after this and moved the funds to Tornado Cash. Since this is the third time in six months that threat actors have targeted BAYC, the collection should consider implementing stricter phishing protection measures.
Cyberattack Hits the Municipality of Palermo
A massive cyber attack recently targeted the municipality of Palermo in southern Italy, which significantly affected various services and operations used by citizens and visiting tourists. Palermo is the fifth-most populous city in Italy, with a population of 1.3 million and an average of 2.3 million visiting tourists annually. The cyberattack rendered all its websites, online portals, and services inoperative for over three days.
Despite adopting phishing attack prevention measures, local IT experts couldn’t immediately restore Palermo’s systems, including its municipal police operations center, public video surveillance management, and all other municipal services. Apart from disrupting the lives of citizens, this attack prevented tourists from booking online tickets for theaters, museums, or sports facilities. It is not certain whether ransomware was responsible for this attack, but if it were the case, then there is a good chance that threat actors stole enough data to conduct double-extortion.
Data Breach Affects Over 30,000 Transact Campus Students
A data breach at Transact Campus recently exposed the personally identifiable information (PII) of over 30,000 US students. Transact Campus is a platform facilitating educational transactions for students enrolled in US-based higher education institutions. The platform was recently found to expose a 5GB database stored on a misconfigured Elasticsearch server. Consequently, around 1 million sensitive and confidential records belonging to more than 30,000 students were exposed. This includes their names, contact numbers, email addresses, plain text login details, credit card information, transaction and purchased meal details, etc.
So far, it is unclear whether the adversaries could access the unprotected database, but if they could, it poses a greater risk of targeted cyberattacks for the affected students. Account takeovers are also a possibility since the server records unencrypted login credentials.
Transact Campus initially denied the attack and said the exposed credentials were fake, but security researchers proved otherwise. Eventually, the company launched an internal investigation and adopted anti-phishing protection measures. It was later confirmed that the exposed database belonged to a third party called Sodexo and that the breach did not affect any Transact Campus servers. Sodexo sent out breach notifications to affected users but refrained from commenting further on the issue.
Cyberattack Targets DEX Platform Maiar
A cyberattack recently targeted the decentralized crypto exchange platform Maiar and stole $113 million from it. Maiar calls itself ‘the future of money, and this recent attack on its platform was conducted by exploiting an internal bug. Currently, Maiar’s security team is investigating the breach and working on recovering the DEX. The developers have patched the bug, and Maiar’s website presently says it is undergoing ‘scheduled maintenance.’
Reportedly, the adversaries stole around 1,650,000 EGLD (Maiar’s native token on the Elrond blockchain), which comes to about $113 million. Investigations revealed that the hackers used three different wallets to drain the funds and sold 800,000 EGLD, causing its price to dip from $76 to $5.
Fortunately, the Elrond Foundation has recovered most of the exploited funds. It is expected to be operational again when its price is at par with the EGLD price on Binance (currently $67.72). A new blockchain version will soon be released, but till then, operations remain minimal.