Phishing attacks continue to target global institutions. The following are this week’s news headlines to help you stay abreast of the latest threat vectors so you can take appropriate measures to keep your and your organization’s information assets safe.
Hackers Target The Health Vendor MCG
Cyberattackers recently attacked a Seattle-based health vendor called MCG, which has exposed the protected health information and other sensitive details of over 1 million hospital patients in the US. As a result, patients from Indiana University Health were also impacted. The breach notification released by MCG mentioned that the adversaries could access their personal information, such as names, postal addresses, email addresses, contact numbers, DOBs, medical codes, and social security numbers.
As part of its phishing attack prevention measures, MCG is coordinating with the FBI. The attack occurred in March 2022, but it was only recently that MCG and IU. Health contacted the affected individuals. Further, the breach notification contained too few details, making victims perplexed and unsure of their next move. The hospital and healthcare facility are yet to share the attackers’ details and the attack’s nature. However, they have asked patients to keep monitoring their account statements and credit reports.
Reportedly, the MCG breach affected around nine US states and 1.1 million people. One patient from Seattle has also sued MCG for its negligence and passive means of handling the attack.
Cyberattack Targets the Electronics Retailer Fast Shop
A cyberattack recently hit the electronics retailer Fast Shop, which brought down its app and website. The systems were brought down to prevent the attack vector from spreading. A day after the attack, Fast Shop could restore its systems and function normally. It mentioned that there was no evidence of the misuse of customer data.
Further investigation revealed Fast Shop’s Twitter account was hacked in this episode. A tweet on Fast Shop’s handle announced that all stores would remain closed till 26th June, and there would be delays in order deliveries until 27th June 2022. This incident marks the second cyberattack this year that has targeted a major retailer’s website. Although there is no evidence of a data breach, Fast Shop customers are advised to take anti-phishing protection measures.
Security Vulnerability Detected at Halfords
Cybersecurity consultant Chris Hatton recently purchased some car tires from Halfords online and discovered an Insecure Direct Object Reference (IDOR) vulnerability in its system. Initially, Hatton used an email address to check his booking details by clicking on the Halfords tracking link. Later, when he tried using an order ID, he could still access the personally identifiable information (PII) of not just himself but thousands of other customers associated with the same ID.
Hatton could easily access customers’ booking details, car details, home location, and contact numbers. So, he reported the issue to Halfords in January 2022 but received no response. The company only reverted when the matter escalated. Halfords then gave a statement assuring that it takes the security of customer data very seriously and has removed the potential vulnerability. It further mentioned that no payment or bank details were affected in the breach and that it is taking necessary phishing protection measures.
Ex-Employee Steals Corporate Intel to Start Own Company
Employees stealing intel from companies for their benefit is a fairly common cyberattack. In a recent incident, the property damage estimating firm Young and Associates filed a lawsuit against one of its former employees for stealing its confidential data. Young & Associates accused former employee Michael Walker of stealing over 30,000 files from it to create a competing firm of his own. Young & Associates filed the suit in the United States District Court of the North District of Georgia, stating that Walker copied company files from cloud storage to a USB drive with malicious intentions.
In the court filings, Walker admitted that he had downloaded the contents of his company Drive folder to a personal device before leaving YA. He testified that he had uploaded this data onto the company network of his new firm, Undisputed Consulting, LLC. Naturally, YA was unaware of Walker’s deeds when he left the company in July 2021 to become a founding member of Undisputed. Walker stole everything required to begin a company, from business and marketing plans to customer contact lists, from strategic budgets and financial documents to customer data and estimating tools.
Walker defied the YA employee contract, which mandates every employee to return confidential company data at the end of their employment. He was guilty of misusing his privileged access to password-protected and cloud-based company data. YA noticed Walker’s master plan when some other YA consultants began shifting to Undisputed along with their customers. The company has accused Walker of violating the Defend Trade Secrets Act, the Georgia Trade Secrets Act, and Georgia’s Computer Systems Protection Act.
YA is demanding financial compensation for the misuse of this priced intel by Walker and his associates. It has also requested the court to prevent anyone from using its trade secrets. The results of this trial are eagerly awaited. Protection from phishing involves more than external threats; sometimes, our employees can also become threat actors!
Ransomware Hits Nichirin
A ransomware attack recently targeted the US subsidiary of Nichirin. Nichirin is a Japanese company making hoses for the automotive industry. The attack on Nichirin-Flex USA was first observed on 14th June, and fortunately, it did not affect other Nichirin subsidiaries. Experts are investigating the nature of the attack, which forced the company to shut down its production control systems.
Nichirin took to its website to warn customers of fake emails claiming to be from the company and urged them not to reply or react to such emails with URLs and other attachments. The current attack on Nichirin comes just months after the Pandora attack on the Japanese car parts giant Denso. So far, Nichirin data has not been listed on any data leak website. The Nichirin attack is a reminder for all manufacturers in the automotive and infrastructure sector to take measures for protection against phishing.
Indian Users Beware of New Crypto Scam CoinEgg
Indian crypto users are falling for high-profile scams, with ‘CoinEgg’ being the latest. The scheme has already defrauded 10 billion INR from Indian users. The fraud involves multiple Android-based applications and payment gateway domains that attack unsuspecting individuals with a mass gambling scam. The adversaries created several fake domains impersonating known crypto trading platforms and used the word ‘CloudEgg’ in them.
The attackers then created a fake female social media profile to establish a virtual rapport with the potential victim. The fake profile eventually influences victims to start crypto trading and investment. The fake profile also credits USD 100 to the victim’s wallet as a welcome gift (a duplicate crypto exchange) to enhance the credibility of the scam. The fake profile entices users into signing up and starting to trade. When users see that they are making profits, they make bigger investments, thus falling deeper into the scam. Once the victims add money, the adversaries freeze their accounts and disappear with the funds.
Naturally, a person who has been robbed takes to other platforms to complain, and the attackers also leverage this opportunity. They use fake accounts and pose as investigators who can retrieve the frozen assets. They ask for confidential details of the victims, such as their bank details and ID cards, and then use these for other cybercrimes. With such multi-phased attacks, protecting yourself from phishing has become a real challenge!
Data Breach Hits Flagstar Bank
A data breach targeted Flagstar Bank in December 2021 when attackers compromised its corporate network and stole sensitive and confidential customer data. The Michigan-based financial services provider is now notifying over 1.5 million customers that their data was potentially compromised in this attack. After the investigation ended on 2nd June 2022, Flagstar discovered that sensitive customer information such as their names and social security numbers were exposed.
Flagstar quickly adopted anti-phishing protection measures and activated its incident response plan. The bank also hired external cybersecurity professionals to investigate the breach and reported the incident to federal law enforcement. So far, there is no evidence to prove the misuse of the stolen information, but Flagstar is providing all victims two years of free identity monitoring and protection services.