Phishing attacks globally are far from taking a dip. Therefore, it is always advised to have robust anti-phishing protection measures in place. Here are the top phishing headlines this week to help you better plan your organization’s next cybersecurity strategies:
Sparrow Takes Ownership of Attacks on Iranian Steel Facilities
The predatory Sparrow, or Gonjeshke Darande, has finally claimed the many attacks on the Iranian steel facilities. The threat actor not only took responsibility for the attacks but also released some top-secret documents from these cyberattacks on its Twitter handle.
Sparrow released a cache of around 20 gigabytes of data that exposed the Iranian steel facilities’ ties with Iran’s Islamic Revolutionary Guard Corps. Sparrow mentioned that this cache was just a part of the data stolen. While the steel company maintains that the breach wasn’t something its phishing attack prevention measures couldn’t withstand, sources mention that it did hinder the factory’s operations. Sparrow claims that this attack was in the interest of all those innocent individuals affected by the Islamic Republic’s aggression.
Data Breach Targets the Virginia Commonwealth University Health System
The Virginia Commonwealth University Health System (VCU) recently underwent a data breach that affected over 4500 transplant participants. The VCU has been inappropriately exposing vital patient details since 2006. While in some cases, it is the transplant recipients’ medical records with the donor’s information, in others, it is the recipient’s information with the donor’s records. The exposed details include their names, lab results, Social Security numbers, medical record numbers, DOBs, and the dates of medical procedures. A total of 4441 people were affected by the breach.
VCU first discovered the breach on 7th February 2022 and gathered more details about its nature after an investigation that ended in April. They reported that this breach might have affected the donor-recipient information that patients and donors could access since January 2006. As part of its measures to ensure protection from phishing attacks, the VCU is contacting all affected individuals and providing them with free credit reports. It also offers free credit monitoring for individuals whose social security numbers have been affected.
Data Breach Hits Morgan Hunt
The British recruitment agency Morgan Hunt recently underwent a data breach where adversaries stole the personal data of some of its freelancers. Morgan Hunt provides personnel services to finance, charity, education, housing, technology, and government sector clients. After the breach, it sent out a letter to its contractors informing them that one of its databases was accessed by unauthorized third parties.
As part of its measures to ensure protection against phishing, Morgan Hunt partnered with an external cybersecurity firm to investigate the attack and restore systems. The affected contractor details include their names, address proof documents, contact details, identity documents, DOBs, and National Insurance numbers. Morgan Hunt mentioned that while there is no evidence of an attack on any contractors, they are still advised to exercise caution.
Data Breach Hits Colorado Springs Utilities
A data breach recently targeted Colorado Springs Utilities, and they are sending out breach notifications to customers. Reportedly, the threat actors could access some data stored by one of the subcontractors of Utilities. Colorado Springs Utilities first discovered the incident on 6th July 2022. The names, Colorado Springs Utilities account numbers, addresses, phone numbers, and email addresses of over 200,000 user accounts in possession of the subcontractor were compromised in this breach.
Colorado Springs Utilities maintains that this incident doesn’t qualify as a data breach since no sensitive, confidential, or proprietary information was involved. It further mentioned that it wishes to maintain transparency with its customers and has shared the incident details with them. The Colorado Springs Utilities website reminds people to verify any communication before responding or reacting to it. It indirectly asks its customers to take measures to protect themselves from phishing.
Ransomware Hits Bandai Namco
A ransomware attack recently targeted Bandai Namco – the publisher of Dark Souls, Soulcalibur, and Elden Ring. The ransomware group ALPHV, or BlackCat, has claimed ownership of this attack that evaded all of Bandai Namco’s anti-phishing protection measures. Reportedly, BlackCat will soon release the data stolen from Bandai Namco’s servers. While Bandai Namco has yet to acknowledge the hack, little is known about the nature of the information BlackCat compromised. There is a probability that the hackers have access to Bandai Namco’s employees’ and user details. Internal documentation, confidential deals, and employee communications could also be at risk.
Such attacks on game developers and video game companies are common, and companies like EA, Capcom, CD Projekt Red, FIFA 21, and Frostbite have all been victims of such cyberattacks in the past. These attacks mainly aim to steal the video game source codes, product schedules, and launches.
Data Breach Hits Comic reading platform Mangatoon
A data breach recently targeted the comic reading platform Mangatoon, which affected the data belonging to over 23 million user accounts. The threat actor “pompompurin” took ownership of this attack on Mangatoon, where they stole data from an unsecured Elasticsearch database belonging to the platform. The incident came to light when the data breach notification service Have I Been Pwned added 23 million Mangatoon accounts to its platform.
The Mangatoon user accounts were breached in May and exposed users’ names, genders, email addresses, social media handles, auth tokens from social logins, and salted MD5 password hashes. HIBP tried contacting Mangatoon and warning them about this incident, but all to no avail.
Pompompurin shared samples of the data it stole, and security experts found it valid and from the Mangatoon platform. When the threat actors were asked if they would sell or publicly release the database, pompompurin said they would probably leak it later. Mangatoon users worried about their credentials can check their email addresses on HIBP and then take phishing prevention measures accordingly since the company has yet to respond to the breach update.
Ransomware Attack Hits French Telecoms Operator La Poste Mobile
The French telecoms operator La Poste Mobile recently began notifying customers that their data may have been exposed due to a ransomware attack that targeted the company’s management and administrative systems on 4th July July, 2022. The LockBit ransomware group is believed to be responsible for this attack that brought down La Poste Mobile’s systems. Consequently, the company’s website remains down even after a week, and users are greeted with a message asking them to guard against cyberattacks.
While users’ mobile lines continue to operate normally, the data stored on employee computers may have been accessed and stolen by attackers. Therefore, La Poste Mobile had to bring down its systems to investigate and contain the spread of the breach. The company has asked customers to be on the lookout for phishing messages or other suspicious activities as part of its anti-phishing measures.
AEC Montana Informs Patients of Ransomware Attack
The Montana-based Associated Eye Care Partners (AEC) recently started informing patients of a data breach caused by an old ransomware attack targeting Netgain. Netgain is a managed IT services provider, and it was attacked in November 2020. AEC was one of Netgain’s clients. Netgain started informing its clients of the breach in January 2021. However, it’s only recently that the AEC revealed to its patients that there is a probability of their personal data being compromised in this Netgain attack.
In the data breach notification letter, AEC mentioned that it finished its investigation two months ago and is beginning to inform patients of the breach. The possible patient data compromised in the incident include their names, social security numbers, addresses, and medical history. As part of its steps to prevent phishing attacks, AEC shifted all of its data to a different vendor’s custody and removed Netgain. Further, it requested all patients remain vigilant and look out for cyber attacks.