It seldom happens that the dynamic world around us witnesses a day without any activities. Particularly, in the world of cybersecurity, it is almost impossible for nothing significant to happen in a day. But how to keep abreast of all these anti-phishing solutions we must adopt against adversaries on a daily basis? As mind-boggling as this might seem, we are here to simplify things for you. The following is a list of the latest headlines from the world of cybersecurity, handpicked by our team to fit your interests.
Ransomware Attack Hits Foreign Exchange Firm Travelex
The foreign exchange firm Travelex recently got hit by a ransomware called Sodinokibi, which locked all its systems, compelling its employees to use pen and paper to serve its thousands of customers. It has caused a global blackout on its online currency exchange services. Travelex provides forex services for the customers of HSBC, Barclays, Virgin Money, and the banking arms of British retailers Tesco and Sainsbury.
Although Travelex is now trying to restore the systems it lost to the ransomware attack on January 2nd this year, it has caused chaos in the lives of those who were on NewYear Holidays or business trips. While the companies associated with Travelex have extended apologies to their customers, the parent company of Travelex – Finablr Plc, says that they do not expect to suffer monetarily because of this attack. Travelex, for its part, says that they haven’t found any evidence of data theft yet.
Travelex has a broad user base spread across 70 nations, and this attack has made their shares suffer significantly.
Travelex is now doing everything to ensure protection against phishing by employing computer specialists and external cybersecurity experts who are working on isolating the virus. The VP for cybersecurity at a British web services firm – Nominet, Stuart Reed calls this attack on Travelex the “worst-case scenario” of ransomware crippling organizations.
However, the silver lining amidst all this is that the other six brands under Finablr, namely, UAE Exchange, Xpress Money, Unimoni, Remit2India, Ditto, and Swych are unaffected and functioning normally.
Phishing Attacks Target Cloud-Stored Data Of Users
In the latest phishing innovation, attackers have targeted Office 365 users, whereby an email with a spoofed link reaches the user. First spotted in early December 2019, the phishing scheme takes the email recipients to a fake login page resembling Office 365 titled ‘login.microsoftonline.com’.
This link silently pushes an app named officesuited[.]com after notifying Microsoft to forward the authorization token produced by a successful login from the target user. The user then gets a prompt, requesting app permissions to read email, contacts, OneNote notebooks, access your file, read/write to your mailbox settings, sign in, read the user’s profile, and maintain access to data. Once the user commits the blunder of granting the requested permissions, the attackers can continue to access the account even after the user has changed the password.
The attackers are defying phishing prevention software by creating an app that uses information stolen from a genuine organization. Furthermore, they are also exploiting the‘add-ins’ feature of Outlook that can be installed from a file or URL from the Office store.
What makes the app undetectable is the fact that it can be seen only by the system administrator responsible for managing user accounts. However, Microsoft had already disabled the app on December 19, 2019. To ensure protection from phishing attacks, Microsoft continuously looks out for new variations of the app and will disable them as soon as they spot these apps. Besides, Office 365 administrators, too, are on guard and are actively looking for suspicious apps installed on their Office 365 environment.
Ransomware Hits Contra Costa County Library System
A ransomware attack recently hit the Contra Costa County Library System with its 26 branches. They indirectly notified the public about the attack in a Facebook post where they said that they are undergoing a “network outage” because of which all the 26 branches of the library are suffering. On the system’s website, the message reads: “Our network is currently down and patrons are unable to login at this time. We are investigating the issue and will establish service as soon as possible.”
The officials engaged in anti-phishing protection at the county library system are trying to determine the data compromised in the breach so that they can protect the identities of all their residents. They have notified that the infected servers have been brought down and that the library services would operate normally now. The Contra Costa County Library officials have taken this attack very seriously and are incorporating phishing prevention best practices to ensure that no such malware can attack them in the future.
The library collects names, addresses, phone numbers, e-mail addresses, and birth dates from its members. Earlier, they used to collect driver’s license information as well but have refrained from doing so for the past year. No driver’s license details now exist in their customer records. Hence, we can assume that no other information such as Social Security Administration numbers stands a chance of being compromised because of this attack.
The library has further notified that no personal details of members have been lost as the database containing library card accounts and transactions was not affected in the attack — nonetheless, they advise members to keep checking their financial statements from time to time.
Alomere Health Lost Almost 50,000 Patient Details To Data Breach
The Minnesota-based community-owned and non-profit general medical and surgical hospital – Alomere Health recently underwent a data breach, which has put the personal and medical information of around 49,351 patients of the hospital at stake. Alomere Health has been marked as one of the top 100 hospitals by Thomson Reuters for two consecutive times, and a phishing attack of this magnitude is sure to affect its reputation.
The hospital said that it first noticed illegal access to one of its employee email accounts between October 31, 2019, and November 1, 2019. And then, a second unauthorized access activity was reported on November 6. Some patient information is assumed to have been compromised from that account, which includes patient details such as their names, addresses, dates of birth, and medical information such as record numbers, health insurance information, treatment information, and diagnosis information. In some cases, the Social Security numbers (SSNs) and driver’s license numbers, too, were compromised. The hospital started informing its patients about the data breach on January 3, 2020.
The hospital administration immediately took investigative measures and reviewed the emails and attachments in the accounts to understand the impact of the attack.
The hospital started notifying its patients of the security breach incident on January 3, 2020. To prevent phishing attacks in the future, the hospital has installed stricter security measures for all the Alomere Health employee email accounts. They have also extended free credit monitoring and identity protection services to all patients.
Once Again Tiktok Found With Security Flaws
The Chinese app with the maximum number of downloads is once again in the headlines because of a security flaw. The US army and navy have boycotted TikTok on the grounds of stealing user information and spying on Americans, but Tiktok has refuted the accusations all along. Now, a new set of security flaws have been detected within the app. These are:
- It allows attackers to send messages with malicious links to TikTok users. Clicking on these links would enable an attacker to control user accounts, including uploading videos or gaining access to private videos.
- It allows attackers to retrieve personal information from TikTok user accounts through the company’s website.
- Yet another flaw allows attackers to use a link in TikTok’s messaging system to send users messages that seemingly are from TikTok.
TikTok claims that it had fixed the flaws by December 15th after learning about them on November 20th, but people are still skeptical about the app’s phishing prevention measures. It seems that the world is on one side and TikTok on the other because TikTok authorities continuously keep talking about their commitment to security while the world goes on finding faults in their security measures. The head of TikTok’s security team – Luke Deshotels says that they are earnest about protecting their users’ details and that no incidents of customer records being compromised in a breach or an attack have been reported as yet.
Among other vulnerabilities with the app is its susceptibility to a type of attack that injects malicious code into trusted websites. The app is also accused of illegally collecting personal information from minors. It further violated the Children’s Online Privacy Protection Act (COPPA) that states that websites and online companies must direct children under 13 to get parental consent before their personal information could be collected.
Google To Pay $7.5 M In Settlement For G+ Data Breach
Google has recently proposed to pay $7.5 million as a settlement fund to settle class-action lawsuits filed against it regarding the data breach of personal information of over ten million Google+ users. Google had announced the shutdown of Google+ by August 2019 because of a bug in its system that has exposed the personal data of over 5,00,000 users since 2015.
The information at stake included the full names, email addresses, birth dates, gender, profile photos, places of residence, occupation, and relationship status of the users. Besides, Google, in December 2018, also revealed another bug in a Google+ API that exposed data from 52.5 million user accounts. This flaw did not disclose users’ financial data, passwords or Social Security numbers, but it did compromise the other sensitive details such as their names, ages, email addresses, and occupation.
Since Google+ continues to operate, Google has proposed this settlement amount to pay for class claimants and attorney’s fees and costs. Google would pay for its weak system by allowing persons with Google+ accounts between January 2015 and April 2, 2019, to submit claims if their non-public information was exposed.
Ransomware Hits Pittsburg Unified School District
While the schools in the Pittsburg Unified School District were on winter break, attackers hit their systems with ransomware that has led to the shutdown of the district’s email and server. Janet Schulze, who is the superintendent, informed that the infected servers were immediately brought down.
Schulze also informed that the school officials were working with two external information technology firms and lawyers and found no evidence of any compromise of personal details. Most schools in the district were to reopen on the 7th of January, and they will probably have to teach without laptops and the Internet.
The school district continues to work in collaboration with phishing protection services and has said that not much has been found out so far, so they will refrain from disclosing things until something concrete has been figured out about the attack.
Erie Town Undergoes BEC Scam
A loss of more than $1.01 million struck the town of Erie recently. Induced by a business email compromise (BEC) scam, the attacker impersonated a person working for SEMA construction in the scheme. This person requested for a change in payment information for the building contract of Erie Parkway Bridge.
The administrator of Erie Town – Malcolm Fleming said that they received an email requesting a change in the form of payment from a person who had been working with them for the construction work on Erie Parkway Bridge since October 2018. The staff at the town made a quick check to ensure email phishing prevention, but they couldn’t verify the authenticity of the form with SEMA Construction. Nonetheless, they accepted the form and updated the payment method. The payment was made on October 25, 2019.
They came to know about this fraud only on November 5 when the bank notified them of the fraud attempt. They had to repay SEMA for the Erie Parkway Bridge on November 15, and this time they used physical checks. A total loss of $1.01 million was incurred in this episode. They removed the fake contact form from their website and switched to the manual mode of payment for some time. They are also working on hiring accounting and finance managers. The scam is now being investigated by Erie’s police department and the Federal Bureau of Investigation.
ATM Skimmer Penalized For Theft Of Over $400,000
Bogdan Rusu, a member from a gang of ATM skimmers hailing from Queens, New York, was recently penalized for committing bank fraud and stealing over $400,000 from banks across Massachusetts, New York, and New Jersey.
On average, it takes less than 20 minutes to hack an ATM, and with the help of skimmers (a combination of card reader and camera), it becomes all the more easy to get card numbers and PINs. These details are then used to create replicas of the card to use them in fraudulent transactions.
Rusu and his gang have been compromising ATMs across the US from August 2014 to November 2016, robbing countless people and banks from different areas. It has been reported that a total of over $390,141 was stolen from victim bank accounts by this group of skimmers.
Several arrests have been made following an investigation by the police departments throughout Massachusetts and Boston. Rusu was sentenced to five years in prison, followed by three years of supervised release, while 11 other skimmers have pleaded guilty.
Cyber Attack Warning Used To Launch Cyber Attack
An attacker played his cards well and launched a phishing email attack by taking advantage of the recent warnings from the U.S. The U.S. government has been notifying people to stay on guard for cyberattacks from Iran. In the scheme concocted by the attacker, he sends out phishing emails where the mail appears to be from Microsoft MSA and has the following as its subject: “Email users hit by Iran cyber attack.” This email warns users that an Iranian cyber attack hit the servers of Microsoft and that they need to take immediate action if they wish to restore their accounts.
The email informs users that as an anti-phishing measure, Microsoft was compelled to protect its users by locking their email and data on Microsoft’s servers. And to regain access to this locked data, the recipient has to log in again. This email could get through the spam filters of Outlook spam filters. Once a user clicked on the ‘Restore Data’ option, he shall be redirected to a phishing landing page impersonating the login form of Microsoft. However, this is not the legitimate Microsoft site. Upon entering the login credentials, the hacker gets access to these details and then can use them for other more severe attacks. Hence, you need to be vigilant while dealing with strange emails that ask you to log in to your accounts out of the blue. Examining the URLs of the attached links, too, is a simple and effective way to protect yourself from phishing.