Phishing news updates are not here to stop, primarily because of the constant win of adversaries against our cybersecurity measures. But, the good news is that this can be changed if we all keep informed of the latest hacking news and safeguard our organizations from such incidents. To help you in this process of staying abreast of the newest phishing news, here are the top headlines from this week:
Ransomware Hits UAE Retailer Spinneys
A ransomware attack recently targeted the UAE retailer Spinneys and accessed customer data from its internal server on July 16th, 2022. The company reported that the adversaries sent anonymous emails to its employees from unidentified sources. As part of its phishing protection measures, Spinneys is working in close association with Dubai Police’s E-Crime department and keeping its customers updated on the investigation. The compromised internal server included customers’ names, email addresses, contact numbers, previous order details, and delivery addresses.
Spinneys has assured customers that their personal banking information was not affected by this incident, as the company doesn’t store banking details on its servers. The company has urged its customers to remain vigilant and watch out for online predators. Spinneys has apologized for the unfortunate incident and encouraged customers to reach out to its helpline at firstname.lastname@example.org for further queries.
Data Breach Hits Health Insurer Aetna ACE
A data breach recently targeted the health insurer Aetna ACE, which impacted approximately 326,000 individuals. Aetna ACE reported the incident to federal regulators and mentioned that a ransomware attack had targeted one of its subcontractors, OneTouchPoint. OneTouchPoint provides mailing and printing services to one of Aetna ACE’s vendors. Despite this long chain of association, unfortunately, it’s going to be Aetna ACE customers who suffer.
On its part, OneTouchPoint had informed the Maine attorney general of a data breach that hit its systems in April and affected more than 1.1 million people. The incident has affected over 30 OneTouchPoint clients. What’s shocking is that Aetna ACE’s name was nowhere on that list, yet the insurer reported the security incident to HIPAA towards the end of July.
As per reports, the compromised Aetna ACE customer information includes their names, DOBs, addresses, and medical details. Fortunately, the security incident didn’t affect Aetna’s or CVS Health’s systems. Such attacks on insurance companies aren’t uncommon. Therefore, these organizations must take ample anti-phishing protection measures.
Data Breach Hits First Choice
First Choice is a community healthcare provider that recently underwent a cyberattack. Consequently, some of its patients’ protected health information (PHI) and personal details were exposed. The healthcare provider discovered the incident on March 27th, and since then, it has been taking anti-phishing measures. It hired an external cybersecurity team to get to the roots of the attack and concluded that certain PHI was accessed by unauthorized parties. By June 3rd, First Choice finished its comprehensive review of the affected data. It announced that the exposed data included patients’ names, First Choice ID numbers, social security numbers, clinical treatment information, diagnosis, patient account number, DOB, medical record number, and provider information.
On August 1, First Choice began notifying victims of the breach via the United States Postal Service. Further, it extended help to patients in protecting their information. The healthcare provider regrets the incident and extends its apologies for all inconvenience caused to the public.
Ransomware Hits Semikron
The ransomware attack recently targeted the German power electronics manufacturer Semikron. Reportedly, LV ransomware attacked its servers and partially encrypted its network. With over 3,000 employees across its eight production sites and 24 offices, Semikron is a rather big enterprise with a presence in France, Brazil, Germany, Italy, the USA, Slovakia, India, and China.
Semikron claims to be among the world’s leading power engineering component manufacturers, and this attack on its servers looks like one by a professional hacker group. The adversaries claim to have stolen some data from Semikron’s server in addition to encrypting parts of its IT files and systems. As part of its measures for protection against phishing, Semikron is now analyzing its entire network.
The German Federal Office for Information Security noted that the adversaries are threatening to leak the stolen data if Semikron fails to comply with the ransom demands. An analysis of the ransomware note suggests that the LV ransomware group is responsible for this attack. LV uses codes similar to those of REvil. However, more needs to be confirmed on this. Semikron is following all cybersecurity protocols and will immediately inform partners and customers if evidence of data theft is found. Currently, the company is trying to restore its services so that minimal disruption is caused to customers, employees, and contractual partners.
Cyberattack Hits the Spanish National Research Council
A cyberattack recently targeted Spain’s leading scientific research body – the Spanish National Research Council (SNRC). National experts suspect that it could be a Russia-based attack. The SNRC was attacked with ransomware between 16-17 July, and the initial investigation by Spanish cybersecurity experts concluded that no confidential or sensitive information was compromised.
The Spanish ministry said the attacks on SNRC resembled those on NASA and the Max Planck Institute in Germany. The ransomware attack failed thanks to SNRC’s robust measures to prevent phishing attacks. However, the activation of security protocols has brought in a temporal disruption in the council’s research centers.
Cyberattack Hits Major Taiwanese Websites
Cyberattacks recently targeted at least four major Taiwanese websites. These include the websites of President Tsai Ing-wen, the Foreign Affairs Ministry, the National Defense Ministry, and the Taiwan Taoyuan International Airport. The outage occurred just days before House Speaker Nancy Pelosi’s visit to Taiwan.
The attack timing makes experts reconsider the possible connection between the attack and China’s vehement opposition to Pelosi’s visit. When requested for comment, a spokesperson from the Chinese Embassy in Washington was reluctant to respond. DDoS attacks cause website outages, and while experts regard these as minor attack vectors, there is always difficulty in identifying the culprit in such attacks. The attack on the President’s website has been called big enough to be effective yet not record-breaking. As Taiwanese security experts take phishing attack prevention measures, the concerns about possible espionage worry them.
Experts Uncover 3,207 Apps Exposing Twitter API Keys
Security experts have uncovered 3,207 mobile apps that were exposing Twitter API keys. It is an issue of concern because these API keys can be used to gain unauthorized access to the linked Twitter accounts. Experts noted that 230 out of the 3,207 apps exposed all four authentication credentials needed to take over Twitter accounts fully. These credentials can also be used to perform any sensitive or critical action. Such actions include reading DMs, liking or deleting tweets, retweeting, removing followers, following accounts, changing profile pictures, and assessing account settings.
Access to the Twitter API usually requires generating access tokens and secret keys to be used as usernames and passwords. Hence, an attacker possessing this information can easily create a Twitter bot army and use it to spread misinformation on Twitter.
In worst-case scenarios, these API keys and tokens can be used to run large-scale malware campaigns via verified accounts. Cybersecurity experts note that Twitter APIs are not the only ones being leaked and that AWS, GitHub, HubSpot, and Razorpay account APIs have also been compromised in the past. The solution to ensure protection from phishing attacks in such cases is to review the code for hard-coded API keys and rotating keys from time to time.