With rapid advancement globally, cyber-attacks on both individuals and enterprises are breaking new ground every day. In 2019, threat vectors are rapidly growing, and cybercriminals are leveraging new hacking techniques. The icing on the cake is that cybersecurity is rising to the challenge and putting up a noble fight. Here are the cybersecurity news updates for the past week.
Twenty-Three Texas Towns Hit By A Planned Cyber Attack
In a recent coordinated ransomware attack, systems of as many as twenty-three Texas towns got paralyzed. The primary victims of the attack were the small local governments. This attack happened within days after similar attacks disturbed activities in New York, Louisiana, Maryland, and Florida.
The Department of Information Resources, Texas, announced that the attack began on the morning of 16 August 2019. The Department refused to disclose the exact target areas, but it mentioned that the vast portion of affected areas were smaller local governments. Reportedly, no systems and networks of the State of Texas were affected by the attack.
What Caused The Attack?
A particular threat vector is certainly behind all the 23 attacks, but the culprit has not been identified yet. With the active assistance of federal and state agencies such as FEMA, the Department of Homeland Security, Texas A&M’s Information Technology and Electronic Crime Unit and the Texas Military Department, the investigations and the response and recovery measures continue.
What Steps Were Taken to Control The Damage?
The governor of Texas, Greg Abbott, initiated “Level 2 Escalated Response” immediately after the attack. This measure is one step below the highest level of alert, level 1, or “emergency” and constitutes a part of a four-step response protocol.
The anti-phishing solutions adopted by the governor also include the employment of cybersecurity experts to analyze the damages caused by the attack. Additionally, the experts will assist the local governments to reinstate their systems.
Cyber Attack Caused Huge Backlog For Eurofins Scientific
The most prominent provider of forensic services in the UK – Eurofins Scientific was a victim of a very sophisticated ransomware attack in June this year, which caused a backlog of 20,000 samples. Following the attack, the British Police snapped its association with the firm, but they have resumed work with Eurofins Scientific, three weeks ago.
The functions of Eurofins include carrying out DNA testing, toxicology analysis, firearms testing, and computer forensics for police forces throughout the UK. It handles over 70,000 criminal cases annually.
NPCC In A Damage Control Mode
The backlog containing blood and DNA specimens of victims and suspects have come down from 20,000 to 15,000. It is the result of fast-tracking the cases by the National Police Chiefs’ Council (NPCC). The NPCC is very serious about protection from phishing. It claimed that the majority of the cases involving suspect specimens and evidence from crime scenes would get clearance within two months.
Eurofins paid a ransom to the attackers to restore access to its computer network, as per sources.
Six-Month Old Cyber-Attack On ECB Finally Detected
The European Central Bank (ECB) shut down its Integrated Reported Dictionary website when they identified that the site was infiltrated by attackers back in December 2018. Thus, the website remained compromised for over six months without the administration noticing anything unusual. The phishing attempt included the injection of malware into the site, which was possibly capable of stealing email addresses, names, and titles of subscribers.
Cyberattacks like these often go unnoticed by both the site owner and its users. The same happened with ECB for the initial six months, where hackers gained unauthorized access to the website. They were probably harvesting the details of the subscribers of ECB’s newsletter without any awareness on their part, whatsoever.
What Measures Is ECB Undertaking?
As a phishing protection measure, the ECB is now contacting people whose details they suspect got compromised in the attack. However, the bank claims that no market-sensitive data got compromised at the time of the attack on the website.
Re-used Passwords Make Users More Vulnerable To Attacks Says Google
Suppose a user re-uses breached and unsafe credentials for sensitive financial, government and email accounts. Then, his/her accounts are more prone to getting attacked by malicious third parties. Google highlighted this vital thing in one of its recent blog posts. It also added that attackers usually attempt to infiltrate user accounts using details exposed by third-party breaches.
People are more likely to re-use breached passwords on platforms other than the most popular web sites. Hence, their accounts stand a higher risk of getting attacked by cybercriminals. In such a situation, setting strong and unique passwords for every online account or website is the most feasible means of assuring phishing prevention.
The Password Checkup Extension By Google
Google incorporated a Password Checkup extension for Chrome in February this year which prompts people on the hackability of their chosen password. In the first month of this Password Checkup extension coming into effect, Google scanned 21 million usernames and passwords and marked more than 3, 16, 000 accounts as unsafe. And this was 1.5 percent of the sign-ins examined by the extension.
Google has two new features for its Password Checkup extension:
- A direct feedback mechanism which allows users to inform Google about any issues they face.
- The provision of opting out of the anonymous telemetry gives users an extra assurance of maintaining secrecy.
Number Of Cyber Attacks Rise Massively In India: A Downside Of Digitalization
Prayukth K.V, the head of IoT marketing at Subex, made a remarkable observation about the increasing trend of cyberattacks in India. Particularly during the twenty minutes preceding India’s conflicts with its neighbour Pakistan. These cyberattacks are rapidly rising and becoming all the more sophisticated.
Prayukth said that there were increased cyber-attacks on IoT deployments in the defense space and attacks in general, ever since the gunshots began at the war field. He added that specially mobilized cyber-attacks only go on to prove that the adversaries can strike at any moment they wish. However, tracking these attacks becomes extremely difficult because criminals use disguised or impersonated geographical identities. Thus, preparedness is a crucial concern for cyber guardians.
Escalating Numbers, A Cause Of Concern
Cyber-attacks on the nation rose significantly with a scaring upsurge by 22 percent. Speaking in terms of figures, attacks in the previous quarter numbered 800,000, but they total 1.1 million in the immediate next quarter. The country is taking its own protective and precautionary measures. The managing director and chief executive of Subex, Vinod Kumar, said that the Indian government is having internal discussions about this matter. Additionally, it is also taking the necessary steps to ensure anti-phishing protection.
Barracuda Reports That 1 Out Of 7 Enterprises Undergo Lateral Phishing Attacks
Lateral phishing attacks usually attain more success rates than other types of cybercrimes. These emails impersonate valid email addresses (who happen to know the sender directly or indirectly) and hence, victims do not doubt their authenticity. Barracuda Networks released its cybersecurity report recently. It mentioned that one in every seven enterprises across the globe claimed to have undergone at least some lateral phishing attempt in the past seven months.
Following are some of the discoveries from Barracuda’s report:
- The lateral phishing emails are hard to be traced via anti-phishing tools because these emails originate from legitimate accounts. Therefore, they effortlessly con the email protection systems and unsuspecting recipients.
- In the Barracuda report titled, “Spear Phishing: Top Threats and Trends Vol. 2″, over 55% of the recipients of lateral phishing email attacks claimed to have either some personal or professional association with the compromised email account.
- The attackers have put in extra effort in 37% of the cases to produce customized email content for specific organizations. Thus, by updating the technical know-how, hackers can enhance the credibility of their fraudulent emails.
- Another factor lending these emails credibility is the time of the day. The criminals are cautious enough to send lateral phishing emails only during the regular workweek and working hours, thus killing all scopes of suspicion.
Freely Available Trojan Malware Might Be Increasing Cyber Attacks
Adding to the already brimming inventory of malicious resources, a new and powerful trojan malware is being available on the dark web free of cost. It might be the beginning of an upsurge in cyberattacks in the coming days and months.
A trojan called NanoCore RAT that earlier fetched an insignificant amount of $25 was causing many grievances to victims since its release in 2013. But, there is a free version available on the dark web now, much to the benefit of the cybercriminals.
Trojan NanoCore v1.2.2 Explained
Researchers first identified the Trojan NanoCore v1.2.2 at LMNTRIX Labs. This Trojan can steal passwords, perform keylogging, and also secretly record audio and video footage using the webcam. It gets structured in such a way that it can avoid detection while using the webcam, by auto disabling the recording light. The light gets emitted when the user is recording something. It is also capable of shutting down or restarting systems and eventually gives full access of the system to the attacker. NanoCore is relatively easy to use, and even less proficient criminals put it to malicious use.
How To Protect Oneself?
The best way to save yourself from these trojans is to incorporate phishing protection software. Additionally, one must ensure that the systems get regularly updated for patches and newer versions that are less vulnerable to hackers’ attempts.
68 Lakh Records Stolen From Indian Healthcare Website
The US-based cybersecurity firm FireEye recently revealed that hackers attacked a leading Indian healthcare website. It led to a massive data breach involving the details of over 68 lakh patients and doctors. Although the website’s name was kept hidden, the security firm said that the cybercriminals involved in the breach are mostly from China. The attackers are selling stolen data from various healthcare organizations and web portals across the world, and India is another nation on their hit list.
A Rising Threat For The Healthcare Sector
There is a considerable rise in the number of medical databases that are up for sale in the dark market, as per the anti-phishing firm, FireEye’s observation. Notably, the healthcare sector witnessed a multitude of data breaches by the Chinese nation. A notable thing about all these China-based attacks is that they steal large sets of personally identifiable information (PII) and Protected Health Information (PHI) every time.
Over 30,000 Cyber Attacks On US Federal Agencies In 2018
The FISMA FY 2018 Annual Report found out that the US government organizations dealt with 31,107 cyberattacks in the financial year 2018. This figure marked a 12% decline in attacks as compared to the previous fiscal year of 2017(35,277 assaults in 2017). Although the report stated that no significant attacks hit any federal agency in 2018, yet the federal government continues to face challenges mitigating underlying security vulnerabilities. According to the report, the US government spent around $15 billion on cyber-security measures in 2018.
The key takeaways from the FISMA FY 2018 Annual Report are:
- Though not indicated in figures, email-based threats continue to exist, and hence, email phishing protection becomes an issue of concern for the US government.
- The Department of Homeland Security stated that 6,930 phishing incidents occurred in 2018.
- About 27% of all cyberattacks lacked an identified medium giving the hacking element access to computer infrastructures.
- Improper usage led to about 9,674 cyber-security incidents in 2018, and another 2,552 cyber-security problems were a result of loss or theft of organization equipment.
Data Breach At Adult Website Distresses Millions
Luscious – the adult website recently underwent a data breach which exposed the personal information and real identity of over 1.195 million of its users. The lost data consisted of the usernames, personal email accounts, locations, gender, and activity logs, and in some cases, full names of the users.
Discovered last week by vpnMentor, the breach led to the compromise of 800,000 official accounts and actively used emails accounts. This attack would have life-changing implications on the personal life of affected users. However, the thin silver lining here is the fact that 20% of the total accounts used fake email addresses.
The victims of the breach hail from France, Germany, Russia, Brazil, Italy, Canada and Poland and among the exposed user activity were videos, user IDs, followers, accounts followed and blog posts. The risks are higher with this breach because many of the victims had their official email addresses involved. It means that the entire organization now becomes prone to such cyber attacks.
What Can Be Done?
Although the security flaw was taken care of, the following measures can help safeguard against such threats:
- Organizations must employ anti-phishing services and implement severe measures restricting the online activities of the employees. They should make employees refrain from using their official email addresses for any personal work.
- Users must regularly change their login details to avoid the vulnerability of becoming prey to such types of cyber-attacks.