The rate at which cybercrimes are propagating is beyond the imagination of an ordinary mind. All we can say is that the ill-motivated have begun to outnumber and outsmart the good actors in the cyberworld. This becomes evident in the endless stream of failed phishing prevention measures that lead to major cybercrimes such as identity theft, financial losses, and sextortion campaigns on a daily basis. Here are the most recent cyber attacks that have made it to the headlines in the past week.


Data Breach At Montana Hospital

In a sophisticated data breach that happened at a hospital in Kalispell, Montana, the health records of as many as 129,000 people were compromised, making patients vulnerable to identity theft and fraud. Further investigations reveal that the attack was a planned and coordinated one, and although the authorities of Kalispell Regional Healthcare found out about the breach in June, it was very much existent before that as well.

The breach happened because of the hospital employees, who gave out their email login credentials unintentionally to the attackers who then used these to access and steal the details of the patients. Among the compromised details were the personal information of patients such as names, addresses, medical record numbers, dates of birth, telephone numbers, email addresses, medical history and treatment information, date of service, treating and referring physician, medical bill account number, and health insurance information. In addition to this, there are high chances that the Social Security Numbers of over 250 patients were also exposed in the breach, which makes this attack more severe than previously anticipated.

The hospital sent out letters to the affected patients informing that the breach was a very sophisticated one. As anti-phishing protection, the hospital also sought the help of federal law enforcement. They blocked the infected email accounts of the employees and launched a strict investigation under the guidance of a renowned New York-based digital forensics firm.

As compensation for the breach, the hospital is also offering free credit monitoring services to all patients who were victims of the cyber attack.


Billtrust Undergoes Ransomware Attack

The renowned Business-to-business (B2B) payments provider company –Billtrust, recently found that it has undergone a ransomware attack. Though the company hasn’t yet revealed much about the nature of the breach, officials have said that they are making all efforts to retrieve all locked files. Billtrust has announced that it is still recovering from the attack and that they are almost in the last stage of recovering all files.

Billtrust enables its users to view invoices, pay, or request bills via email or fax and has a vast employee base with over 550 workers. Although the breach comes as a setback, Billtrust isn’t the submissive kind and has begun employing anti-phishing solutions. They have hired a security firm and are also taking the help of law enforcement officials to get to the roots of the attack.

While efforts continue in trying to recover files, they are also taking simultaneous measures for strengthening the security measures adopted by the firm. The company continues to maintain its secrecy with regards to the ransom payment, and we cannot say for sure that they are retrieving files solely by themselves, or it’s actually a ransom payment that has rescued them.


Easily Hackable Robots At Japanese Hotel Chain

The Henn na Hotel from the Japanese hotel chain, HIS Group, boasts of being staffed not with humans of blood and flesh but with mechanical robots. The guests at the hotel are checked in by humanoid or dinosaur reception bots. However, these robots can easily be hacked by any guest who stays in that particular room, giving them access to the video footage of all other guests who stay in that room in the future.

This vulnerability in the robots of the hotel chain was pointed out by a security researcher who had warned the HIS Group in July. However, he received no response from the hotel group, and so he made his findings public 13 October 2019.

The Tapia robots used in Henn na Hotel of Japan are the only ones detected with the security flaw at the moment, but it is uncertain whether the remaining hotels of the chain use the same robots. The hotel group finally broke their silence about the issue via a tweet where they apologized for the inconvenience caused to all customers.

For ensuring protection from phishing attacks in the future, the hotel chain has updated all their robots and claim that there is no risk factor now. The future is indeed here, however we have to be extremely careful with technology as it is our privacy that is at stake.


Samsung Galaxy S10 Blacklisted By Banking Apps

In what seems like a significant security flaw, the screen protectors that come with Samsung Galaxy S10 units have found to be highly vulnerable to random fingerprints! Almost any user can access these devices using fingerprints to unlock it. This makes the devices very unsafe for all those users who prefer to do their dealings online. As a result, several banking apps have blacklisted the Samsung Galaxy S10.

Banking apps are often dependent on fingerprint authentication, and therefore, the security flaw with S10 poses a severe threat to these apps. The apps have debarred S10 users from downloading the apps on their phones, and the remaining has removed the option of having a fingerprint scanner as a security measure.

Samsung itself has warned its users about the vulnerability and advises them to refrain from using this feature until further notice. This is not the only anti-phishing measure adopted; the involved banks do not want any liability in case a phony fingerprint manages to get through the security measures. Therefore, banks like the Nationwide Building Society and the NatWest Bank in the UK have begun implementing their phishing protection measures. But it is about time that Samsung gets to work and tries to get rid of this security flaw.


Chinese Browser Allows Admin Access To Everyone

The Chinese browser Maxthon has a security flaw in its Windows version, which enables an attacker to gain admin control and install malware into any system. This flaw was first identified by the security firm SafeBreach last month, and as per their reports, the bug allows an attacker to install a program that is operated by the “NT AUTHORITYSYSTEM,” – the admin account.

The bug looks for a fake file called program.exe, which enables the hacker to create a dummy executable with the same name. Unaware of this, the browser still assumes that there is no threat, and this is where the hacker’s motives reach fulfillment. With this done, the hacker now gets all admin privileges and can install malicious code and bypass windows security to run apps that may not otherwise get execution permission.

The Maxthon browser, which is used by over 670 million people, is vulnerable only for the versions of Windows ranging from 5.1.0 to 5.2.7. However, the browser hasn’t yet launched any patch or phishing protection service, which is why users must avoid using the browser until further notice from Maxthon.


anti phishing solutions


Gustuff Returns With Sophisticated Features

The banking trojan “Gustuff”, which created much havoc in the past, is now back with a bang of several new features to attack the customers. This time around, the trojan shall make use of malicious SMS messages to compromise systems. The prime targets of this trojan are the Australian banks and cryptocurrency wallets. The new version of Gustuff is free from the similarities it earlier had with the banking trojan, Marcher. The trojan has also recruited sites’ mobile apps on its radar this time to increase its impact.

Researchers point out that this method is slow to trap victims but also has a low footprint. The trojan can load webviews and can also obtain the necessary injection from a remote server. Its features further include detection prevention by anti-virus, anti-malware, and phishing prevention software. The trojan notifies users of a credit card information update via which they manage to get into a customer’s account and steal all their money.


Ransomware Attack Hits The San Bernadino City Schools

Joining the queue of schools that have been hit by cyber-attacks this year, San Bernadino City Unified School District undergoes a severe ransomware attack that succeeds in bringing down the school’s systems.

The California school system reported the attack on October 20, where they stated that in spite of specific systems being brought down, the school continues to work manually to keep the functioning uninterrupted. The attack locked some of the district files, but the authorities are quite confident that the attack has not lead to any data loss so far.

They have informed publicly that the details of the students and parents are secure and that nutrition services and transportation are not impacted. They assured that attendance will be taken care of manually and that communication with school authorities can be done over the telephone. The only thing that remains disrupted is the facility to converse with the teachers and staff via email, which shall not be reinstated until and unless the issue is wholly settled to ensure phishing email protection.


Zero Bank Balance A Call Away: SIM-Jackers

In the latest innovation in the world of cybercriminals, the attackers can transfer all the money from our bank accounts by simply getting a SIM card with the same number we have registered with the bank. This was first pointed out by journalist and food writer Jack Monroe who lost £5,000 to a similar scheme. Dubbed as “SIM-Jacking”, this new form of cybercrime first sees the attacker deriving personal details of a victim either from social media or by fake company-calling them. Then, he uses these stolen personal details of victims to impersonate them and get new SIM cards with the same numbers they originally had. With this done, the attackers can easily access all messages with passcodes, thereby hacking into virtual accounts held by the victims, be it their email, social media, or mobile banking accounts.

A former black hat hacker opines about SIM-Jacking that these attacks are bound to be successful because mobile phone carrier representatives are not always interested or even skeptical when they receive a call from a customer asking for a SIM swap. They instantly do it, almost unquestioningly, and this is why SIM-Jacking has become so effective in recent times. There is not much choice left with a customer if there are no measures to prevent phishing attacks from the service providers’ end.


Smart Home Assistants Not Actually Cyber Smart

The modern era has made us all dependent on electronic gadgets, which is in no way a bad thing if it doesn’t leak our personal information. However, research has shown that the smart speaker voice apps are vulnerable to vishing (voice-phishing) attacks, which are angled at extracting passwords. Among these devices, Amazon Echo and Kindle devices were found to be infected with two old KRACK vulnerabilities. The incorporation of these gadgets in modern homes is taking place rapidly with over 50 million installations to date, but what cannot be denied is the fact that there has been a parallel rise in the number of hacking or spying instances related to these gadgets. Phishing and eavesdropping are the prevalent evils associated with smart speakers from Google and Amazon, both of which are exploitable through the backend.

Whistleblowers claim to have heard couples having sex and criminals making drug deals on Siri and Alexa, respectively. But the good thing is that Amazon and Google have provided users with the Do’s and Don’ts list following which is sure to give them their due share of privacy. Incorporating the anti-phishing tools recommended by them provides users with the satisfaction of not being spied upon when in the middle of something private and confidential.


Alphabet Virus Scanner Prone To Data Breach

The Israeli cybersecurity company Otorio Ltd. recently pointed out that companies are not using Alphabet Inc.’s virus scanner and similar products ethically. Otorio has accused firms of leaking sensitive data such as factory blueprints and intellectual property online. Thousands of files were found exposed online from companies in the pharmaceutical, industrial, automotive, and food industries as part of a project to research the malware logged by VirusTotal (a branch of Alphabet).

This might pave the way for a prospective hack as per Otorio experts. Upon dialogue with VirusTotal, Otorio found that even the latter felt the need for an awareness program regarding the functioning of their security applications. In its policy, VirusTotal explicitly asks users to share only those files which they want to be displayed publicly. However, there is a constant risk of the data uploaded being misused by ill-motivated researchers or hackers, which leaves the gates open for a ransomware attack.


Malicious App ‘Yellow Camera’ Exposed

Trend Micro researchers recently identified a security flaw with the malicious beautification/editing app called the ‘Yellow Camera’ app, which is mainly used by people in Southeast Asian countries such as Thailand and Malaysia. The app activates the Wireless Application Protocol (WAP) billing without the user’s knowledge and also reads SMS verification codes from System Notifications.

Upon installation, the app asks for permission to access the ‘Notification’ feature. With that allowed, the app downloads a file “[MCC+MNC].log” containing JavaScript payloads and WAP subscription billing site address unto the user’s device. Post several other steps, the app finally gets access to the verification codes received on the device, which are used to make a fraudulent WAP subscription.

Google exhibited prompt protection against phishing and immediately removed the bogus photo beautification app from the Google Play Store.