A plethora of game-changing events has taken place in the digital world in the past few days. The cyber-world being mostly dynamic, it becomes humanly impossible to be abreast with all the critical events. Following is a list of the major headlines from the cyberspace:
Phishing Scams Surround Amazon Prime Day
Experts urged Amazon prime members to stay vigil as the Amazon Prime Day began on 15th July 2019, Monday morning for 48 hours with cost-efficient deals for millions of buyers who are Amazon Prime members. They warned buyers to ensure phishing protection, as hackers will continuously be on the hunt to steal any of their data and bank details whenever there is a chance.
Members have been advised to consider the following, to protect themselves from phishing attempts:
- Do not view Amazon from any external source such as an e-mail or link. Make sure to use only the app or your browser.
- Have a two-factor authentication activated to make it difficult for prospective hackers to get into your account.
- Prevent phishing attacks further by analyzing any e-mails you receive that claim to be from Amazon merchants.
- Don’t fall for fake coupons which mimic the actual Amazon coupons and take you to spoofed websites. Help prevent e-mail phishing by carefully measuring your online activities.
- Report all e-mails that do not come from @amazon.com to the Federal Trade Commission (FTC) as this is the immediate anti-phishing protection measure that is available at your disposal.
Once lost, the bad actors sell your details on the dark web. From here, your personal information might be used for any illegal activity or for merely stealing all your financial assets.
Q2 Of 2019 Witnesses Higher Ransomware Costs & Increased Downtime
As compared to Q1, the second quarter of 2019 has witnessed a higher cost of ransomware attacks with ransom payments rising to 184 percent of previous rates. What cost around $12,762 previously now costs $36,295, according to Coveware analysis. The newest findings also revealed an increase in ransomware attacks in healthcare (accounting for almost 13.6% of Q2 ransomware incidents) as a result of the lack of implementation of anti-phishing solutions.
Researchers found that the average downtime increased from 7.3 days in Q1 to 9.6 days in Q2, with a loss of up to 8 percent of encrypted data during the recovery phase.
A Phishing Attack On California Reimbursement Enterprises Leads To Data Loss Of Over 1,000 Patients
Healthcare service provider – Essentia Health, lost data belonging to 1,000 patients in a phishing attack targeted on its third-party vendor – California Reimbursement Enterprises. California Reimbursement Enterprises rendered billing services and patient eligibility for a wide range of healthcare organizations and hospitals of which Essentia Health was one.
What is the extent of the breach?
It has been revealed that the hacker had access to the breached account for several hours before the attack was discovered and action was taken upon it. California Reimbursement Enterprises serves patients of Essentia Health in Minnesota, Wisconsin, Idaho, and North Dakota and as a result of the breach, patient particulars such demographic details, medical record, and patient account numbers, dates of birth, admission and discharge dates, and dates of services, etc. were compromised.
Essentia Health’s response:
As compensation, they have announced to give all patients a year of free credit monitoring services. They have also ensured that they have installed anti phishing services and that patient information has been kept secure.
Vitagene’s Unprotected Database Exposed User Details For Years
Vitagene – the DNA-testing service vendor recently revealed that the data of about 3,000 consumers had been exposed online for several years. This was through a misconfigured database, which included users’ dates of birth, full names, and genetic health information, including the likelihood of developing certain medical conditions. This was reported in Bloomberg. In addition to these details, the Vitagene platform which is designed to help consumers create diet and exercise plans based on their biological traits, lifestyles and personal goals also exposed documents with users’ contact details, like some e-mail addresses, credit card information, passwords, and other financial data.
What is Vitagene’s response?
Vitagene has admitted that the files belonged to its early beta-testing stages and represented only a small amount of its current customer base. They acknowledge that the mistake has been from their side and that they have engaged an outside security firm for phishing protection service.
A series of data breaches
Vitagene’s data compromise assumes significance in the backdrop of third party health apps like facebook, which has claimed that sensitive user information was leaked from their closed health groups.
Impersonated Vicars And Barristers Try To Trap People
As their newest approach, scammers have begun impersonating real-life vicars and barristers to gain access to people’s bank accounts. They trick recipients into paying fees or giving out personal financial details, using the phishing e-mails which are designed to look just like the ones from official bodies or businesses. This is a finding which has been reported by NCSC (National Cyber Security Center), in their report on UK cybersecurity. According to the report, such attackers are increasingly targeting the UK’s legal sector.
Phishing prevention becomes difficult in this case as the phishing e-mails use the names and addresses of real law firms and churches to be more appealing to their targets. Moreover, the means of safeguarding oneself from these phishing attempts seem to be the old ways of identifying fake e-mails via observation and context.
Ransomware Attack On Monroe College, Hefty Ransom Demanded
A ransomware attack hit Monroe College of New York City in the early hours of last Wednesday (10th July) which has brought the digital infrastructure of the college to an absolute standstill.
The college authorities are working rigorously to set everything right and restore the online portal. Until things get restored and information gets retrieved, the college shall function like olden times when the internet hadn’t made its appearance. Everything is being done manually as of now, and the college is falling back on a microsite set up in reaction to the hack. The attack has frozen all the systems and caused an interruption in the day to day activities of the college, affecting all of Monroe’s campuses in Manhattan, New Rochelle, and St Lucia where over 8,000 students are enrolled.
The demand for a hefty ransom by the attackers
The attackers have demanded a ransom of 170 Bitcoin (US $1,788,740 / £1,445,839), but the college hasn’t yet announced as to its compliance or retaliation to the demand. The college has collaborated with local law enforcement and the FBI to solve the issue.
New Marketing Scheme Of Amazon: To Pay $10 For Users’ Data
Amazon has offered $10 to US-based shoppers using Prime Day if they agree to cooperate with Amazon and install its Amazon Assistant – a price-comparison tool that hooks onto to web browsers thereby making Amazon capable of tracking the websites visited by the customers. This also lets them view the page content of the websites that customers visit.
Simply put, users are lured by money to reveal their personal browsing history and information which shall then be harvested by the company to improve their marketing, products, and services.
More than seven million customers of Amazon have already downloaded Amazon Assistant onto their Chrome or Mozilla Firefox browser which allows Amazon to track smaller sets of users across web pages. However, they have also commented that they take customers’ privacy very seriously and all their policies and moves uphold this virtue.
NSW Cyber Security Innovation Node, Australia To Be Launched Shortly
Australia is all set to start a new cybersecurity center of excellence in the state of New South Wales, which shall be called the NSW Cyber Security Innovation Node. It is expected that this new hub of cybersecurity shall not only inspire innovative ideas in the field but also create employment opportunities for many.
The NSW Cyber Security Innovation Node is sixth in the line of state and territory nodes created in association with AustCyber. Security industry ‘nodes’ of a similar kind have been created in the past, in states of Victoria, the ACT (Canberra), Western Australia, South Australia, and Tasmania. This new hub is likely to enhance the economy of the nation as it shall bring together startups, corporations, universities, researchers, and government agencies to share their expertise and come up with innovative ideas.
UK’s NCSC Sees Progress In The Battle Against Phishing
As per reports of the UK’s National Cyber Security Centre (NCSC) that outlines the success of the country’s Active Cyber Defense (ACD) program, the year 2018 saw over 22,000 phishing campaigns being targeted at the United Kingdom.
The Active Cyber Defense (ACD) is focused on reducing the vulnerability of UK to commodity phishing and malware-based attacks, and it goes about it through various features which can be implemented by public sector organizations to add basic security protections to their networks.
Some of the changes brought in by the NCSC via its ACD program in the past two years are:
- Incorporation of anti-phishing tools like Mail Check and Web Check, which access e-mails against the DMARC e-mail authentication standard and identify common vulnerabilities in a website’s design respectively.
- Free services offered by NCSC which is inclusive of the removal of any malicious content that is hosted in the UK and impressive success rates of 192,256 takedowns in 2018 and 219,992 takedowns in 2017.
- The report ‘Active Cyber Defense – the Second Year’ shows that only 24,320 unique IP addresses had been scrutinized in the ACD’s second year (2018) of which 14,124 were fake URLs impersonating the UK government (HMG) brand. This marked a slight reduction of fake URLs spotted in comparison to the 18,067 sites found in 2017.
- The program’s progress is also noticeable in the reduced number of hosting providers of fake websites in 2018 as compared to 2017. There were 451 hosting providers of fraudulent sites in 2018 whereas the number was 587 in 2017.
Further steps in the pipeline
As part of its future course of action, the NCSC plans to develop a web-based tool for users to scan their internet-facing systems to check for vulnerabilities. They believe that this shall be beneficial in spotting any misconfigured routing protocols or file-sharing services.
Bulgaria Detains Cybersecurity Worker For Backstabbing The Nation
Bulgarian authorities arrested a 20-year-old cybersecurity worker on the grounds of being associated with a cyber-attack that stole millions of taxpayers’ personal and financial data. The suspect was working for a company that protects IT systems against breaches. The breach has probably led to data loss of almost every adult in Bulgaria. While the investigations in this regard are in progress, it is too soon to predict whether other people were involved in the breach.
Officers confiscated a laptop and other devices from the house and office of the suspect in Sofia. These devices were found to contain encrypted data. The suspect’s job was to test computer systems and networks for possible vulnerabilities to prevent attacks, but he was perhaps involved with the wrong set of people and crossed his employers and nation. The latest update in the story is that the local media received an e-mail on 15th July 2019, Monday from a person who claimed to be a Russian hacker who said that he has access to the stolen data.
New Malware “Agent Smith” Hits 2.5 Crore Users In India And Other Places
New malware “Agent Smith” attacked at least 1.5 crore Android devices in India, according to a report by Check Point research. This malware has quietly infected over 2.5 crore devices across the globe of which, 1.5 crore mobile devices are from India alone. The malware impersonates a Google-related application, exploits known Android vulnerabilities and automatically replaces apps installed on the device with malicious versions on its own. The malware shows fake ads promoting instant financial gain, but can also be used theft of banking credentials or eavesdropping.
Targeting users in several countries
Agent Smith is similar to previous malware campaigns like Gooligan, Hummingbad, and CopyCat. The malware was downloaded initially from the renowned third party app-store – 9Apps and targeted mostly Hindi, Arabic, Russian, and Indonesian speaking users. The primary victims are based in India, but there are victims in other Asian countries as well. These include Pakistan and Bangladesh. Several users in the United Kingdom, Australia and the United States have also been infected with the malware “Agent Smith.”
A cold response from 9Apps
The third-party app store, however, denies its role in the spread of the malware and claims that it works in close association with Google, and it has no malicious apps on the Play Store. It is advised that Android users strictly avoid downloading apps from third-party app stores and stick to official Android apps only to prevent malware from affecting their systems.