Phishing Watchdog

PhishProtection.com “Phishing Watchdog” Is A Timeline of All Major Phishing Attacks Reported As They Breakout

An Updated Feed of All Significant Phishing Attacks

This is a comprehensive and frequently updated resource page that lists all the significant Phishing Attacks as they are discovered and happen online. Each attack is summarized here with links to further information about each attack. The list below is updated instantly with threat details as soon as the attack is verified to be authentic.

 

Nobel Foundation site hit by DDoS attack

26th January 2022 | Target: Nobel Foundation | Reported Here

Nobel Foundation and the Norwegian Nobel Institute, have disclosed a cyberattack on their infrastructure, aimed at disrupting the live stream of the award ceremony held last month.

This is specifically a DDoS attack, as noted by the Nobel community, and the ones behind this incident are not known as of now. But, there’s speculation that state-backed hackers can possibly be the perpetrators, considering the allegations against the Nobel team for biased decisions since the past.


[above via Techdator post]

 

DeadBolt ransomware targets QNAP devices

25th January 2022 | Target: QNAP Devices | Reported Here

DeadBolt ransomware is targeting QNAP NAS devices worldwide, its operators claim the availability of a zero-day exploit that allows them to encrypt the content of the infected systems.

Once encrypted the content of the device, the ransomware appends .deadbolt extension to the name of the excerpted files and deface the login page of the QNAP NAS to display the following message


[above via Security Affairs post] Update 1

 

Canada’s foreign affairs department hit with cyberattack

25th January 2022 | Target: Canada’s foreign affairs department | Reported Here

Canada’s foreign affairs department was hit with a cyberattack last week, according to the Treasury Board of Canada.

The hack of Global Affairs Canada, the government entity responsible for diplomatic and global relations, occurred on Wednesday


[above via ABC News post] Update 1 / Update 2

 

Indonesia’s central bank confirms ransomware attack

20th January 2022 | Target: Indonesia Central bank | Reported Here

Bank Indonesia (BI), the central bank of the Republic of Indonesia, has confirmed today that a ransomware attack hit its networks last month.

A Bank Indonesia spokesperson also told BleepingComputer the attack took place last month and that the bank’s operations are not disrupted after the incident.

Bank Indonesia


[above via Bleeping Computer post] Update 1

 

Crypto.com confirms $35M lost in cyber attack

19th January 2022 | Target: Crypto.com | Reported Here

Crypto.com has confirmed that a multi-million dollar cyber attack led to the compromise of around 400 of its customer accounts. Although, the company’s CEO stresses that customer funds are not at risk.

With regards to daily trading volume, Crypto.com is reportedly the world’s third-largest cryptocurrency trading platform “on a mission to accelerate the world’s transition to cryptocurrency.”

Crypto.com cyberattack


[above via Bleeping Computer post] Update 1 / Update 2

 

Red Cross cyberattack exposes data of 515,000 people

19th January 2022 | Target: Red Cross| Reported Here

A cyberattack on a Red Cross contactor has led to the theft of personal data for more than 515,000 people in ‘Restoring Family Links,’ a program that helps reunite families separated by war, disaster, and migration.

The announcement comes from the International Committee of the Red Cross (ICRC), which states that the data was compiled by at least 60 different Red Cross and Red Crescent National Societies worldwide.

Red Cross Cyberattack


[above via Bleeping Computer post] Update 1

 

Moncler confirms data breach after ransomware attack

19th January 2022 | Target: Moncler | Reported Here

Italian luxury down jacket maker Moncler (MONC.MI) said that key data on its customers was safe following a cyber attack it suffered last year, after some data was released on the dark web on Tuesday.

Updating on a hacking incident that hit the group in December, Moncler said some data obtained from the company had been released on Tuesday after the luxury group rejected a ransom demand.

Moncler Data Breach


[above via News Break post] Update 1

 

Goodwill discloses data breach

14th January 2022 | Target: ShopGoodwill Platform | Reported Here

Nonprofit organization Goodwill has started notifying users of its ShopGoodwill.com e-commerce platform that their personal information was compromised as a result of a cybersecurity breach.

The notice sent out by Goodwill via email was obtained by Australian researcher Troy Hunt, who runs the Have I Been Pwned data breach notification service.


[above via Security Week post]

 

Hensoldt confirms Lorenz ransomware attack

14th January 2022 | Target: Hensoldt | Reported Here

Hensoldt, a multinational defense contractor, confirmed that some of its UK subsidiary’s systems were infected with Lorenz ransomware. It’s been active since April last year and hit multiple organizations worldwide demanding hundreds of thousands of dollars in ransoms to the victims.

Lorenz operators also implement double-extortion model by stealing data before encrypting it and threatening them if the victim doesn’t pay the ransom. Ransom demands have been quite high, between $500.000 and $700.000.


[above via The Cyber Throne post] Update 1

 

Maryland Confirms Ransomware Attack at Health Agency

13th January 2022 | Target: Maryland Department of Health| Reported Here

ANNAPOLIS, Md. (AP) — The disruption of Maryland’s reporting of COVID-19 data last month was caused by a ransomware attack, state officials said Wednesday.

Chip Stewart, the state’s chief information security officer, said the state has not paid extortion demands for the attack, which began on Dec. 4.


[above via US News post] Update 1

 

Cyber-Thieves Raid Grass Valley

10th January 2022 | Target: Grass Valley | Reported Here

A cyber-attack on a city in California has resulted in the exfiltration of personal and financial data belonging to vendors, city employees, and their spouses.

A data security incident notice published by the City of Grass Valley states that an unknown attacker was able to access some of the city’s IT systems for four months last year.


[above via Info Security post] Update 1

 

EA confirms dozens of high-profile FIFA accounts hacked

7th January 2022 | Target: FIFA 22 | Reported Here

EA has confirmed reports that a number of FIFA 22 accounts have been hacked via phishing techniques.

In a statement, published on the official FIFA 22 website, the publisher admits that these hackers used threats and other social engineering methods to exploit the customer service team and bypass two-factor authentication.


[above via Tech Radar post] Update 1 / Update 2

 

Hackers take over diplomat’s email, target Russian deputy minister

6th January 2022 | Target: Russian Ministry Of Foreign Affairs | Reported Here

Hackers believed to work for the North Korean government have compromised the email account of a staff member of Russia’s Ministry of Foreign Affairs (MID) and deployed spear-phishing attacks against the country’s diplomats in other regions.

One of the targets was Sergey Alexeyevich Ryabko, the deputy foreign minister for the Russian Federation, among other things responsible for bilateral relations with North and South America.


[above via Bleeping Computer post] Update 1

 

FinalSite has suffered a ransomware attack

6th January 2022 | Target: FinalSite | Reported Here

A ransomware attack on software provider Finalsite has affected the websites of about 5,000 schools, most of them in the US, a Finalsite spokesperson told CNN Friday.

About 8,000 schools — including boarding schools, high schools and colleges —worldwide use Connecticut-based Finalsite’s software for their websites and public communications, according to Finalsite.

finalsite


[above via CNN post] Update 1

 

Honda and Acura cars have been hit with a Year 2022 bug

5th January 2022 | Target: Honda and Acura | Reported Here

Honda and Acura cars have been hit with a 2022 year bug, aka Y2K22, which resets the navigation system clock to January 1, 2002, with no way to change it.

From January 1, the date on the Acura and Honda navigation systems would automatically change to January 1, 2002, with the time being reset to 12:00, 2:00, 4:00 or other times. depending on the model or possibly the region the car is located.


[above via Techtose post]

 

Saltzer Health Says Patient Data Exposed in Cyberattack

4th January 2022 | Target: Saltzer Health | Reported Here

Hospitals and outpatient facilities, both large and small, continue to be the targets of healthcare data breaches, placing additional strain on an already overworked sector.

The new year began with the announcement of a protected health information (PHI) breach and data exfiltration at Broward Health, impacting 1.3 million individuals. Clinical data technology vendor Ciox Health recently reported a breach that impacted 32 healthcare organizations across the country.


[above via Health It Security post]

 

Have I Been Pwned warns of DatPiff data breach

4th January 2022 | Target: DatPiff | Reported Here

The account credentials and emails of almost 7.5m users of the mixtape hosting service DatPiff have been made available to download for free on a popular hacking forum.

First launched in 2005, DatPiff has over 15m users though the service also allows unregistered users to download or upload samples for free.

DatPiff


[above via Techradar post] Update 1

 

Broward Health discloses data breach affecting 1.3 million people

3rd January 2022 | Target: Broward Health | Reported Here

This weekend, the Broward Health hospital system notified more than 1.3 million patients and staff members that their personal information was involved in a data breach that started on October 15.

In a statement on Saturday, the Florida hospital system said that in addition to names, addresses and phone numbers, Social Security numbers, bank account information and medical history data was included in the breach.

Broward Health data breach


[above via Zdnet post] Update 1