Phishing Watchdog – Stay Safe with Instant Alerts


Ransomware Gang Demands $42 Million From Celebrity Law Firm

15th May 2020 | Target: Grubman Shire Meiselas & Sacks | Reported Here

The criminal group behind the REvil (Sodinokibi) ransomware is extorting a New York-based law firm, threatening to release sensitive files on the company’s celebrity clients unless the the firm pays a whopping $42 million ransom demand.

The extortion attempt is the result of a ransomware infection that Grubman Shire Meiselas & Sacks (GSMS) suffered last week.


[above via Zdnet post] Update 1


GoDaddy Suffers Data Breach

5th May 2020 | Target: GoDaddy | Reported Here

GoDaddy has confirmed a data breach that occurred back in October, impacting web hosting account credentials. The breach was caused by an unauthorized individual.

With the case, reported by ZDNet, the person was able to access login credentials of SSH accounts used in GoDaddy’s hosting environment. The company discovered an “unauthorized individual” had gained access to login credentials that enabled them to “connect to SSH” on the affected hosting accounts. The security incident that took place on October 19, 2019, was discovered on April 23, 2020.


[above via Digital Journal post] Update 1


Taiwan’s CPC suffers malware attack

4th May 2020 | Target: CPC Crop | Reported Here

Ransomware has struck the computer systems of Taiwan’s state-owned energy company, CPC Corp., according to local media and private forensic reports reviewed by CyberScoop.


[above via Cyberscoop post] Update 1


Ransomware Payments Surge 33% as Attacks Target Remote Access

1st May 2020 | Target: Various Enterprise | Reported Here

The average sum paid by enterprises to ransomware attackers surged by 33% quarter-on-quarter in the first three months of the year, as victim organizations struggled to mitigate remote working threats, according to Coveware.

The security vendor analyzed ransomware cases handled by its own incident response team during the period to compile its latest findings.


[above via Cyberdot post]


Nintendo Breach Affects 160,000 User Accounts

24th April 2020 | Target: Nintendo | Reported Here

Nintendo said over 160,000 accounts have been hacked, due to attackers abusing a legacy login system.

Over the past few weeks, Nintendo gamers have been reporting suspicious activities on their accounts. According to the complaints, aired out on Twitter and Reddit, unauthorized actors were logging into victims’ accounts and abusing the payment cards connected to the accounts to buy digital goods on Nintendo’s online stores, such as V-Bucks, in-game currency used in Fortnite.


[above via post] Update 1 / Update 2


Hackers Target Netflix and Disney+ with #COVID19 Phishing

19th April 2020 | Target: Netflix, Disney+ | Reported Here

Hackers are turning their attention to streaming services in an ongoing bid to capitalize on the current COVID-19 pandemic and increase their own profits, according to Mimecast.

The email security vendor revealed that it had detected the registration of over 700 suspicious domains designed to impersonate the Netflix brand in under a week. The recently launched Disney+ service is also coming under increasing scrutiny from black hats, it claimed.


[above via Info – Security post]


Equifax pays Indiana $19.5m to settle data breach case

16th April 2020 | Target: Equifax | Reported Here

On April 14, 2020, the Indiana Attorney General’s office announced that the state had reached a settlement agreement with Equifax in connection with Equifax’s 2017 data breach. Under the terms of the settlement, Equifax will pay a $19.5 million penalty. Indiana previously elected not to participate in a July 2019 multistate and Federal Trade Commission settlement with Equifax regarding the same data breach..


[above via National Law Review post] Update 1


Number of leaked government records increases by 278% in Q1, 2020

15th April 2020 | Target: Government | Reported Here

There has been a huge rise in the number of breached records of governments and individual politicians in the first quarter of 2020, according to research from Atlas VPN. The study showed there were 17 million leaked government records during this period: a 278% increase compared with the first quarter of 2019.


[above via Info security post] Update 1


Australians Arrested Over $2.6m Email Scam

3rd April 2020 | Target: Various Businesses | Reported Here

NSW Police have charged two men over their alleged involvement in a $2.6 million email scam syndicate.

The scam involved sending altered invoices to legitimate businesses which unwittingly paid the scammers who then transferred the money into their personal bank accounts.


[above via ia.acs post] Update 1


New Marriott data breach impacts 5.2 million guests

31st March 2020 | Target: Marriott | Reported Here

Hotel chain Marriott International announced today that it has suffered a second data breach.

According to an incident notification published on their website, the company spotted unusual activity occurring in an app that guests use to access services during their stay.

An investigation into the activity revealed that the login credentials of two Marriott employees had been used to access “an unexpected amount” of guest information.


[above via Info Security post] Update 1