Apparently there’s someone out there using the idea that a family member has been a car wreck as an opportunity to phish you in Bowling Green, KY. “According to the Warren County Sheriff’s Office, if a family member was involved in a ‘wreck’ they do not need you to immediately send them money. Also, do not give out your date of birth or social security number.”
You have to give them credit for trying.
City of Durham Ransomware
The City of Durham, NC was the victim of a ransomware scam this week. “Two separate attacks occurred simultaneously. Fast action by the IT department helped to contain the attack, but not in time to prevent approximately 80 servers from being infected. Those servers were encrypted and need to be rebuilt and approximately 1,000 computers had to be re-imaged.”
That was with the IT department taking “fast” action. Can you imagine what would have happened if they took their time? And you’ll never guess the cause of this ransomware attack. “Most cyberattacks start with a phishing email and this attack was no different.”
COVID-19 Phishing Scams
First it was the fear of COVID-19, now it’s the potential windfall from it. From SC Magazine, “FBI warns of COVID-19 phishing scams promising stimulus checks.”
Continuing from the article, “The FBI’s Internet Crime Complaint Center (IC3) has issued a public service announcement warning citizens to watch out for email-based fraud and malware schemes that take advantage of the coronavirus pandemic. Among the scams to look out for are phishing emails that reach to your inbox without any proper email security service and ask recipients to provide their personal information in order to supposedly receive an economic stimulus check.” If it sounds too good to be true…
Phishing Phrontier
File this under the “I’ll believe it when I don’t see it” category, but apparently hackers are no longer attacking health organizations during the COVID-19 pandemic. According to an article on Bleeping Computer, “Some ransomware operators have stated that they will no longer target health and medical organizations during the Coronavirus (COVID-19) pandemic.
Bleeping Computer actually reached out to the scammers and this is how they responded. “We always try to avoid hospitals, nursing homes, if it’s some local gov – we always do not touch 911. If we do it by mistake – we’ll decrypt for free.” It’s so nice to know they have a heart. Now if only they were human.
According to an article on SC Magazine this week, “The cybercriminal gang behind Maze ransomware has been extorting a UK-based clinical research organization that’s been preparing to play a potential role in testing vaccine candidates for the novel coronavirus, despite assurances that they would not harm any health care organizations during the COVID-19 crisis.” Well that didn’t last long. Like I said, I’ll believe it when I don’t see it.’
Body Count
What would a week be if we didn’t see at least one data breach at a healthcare organization? This weeks’ breach courtesy of Utah Health, a research and teaching hospital located on the campus of the University of Utah. And you’ll never guess what was the cause of the data breach. Give yourself a star if you said phishing attack.
“The research and teaching hospital, located on the campus of the University of Utah, said the intrusion was the result of a phishing attack. The hospital notes, it discovered on February 3, 2020, that an employee’s workstation had been infected with a common type of malware, which may have allowed access to said patient information from the employee’s email account.” Just another week in healthcare.
Financial Services Data Breach
Not wanting to be left out of the data breach action, two financial services companies were hit this week also. “An investigation revealed that the files appeared to be connected to a merchant cash advance mobile app named MCA Wizard and they likely belonged to Advantage Capital Funding and Argus Capital Funding. Advantage and Argus help small businesses in the United States obtain funding.”
How much data was exfiltrated? A lot. “The more than 500,000 exposed documents, totaling 425Gb of data, included credit reports, contracts, bank statements, driver’s licenses, legal paperwork, tax returns, purchase orders, transaction reports for payment cards and merchant accounts, social security information, and access information for bank accounts.” Yeah, a lot.
Elasticsearch Data Breach
Speaking of a lot, nobody is going to top this data breach after “More than five billion records were exposed after an Elasticsearch ‘data breach database’ managed by a U.K.-based security firm and housing a trove of security incidents from the last seven years was left unprotected.”
What I can’t get over is the “security firm” and the “left unprotected” in the same sentence. The CTO of Bitclass called “the leak potentially one of the biggest to date.” Well I hope so. I’d hate to think someone could suffer a bigger data breach.
And that’s the week that was.