You know it’s a bad week when the two people running for President of the United States are as likely to get phished as anyone else. From SC Magazine, “according to the Google Threat Analysis Group (TAG), both are the targets of phishing campaigns by nation-states like China and Iran. Recently TAG saw China APT group targeting Biden campaign staff & Iran APT targeting Trump campaign staff with phishing.” Stay safe out there.
Fake CV Scam
Hackers seem to always prey on the most vulnerable—like those desperately looking for a job. For those who are, it’s time to look out for the fake CV phishing scam. According to CISO Magazine, “Researchers have discovered that in May 2020, nearly 250 new domains have been registered that consist of the word ’employment.‘”
“The cybercriminals lure potential victims into opening malicious .xls attachments, firstly by naming the files as a person’s name, which indicated that it is that person’s CV and secondly by using phishing email subject lines such as ‘applying for a job’.” Be careful if you do not have email security services installed.
A lot of people use GoDaddy to host their website and send email. Hackers know it and so it was only a matter of time before they targeted GoDaddy customers. From Scamicide, an “email presently being sent to unsuspecting people that appears to come from GoDaddy. This particular phishing email is sent from an email address that appears to be that of GoDaddy although it is not a real email address used by GoDaddy.”
Almost two thirds of all websites on the internet use WordPress to build the website. So, it shouldn’t come as a shock if hackers target WordPress for exploitation, and that’s exactly what happened recently.
“A massive attack at the end of May targeted the database credentials of some 1.3 million WordPress sites. The vast majority of the attacks are on outdated plugins and website themes.” Keep those WordPress plugins and themes up to date.
What if hackers could control traffic lights? Can you imagine the havoc they could cause? Well, it’s not just a theoretical discussion anymore. According to Security Week, “A critical vulnerability affecting traffic light controllers made by SWARCO could have been exploited by hackers to disrupt a city’s traffic lights. SWARCO is an Austria-based company that specializes in traffic management, traffic safety, road marking and other solutions typically found in smart cities. Its products have been deployed in over 70 countries around the world.” Yeah.
When a data breach can lead to a class action lawsuit, it’s surprising to still see so many data breaches of personally identifiable information (PII), but here we are again.
From SC Magazine, “A breach of the San Francisco Employees’ Retirement System (SFERS) may have exposed the information of 74,000 members, including names, addresses, birth dates, banking and IRS data as well as details on beneficiaries.”
UCSF & Conduent Scam
SFERS wasn’t the only San Francisco organization hit this week. Also from SC Magazine, “Academic health research institution the University of California, San Francisco and business process services company Conduent have emerged as two of the latest prominent victims of organized ransomware attacks.”
These were the worst kind of attacks. “These ransomware operators not only encrypt their targets’ files, but also publish stolen files on a piecemeal basis unless and until the victim pays up.” Bad week to have inadequate data security in San Francisco.
Data Breaches Facts
How bad were the last two years for data breaches? From an article on Help Net Security, “Cybercriminals exposed over 5 billion records in 2019, costing over $1.2 trillion to U.S. organizations, according to ForgeRock. Coupled with breaches in 2018 costing over $654 billion, breaches over the last two years have cost U.S. organizations over $1.8 trillion.” That’s trillion with a “T”.
You’ll never guess the most targeted industry. If you guessed healthcare, go to the head of the class.
And that’s the week that was.