Use your campus library much? You may be the target of the latest phishing scam. According to SC Magazine, ” The Mabna Institute, an Iranian firm whose members were indicted last year for cyberattacks against U.S. universities and other organizations, appears to have launched a new global phishing operation targeting the education sector last July and August.”
“In an attempt to steal university employees’ credentials, the attackers sent their targets phishing emails that impersonated library services. The emails contained links to fake university login pages where victims were encouraged to enter their user names and passwords.”
There’s a new Amazon phishing scam circulating now looking to steal credit card data from those who do not have a proper email security service, according to HackRead. The scam “tricks users into handing over their personal as well as financial information including credit card information to online crooks. Apparently, the crooks are trying to convince victims that someone has changed the password of their Amazon account.”
Once again the banking sector was under siege this week. According to MetaCompliance, “Crafty phishing scam targets Santander, HSBC and Royal Bank of Scotland customers. Fraudsters are using new online security checks to trick banking customers into handing over their financial details and personal data.”
Perhaps the newest development on the phishing frontier is the refusal of organizations to pay the ransom, regardless of amount. News came this week that “The state of Texas is so far refusing to comply with the demands of a ransomware attack that affected 22 local governments, the Texas Department of Information Resources (DIR) reports. None of the affected municipalities have paid the $2.5 million ransom demanded. On August 16, a coordinated ransomware campaign hit systems of cities and towns across Texas.”
This is the great challenge of ransomware hackers. If their ransom demand is too high, they make it easy for the victim to say “no thanks” I’ll figure it out myself. Of course, the one thing these organizations have yet to figure out is that it’s a lot cheaper to deploy cloud-based anti-phishing software for all their employees and avoid having to make that decision in the first place.
The most sophisticated phishing attacks today use bots, with the latest one called LokiBot. From Bleeping Computer, “Security researchers discovered a malspam campaign distributing LokiBot information stealer payloads using phishing messages targeting the employees of a large U.S. manufacturing company. After the target unzips the attached archive, they will get infected with the LokiBot information stealer malware.”
“Once it successfully compromises its victims’ computers, LokiBot is designed to harvest as much sensitive information as possible. LokiBot steals a variety of credentials – primarily FTP credentials, stored email passwords, passwords stored in the browser, as well as a whole host of other credentials.”
You would think with all the hackers out there causing all that trouble, eventually, some of them would get caught and prosecuted. Well now they have. According to SC Magazine, “Authorities arrest 281 alleged BEC scammers in ‘Operation reWired’ campaign.” The arrests took place internationally over a span of four months.
“Dubbed Operation reWired, the coordinated campaign began in May 2019 and has resulted in 72 arrests in the U.S., and 167 in Nigeria, which is known to be a hotbed of BEC, ‘419’ and romance scams. Arrests also took place in Turkey (18), Ghana (15), France, Italy, Japan, Kenya, Malaysia and the U.K.”
Chalk one up for the good guys.
At this point we may as well go ahead and put medical facilities on the endangered species list when it comes to ransomware. News this week discussing how “Utah-based health care practice Premier Family Medical was struck by ransomware last July 8 in a cyberattack that reportedly affected the records of roughly 320,000 patients. The medical provider, which operates 10 locations across Utah County, originally announced the incident publicly on Aug. 30, noting that the malware had restricted employees’ access to their systems and data.”
Department of Human Services Breach
Not to be outdone, the Oregon Department of Human Services reported a phishing attack affecting the health information of 350,000—an “incident among the largest health data breaches so far in 2019. Client information impacted may include first and last names, addresses, dates of birth, Social Security numbers, case number and other information used to administer DHS programs.”
How many employees clicked on a link in the spear phishing email? Nine. SMH
And that’s the week that was.