Follow ISA Cybersecurity on LinkedIn for the latest cybersecurity news
Weekly CyberTip: Use caution on Amazon Prime Day
Prime Day 2022 is right around the corner: if you’re looking to take advantage of deals in this week’s two-day event, make sure you stay cyber safe while doing so. Cyber criminals will use this opportunity to send fake notices about deliveries, payment problems, account issues, etc. Pay close attention to the links in any messages you receive, and if you are unsure, log into your Amazon account separately (using a secure connection – not some free coffee shop WiFi!) to verify the message. Amazon Canada has also posted a list of tips to help you identify whether a message really is from them… and what to do if you’ve received a phishing email or fake voice/text message.
Shanghai National Police data breach could affect one billion people
A security oversight involving the Shanghai National Police network’s central database has led to one of the largest data breaches in history. Gaining access to the government database through an unsecured management dashboard that was publicly accessible on the Internet, cyber attackers stole the personal data of nearly one billion people, including names, addresses, birthplace, government identification numbers, phone numbers, and crime/case details. The hackers have a posted a sample of the estimated 23 terabytes of data harvested in the attack: an analysis of the published data suggests that additional information like user activity on popular Chinese apps, medical records, and other personal information appears to be involved in the disclosure as well. The hackers are threatening to offer the data for sale if their ransom demand of 10 Bitcoins ($250-300K Canadian) is not met.
Marriott International suffers another data breach
According to reports on Databreaches.net and Bleeping Computer, a staff member at hospitality giant Marriott International was reportedly victimized by a social engineering attack, leading to the exfiltration of 20GB of employee and hotel guest data. A spokesperson from Marriott has indicated that the data of 300-400 individuals was involved in the disclosure, and that the breach primarily consists of internal business files regarding the operation of its BWI Airport Marriott property in Baltimore, Maryland. However, analysis of data on the dark web suggests that more detailed information like crew member names, titles, and credit card information may have been disclosed in the breach as well.
Marriott has advised that the breach was limited to a six-hour window on the workstation operated by the victim of the social engineering attack, its central network was not compromised in the incident, and that no ransom is being paid.
Third party data breach exposes information on over 650 U.S. healthcare organizations
In a July 1 statement, medical debt collection firm Professional Finance Company (PFC) said that a February ransomware attack on their systems caused a data breach affecting 657 healthcare organizations in the United States. According to the statement, the “sophisticated ransomware attack” enabled the hackers to access and disable some of PFC’s computer systems.
“The ongoing investigation determined that an unauthorized third party accessed files containing certain individuals’ personal information during this incident. PFC notified the respective healthcare providers on May 5, 2022. This incident only impacted data on PFC’s system,” according to the press release. Data such as “first and last name, address, accounts receivable balance and information regarding payments made to accounts, and, in some cases, date of birth, social security number, and health insurance and medical treatment information,” was involved in the breach. The statement was timed to coincide with notifications being sent to an unknown number of individuals affected by the disclosure.
The attack is believed to have involved Quantum Locker ransomware. Quantum first appeared in July/August 2021 as a rebrand of the MountLocker ransomware operation, a ransomware strain first deployed in attacks starting in September 2020. Quantum Locker ransomware is notable in how quickly it can take over a system – some victims report going from initial compromise to complete encryption to receiving ransom demands in a matter of just a few hours.
Report: 54% of SMBs surveyed are still not using MFA
According to a study released July 5 by the Cyber Readiness Institute (CRI), “only 46% of small business owners claim to have implemented MFA methods recommended by leading security experts, with just 13% requiring its use by employees for most account or application access.”
CRI’s Global Small Business Multi-Factor Authentication (MFA) Study comprised a survey of 1403 firms across eight countries including Canada, and paints a disturbing picture of a lack of basic security defenses for SMBs. The report cites lack of funding for tools, the scarcity of implementation resources, and concerns over maintenance costs as the top three barriers to implementing MFA.
Apple announces new Lockdown Mode
In a newsroom post on July 6, Apple announced a new feature designed to protect users from advanced spyware. Lockdown Mode will be introduced in iOS 16, iPadOS 16, and macOS Venture, operating systems which could be released as early as September 2022 after their annual iPhone event.
“Lockdown Mode offers an extreme, optional level of security for the very few users who, because of who they are or what they do, may be personally targeted by some of the most sophisticated digital threats, such as those from NSO Group and other private companies developing state-sponsored mercenary spyware. [Lockdown Mode] hardens device defenses and strictly limits certain functionalities, sharply reducing the attack surface that potentially could be exploited by highly targeted mercenary spyware,” according to the release.
Lockdown Mode can be enabled and disabled through the Privacy & Security menu in Settings on the user’s device. When the device is Lockdown Mode, “apps, websites, and features are strictly limited for security, and some experiences are completely unavailable,” according to the dialogue box on the device.
Rogers issues warning about phishing texts after system outage
Now that the vast majority of Rogers’ systems are up and running again after a Canada-wide network outage on July 8, Rogers is warning customers about a new problem: opportunistic hackers.
“We are aware of scam text messages being sent claiming to offer credits in the wake of yesterday’s service interruptions. We will apply the credit proactively to your account & no action is required. If you receive a suspicious SMS, please forward it to 7726 (SPAM),” according to a RogersHelps tweet on July 10.