At a glance.
- NPower suffers credential-stuffing incident.
- Zoom impersonation phishing trades on the familiarity of the platform's URLs.
- Schools retreat from remote proctoring tools.
- Cryptocurrency firm Tether reports a shakedown attempt.
- Dairy group Lactalis reports attempted data breach.
- Industry comment on the Tether and Lactalis incidents.
NPower targeted by credential stuffers.
UK energy provider NPower’s mobile app was attacked by credential stuffers, reports ITPro, forcing the organization to shut down the platform. The cybercriminals likely obtained personal data such as dates of birth and partial bank account details. As the company was planning to phase out the app in the near future, customer access will likely not be restored. Though the company has not disclosed how many customers were impacted, they are advising users to change their login credentials and monitor their bank accounts and email inboxes for unusual activity. The Information Commissioner’s Office will investigate to determine whether NPower is deserving of a fine for the breach.
Zoom phishing scam mimics legitimate URLs.
GreatHorn details a phishing campaign that targets EU users with emails that impersonate remote communication platform Zoom. With emails masquerading as Zoom meeting invitations, the cybercriminals have exploited Zoom’s familiar URL structure to create malicious links that look dangerously close to the real thing. Many of the links possess .es domains, suggesting they originate from Spain, and as the emails land the victim on a fraudulent Outlook login page, the hackers’ end goal is likely credential harvesting.
Schools drop out of remote proctoring platform.
The pandemic has increased the need for remote learning and, in turn, virtual test proctoring. As a result test surveillance platforms like Proctorio have seen a massive increase in business, now being used at over one thousand schools in one hundred seventy countries. The platform records students as they take their tests and uses AI to detect any unusual behavior. However, Vice reports, complaints from students and instructors in recent months have led many schools to end their contracts with the test surveillance service. Students say it’s an invasion of privacy and that the model is discriminatory, as it disproportionately flags dark-skinned testers, while teachers feel the surveillance does more harm than good. In fact, some instructors have gone so far as to boycott this year’s Online Teaching Conference due to Proctorio’s involvement as a high-file sponsor.
Tether reports forged documents and a shakedown attempt.
Crytpocurrency shop Tether tweeted that bogus documents were in circulation in what appears to be a shakedown attempt: "PSA: Forged documents are circulating online purporting to be between @tether_to personnel and reps of Deltec Bank & Trust and others. The documents are bogus." The firm also received an extortion demand threatening the release of stolen documents. Tether says it has no intention of paying.
Lactalis discloses attempted data breach.
BleepingComputer reports that the dairy group Lactalis, the world's leader in the dairy sector, has disclosed that it sustained a cyberattack by unknown threat actors. Lactalis doesn't believe it lost any data, and that it successfully stopped and contained the incident before data were compromised.
Industry comments on the Tether and Lactalis incidents.
We received emailed comments on the two incidents from Cerberus Sentinel and KnowBe4. On the Tether shakedown, Chris Clements, VP of Solutions Architecture at Cerberus Sentinel, wrote about the worthlessness of criminals' word:
"Organizations should never take cybercriminals at their word without clear proof of their claims. Even then, in the case of stolen data there is no guarantee that the extortionist will delete the compromised information instead of auctioning it off on the dark web or simply publicly releasing it for free. Also important to keep in mind are possible ulterior motives for individuals making these claims. Markets are affected by investor confidence and news of a successful compromise can have a consequential affect on trading for a company. It’s possible that the attacker’s claim here is true, but absent any definitive proof it is just as likely that it’s an attempt at market manipulation."
And Erich Kron, Security Awareness Advocate at KnowBe4, argued that such threats should be taken seriously, even when organizations quite properly refuse to knuckle under:
"This is an example where even the threat of cybercrime must be taken seriously. From empty promises to take your organization offline with a DDoS attack, to fake claims of potential physical violence, to the threat of leaking data they may not even have, this is certainly not the first time we have seen potentially fake threats made for money.
"While only time will tell if this is really an empty threat or a serious issue, the success of other ransomware actors' data exfiltration and the resulting data dumps immediately add an initial level of believability to a threat like this. Even if the threat is found to be fake, the victim of the claim will have had to spend money and valuable resources attempting to confirm the validity of the data the attackers claim to have.
"Ransomware continues to plague organizations across the globe and across almost every industry as the extortion payouts continue to grow to previously unfathomable highs. These ransoms will continue to be an issue until organizations are able to better protect themselves against this modern digital plague.
"To protect against real ransomware, organizations need to focus on Data Loss Prevention (DLP) technologies, ensure backups are tested and offline, and most importantly, avoid the infection in the first place by educating employees on how to spot and report phishing emails, the top attack vector in ransomware."
On the Lactalis incident, Clements sees it as an example of how indiscriminate cybercrime has become: "This attack demonstrates that cybercriminal attacks are indiscriminate in nature. The statistics show that most victims of cyberattack are simply targets of opportunity. As such, it’s imperative that all organizations take the threat of security compromise into their operating plans to ensure that appropriate preventative and response actions are taken to safeguard the business from being significantly damaged from a cyber-attack."
Kron observed that all sectors, not just those people tend to think of as "tech," are in the sights of cybercriminals:
"In our modern global economy, all industries are subject to cyber attacks, even those not typically associated with high tech. This appears to be a case where an attack was spotted, contained and mitigated before significant damage was done. The organization appears to have done a good job being transparent in their notification, a step that is becoming increasingly more important as the number of cyber attacks continues to grow.
"While this organization appears to be fortunate to have caught the attack quickly, this is not always the case. Attackers often gain access to systems, then quietly collect information for weeks or even months before making their big move, often with disastrous results.
"Organizations need to ensure that they are prepared to defend against the most common types of attack vectors, including attacks through remote access portals and email phishing attacks. Employees should be trained to spot and report unusual emails, phone calls or text messages, especially if they are asking for email or VPN credentials or other sensitive information."