At a glance.
- The THT ransomware group makes a comeback.
- UPS data breach gives "junk mail" a whole new meaning.
- Cars cruise away with driver data.
- Mondelez suffers third-party data breach.
The THT ransomware group makes a comeback.
The Department of Health and Human Services (HHS) has issued a cybersecurity notification warning that the TimisoaraHackerTeam, or THT, has been resurrected, Cybersecurity Dive reports. A recent attack targeting a US canceler center has been attributed to the ransomware group. Making its first appearance in 2019, THT has a history of targeting the healthcare sector, where protections are low but data is plentiful and valuable. HHS also said THT could be linked to other ransomware groups like DeepBlueMagic, which is linked to a recent attack on a medical center in Israel that led to a wave of attacks on the country's healthcare providers.
UPS data breach gives “junk mail” a whole new meaning.
Shipping giant UPS has disclosed that customer data might have been exposed and is now being used by scammers in a phishing operation. Customers have received notification letters from UPS Canada stating that the company has received reports of SMS phishing messages containing customers' names and addresses. The attackers pose as representatives from companies like LEGO and Apple, sending fraudulent texts in an attempt to convince the recipient to hand over a payment in order to receive a shipment, and the real name and address data make the messages all the more convincing. UPS conducted an internal investigation and determined that the attackers responsible for the campaign were using UPS’s package look-up tools to access delivery details, including the recipients' personal contact information, between February 2022 and April 2023.
To prevent further compromise, UPS has implemented safeguards to restrict access to this sensitive data. Bleeping Computer notes that the notification letter from UPS buries the lead, appearing at first to be a general warning about avoiding phishing scams before mentioning that the recipient’s data has been compromised. "Breach notifications need to be absolutely clear about what they are from the get-go. Fluffing them out helps nobody and simply increases the chances that they'll be put in the garbage unread," said Emsisoft threat analyst Brett Callow.
Erfan Shadabi, Cybersecurity Expert at comforte AG, commented on the risk of phishing:
"The recent revelation by UPS that attackers exploited its package look-up tools in an SMS phishing campaign underscores the increasing threat of such attacks and the critical role of data-centric security in mitigating associated risks. In this case, the attackers leveraged UPS's package tracking system to gain access to delivery details and recipients' personal contact information. SMS phishing, also known as "smishing," is a form of phishing that targets individuals through text messages (SMS) on their mobile devices. Attackers send deceptive SMS messages to trick recipients into clicking on malicious links, providing personal information, or taking actions that compromise their security. These messages often mimic legitimate organizations or services, such as shipping companies, banks, or social media platforms, to appear authentic and trustworthy. To mitigate the risks associated with SMS phishing attacks, organizations should adopt a data-centric security approach that focuses on protecting sensitive information throughout its lifecycle. Protecting sensitive information, including recipient contact details, is crucial in preventing attackers from exploiting trust and conducting successful phishing campaigns. Data-centric security not only safeguards data from unauthorized access but also enhances the overall resilience of organizations against evolving threats in the digital landscape. To combat SMS phishing, organizations must not only enhance their own cybersecurity measures but also train and educate customers about best practices. By raising awareness and providing guidance on identifying and avoiding phishing attempts, organizations empower customers to protect themselves from falling victim to SMS phishing attacks."
Tonia Dudley, Chief Information Security Officer, Cofense:
“As the reliance on mobile devices grows for managing nearly all aspects of our lives, it is unsurprising that scammers have shifted their focus to exploit this platform as a means to target and obtain users' sensitive information. This data breach emphasizes the importance of reporting smishing, even if an individual falls for the scam, to safeguard online security and prevent future attacks.
"Implementing security awareness training is an essential step in preventing phishing attacks on all devices. Organizations should establish a straightforward reporting mechanism and equip employees with the necessary tools to swiftly eliminate phishing threats. By training employees on how to spot malicious messages, organizations can mitigate the likelihood of falling victim to these scams and the risk of compromised sensitive data.”
Cars cruise away with driver data.
In recent years, cars have become “smarter” than ever, equipped with tools that track everything from the driver’s speed to biometric info. It’s estimated that cars can produce up to 25 gigabytes of data per hour, and this data is often passed on to data brokers. Last month, US-based automotive firm Privacy4Cars released the Vehicle Privacy Report, a new tool that answers the question, just how much does your car know about you? The tool creates a privacy label for car models detailing what data is collected, and with whom that data is shared. WIRED shares their findings after running ten of the most popular cars in the US through the tool and found that all of the manufacturers analyzed collect data on the driver themself (identifiers like names, addresses, etc.), the car (battery data, diagnostic info) as well as what the driver does with the vehicle (driving habits, route history, and swerving incidents).
Mondelez suffers third party data breach.
Snack food company Mondelez has disclosed that a data breach at a third party has resulted in the exposure of employee data. The company behind Chips Ahoy! and Ritz says the personal data of over 51,000 current and former employees were compromised after an attack at Bryan Cave Leighton Paisner, a law firm which provided legal services to the company. As Cybersecurity Dive recounts, the law firm detected suspicious activity on its systems on February 27, 2023, and conducted an investigation confirming an intrusion between February 23 and March 1.
On March 24 the firm notified Mondelez that the employee data impacted included names, addresses, dates of birth, identification numbers, Social Security numbers, and retirement and/or thrift plan info. A Bryan Cave spokesperson stated, “We remain able and focused on continuing to serve our clients as we resolve this matter.” Consumer notification letters were sent out last week.