Search This Blog

Showing posts with label Stealing of Sensitive data. Show all posts

Cyberextortion Threat Evolves as Clop Ransomware Attacked 6 U.S Universities Data Security

 


Malicious actors are now using novel ways to extract universities' data, and are threatening to share stolen data on dark websites unless universities pay them a lot of money. 
The current update reads that the Clop ransomware group claimed to have access to six top universities of the United States including institutions’ financial documents information and passport data belonging to their staff and students. According to the report, a group of hackers has first posted the stolen data online on March 29. 

The universities' that have been attacked, include — The University of Miami, the Yeshiva University, the University of Maryland, the Stanford University, the University of Colorado Boulder, And the University of California, Merced. 

However, there is no official confirmation regarding this cyber-attack from any of the aforementioned universities, it's unsure whether or not the cyberinfrastructure of these universities has been attacked or the hacker group asked for money in exchange for data. 

Additionally, a few days back, Michigan State University also confirmed a cyber attack by a group that was threatening to share it on the dark websites unless a bounty is paid. 

The data stolen by the Clop ransomware group include federal tax documents, passports, requests for tuition remission paperwork, tax summary documents, and applications for the Board of Nursing. 

This data breach affected several individuals and staff of the universities as the shared information also exposed sensitive credentials, such as names of individuals, date of birth, photos, home addresses, immigration status, passport numbers, and social security numbers. 

Not only this, but some news websites also confirmed that the leaked data included several more screenshots including retirement documentation, and 2019/2020 benefit adjustment requests, late enrollment benefit application forms for employees, and the UCPath Blue Shield health savings plan enrollment requests, amid much more. 

It should be noted that such attacks are not unusual for the Clop ransomware group as the group is known for its assault against various organizations. Furthermore, Michigan State University’s officials stated in the regard that, “Payment to these criminals only allows these crimes to be perpetuated and further target other victims. The decision not to pay was in accordance with law enforcement guidance and reached with support from the university’s Board of Trustees and president”.

Focus on HMRC as Many Targeted Through an Email Phishing Campaign




A new phishing attack discovered by Malwarebytes is said to be from under a new campaign, utilizing an old trick with an end goal to steal login credentials, payment details and other sensitive data from victims by claiming to offer them a tax refund which must be asserted online.

The mail claims to be from the UK government's tax office, HMRC, informing the potential user victims that they're due a tax refund of £542.94 "directly" onto their credit card. The attackers apparently snare the users by offering tax refunds. In order to pressure the users they additionally give due dates in their mails to claim said refunds.

The phishing email claiming to be from HMRC.

Apparently, the scam begins by requesting for the user to tap on an offered link to the "gateway portal" and thusly, they reach another page that seems like Microsoft Outlook. Here, the user will enter their email and password to the login portal. Starting here, the attackers access the email login credentials.

Thereafter, the client reaches a fake HMRC portal that displays a form. A deceived user would unknowingly handover their passwords and email, in this way falling a prey to the hackers. Further they enter more personal information such as, users' name, contact address, contact number, date of birth, a typical secret question for most records and card details.

So to say, Tax scams have become a rather basic methods for cyber criminals endeavoring to blackmail data or cash from victims as when people get enticed by the possibility of receiving money, they frequently bring down their safeguards - even by low-level attacks like this phishing trick: HMRC states it will never offer a reimbursement or request personal data by means of an email.

Chris Boyd, lead malware intelligence analyst at Malwarebytes says,

“These attacks can afford to be crude, as the main pressure point is the temptation of an easy cash windfall tied to a tight deadline. Not knowing that HMRC don't issue refund notifications in this manner would also contribute to people submitting details,"

In any case it is prescribed to remain shielded from such attacks, and ensuring that the user in every case double checks the sender's address before opening emails, in this way abstaining from following direct links and signing in to a site specifically.