Cyber spotlight – Events in February 202228 February 2022
This is the first of a monthly feature which will summarise some of the cyber attacks and data breaches which occurred during the month, in this instance February 2022.
During February, there have been different attack vectors on many government and global companies. These included company-wide phishing attacks, malware deployment and data breaches but there were also new or less known attack vectors such as QR code hacking and SIM swapping.
Data breaches continue to hit the headlines
The following companies fell victim to data breaches and experienced massive data loss; the British Council, Vodafone, New South Wales Customer Services Department and Washington State Department of Licensing (DOL).
The British Council had 144,000 student records exposed via an unsecured Microsoft Azure server. The student records held personal information, along with time of study and other important details which could have left students open to phishing attacks, scams and social engineering.
New South Wales Customer Services Department was attacked resulting in a data breach after it employed new QR captcha methods to register addresses for businesses and organisations that had signed up to the Covid-19 compliance app Covid-Safe. 500,000 addresses were leaked which included sensitive addresses such as defence sites, domestic violence shelters and a missile maintenance unit.
The Washington State Department of Licensing (DOL) stated that it ‘became aware of suspicious activity involving professional and occupational license data’ which led to their POLARIS data system being breached. Records including personal and business information such as dates of birth, driving license details and social security numbers, relating to over 39 types of business licences were exposed.
Vodafone Portugal were victims of a cyber attack which they stated to be a ‘deliberate and malicious cyberattack intended to cause damage and disruption’. The attack disrupted phone services and ATM machines across the country. Vodafone did not disclose details of the attacker or threat vector used.
Notable phishing attacks in February 2022
Phishing attacks were also prevalent with two notable instances. The first was an attack on a myriad of companies in the aviation, defence, transportation, and manufacturing sectors. They were targeted by an unknown group, who the victims call TA2541. This hacker collective used over a dozen types of remote access trojan malware which included NetWire, Parallax, and WSH RAT with the most frequent deployment being AsyncRAT.
Interestingly, this group would spam targeted companies with thousands of phishing emails that would request aircraft parts or ambulance flight details, rather than playing on current events or COVID-19 issues. This demonstrates the targeted nature of such attacks.
The second large scale phishing attack came through LinkedIn, which we will cover in the next section.
Social media scams on the rise
Social media scams were reportedly on the rise especially on LinkedIn. Firstly, the Federal Trade Commission (FTC) in the USA found that for scammers and hackers, social media came out as the most profitable platforms to attack. This is due to 95,000 people reporting losing around $770 million last year at an average of $460 per scam which was an unprecedented eighteenfold increase.
The FTC continued to report that 70% of all reported losses resulting from social media scams came from scams related to investment, romance and online shopping fraud in 2021.
LinkedIn phishing scams have been on the rise at an alarming rate. Since the start of February 2022 they have risen over 232 percent as found by Cybersecurity firm Egress. They found this was linked to the ‘Great Resignation’ a trend which saw high numbers of people leave their jobs during the pandemic.
The attacks targeting LinkedIn members were very sophisticated, using believable HTML email templates to mimic standard notification emails. The scammers embedded phishing links into these emails which were adorned with genuine-looking logos, footers and their HQ address.
Other cyber attacks in February 2022
During the month there have been some more unusual attacks, such as SIM swapping. SIM swap attacks have been on the rise. These are where an attacker will steal a phone and then use a SIM card in a new device to try and access accounts and transfer money out of online accounts and crypto wallets via a victim’s phone number and by using social engineering.
The FBI stated that “Once the SIM is swapped, the victim’s calls, texts, and other data are diverted to the criminal’s device. This access allows criminals to send ‘Forgot Password’ or ‘Account Recovery’ requests to the victim’s email and other online accounts associated with the victim’s mobile telephone number. Using SMS-based two-factor authentication, mobile application providers send a link or one-time passcode via text to the victim’s number, now owned by the criminal, to access accounts. The criminal uses the codes to log in and reset passwords, gaining control of online accounts associated with the victim’s phone profile.”
Every month in The Insider, TSC will be providing a snapshot of the most up to date information and cybersecurity attacks.