Weekly Recap July 15 2022
Table of Contents
- By Patrick Ryan
- Jul 15, 2022
According to VentureBeat, the frequency of online attacks in the new year has increased by three million more than that of the year prior. In particular, the number of remote desktop protocol attacks and trojans increased in the first six months of the new year compared to those from the previous year. If you own or manage a small business, or simply use a computer at home, perform your due diligence in the context of online security and protect your investment with the addition of the industry's latest digital security protections. Let's dive into the week's top hacks and breaches.
Hackers targeted Customer.io in what turned out to be a significant security breach. The attack has the potential to surpass that endured by the NFT specialist OpenSea earlier this year. A company employee leaked email addresses, ultimately setting the stage for digital miscreants to access the contact information of millions of Customer.io customers. Customer.io representatives responded to the attack by bolstering their intrusion detection systems and implementing immutable logging for communication purposes. The company also decreased the number of employees accessing highly sensitive information.
Digital criminals stole 20 gigs worth of data from Marriott. The stolen information pertains to hotel reservations, flight personnel staying at Marriott hotels, and financial details of those customers, including credit card information. This is the second recent data breach endured by the global hotel chain. In the end, the compromise affected about 400 individuals in the attack. The question is whether the information about these customers was sold on the dark web or is still available for purchase in a shady corner of the internet.
SHI Malware Attack
SHI has been struck by malware, resulting in removing the company's sites and email service. SHI, a reseller based in New Jersey, acknowledged the malware attack to minimize the blowback from angry customers who took to social media to air grievances. SHI's site and email remained down across the holiday weekend. A company spokesperson refused to comment when asked if the ransom was paid. The SHI malware attack is an excellent example of why it is so important to bolster your digital defenses.
Phishers Steal $500 From NFT Specialist
A phishing scam has raked in more than half a billion dollars. The scam entrapped an NFT marketplace and gaming provider. Axie Infinity became the victim of phishing scammers likely working in tandem with a foreign nation-state, such as North Korea. The attack centered on using private keys and validator nodes within the Axie Ronin Network. Hackers used social engineering to convince job-seekers to download harmful PDFs, allowing the thieves to tap into the Ronin system.
Beware of Callback Phishing
A new phishing scam referred to as "callback" phishing is zeroing in on digital security specialists with the potential to expand to other businesses. The scam targets naive individuals willing to make a phone call and follow the direction of a human respondent who provides a link to a harmful site laden with malware. Malware that likely contains remote administration tools or RATS for short then spreads throughout the system. Lateral activity ensues, followed by ransomware extortion.