Security News
Authorities at the University of California San Diego Health reported a phishing attack lead to a major breach of its network, which allowed an adversary to gain access to sensitive patient, student and employee data. A Wednesday notice from UCSD Health explains the attack occurred between Dec. 2, 2020 and April 8, 2021 and exposed personal information including full names, addresses, date of birth, email, social security number and the date and cost of medical services.
"Whether it's taking advantage of the buzz around cryptocurrency, stealing credentials to start a ransomware attack, or tailoring attacks to less suspicious targets in low profile roles, cybercriminals are constantly adapting their tactics and making their attacks more sophisticated," per the report. Among social engineering attacks analyzed by Barracuda researchers, phishing represented 49%, followed by scamming, BEC and extortion.
Hackers have compromised an email marketing account belonging to the Chipotle food chain and used it to send out phishing emails, luring recipients to malicious links. The campaign sent out in three days at least 120 malicious emails from a hacked Mailgun account used by Chipotle for email marketing purposes.
Microsoft has extendend the phishing protection offered by Microsoft Defender for Office 365's Safe Links feature to Microsoft Teams. On Monday, the company announced that the Safe Links feature will now be available for Microsoft Teams - if the customers also use Microsoft Defender for Office 365.
UC San Diego Health, the academic health system of the University of California, San Diego, has disclosed a data breach after the compromise of some employees' email accounts. UC San Diego Health is one of the nation's best hospitals, being repeatedly ranked as the best health care system in San Diego, according to the 2021-2022 U.S. News & World Report survey.
Microsoft has extended Defender for Office 365 Safe Links protection to Microsoft Teams to safeguard users from malicious URL-based phishing attacks. "With today's announcement, organizations with Microsoft Defender for Office 365 can further protect Microsoft Teams users from malicious phishing attacks that are often orchestrated using weaponized URLs," Microsoft said.
Nearly three-quarters of respondents said their organizations have fallen victim to a phishing attack in the last year, with 40% confirming they have experienced one in the last month. The annualized risk of a data breach resulting from mobile phishing attacks has a median value of about $1.7M, and a long tail of value of about $90M. Hackers are exploiting enterprise security gaps in the Everywhere Workplace, in which remote workers are using mobile devices more than ever before to access corporate data.
Vade released its Phishers' Favorites report for H1 2021, which revealed that there has been a major jump in phishing attacks since the start of the year with a 281 percent spike in May and another 284 percent increase in June, for a total of 4.2 billion phishing emails detected by Vade for June alone. In Q2 2021, Crédit Agricole phishing URLs increased 296 percent, while La Banque Postale URLs increased 831 percent, pushing them up 18 spots to #5 on the list.
Google Chrome now comes with up to 50 times faster phishing detection starting with the latest released version 92, promoted to the stable channel on Tuesday. The phishing site detection speed-up stems from improvements to the Chrome image processing tech used to compare the color profiles of visited websites with collections of signals associated with phishing landing pages.
Automation company Ivanti has surveyed more than 1,000 IT professionals on the effects of phishing at their organizations, and what it has found is grim security news: 74% of companies have fallen prey to phishing in the past year, and 40% became victims in the last month alone. In particular, Ivanti cites the COVID-19 induced shift to remote work as a major reason for increased "Onslaught, sophistication and impact of phishing attacks."