Friday Five: 11/22 Edition
A phishing campaign targeting Microsoft Office 365 users, a mobile dining app breach, a medical group hacked, and more - catch up on the week's news with the Friday Five.
1. Microsoft Office 365 Admins Targeted by Ongoing Phishing Campaign by Sergiu Gatlan
Microsoft Office users beware: A group of attackers have launched a new phishing campaign that is actively targeting Office 365 admins. While the group is focused on attacking administrators specifically, they are targeting any and all industries. The phishing campaign consists of attackers posing to work for Microsoft, using the Office 365 logo and sender name of “Services Admin Center”. As part of the campaign, the emails have a call-to-action subject line, such as “Action Required” or “We placed a hold on your account," in an effort to entice users to click before thinking. After clicking, targets are sent to a fake Office 365 login page that asks them to sign into their account. The hacker group is using validated Office 365 domains that were previously compromised, something which allows them to side-step the common email filtering solution that decides to block an email based on the sender’s domain reputation. Not only is this phishing campaign difficult to detect, but difficult to combat as any Office 365 domains they manage to infiltrate can be used in the future to launch new attacks.
2. Gamers Exposed After Wizards of the Coast Data Leak by Phil Muncaster
Infosecurity Magazine has reported that the misconfiguration of cloud services has led to yet another data leak. Wizards of the Coast, a US gaming company that specializes in fantasy and science fiction games, was forced to deal with a security scare this week. Magic Online and MTG Arena users were notified by Wizards of the Coast that personal data, including first and last names, emails, and passwords, had been leaked via Amazon Web Services storage bucket. Fortunately, the issue was marked as non-malicious, and the creators believe it was an isolated incident. Although this data breach had a happy ending, most companies do not get as lucky. When information is left unprotected online for a prolonged period of time, it is more likely that hackers will find it and hold on to ransom-linked data.
3. Disney+ Might Have a Notable Hacker Problem (Already) by Chris Morris
Although Disney has not officially acknowledged a security breach of their new streaming platform, Disney+, an increasing number of users have turned to social media to voice their complaints about losing access to their account after it had been hacked. Certain tech publications have also come forward to note that they have discovered many Disney+ account log-ins for sale on hacker forums. Users are complaining that Disney is doing a poor job of acknowledging the problem but the company has publicly assured users that they take privacy very seriously and they believe there is no indication of a security breach. Disney is either just trying to extinguish the fire, or there is truly another underlying issue. Of the over 10 million subscribers that Disney+ has already accumulated, the number of users complaining of security issues is just a small fraction. People may be using the same email and password combination for many of their accounts, one of which could have already been hacked. To address this, Disney has a precautionary function that will temporarily lock an account if there are signs of suspicious login attempts. It is unclear exactly what the problem is stemming from but it's likely this won't be the last security issue Disney will have to work through as it launches this new project.
4. PayMyTab Data Leak Exposes Personal Information Belonging to Mobile Diners by Charlie Osborne
Another data exposure resulting from an unsecured AWS bucket hit the news this week, this time involving the mobile dining app PayMyTab. This app works with restaurants to simplify the paying process for consumers with their mobile and card terminals while simultaneously collecting customer data for CRM purposes. Unfortunately, PayMyTab did not follow Amazon’s security protocols, and in turn, sensitive, personal information of customers - including names, email addresses, telephone numbers, restaurant visit information, and the last four digits of payment cards - were left exposed. It is believed that over 10,000 PayMyTab customers were left vulnerable to online fraud and attacks. The AWS bucket had actually been exposed since July 2, 2018, according to researchers. A group of “ethical hackers” working for VpnMentor, a VPN comparison site, were notified of the data leak on October 18 and have since reached out to PayMyTab on two occasions. The group also released the information publicly as they believe the consumers need to know that their private information is at risk. PayMyTab has yet to make a public statement.
5. Cyber Thieves Target Medical Group in Sikeston, MO by Marsha Heller
“There are cybersecurity attacks every single day and not just in healthcare, everywhere,” St. Francis Medical Center President, Maryann Reese, said this week. Reese is urging others to step up their security measures after her own clinic’s computer network was recently hacked. The medical center, located in Missouri, had been notified of a breach on September 20 of this year. The attackers stole decades worth of medical records and demanded ransom from St. Francis. Fortunately, the clinic worked with the FBI on the case and ultimately decided not to pay the thieves. The hospital’s cybersecurity team was able to retrieve almost all of the lost files, except for those between September 20, 2018 and December 31, 2018, by using backups. Although Reese and her cybersecurity team do not believe any patient information was compromised, they are still notifying all affected individuals and providing them with steps they can take to protect their information. Saint Francis hospital has heightened their security awareness as this incident could have caused catastrophic harm to the hospital and its patients.