SBN

Email Security News Round-Up [June 2022]

The cyberworld was chock-full of incidents in June. We have a lot of cybersecurity news and email security breach news to share!

From modern Robin Hoods attacking big companies and donating to the poor to Meta Inc. being sued over privacy issues, read on to discover the top cyber news of June.

 

June, Week 1

In the latest email security news of June’s first week, we have the GoodWill ransomware group, whose aim varies from other groups, and an email security breach at Portland Housing Bureau, causing a $1.4 million loss.

Ransomware Gang Boosting Charity

A recently discovered ransomware group called GoodWill forced targets to donate to the poor.The purpose of this group is quite positive and unusual—in stark contrast with other threat groups.

To gain the decryption kit, these Robin Hoods force the victims to perform specific actions, like helping the poor, financially providing for the sick, and other charitable tasks. 

Email Security Breach Caused $1.4 Million Loss

An unknown cybercriminal unit diverted a payment meant for Central City Concern by unauthorized access to the Portland Housing Bureau’s email account.

The money was destined for Starlight, an affordable housing development.

This email security breach caused a $1.4 million loss, with the FBI, US Secret Service, and the Portland Police Bureau conducting an investigation.

 

June, Week 2

June’s second week is filled with email security news and cybersecurity news stories concerning Russia, the cancellation of exams in New Jersey, and the worrying comeback of infamous malware.

“Glory to Ukraine” Sign Appeared When Searching for Russia’s Government Website

In the first week of June, a Russian government website was hacked; the internet search for the site led to a “Glory to Ukraine” sign.

Even though the site was down for a while, a ministry spokesperson stated that users’ data remained protected.

Nonetheless, unconfirmed reports state that the hackers threatened to reveal the user’s data if they didn’t get their ransom.

Ransomware Attack Caused New Jersey District to Cancel Finals

In New Jersey, a ransomware attack disabled the district’s computer system, which affected Tenafly Public Schools and The Bergen County school district.

The latter had o cancel final exams for all high school students.

The district’s technology department took several steps, like isolating the devices, turning off the networks, and hiring cybersecurity experts to carry out an investigation.

New Emotet Malware Variant Targets Google Chrome Users

When observing a new module dropped by a botnet, a security firm discovered a new variant of Emotet malware.

The TA542 (Mummy Spider) cybercrime group released this variant which steals credit card information from Google Chrome browsers.

Emotet was initially deployed as a banking trojan and has since evolved into a botnet.

It is now used to spy on victims, steal data, deliver ransomware, and spread malware to other vulnerable devices.

 

June, Week 3

Moving on to June’s third week of email security news, we shared headlines about a Father’s Day Scam, a deputy US marshal charged for tracking the location of his former colleagues, and 70,000 Patients impacted in a data breach.

Deputy US Marshal Charged with Abusing His Official Position

A US lawman, 48-year-old Adrian Pena from Texas, was accused of abusing his official position by accessing online records and tracking the location of his former co-workers.

His goal was to track the addresses of people he had a personal relationship with and their partners.

The deputy will face many years in prison if convicted of obtaining confidential personal data. 

“Free Beer For Father’s Day” Scam Goes Viral

A message about a “Father’s Day free beer” opportunity went viral on WhatsApp. 

Of course, there was no free beer, and the message actually included an embedded link, likely containing a malicious script. 

WhatsApp and Heineken later announced that they were aware of the fraud.

WhatsApp reminded the users to follow safety rules, and Heineken reported the incident to law enforcement.

Up to 70,000 Patients Impacted in Kaiser Permanente Data Breach

In mid-June, there was a massive data breach that affected 69,589 people.

The victims were patients of the Washington Kaiser Foundation Health Plan.

The breach may have exposed patients’ first and last names, medical record numbers, dates of service etc.

Kaiser stopped the unauthorized access and initiated an investigation to identify the threat actors.

 

June, Week 4

In the fourth week of June, we shared news of a data breach affecting 1.5 million customers, a former Amazon employee being sentenced for a massive hack, and Meta Inc. sued for violating Facebook’s patient data.

Michigan-based Flagstar Bank Announces Data Breach of 1.5 Million Customers

After a lengthy investigation in June, Michigan-based Flagstar bank discovered that a massive data breach (in 2021) affected its 1.5 million customers.

An unauthorized party had accessed sensitive personal information of customers.

The bank engaged external cybersecurity professionals and reported the matter to law enforcement.

Meta Inc. Accused of Secretly Sending Patient Data to Facebook

Meta Platforms Inc. has been sued over privacy issues. Claims suggest that private medical information has been secretly shared with Facebook.

Facebook’s Pixel tracking tool redirected confidential patient data without permission.

On behalf of millions of patients, an investigation was conducted and a lawsuit filed proposing a class action in San Francisco’s federal court.

Meta Inc. hadn’t yet commented on the situation.

Former Amazon Employee Convicted in Massive Capital One Hack

Former Amazon employee Paige Thompson was convicted on federal charges from a hack that took place in 2019.

Thompson downloaded about 120,000 Social Security Numbers and 77,000 bank account numbers from Capital One customers.

She was convicted of one wire fraud, six computer fraud, and abuse charges.

The sentencing hearing for Thompson will take place on September 15th, 2022.

June, Week 5

The latest email security news of June concerns user email accounts of a popular NFT marketplace getting leaked and an ongoing phishing campaign that steals Facebook accounts.

FaceBook Accounts Stolen via Messenger Scam

On Tuesday, security research team Trustwave Holdings announced the discovery of an ongoing phishing campaign. The campaign members steal Facebook users’ accounts by impersonating the customer support team.

The scam begins with a phishing email warning victims that their accounts risk being deleted due to community rules violations.

The email contains a link redirecting to a Facebook Messenger chatbot, where they can bring complaints and “appeal” the decision.

After the target logs in to Messenger, they access the webpage, where they receive an automated message from the chatbot.

This message also contains an “appeal now” button, which, when clicked, opens a web page asking for data like users:’

  1. Email address
  2. Mobile number
  3. First and last name
  4. Page name

After offering all these details, the targets must enter their account passwords.

With this method, attackers obtain login credentials and all the data the victim gave them.

As the phishing attack is automated, the actual exploitation of the stolen data may come at a later phase.

OpenSea Users’ Email Accounts Leaked

June has ended with a massive data breach affecting users of a popular NFT marketplace, OpenSea.

An unauthorized third party accessed OpenSea users’ email addresses.

OpenSea warned that the breach could affect everyone who has shared their emails with the company; they also encouraged their users to be alert for possible phishing attacks.

The cause of the breach was identified as an employee of its email delivery vendor, Customer.io. An employee abused their access to download OpenSea users’ email addresses and shared them with any unauthorized third party.

OpenSea stated that they and Customer.io are working on an ongoing investigation.

They have also reported the case to law enforcement.


Final Thoughts

This was the top cybersecurity news and email security breach news of June 2022.

Email remains the most common phishing attack avenue—malicious actors are everywhere to target businesses and individuals.

Threat actors target users on various platforms, taking over accounts and even using chatbots to spread malicious links.

Companies lose millions from phishing attacks each year.

So, stay safe from cybercriminals, be vigilant, and protect your email domain with EasyDMARC.

The post Email Security News Round-Up [June 2022] appeared first on EasyDMARC.

*** This is a Security Bloggers Network syndicated blog from EasyDMARC authored by Knarik Petrosyan. Read the original post at: https://easydmarc.com/blog/email-security-news-round-up-june-2022/