Several universities were hit by a coordinated phishing scam purportedly providing new information on the Omicron variant of COVID-19. In other cybersecurity news, a server belonging to a major French transportation authority was left unprotected and potentially exposed employee information.
Conti ransomware disrupts Nordic Choice Hotels
The Nordic Choice Hotel chain noticed unauthorized access to their systems and issues with their payment and keycard systems. No ransom has been demanded for the return of full access to the systems, though workers have been diligent to continue services manually. While it has been confirmed that the Conti ransomware group is responsible for this cyber-attack, there hasn’t been any update to the Conti leak page.
French transportation server exposes thousands of individuals
A major French transportation authority left roughly 57,000 employees vulnerable to a host of identity attacks by leaving a server unprotected. The researchers who discovered the offending server quickly contacted the offending organization, but they received no indication that the issue was known or being looked at. The French CERT group were able to finally resolve the exposed server. The server contained login credentials and other identifiable data for all 57,000 affected employees, which could easily be compromised to gain access to further sensitive information.
Iranian government spoofers infect citizens with SMS attacks
Hackers have been disguising themselves as Iranian government officials to gain trust through malicious SMS messages. The victims are asked to download an application seemingly related to Iranian Judicial services and then payment card information is requested for “service fees.” Once the attackers have the payment card information and the malicious app is installed, they also gain access to the device’s messaging. This gives them control over any two-factor authentication requests for logging into a banking organization’s site.
Northern English supermarkets struck with cyberattack
A supermarket chain with over 13,000 locations across 48 countries fell victim to a cyberattack that shut down their payment card systems. Only stores in northern England were affected by the attack, with the roughly 330 of them continuing to operate with cash-only payments. Stores across the country have confirmed the attack is ongoing and there is currently no estimate time for it being resolved.
Scammers use Omicron variant news to steal University login credentials
Scam emails claiming to have updated information on the Omicron variant have hit a number of universities. The scam emails are used to steal login credentials from students and staff. While COVID-related attacks have been very common, this type of coordinated login credential phishing attack against educational institutions is a recent phenomenon.
