Researchers have been monitoring a new phishing campaign that uses malicious QR codes to infiltrate business emails by avoiding typical security protocols. Of the 1,000 identified phishing emails, 29% of them were focused on a single US energy provider, with the remainder targeting several other industries. Victims of this campaign initially receive an email asking to update their Microsoft 365 settings and are given a QR code to scan that allegedly verifies their account but contains an embedded URL redirect to a phishing site.
Data breach impacts 1.47 million dental patients
Officials for Alberta Dental Service Corporation (ADSC) have confirmed a 2-month long data breach of their systems that has exposed sensitive patient data for 1.47 million individuals. The breach was first identified on July 9th, roughly 2 months after the attackers gained access to the system and began deploying info stealing malware and partially encrypting stored patient data. Fortunately, ADSC has begun contacting the many affected individuals, and are working to improve their security and identify how the attackers were able to gain entry to their network.
MOVEit attack exposes Colorado Department of Health Care Policy & Financing (HCPF)
Following the MOVEit data transfer attack that affected IBM, officials for Colorado Department of Health Care Policy & Financing (HCPF) have confirmed that personally identifiable information (PII) of 4 million Colorado residents has been compromised. Fortunately, IBM has verified that only data from the MOVEit application was impacted by the security incident and no other IBM systems were accessed maliciously.
TripAdvisor complaint emails used to spread Knight Ransomware
Researchers have spotted a new spam campaign that uses fake TripAdvisor complaint emails to distribute the newly renamed Knight ransomware. What started as the Cyclops ransomware-as-a-service in May of 2023 has now been rebranded as Knight ransomware, but retains the encryptors for Windows, MacOS, and Linux that were created for Cyclops. The email campaign disguises itself as a TripAdvisor complaint form that contains a malicious ZIP file which launches a fake browser screen and scares the victim with the threat of account suspension for their complaint. Upon final execution, the encryption process begins, appends files with a ‘.knight_l’ extension, and leaves a ransom note demanding $5,000 in Bitcoin for the decryptor.
Cyberattack takes Clorox production offline
At the start of the week, officials for cleaning manufacturer Clorox were forced to take their production systems offline for several days after identifying suspicious activity on their network. While the investigation is still on-going, it is believed that a ransomware group is behind the attack, though it has not been confirmed if any encryption occurred or data was stolen.
