Cyber Victor – a leading blog on cyber security

Officials confirmed that the city of Saint John, New Brunswick, Canada, was hit by a massive cyberattack, that has crippled much of its IT municipal infrastructure: The city’s website, email, online payment portals, customer service applications and more. However, the 911 center in the city remained open. The attack was discovered on November 13, 2020, and was posted on Facebook on November 16.

The city later confirmed that it was a ransomware attack. The city didn’t disclose whether a specific amount was named in the ransom demand, or details about how the attack was first discovered.

There wasn’t any indication that personal information was accessed or transferred.

Read more about it here.

Researchers at WMC Global spotted a new sneaky Office 365 phishing campaign, targeted at Office 365 users, still at the login page. The strategy involves inverting the background colors of the image presented to the user at login, causing the image hash to differ from the original. This hinders scanning engines ability to flag the image altogether.

The phishing kit further reverts the inverted image, using Cascading Style Sheets (CSS), to make the image look just like the original, legitimate background image of Office 365 login pages. Phishing engines are highly unlikely to detect the image as being an inverted copy of the Office 365 background.

While it is hard to spot fake login pages, staying away from unsolicited links and forms might save users from further trouble. Using a powerful antiivirus or antimalware detection engine should also help.

Read more about it here.

A massive data breach suffered by the Australian company Nitro, maker of the popular Nitro PDF service, impacted many well-known organizations, including Microsoft, Google, Apple, Amazon, Chase, and Citibank.

Nitro disclosed the data breach on its web site on On October 21, 2020. The breach advisory classified it as “low impact security incident”. However, Cybersecurity intelligence firm Cyble has shared details hinting at Nitro downplaying the incident. They found a threat actor seeing a 1TB database of documents, and 70 million user records that include email address, bcrypt hashed passwords, full names, IP addresses, company names, and other user data, for $80,000.

From the samples of the database, the document titles alone disclose a great deal of information about financial reports, M&A activities, NDAs, and product releases.

Read more about it here.

The Information Commissioner’s Office (ICO), U.K.’s data protection watchdog, announced it was fining British Airways 20 million pounds ($20 million), for a data breach in which the personal details of 400,000 customers were leaked. The ICO found that British Airways should have identified weaknesses in its security and resolved them with measures available at the time, which would have prevented the data breach.

The regulator said its investigators found that British Airways did not detect the attack on June 22, 2018, but was alerted by a third party more than two months later, on Sep. 5.

The penalty was far less than the 183.4 million pounds the ICO proposed in 2019 – in part reflecting the crisis many airlines are is now facing due to COVID-19.

Read more about it here.

The University Hospital New Jersey (UHNJ) in Newark, New Jersey, U.S., has paid a $670,000 ransom to prevent the publishing of 240 GB of stolen data, including patient info.

In September 2020, systems at the University Hospital New Jersey were encrypted with the SunCrypt ransomware. Threat actors leaked online a small portion of 48,000 documents, spanning 1.7 GB of data, out of 240 GB they claimed to have accessed.

This data leak included patient information release authorization forms, copies of driving licenses, Social Security Numbers, date of birth, and records about the Board of Directors.

To prevent further leaking of patient data, the hospital contacted the ransomware operators. The initial ransom demand was for $1.7 million. After negotiations, the hospital paid $672,744. The attackers then provided the decryption key.

The entry point was a phishing email sent to an employee, providing the attackers network credentials.

Read more about it here.

US fitness chain Town Sports has suffered a data breach, where a server containing over a terabyte of spreadsheets representing internal company data, financial records and personal customer records.

The archive contained records of almost 588,000 members and staff. Exposed information includes names, addresses, phone numbers, email addresses, last four digits of credit cards, credit card expiration dates, and a member’s billing history.

The unprotected server was exposed for almost a year. The company secured the database the day after it was informed of the data leak.

Town Sports International Holdings is an operator of fitness centers in the Eastern United States, California and in Switzerland. Its brands include New York Sports Clubs, Boston Sports Clubs, Philadelphia Sports Clubs, Washington Sports Clubs, Lucille Roberts, TMPL Gym, and Total Woman Gym and Spa.

Read more about it here.

Giant office retail company Staples informed some of its customers of a data breach, related to their orders. The company sent a brief letter signed by its CEO Alexander ‘Sandy’ Douglas, describing the incident. The incident occurred around September 2, 2020, in included “non-sensitive customer order data”: names, addresses, email addresses, phone numbers, last four credit card digits, and details about the order (delivery, cost, product). Credential information or credit card information wasn’t exposed.

Data breach at @Staples pic.twitter.com/gvLndAJV2P

— Troy Hunt (@troyhunt) September 14, 2020

Although this breach is considered low impact, it may still cause serious damage to customers. Adversaries could use the information to launch phishing attacks.

Read more about it here.

Zoom announced it has implemented Two-Factor Authentication (2FA) to protect all user accounts against cyber attacks.

“Zoom’s enhanced Two-Factor Authentication (2FA) makes it easier for admins and organizations to protect their users and prevent security breaches right from our own platform.” reads the announcement published by Zoom.

“Zoom offers a range of authentication methods such as SAML, OAuth, and/or password-based authentication, which can be individually enabled or disabled for an account.”

In order to use 2FA, it needs to be enabled on the Zoom account. Sign into the Zoom Dashboard. Navigate to Advanced -> Security in the menu, and toggle the “Sign in with Two-Factor Authentication” option on. Then select to enable 2FA for one of the following options:

• All users in your account
• Users with specific roles
• Users belonging to specific groups

Read more about it here.

The University of Utah admitted it paid a $457,059 ransom after a July 19, 2020 ransomware attack, that infected its systems on the College of Social and Behavioral Science CSBS). The University was able to recover the operations from backups, but decided to pay the ransom to avoid having ransomware operators leak student information online: “This was done as a proactive and preventive step to ensure information was not released on the internet.”

According to the University of Utah, the ransomware encrypted only 0.02% of the data stored on its servers. The University officials added that the university’s cyber insurance policy covered part of the ransom.

Read more about it here.

On August 18, 2020, Santander Bank became aware that many of its ATM’s were dispensing cash using fake debit cards and valid preloaded debit cards, more than the cash value stored on the cards. Criminal groups across New York, New Jersey and Connecticut.

In response, Sandander shut down all ATM machines that day. The next morning, ATM machines were available only to its customers.

As a result, dozens of people were arrested.

Read more about it here.