The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to Middlesex Hospital, a seven-year Packrat campaign and pwning your BBQ grill.
Earlier this week Middlesex Hospital in Connecticut, USA divulged a data breach that affected close to 950 patients. The hospital stated that in October 2015, employees fell victim to a phishing e-mail that lead to the compromise of the patients' information. The information leaked included names, addresses, date of birth, medical record numbers and other diagnosis information. However, Social Security Numbers were not accessed, along with patients' medical history. The affected patients were offered free credit monitoring services and the hospital stated that they had implemented measures to further secure their systems. Click the link below to read more.
Security researchers at Citizens Lab released a report earlier this week that revealed a seven year malware campaign targeting journalists, activists, politicians and other public figures. The malware used in these attacks was named Packrat, which is a Remote Access Tool (RAT) that allows hackers to remotely access an infected computer. Researchers found that Packrat was distributed through phishing websites and social media accounts for fake opposition political parties, and fake news organizations. One of these phishing sites contained a fake login page used to target Ecuador's National Assembly. The malware campaign was active in several South American countries including Argentina, Brazil and Venezuela. Click the link below to read more.
Internet-connected barbecues are now vulnerable to hackers. This was highlighted by security researchers at the recent Kiwicon conference in Australia. Researchers were able to hack a popular Internet-of-Things (IoT) barbecue grill called CyberQ. The researchers told the conference that Google was able to detect servers that contained the CyberQ administration webpage. Using this knowledge, someone could develop a phishing webpage containing a malicious link that when clicked, would send a malicious request to an owner's CyberQ grill. This could change the settings on the owner's grill with the owner being none the wiser to the hack. Click the link below to read more.