The Weekly Top 3 - ED-12.2016

By Jon Phish, Fri 25 March 2016, in category News

employee data, phishing, tax, utility, weekly

The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to Verizon, Kemuri Water Company and whaling for tax forms.

Customer Data Stolen From Verizon

Last week, Verizon discovered a vulnerability in their online portal that allowed hackers to extract the contact information of over 1.5 million enterprise customers. These customers use Verizon Enterprise Solutions to run the day-to-day operations at their respective companies. The contact information was very likely related to the technical managers or employees at these companies, who are easy targets for phishing or spear phishing attacks. The security vulnerability that was used to obtain this information has been fixed, but the customer database is currently being sold online for a large sum of money. Click the link below to read more.

Water Treatment Plant Hacked And Chemical Mix Altered

Earlier this week, hackers were able to gain access to the control systems at a water treatment plant. The name of the company was not given in the security report, but it was given the pseudonym, Kemuri Water Company (KWC). The report stated that hackers used SQL injection and phishing techniques to gain access to the operational control system using stolen credentials. Once they accessed the system, they were able to make changes to the chemical mixtures used in the water treatement process. As a result, the hackers were able to handicap KWC's operations. However, these changes were detected by the control systems and KWC was able to reverse the effects. Click the link below to read more.