5 cyber-attacks you may have missed since the start of 2021

Posted by MailGuard on Jan 28, 2021 12:22:29 PM

Daily News-Cyber Attack

While challenging, 2020 drove long-overdue review of our approach to cybersecurity for many, especially with the explosion of COVID-19 themed cybercrime targeting remote workforces.

As we enter a new year, it’s imperative that we continue nurturing cyber resilience among our customers, so they’re prepared to minimise the impact of any incoming disruptions and/or cyber threats coming their way. 2021 has just begun and it is already rife with stories of disruptive cybercrime - a reminder that cybercriminals continue to be on the move, launching targeted attacks with speed and sophistication.  

Below, we summarisa few cyber-attacks that have been making headlines this year. Share these with your customers as examples of the different ways cybercriminals are infiltrating businesses and as motivators to continue solidifying their cyber defence measures.  

 

1Verified Twitter accounts hacked in $580k cryptocurrency scam 

Twitter users were targeted by cryptocurrency scams claiming Bitcoin and Ethereum giveaways from Elon Musk, Tesla, or Tyler Winklevoss of Gemini Exchange. Legit Twitter accounts were reportedly hacked to send fake tweets promoting a scam where Musk (among others) was allegedly giving away free cryptocurrency. These tweets contained links to fraudulent landing pages that stated that if users sent cryptocurrency to a listed address, they would receive twice the amount. At the time of writing, over $580K had been lost in a week.  

More details here: https://www.bleepingcomputer.com/news/security/verified-twitter-accounts-hacked-in-580k-elon-musk-crypto-scam/  

 

2Accellion software hack impacts several entities  

In one of 2021’s first major security incidents stemming from a third-party cloud vendor, several organisations were impacted following a cyber-attack on a file-sharing system belonging to Californian cloud company Accellion. Unknown attackers reportedly exploited a vulnerability in the standalone “Accellion File Transfer Appliance (FTA)” and illegally accessed sensitive data stored on and shared with the application. Companies affected included law firm Allens, the Reserve Bank of New Zealand and Australia’s corporate watchdog, The Australian Securities and Investments Commission (ASIC). All these companies used Accellion’s software to transfer documents and attachments.  

More details here: https://www.smh.com.au/business/banking-and-finance/corporate-watchdog-asic-hit-with-cyber-attack-20210126-p56wtr.html  
 

3Ubiquiti customers alerted of a potential data breach 

Networking device maker Ubiquiti disclosed that a security incident at a third-party cloud provider may have exposed customer account information and credentials used to remotely manage Ubiquiti gear. Exposed data potentially included names, email addresses and passwords. In an email to customers, the company urged all users to change their passwords and enable two-factor authentication.  

More details here: https://krebsonsecurity.com/2021/01/ubiquiti-change-your-password-enable-2fa/  

 

4)  Malicious emails impersonating The Federal Trade Commission  

In January, the Federal Trade Commission warned of a malicious email purporting to be from the agency’s chairman, Joe Simons. Claiming recipients were eligible to receive “coronavirus relief money”, the multi-staged email scam demanded that they pay taxes to receive the money. The scam employed multiple tricks to boost its legitimacy, including issuing a fake certificate from the Department of Treasury and a fake letter from the Internal Revenue Service.  

More details here: https://www.consumer.ftc.gov/blog/2021/01/coronavirus-relief-scam-impersonates-joe-simons-federal-trade-commission  

 

5) UK NHS COVID-19 vaccination phishing attack 

Reports circulated towards the end of January about a phishing campaign purporting to be from the UK's National Health Service (NHS), alerting recipients that they are eligible to receive the COVID-19 vaccine. Multiple variants of the phishing emails were reported, all claiming to be from the NHS at noreply@nhs.gov.uk  (the real NHS domain is nhs.uk) and using an email subject along the lines of: "IMPORTANT - Public Health Message| Decide whether if you want to be vaccinated." The phishing email asked recipients if they wished to accept or decline the invitation to schedule their COVID-19 vaccination. The email led to a fake NHS- branded phishing page asking recipients for personal information, including their mother's maiden name, addresses, mobile numbers, credit card and banking data. 

More details here: https://www.bleepingcomputer.com/news/security/beware-of-this-active-uk-nhs-covid-19-vaccination-phishing-attack/  

 
This isn’t a comprehensive list, and we’re sure there are many other organisations who have been impacted by cybercrime since the start of the year. The damage sustained by companies as a result of cyber-attacks goes far beyond the immediate financial losses, and no doubt these firms, and others that we haven’t mentioned, are still working through some of the implications. 

Malicious emails remain one of the most prolific ways fraudsters infiltrate networks, even when most businesses have an email security solution in place. No one vendor can stop all threats, so let’s continue to remind customers that if they are using Microsoft 365 or G Suite, they should also have a third-party email security specialist in place to mitigate their risk. For example, using a third-party cloud email solution like MailGuard.   

As we enter 2021, let these cyber-attacks serve as a motivator for all of us to practice good cyber hygiene, and to remain vigilant.   

Talk to us

MailGuard's partner blog is a forum to share information and we want it to be a dialogue. Reach out to us and tell us how we can serve you better. You can connect with us on social media or call us and speak to one of our consultants. 

Australian partners, please call us on 1300 30 65 10 

US partners call 1888 848 2822 

UK partners call 0 800 404 8993 

We’re on Facebook,Twitter and LinkedIn. 

 

Topics: Business security partners technology Cyber-Attacks 2021 Twitter Allens FTC Ubiquiti Accellion

Something Powerful

Tell The Reader More

The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.

Remember:

  • Bullets are great
  • For spelling out benefits and
  • Turning visitors into leads.

Subscribe to Email Updates

Recent Posts

Posts by Topic

see all