SITA Passenger Service System (SITA PSS), a communications and IT service provider for 90 percent of the world’s airline companies, suffered a massive data breach. The company calls the attack that targeted its U.S servers in Atlanta a “highly sophisticated attack.”
Singapore Airlines, a company that uses SITA’s services, reported that over 580,000 customers were affected. The total number of affected customers could well over be in the millions.
Edna Ayme-Yahil, SITA’s spokeswoman didn’t disclose what type of data was compromised, although she did inform Threatpost that “it does include some personal data of airline passengers.” “Many airlines have issued public statements confirming what types of data have been affected in relation to their passengers,” told Yahil.
Yahil also said that airline members of the Star Alliance, including Lufthansa, New Zealand Air, and Singapore Airlines, along with OneWorld members Cathay Pacific, Finnair, Japan Airlines, and Malaysia Air have started communicating with its at-risk users. Malaysia Air had already reported being affected by a data breach through its Twitter account earlier.
The National Stock Exchange (NSE) of India was down for almost an entire day on February 24, 2021. The Nifty, Bank Nifty, and other indices stopped across all brokerage firms in India. An NGO foundation, Moneylife Foundation, has come forward and alleged that the NSE was under attack by cybercriminals.
Although NSE has informed that the blackout was due to “issues with the links with telecom service providers,” Moneylife Foundation claims that it has evidence that this was indeed a cyberattack.MoneyLife Foundation claims that a cyberattack was the reason for the attack and that the attack targeted the collocation servers functioning inside the NSE’s building. The identity of the attacker(s) is still unknown. However, it is also important to note that the Chinese intelligence might have had a hand in this since they were the ones involved in the attack on a power grid in Mumbai on the very same day of February 2021.
Microsoft 365 users saw a slew of phishing emails, thanks to an ongoing attack aiming at stealing Microsoft 365 credentials. To make the emails look more realistic and legitimate, attackers are adding a fake Google reCAPTCHA system in addition to their company logos in the mails. Security researchers indicate that over 2500 such emails have been unsuccessfully sent to senior-level employees in the banking and IT sector, over the past three months.
These phishing emails first take the receiver to a fake Google reCAPTCHA page upon clicking a link in the mail. Once the recipient take the test, they are redirected to a bogus landing page from where their Microsoft 365 credentials are stolen. Another common method that attackers seem to apply is by sending senior members of an organization, emails about voicemail attachment. The modus operandi is similar in such attacks too.
Researchers are concerned that attackers are putting more work in to making the phishing attack look more legitimate and the landing pages fit the victim profile. The attacks are also targeting senior business leaders increasingly as such people have the most privileges and access to sensitive data.
Researchers also noted that, most phishing pages associated with the campaign were hosted using generic top level domains such as .xyz, .reset and .online. These domains are usually used by cybercriminals in spam and phishing attacks owing to its cheap availability