A successful phishing scheme has resulted in the compromise of 2 million email accounts belonging to the Oregon Department of Human Services. The incident has affected at least 350,000 people.What’s the matter - The Oregon Department of Human Services (DHS) announced last week that it had fallen victim to a phishing campaign after nine of its employees inadvertently gave hackers access to their accounts. The data breach occurred on January 8, 2019. However, the intrusion was discovered on January 28, 2019.
Cybercriminals often try to create a sense of urgency in their phony attempts to swindle unsuspecting users out of crucial information with subject lines that would compel the unsuspecting user into opening the phony email and potentially downloading malicious attachments. Unfortunately, they rarely announce themselves in phishing attacks and some even have the ability to appear to come from semi-trusted sources.
Hackers used hosting infrastructure in the United States to host 10 malware families and distributed them through mass phishing campaigns.The hosted malware families include five banking Trojans, two ransomware and three information stealer malware families. The malware includes familiar ones such as Dridex, GandCrab, Neutrino, IcedID, and others.