News Heading - 1

Vendor Breach Compromises Bank of America Customers’ Data

  • Written by Shipra Sanganeria Cybersecurity & Tech Writer
  • Fact-Checked by Justyn Newman Former Lead Cybersecurity Editor

Bank of America issued a warning to customers about their sensitive information being compromised in a data breach incident, said to have occurred at one of its vendors.

Last year, its service provider, Infosys McCamish Systems (IMS) suffered a security incident, which exposed personally identifiable information (PII) of customers. The stolen data included names, addresses, dates of birth, social security numbers, and financial details like credit card and account numbers.

Although the customer notifications did not disclose the number of impacted individuals. The incident report filed with the Office of Attorney General of Maine on behalf of Bank of America revealed that 57,028 people were affected.

The incident is said to have occurred as early as November 3, 2023, when ‘’IMS was impacted by a cybersecurity event when an unauthorized third party accessed IMS systems, resulting in the non-availability of certain IMS applications,’’ the notification revealed.

On November 24, 2023, IMS notified the bank about the data breach. It said that ‘’data concerning deferred compensation plans serviced by Bank of America may have been compromised. Although the bank stated that its internal systems were not impacted by the incident, it would be unable to clearly determine the type of information exposed.

Therefore, as a precautionary measure, it’s offering its customers a complimentary identity theft protection service for two years.

Following the attack, in November 2023, LockBit ransomware gang claimed responsibility for this breach. Active since 2019, the ransomware-as-a-service (RaaS) gang has targeted many high-profile organizations across the world, including corporates and government agencies.

This incident adds further woes to Bank of America’s customers. In the MOVEit Transfer platform attack of May 2023, Ernst & Young , world’s leading accounting firm handling the bank’s financial information was also breached. However, the firm did issue a notice that Bank of America’s systems were not impacted by the incident.

News Heading - 2

Ongoing Malicious Campaign Compromises Hundreds of Azure Cloud Accounts

  • Written by Shipra Sanganeria Cybersecurity & Tech Writer
  • Fact-Checked by Justyn Newman Former Lead Cybersecurity Editor

An ongoing malicious campaign believed to be targeting Microsoft Azure corporate accounts was discovered recently by cybersecurity researchers at Proofpoint.

Including credential phishing and account takeover techniques, the campaign active since November 2023, is directed towards senior executives at various levels, globally. Frequent targets include vice presidents, sales directors, CEOs, presidents, CFOs, finance, and account managers.

Luring victims via individualized phishing emails, embedded within shared documents, the threat actors use a specific Linux user-agent to gain unauthorized access to ‘OfficeHome’ sign-in and other Microsoft 365 applications.

With access to these accounts, the threat actors conduct various cybercrimes including, email threats, impersonation, financial fraud, and data exfiltration.

  • Multifactor authentication (MFA) manipulation – wherein to maintain persistence access, the attacker sometimes registers an alternate phone number or authenticator app for receiving codes and notifications.
  • Data exfiltration – through sign-in access, the attackers download sensitive information, like data on financial assets, security protocols, and user credentials.
  • Internal and external phishing – enables the hackers to sometimes commit financial fraud by sending targeted phishing emails to human resources and finance departments.

‘’The varied selection of targeted roles indicates a practical strategy by threat actors, aiming to compromise accounts with various levels of access to valuable resources and responsibilities across organizational functions,’’ Proofpoint revealed.

The attackers were seen using proxy services and obfuscation techniques to cover their tracks and erase evidence of their malicious activities. Based on their forensic analysis and use of certain local fixed-line ISPs, Proofpoint believes the threat actors might be of Russian and Nigerian origin.

The firm’s Cloud Security Response Team said that it would continue to monitor this threat. It also recommended that organizations should identify initial threat vectors, unauthorized access to sensitive resources, and suspicious cloud account takeover attempts. It should enforce immediate changes of compromised accounts and employ auto-remediation measures to limit potential damages.