Special Olympics New York Hacked to Send Phishing Emails (Dec 30, 2019)
During the Christmas holiday, Special Olympics of New York, a nonprofit that provides athletic competition to those with disabilities had its email server breached. An email was sent to donors of the Special Olympics claiming they would take over one million dollars from their account, directing them to a PDF of the transaction statement. The Special Olympics claim that only the communications system was affected, and not any financial data.
Recommendation: Email account security is paramount because many threat actors use brute force attacks that could easily gain access to an account with a weak password. As this incident portrays, a compromised email account could not only cause harm to individuals whose PII was stored in the account, but could also put them at further risk of highly-targeted phishing attacks using recipients’ legitimate information.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.