Weekly Cyber Digest

09 June 2022

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Trending Vulnerable Products

Open Source
Name Heat 7
Atlassian Confluence Server
Atlassian Confluence
Owl Labs Meeting Owl
GitLab Enterprise Edition
Jira
Deep & Dark Web
Name Heat 7
Microsoft Word
Microsoft Windows
Atlassian Confluence
Ngrok
Everquest

The tables show the products which have been mentioned more than usual during the last week in connection with vulnerabilities.

Data Leaks & Breaches

Leaks & Breaches
Company Information Affected
Foxconn Baja California (Mexico) One of the company’s factories was hit by a ransomware attack on May 31st, 2022. LockBit 2.0 ransomware operators added the company to their leak site, threatening to release allegedly stolen information unless a ransom was paid. Unknown
Multiple Companies Secureworks discovered over 1,200 unsecured internet-facing Elasticsearch databases that have been replaced with a ransom note. The note demands a Bitcoin payment in exchange for the data, with over 450 individual requests for ransom payments identified. Unknown
City of Alexandria (US) Louisiana state officials are investigating a ransomware after the AlphV ransomware group added the city to its victim list on June 2nd, 2022. The group claims to have stolen over 80GB of data. Unknown
Multiple Companies (Russia) Anonymous Group claimed to have stolen and leaked data from RRustam Kumaev and Partners, Vyberi Radio, and Metprom Group. Anonymous-associated hacker Rootkit_sec claims to have attacked Russia’s Central Bank, which supposedly enabled the TheBlackRabbitWorld hacker group to obtain confidential files. Anonymous further claimed to have hacked the email accounts of members of the Killnet group. Unknown
Icare (Australia) The personal details of injured workers were mistakenly shared with 587 employers and insurance brokers. Possibly compromised data includes names, dates of birth, injury category, and summary of claims history. 193,000
Tuoagente (Italy) A publicly accessible database belonging to the job agency exposed the personal data of sales agents and 2,418 companies. The 1.5GB of data includes names, CVs, email addresses, phone numbers, work history, IP addresses, and more. 106,902
ACY Securities (Australia) A 60GB misconfigured database exposed names, full addresses, dates of birth, genders, email addresses, phone numbers, and more. Unknown
Cape Cod Regional Transit Authority (US) The authority suffered a ransomware attack over the US Memorial Day weekend. It was not disclosed whether company files or personal data were accessed in the attack. Unknown
SATT Sud-Est (France) The company’s website displayed a message stating that over 200GB of data will be sold if no ransom is paid. On June 2nd, 2022, the Industrial Spy group began selling the company’s data for $500,000. Unknown
Novartis (Switzerland) The Industrial Spy group advertised the company’s data for $500,000, alleging they stole data related to RNA and DNA-based drug technology and tests. Novartis stated that no sensitive data was compromised and, at present, no evidence suggests that any data was encrypted. Unknown
Mandiant (US) LockBit 2.0 claim to have successfully attacked the company, threatening to leak 356,841 allegedly stolen files. Mandiant stated they are aware of the claims but have seen no evidence to support them. Unknown
Municipality of Palermo (Italy) On June 3rd, 2022, the municipality was targeted in a cyberattack that appears to have had a significant impact on operations and services for both citizens and tourists. All services, public websites, and online portals have been taken offline as a precaution. It is unknown whether data was compromised in the incident. Unknown
Rainier Arms (US) An unauthorised party installed a skimmer on the company’s online store. The names and credit card numbers of customers were stolen. 46,319
Ministry of Construction, Housing and Utilities (Russia) The ministry’s website appeared to have been hacked, with an internet search for the site leading to a ‘Glory to Ukraine’ sign in Ukrainian. A ministry representative stated the site was down, but that users’ personal data was protected. Other media reported that hackers demanded a ransom to not disclose user data. Unknown
Shields Health Care Group (US) An unknown actor gained access to certain systems from March 7th to March 21st, 2022, and acquired patient data. Possibly exposed information includes names, Social Security numbers, dates of birth, home addresses, provider information, medical record number, and more. ~ 2 million
Heidell Pittoni Murphy & Bach (US) The firm suffered a data extortion incident, with the attacker gaining control over certain information. Possibly compromised patient data includes names, dates of birth, Social Security numbers, and medical treatment information. 114,979
Multiple Companies (US) At least six more healthcare providers have been added to the ongoing Eye Care Leaders breach tally, with the latest filings including Burman & Zuckerbrod Ophthalmology, FishmanVision, Associated Ophthalmologists of Kansas City, Finkelstein Eye Associates, Moyes Eye Center , and AU Health. Compromised data may include patient names, dates of birth, Social Security numbers, diagnostic details, and health insurance information. > 200,000
Transact Campus (US) Over 1 million student records were left exposed and unencrypted via an unsecured Elasticsearch server, totalling more than 5GB of data. Potentially compromised data includes names, email addresses, phone numbers, plain text login credentials, transaction details, incomplete credit card details, and purchased meal plans. ~40,000
Numrich Gun Parts Corp (US ) An unknown actor installed a skimmer and gained access to certain payment information entered into the website between January 23rd and April 5th, 2022. 44,169
Homestead Hospice & Palliative Care (US) A limited number of company email accounts were subject to unauthorised access between April 1st, 2021, and March 31st, 2022. Possibly exposed patient data includes names, addresses, dates of birth, medical record numbers, Social Security numbers, health insurance information, and clinical and treatment information. Unknown
Accounting Systems (Russia) A publicly accessible dataset, 130GB in size, contained payments, transcripts, invoices, and other financial information belonging to Russian citizens who transferred money to pension funds and the Treasury. Some datasets also included personally identifiable information on citizens. Unknown
Tenafly Public School District (US) On June 2nd, 2022, the school suffered a ransomware attack that forced a district-wide shutdown of the computer system. It is unknown what data may have been compromised. Unknown

Attack Type mentions in Education

Time Series

This chart shows the trending attack types related to Education within a curated list of cyber sources over the past week.

Weekly Industry View

Industry View
Industry Information
Government On June 2nd, 2022, the exiled opposition group People’s Mujahedin of Iran (MEK) claimed responsibility for a cyberattack that temporarily shut down the city of Tehran’s internal computer system. MEK stated that the attack had been planned ‘months in advance.’ The municipality’s websites were defaced to display images of MEK leader Massoud Rajavi and his wife Maryam Rajavi, and slogans against supreme leader Ayatollah Ali Khamenei.
Cryptocurrency Symantec researchers identified a cryptocurrency mining and theft operation that utilises clipboard hijacking. The malware, dubbed Trojan.Clipminer, has numerous similarities to KryptoCibule, suggesting it may be an evolution or copycat of that malware. The operation has made the threat actors at least $1.7 million in illicit gains. Clipminer is likely spread via trojanised downloads of cracked or pirated software.
Healthcare The United States Department of Health and Human Services Cybersecurity Coordination Center (HC3) warned that Emotet continues to be the most common malware targeting the healthcare sector. The ongoing campaigns have mainly targeted Japan, but North America is also a frequent target. HC3 warned that the malware is primarily sent using a fully automated phishing process, with Word documents containing malicious macros attached to emails.
Critical Infrastructure Microsoft researchers discovered that the previously undocumented Lebanon-based threat actor POLONIUM has targeted or compromised over 20 organisations since February 2022. The victims are based in Israel in the sectors of critical manufacturing, IT, defence, transportations systems, government agencies, and more. POLONIUM deploys custom implants that use cloud services for C2 and data exfiltration, with the implants connecting to POLONIUM-owned accounts in OneDrive and Dropbox. These include the CreepyDrive, CreepyBox, and CreepySnail.
Banking & Finance Security researcher Daniel Lopez identified an Android malware being distributed through a smishing campaign impersonating the Spanish bank, Banco Bilbao Vizcaya Argentaria (BBVA). The campaign has been ongoing since 2020. The messages inform users that their bank account has been suspended, and that they need to log in from the BBVA app. A download link leads to a malicious app that, once opened, redirects the user to a phishing site. The page impersonates the bank and asks users for credentials and password. The malware can also intercept SMS messages and bypass two-factor authentication.

News and information concerning each mentioned industry over the last week.

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Silobreaker
This website uses cookies.
See our privacy policy at www.silobreaker.com/legal