Weekly Cyber Digest

11 August 2022

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Trending Vulnerable Products

Open Source
Name Heat 7
SourceCodester
Microsoft Support Diagnostic Tool
F5 BIG-IP
VMware Workspace One Access
Azure RTOS
Deep & Dark Web
Name Heat 7
Sangoma NetBorder SS7
Slope Wallet
Cisco AnyConnect VPN
Cisco RV340
BBC One

The tables show the products which have been mentioned more than usual during the last week in connection with vulnerabilities.

Data Leaks & Breaches

Company Information Affected
QuestionPro (US) Threat actor ‘pompompurin’ claims to have stolen a database containing survey respondents’ personal information from the company. The allegedly stolen database contains records for approximately 22 million unique email addresses. Data records shared with Have I Been Pwned include email addresses, IP addresses, geographic locations, and more. QuestionPro is currently determining whether a data breach did occur. Unknown
ENN Group (China) On August 4th, 2022, the Hive ransomware group listed the company on its leak site, along with alleged stolen files. ENN has yet to address the alleged attack. Unknown
United States Federal Courts Senator Ron Wyden argued that federal court rules, which mandate that personal information in court files must be removed before being made publicly available, are not being followed. As a result, tens of thousands of citizens are reportedly exposed to privacy violations. Unknwon
Cellebrite (Israel) An anonymous source has leaked around 4TB of proprietary data. The leaked data is currently only available to researchers and journalists through DDoSecrets. Unknown
Disability Help Group (US) The company was targeted in a ransomware attack on June 16th, 2022. The company’s URL, along with the name of Florida law firm LaVan & Neidenberg, was added to a dedicated ransomware leak site on July 20th, 2022. Files leaked as proof include demographic information, occupation history, medical records, and more. Unknown
Healthback Holdings LLC (US) A hacking incident that that began in October 2021 compromised a limited number of employee accounts. Potentially exposed data includes names, health insurance information, Social Security numbers, and clinical information. 21,114
Zenith American Solutions (US) A data breach occurred on June 24th, 2022, after a mailing error by an unnamed vendor resulted in Social Security numbers being included in the mailing addresses of recipients. 37,146
Bronx Accountable Healthcare Network (US) On July 20th, 2022, the non-profit disclosed a data breach caused by an email-related hacking incident. 17,161
Centerstone (US) The organisation experienced a breach in their email environment beginning in November 2021. Potentially compromised data includes names, addresses, Social Security numbers, dates of birth, client ID, medical diagnosis, and more. Unknown
Semikron (Germany) The manufacturer disclosed that is suffered a possible data breach stemming from a ransomware attack. LV ransomware operators recently claimed to have stolen 2TB of data. Semikron did not validate the attackers’ claims but confirmed that parts of its computer network were encrypted. Unknown
Behavioral Health Group (US) Certain files and folders may have been removed from its network during a cyberattack on December 5th, 2021. Protected health information in the files includes names, Social Security numbers, driver’s licence or state identification numbers, financial account information, payment card data, and more. Unknown
Louisiana Public Facilities Authority (US) The agency was targeted in a ransomware attack on or around February 26th, 2022. The attacker may have gained access to personally identifiable information on customers and employees, including names, Social Security numbers, addresses, dates of birth, and more. The Louisiana Education Loan Authority also stored limited student loan data on the impacted servers, including names, Social Security numbers, and more. Unknown
SERV Behavioral Health System (US) The healthcare provider was added to the Hive ransomware leak site on July 14th, 2022, with their files allegedly being encrypted on May 26th, 2022. Hive did not provide any proof to verify their claims, and did not indicate how much data they allegedly exfiltrated. Unknown
Confederation Centre of the Arts (Canada) A data breach occurred as a result of a ransomware attack in January 2022. The centre reportedly paid a ransom to the attackers, but has not disclosed the amount. Compromised information includes names, email addresses, dates of birth, and social insurance numbers. 3,000
Niagara County Department of Mental Health (US) The department suffered a data breach due to an email that was sent out between May 4th and May 5th, 2022. Potentially compromised data includes names, contact information, dates of birth, Social Security numbers, insurance information, and treatment and diagnosis information.  3,000
Twilio (US) On August 4th, 2022, Twilio discovered unauthorised access to customer account information. The incident affected a limited number of accounts. Unknown
Klaviyo (US) On August 3rd, 2022, Klaviyo suffered a data breach in which attackers viewed 44 cryptocurrency-related accounts. Of these, 38 were downloaded, along with two internal lists used for product and marketing updates. Stolen customer data includes names, addresses, emails, phone numbers, and some account-specific custom profile properties. Unknown
O’Brien Group (Australia) LockBit operators claimed to have targeted the company and released all allegedly stolen data. This includes operational and financial information, including payroll data. O’Brien Group has not yet commented on the claims. Unknown
Sheppard Robson (UK) On July 24th, 2022, the company discovered unusual activity on its network that led to a ransomware attack. The company added it refused to pay the requested ransom. It remains unknown what, if any, information may have been compromised. Unknown
Boeing Employees’ Credit Union (US) The company’s third-party printing vendor experienced a security incident that involved unauthorised access to certain data of some members. Potentially compromised information includes names, addresses, account numbers, credit scores, and Social Security numbers. Unknown
OSDE (Argentina) On June 27th, 2022, the network confirmed it suffered a cyberattack. LockBit added the organisation to their leak site on July 22nd, 2022, before dumping around 139.07GB of allegedly stolen files on August 8th, 2022. Unknown
PlatformQ (US) PlatformQ inadvertently published a database backup file in a misconfigured, public AWS S3 bucket. The sensitive information of healthcare workers was exposed, including full names, personal email addresses, job titles, work addresses, phone numbers, and NPI numbers. Workers from Johns Hopkins, Mount Sinai Medical Center, Saint Francis Hospital, and more were impacted. 100,000
Casa International (Belgium) On August 1st, 2022, the home furnishing store chain suffered a ransomware attack in which personal data of customers and staff was leaked. Unknown
ista International (Germany) An unauthorised third party gained access to their IT systems. Daixin Team added the company to their leak site on August 9th, 2022, and began to leak data the following day. Unknown
Lockheed Martin (US) Killnet claims to have stolen information on employees in a cyberattack last week and is reportedly considering sharing the stolen data. Lockheed Martin denies that any of its systems were compromised. Unknown
7-Eleven (Denmark) The chain confirmed that the recent closure of its 175 stores in Denmark was caused by a ransomware attack. The company did not provide any information on who might be responsible for the attack but confirmed that the attackers breached their network and encrypted systems. Unknown
Cisco (US) Yanluowang ransomware added the company to their leak site on August 10th, 2022. They claim to have stolen 2.75GB of data, including non-disclosure agreements, data dumps, and engineering drawings. Unknown
University of Kashmir (India) On August 6th, 2022, a database allegedly containing personal information of current and former students and employees was advertised for sale on Breached Forums. The database is said to include names, registration numbers, addresses, dates of birth, phone numbers, passwords, email addresses, and more. ~1,000,000
Colosseum Dental Benelux (Netherlands) The company paid a ransom to threat actors to retrieve data stolen in a cyberattack. It remains unknown how much the company paid, and whether any data has been leaked. The attackers reportedly deleted backups before the system was encrypted. Unknown

Ransomware mentions in Government

This chart shows the trending ransomware related to Government within a curated list of cyber sources over the past week.

Weekly Industry View

Industry Information
Banking & Finance CloudSEK researchers discovered that threat actors are increasingly abusing Hostinger preview domains to host phishing sites for campaigns targeting Indian banking customers. The preview domain feature enables threat actors to distribute the URLs before the domains are accessible globally, thus helping in evading detection. The malicious domains are temporary mirrors of their root domains. They are spread via text, email, and social media. Some of the observed domains appear to imitate Bank of America. 
Government On August 9th, 2022, the website of the Finnish Parliament went offline for several hours after it was targeted in a distributed denial-of-service (DDoS) attack. Pro-Russian hacker group NoName057 claimed responsibility for the attack on their Telegram channel. The group alluded to Finland’s NATO aspirations as the motivation for the attack. The attack occurred on the same day as US President Joe Biden signed ratification documents in support of Finland and Sweden to join NATO. 
Technology Meta researchers revealed that the cyber espionage group Bitter APT, believed to be operating out of India and Pakistan, has been using fake versions of WhatsApp, Signal and Telegram to install the Dracarys spyware on Android devices. The activity has targeted thousands of users in New Zealand, India, Pakistan, and the United Kingdom. The company also announced action on a Pakistan-based government threat actor, APT36, who was creating Android spy tools masquerading as WhatsApp, WeChat, and YouTube. A modified version of XploitSPY is being used to target individuals in Afghanistan, India, Pakistan, the United Arab Emirates, and Saudi Arabia. Over 10,000 users are thought to have been targeted by APT36 and Bitter APT. 
Retail 7-Eleven suffered a ransomware attack on August 8th, 2022, which resulted in stores in Denmark being unable to use cash registers or accept payments. All stores in the country were temporarily closed as a result, but most have since reopened. On August 3rd, 2022, some branches of 7-Eleven stores in Taiwan were also seemingly attacked, as television screens in stores displayed the message ‘Warmonger Pelosi, get out of Taiwan!’ It remains unclear whether the same threat actor was behind the two incidents.
Healthcare The UK National Health Service (NHS) 111 emergency service is suffering an outage following a ransomware attack against its managed service provider, Advanced Computer Software Group Limited. The incident reportedly left patients unable to get urgent appointments and ambulance callouts. Over 1,000 care homes, as well as mental health services across the NHS are also impacted. However, the NHS reports that disruptions are minimal.

News and information concerning each mentioned industry over the last week.

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Silobreaker
This website uses cookies.
See our privacy policy at www.silobreaker.com/legal