Weekly Cyber Digest

12 May 2022

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Trending Vulnerable Products

Open Source
Name Heat 7
Acrobat Reader DC
Azure Data Factory
Deep & Dark Web
Name Heat 7
Microsoft Windows
Microsoft Exchange Server Enterprise
Microsoft Windows 11
Windows Print Spooler

The tables show the products which have been mentioned more than usual during the last week in connection with vulnerabilities.

Data Leaks & Breaches

Leaks & Breaches
Company Information Affected
ENCollect (India) An unsecured ElasticSearch instance used by the company exposed 1,686,363 records totaling 5.8GB of storage. Possibly compromised data includes names, loan amounts, dates of birth, account numbers, and more. A total of 48,043 unique email addresses and 114,747 mailing addresses were also included. Unknown
Heroku (US) An attacker gained access to a Heroku database and downloaded stored OAuth tokens on April 7th, 2022. On April 9th, 2022, the attacker downloaded a subset of Heroku private GitHub repositories containing some Heroku source code. The same compromised token was used to gain access to a database and exfiltrate hashed and salted passwords for customers’ user accounts. Unknown
WellDyneRx LLC (US) The company discovered unauthorised access to an email account between October 30th and November 11th, 2021. Potentially compromised data includes names, dates of birth, Social Security numbers, health insurance information, and more. Unknown
North Alabama Bone & Joint Clinic (US) The clinic determined that some employee email accounts were accessed without authorisation on March 9th, 2022. Possibly exposed data includes names, contact information, financial information, dates of birth, health insurance information, and more. Unknown
AGCO (US) On May 6th, 2022, the company disclosed it suffered a ransomware attack that impacted some of its production facilities. AGCO anticipates business operations to be adversely affected for several days or longer. Unknown
Belton Police Department (US) The police department suffered a malware attack that targeted certain network systems. An investigation is ongoing to determine whether any personal data was compromised, though any impacted data is believed to already be in the public record. Unknown
IKEA Canada An employee conducted unauthorised searches of an internal database of Canadian customers between March 1st and March 3rd, 2022. Some of the customers’ personal information was compromised as a result. This includes names, email addresses, phone numbers, postal codes, and potentially IKEA Family loyalty program numbers. ~ 95,000
LLC Capital (Russia) The Anonymous hacking collective leaked a 20.4GB archive containing 31,990 emails, allegedly stolen from the accounting firm. The firm works with Mokhail Gutseriev’s SAFMAR Group and its assets, including JPSC RussNeft. Unknown
DeKalb County School District (US) The district made thousands of files containing sensitive staff and student information widely accessible to anyone in the district. Exposed information includes Social Security numbers, academic records, medical forms, course transcripts, standardised test scores, and more. Unknown
Omnicell (US) The company confirmed that some of its services, products, and internal systems were impacted in a ransomware attack discovered on May 4th, 2022. Unknown
ORESTAR (US) On May 9th, 2022, the United States Oregon Elections Division learned that Opus Interactive, the web hosting provider used by the campaign finance firm C&E Systems, suffered a ransomware attack. C&E’s database was compromised, including their client’s login credentials for ORESTAR accounts. 1,100
Optima Dermatology (US) Unauthorised access to an employee email account occurred between August 30th and September 3rd, 2021. Possibly compromised data includes names, dates of birth, medical treatment, health insurance claims, and more. 59,972
Eye Care Leaders (US) EvergreenHealth and Summit Eye Associates were impacted by a December 2021 ransomware attack against Eye Care Leaders. Potentially compromised information includes names, dates of birth, Social Security numbers, medical record numbers, health insurance details, and more. 74,351
AA Traveller (US) In August 2021, an unauthorised party gained access to information stored within a vulnerable database and may have extracted personally identifiable information on customers. Potentially compromised information includes names, addresses, contact details, and expired credit card numbers. Unknown
Oklahoma City Indian Clinic (US) The clinic onfirmed that ongoing network disruptions were the result of a ransomware attack that occurred on March 10th, 2022. Potentially exposed data includes names, dates of birth, treatments, prescriptions, Social Security numbers, and more. Unknown
Central Bedfordshire Council (UK) The council disclosed that it accidentally published the personal data of individuals with special education needs after a Freedom of Information Act request about schooling was released on May 9th, 2022. The information has since been removed from the website. 100
Top Aces (Canada) The fighter jet company was added to the LockBit ransomware leak site, with the group threatening to leak 44GB of allegedly stolen data on May 15th, 2022. Unknown
Dis-Chem (South Africa) On April 28th, 2022, an unauthorised party gained access to a third-party database containing personal information on individuals. The exposed information includes first names and surnames, email addresses, and mobile phone numbers. 3,687,881
Multiple Companies On May 7th, 2022, a database containing the personal details and login credentials of 21 million individuals was leaked in a Telegram group. Included in the dump was the data of multiple VPN users, including SuperVPN, GeckoVPN, and ChatVPN. Included in the exposed data are full names, usernames, county names, billing details, email addresses, randomly generated password strings, and premium status and validity period. 21,000,000

Ransomware mentions in Healthcare

Time Series

This chart shows the trending ransomware related to Healthcare within a curated list of cyber sources over the past week.

Weekly Industry View

Industry View
Industry Information
Government On May 8th, 2022, Costa Rica President Rodrigo Chaves declared a national emergency following a spate of Conti Ransomware attacks against multiple government bodies. On the same day, BleepingComputer observed that Conti’s leak site was updated to state they had leaked 97% of the 672GB of data allegedly stolen from Costa Rican government agencies. According to Conti’s leak site, affected government bodies include the Ministry of Finance, the Ministry of Labour and Social Security, the Social Development and Family Allowances Fund, and the Interuniversity Headquarters of Alajuela.
Critical Infrastructure On May 10th, 2022, the United Kingdom, United States, and the European Union officially attributed the cyberattack against Viasat’s KA-SAT satellite on February 24th, 2022, to Russia. The UK’s National Cyber Security Centre additionally assessed that Russian military intelligence was almost certainly involved in the defacements of Ukrainian government websites on January 13th, 2022. Both the US and the UK assessed that Russian military cyber operators deployed the WhisperGate malware against Ukraine, along with other destructive malware.
Healthcare Proofpoint researchers identified a novel malware variant, dubbed Nerbian RAT, that utilises significant anti-analysis and anti-reversing capabilities. The malware is spread through phishing emails that leverage COVID-19 and World Health Organization themes. The campaign was first identified on April 26th, 2022, and targets entities in Italy, Spain, and the United Kingdom.
Technology A recently disclosed remote code execution vulnerability in F5 BIG-IP devices has been used in destructive attacks that attempt to erase a device’s file system and make the server unusable. The majority of other attacks have aimed to drop webshells for initial access to networks, steal SSH keys, and enumerate system information. The critical flaw, tracked as CVE-2022-1388, was patched on May 4th, 2022, and soon after multiple exploits were made public by researchers. 
Banking & Finance A new credit card stealing service, dubbed Caramel and believed to be in operation since at least December 2020, is increasingly growing in popularity. The service was discovered by Domain Tools, which states the platform is operated by a Russian cybercrime group named CaramelCorp. The service supplies subscribers with a skimmer script, deployment instructions, and a campaign management panel, which provides threat actors with everything needed to launch their own credit card stealing campaign. The sellers claim that Caramel can bypass protection services from Cloudflare, Akamai, Incapsula and more. A variety of obfuscation techniques are also offered to subscribers to help evade detection.

News and information concerning each mentioned industry over the last week.

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

This website uses cookies.
See our privacy policy at www.silobreaker.com/legal