Weekly Cyber Digest

14 April 2022

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Trending Vulnerable Products

Open Source
Name Heat 7
EMC Isilon OneFS
MariaDB
VMware Workspace One Access
Windows Common Log File System
Cisco IOS XE
Deep & Dark Web
Name Heat 7
VMware Horizon
CMS Made Simple
Nginx
Adobe Acrobat
Spring Framework

The tables show the products which have been mentioned more than usual during the last week in connection with vulnerabilities.

Data Leaks & Breaches

Leaks & Breaches
Company Information Affected
First Choice Community Healthcare (US) Hive ransomware claimed an attacked on March 28th, 2022. They provided archived files containing patient-related information, financial, information, and personnel and HR-related files as proof. Unknown
McKenzie Health System (US) Avos Locker added the hospital to their leak site on April 7th, 2022. The threat actors offered some proof of claim, which included one file containing health insurance information. Unknown
North Carolina AT&T University (US) A cybersecurity breach between March 7th and March 11th, 2022, affected multiple systems. The university appeared on the ALPHV ransomware darknet site prior to disclosure. Unknown
Bet9ja (Nigeria) BlackCat ransomware targeted the site in a sophisticated attack. The site claims the attackers have already demanded a ransom, but insists they will never accept their conditions. Unknown
Weatherford ISD (US) A breach disclosed on March 31st, 2022, possibly compromised addresses and Social Security numbers. 1,254
Tuloso-Midway ISD (US) A data breach reported on March 3rd, 2022, reportedly involves names, Social Security numbers, and financial information. 637
FOX News (US) An open and non-password protected database exposed 12,976,279 records, totaling 58GB of data. Potentially compromised information includes internal FOX emails, usernames, employee ID numbers, host names, IP addresses, and more. Unknown
SuperCare Health (US) Unauthorised activity on their systems occurred between July 23rd and July 27th, 2022. Potentially compromised information includes names, addresses, dates of birth, patient account numbers, health insurance information, treatment information, and more. 318,379
Northern Ireland Trust Ford The vehicle dealer is believed to have been targeted by Conti ransomware operators in a recent attack that impacted the company’s internal systems. The Information Commissioner’s Office is now investigating the attack. Unknown
Wellstar Health System (US) An unauthorised individual gained access to two email accounts between December 6th, 2021, and January 3rd, 2022. Possibly exposed patient information includes names, medical record numbers, unique account numbers, and laboratory information. Unknown
Snap-On (US) Unusual activity was detected in some areas of its information technology environment in March 2022. Potentially exposed information includes names, Social Security numbers, dates of birth, and employee identification numbers. Conti ransomware operators claimed responsibility for the attack after they began to leak almost 1GB of allegedly stolen files in mid-March. Unknown
Unknown AppCensus researchers discovered 11 apps on Google Play which contained a software development kit that sent private information to a third party. Data such as a phone’s unique IMEI identification numbers, clipboard data, GPS information, email, and phone numbers were sent to the servers of Panama-based Measurements Systems. Some of the apps have been downloaded more than 10 million times. Google subsequently removed the malicious apps from the Play Store. Unknown
Whitefish School District (US) An employee fell victim to a social engineering attack that enabled an attacker to access systems containing personal information. Possibly compromised information includes names, addresses, and Social Security numbers. 1,663
Black River Falls School District (US) On April 7th, 2022, an incident involving unauthorised access to the district’s IT network resulted in all classes being cancelled the following day. The Wisconsin district had no access to attendance, medication records, family contact information, or court orders. All network devices were also unavailable due to an ongoing investigation. Unknown
Ballad Health (US) An unauthorised user accessed an employee email account on or around January 13th, 2022, for a limited amount of time. Potentially compromised information on patients includes names, addresses, dates of birth, medical history, medical record numbers, and more. Unknown
SummaCare (US) The health insurance provider discovered a misconfiguration in a computer system that allowed certain documents to be accessible via the internet between November 19th, 2021, and February 7th, 2022. Possibly compromised information includes names, health insurance ID numbers, patient account numbers, and more. 1,000
EMC National Life Company (US) The company suffered a security incident between December 28th and December 30th, 2021, that caused personal information to be acquired from its network. Potentially exposed information includes names, dates of birth, Social Security numbers, financial account and payment card information, medical information, and more. Unknown
Bernards Township School District (US) Personal information may have been exposed after unauthorised access occurred on April 6th, 2021. Certain files and folders were removed in the incident. Possibly compromised information includes names, dates of birth, Social Security numbers, driver’s licence, and more.  Unknown
Panasonic Canada Panasonic’s Canadian operations were hit by Conti ransomware in Feburary 2022. The attackers allegedly stole over 2.8GB of data including internal files, spreadsheets and documents belonging to the HR and acounting departments. Unknown
Florida International University (US) AlphaV ransomware operators added the university to their leak site, claiming to have exfiltrated 1.2TB of data. This allegedly includes the personal information of students and teaching staff, including confidential data, Social Security numbers, contacts, and more. Unknown
Ermenegildo Zegna (Italy) On April 11th, 2022, the company confirmed an extensive IT systems outage in August 2021 was the result of a ransomware attack. RansomEXX claimed responsibility for the attack back in August 2021, adding 10.74GB of allegedly stolen data to their leak site in password-protected ZIP files. Zegna confirmed the authenticity of the data. Unknown
Christie Clinic (US) An unauthorised actor gained access to a business email account between July 14th and August 19th, 2021. The number of affected patients has since been confirmed. 502,869
Mandurai Meenakshi Amman Temple (India) On April 10th, 2022, individuals registering to attend the annual Chithirai festival had their data leaked via an email sent to those who registered on the temple’s website. The compromised data includes names, contact details, addresses, and ID proofs. 9,000
CitySprint (UK) Sensitve personal data of couriers may have been comrpomised after a malicious third party attempted to access data from their courier management platform. This includes photos of driving licences, vehicle pictures, and records of weekly earnings. Unknown

Ransomware mentions in Healthcare

Time Series

This chart shows the trending ransomware related to the Healthcare industry within a curated list of cyber sources over the past week.

Weekly Industry View

Industry View
Industry Information
Banking & Finance ThreatFabric researchers discovered a new Android trojan malware strain, named ExobotCompact.D, that was introduced in November 2021. The researchers uncovered that the Octo Android Botnet had been rebranded to ExobotCompact, with five different actors believed to be behind Octo. ExobotCompact.D’s latest activity involves distributing multiple malicious apps on Google Play Store. The apps have been installed more than 50,000 times and targeted financial institutions globally, both in generic campaigns with many targets, and in narrow campaigns throughout Europe. Some of the campaigns also distributed other malware, including GymDrop, Alien.A and Xenomorph.A.
Technology Trend Micro researchers observed the Spring4Shell vulnerability in the Spring Framework being actively exploited to weaponise and execute the Mirai botnet malware.The activity primarily occurred in Singapore and was first observed in the beginning of April 2022. Exploitation of the flaw allows threat actors to download the Mirai sample to a specific folder and execute the malware after changing permissions.
Cryptocurrency KrebsOnSecurity detailed how many seemingly disparate cryptocurrency scams are all connected through the same hosting provider, Cryptohost. The connection was identified when analysing an ongoing cryptocurrency scam involving a video featuring Elon Musk, Cathy Wood, and Jack Dorsey that was made to look like a live YouTube transmission. The scam promises contributors it will double the amount of cryptocurrency that is sent to an advertised platform imitating ARK Invest. The now-offline site was found to have a common IP address previously used by hundreds of newly-minted cryptocurrency scam domains, including one imitating Coinbase. The DNS records from the fraudulent Coinbase site showed it was hosted at Cryptohost.
Government On April 8th, 2022, the websites of the Finnish Ministry of Defence and Finnish Ministry of Foreign Affairs were taken offline following distributed denial-of-service (DDoS) attacks. Later that day, the Finnish government confirmed the issues had been resolved, and both websites were operational. The identity of the attackers remain unknown, however suspicions likely point to Russian threat actors.
Critical Infrastructure On April 8th, 2022, the Computer Emergency Response Team of Ukraine and ESET researchers remediated an attempted cyberattack from advanced persistent threat group, Sandworm, against high-voltage electrical substations in Ukraine. The attackers used a new version of the Industroyer malware, dubbed Industroyer2, as well as the data-wiping malware ORCSHRED, SOLOSHRED, and AWFULSHRED. The campaign also deployed a new version of CaddyWiper that used a new loader named ARGUEPATCH.

News and information concerning each mentioned industry over the last week.

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Silobreaker
This website uses cookies.
See our privacy policy at www.silobreaker.com/legal