Weekly Cyber Digest

14 July 2022

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Trending Vulnerable Products

Open Source
Name Heat 7
Azure Site Recovery
Siemens SIMATIC
Windows Print Spooler
IBM QRadar
SAP BusinessObjects
Deep & Dark Web
Name Heat 7
PancakeSwap
Instagram
Assassin’s Creed
Ubuntu
Far Cry

The tables show the products which have been mentioned more than usual during the last week in connection with vulnerabilities.

Data Leaks & Breaches

Leaks & Breaches
Company Information Affected
Khuzestan Steel Company (Iran) On July 7th, 2022, Gonjeshke Darande posted a 19.76GB cache of data allegedly exfiltrated from multiple steel facilities during a recent attack. The data allegedly contains corporate documents that reveal affiliations with the Iranian Islamic Revolutionary Guard Corp, as well as an image that appears to be the inside of a steel facility. Unknown
Water Resource Department (India) The servers of Goa’s flood monitoring system were targeted in an Eking ransomware attack on June 21st, 2022. The department can no longer access its data related to battery voltages of different stations and data packets related to 12 stations. Unknown
Lamoille Health Partners (US) The company was added to the BlackByte ransomware leak site, along with two folders. The leaked data includes accounting and billing-related files, as well as protected health information such as names, dates of birth, Social Security numbers, and medical issues. Unknown
Gateway Rehab (US) BlackByte ransomware actors leaked over 4GB of data from the company. This includes internal business documents, spreadsheets with patient information, and files with personal information on individuals enrolled in community treatments programs. Unknown
La Poste Mobile (France) The company suffered a ransomware attack that paralysed its administrative and management services. The attacker may have accessed customer data. The LockBit Gang added the company to its leak site on July 8th, 2022. Unknown
Mangatoon (Hong Kong) The company suffered a data breach in May 2022 that exposed information of user accounts. This includes names, email addresses, genders, social media account identities, authentication tokens from social logins, and salted MD5 password hashes. The hacker Pompompurin claimed to have stolen the information from an Elasticsearch server. 23,000,000
Carolina Behavioral Health Alliance (US) The company suffered a ransomware attack on March 19th, 2022. Potentially compromised data includes children’s names, addresses, health plan ID numbers, Social Security numbers, and more. Unknown
Florida Birth-Related Neurological Injury Compensation Association (US) The company notified individuals of a data breach after two employees’ email accounts were compromised. It is not clear what data may have been involved. Unknown
Child & Family Services Inc (US) The company suffered a data breach that occured between November 16th and 18th, 2021. Other than names, the company did not specify what data was involved. 1,681
North American Spine Society (US) Personal information may have been accessed in a cybersecurity incident that the company learned about on February 13th, 2022. Potentially compromised data includes name, address, Social Security number, driver’s license number, government-issued ID number, and financial and health insurance information. >345
Phoenixville Hospital (US) The hospital discovered that multiple patients’ electronic medical records were accessed by an employee without legitimate reason between October 2021 and May 1st, 2022. Possibly compromised information includes names, dates of birth, dates of encounter, diagnoses, and more. In some cases, partial Social Security numbers, medical insurance company, and identification numbers were also viewed. Unknown
Cheyenne Regional Medical Center (US) A former employee of the medical centre inappropriately accessed the personal health records of several patients between August 31st, 2020, and May 26th, 2022. Possibly viewed data includes names, dates of birth, Social Security numbers, dates of service, medical record numbers, and more. Unknown
Lending Tree LLC (US) Some sensitive, personal information was subject to unauthorised disclosure between February and June 2022. Potentially compromised information includes full names, dates of birth, street addresses, and Social Security numbers. Two dark web forum users have posted a database allegedly taken from the company that contains additional information like loan type, credit profile score, military status, and more. 200,643
Chef’s Toys (US) An unauthorised party accessed customer information between November 12th, 2021, and April 26th, 2022. Compromised information includes names and credit and debit card numbers. Unknown
Associated Eye Care Partners LLC (US) An unauthorised actor had access to patient information, including names, addresses, Social Security numbers, and medical history. The breach stemmed from the 2020 ransomware attack against the firm’s third-party vendor, Netgain Technology. Unknown
Family Practice Center PC (US) An unauthorised person may have accessed personal information, including names, addresses, medical insurance information, and health and treatment information. While patient medical records were not involved, a small group of patients had their Social Security numbers exposed as well. Unknown
Gloucester Council (UK) A December 2021 ransomware attack exposed residents’ personal information. This includes signatures, addresses, national insurance numbers, bank details, and driving licenses. Unknown
Mattituck-Cutchogue School District (US) On July 6th, 2022, the school district in the state of New York was targeted in a ransomware attack that potentially caused a data breach. Unknown
Bandai Namco (Japan) The company confirmed it suffered a cyberattack on July 3rd, 2022, in which customers’ personal data may have been stolen. Bandai was recently listed as a victim on the ALPHV ransomware leak site. Unknown
Locally (US) Two open databases referencing the company were found, one of which contain over 47 million error logs. Exposed data includes system repositories, link structures, and pathways to multiple CSV documents or spreadsheet files. Sensitive customer and partner data, such as emails, phone numbers, and addresses, invoice information, order confirmations, and more, are also exposed. Unknown

Threat Actor mentions in Critical Infrastructure

Time Series

This chart shows the trending threat actors related to Critical Infrastructure within a curated list of cyber sources over the past week.

Weekly Industry View

Industry View
Industry Information
Critical Infrastructure The Lithuanian energy company Ignitis Group was targeted in the ‘biggest cyberattack in a decade’, with numerous distributed denial-of-service (DDoS) attacks aimed at it. The attacks caused disruptions to its digital services and websites, but no breaches were reported. The pro-Russian hacker group Killnet claimed responsibility.
Technology QNAP warned that a new ransomware, dubbed Checkmate, is being used to target network attached storage (NAS) devices. The attacks focus on internet-exposed devices with the SMB service enabled, or accounts with weak passwords that can easily be brute-forced.
Banking & Finance Segurança Informática identified renewed activity from the Anubis Network, with users in Brazil and Portugal being targeted since March 2022. The network is a C2 portal used to control fake banking portals with the aim of stealing credentials. At least 12 banks operating in Portugal are being impersonated, including Abanca, Banco BPI, Banco CTT, and Santander.
Government Trellix researchers discovered a malicious campaign targeting government agencies in Afghanistan, India, Italy, Poland, and the United States. The campaign delivers a remote access trojan (RAT), such as AsyncRAT and LimeRAT, to exfiltrate data. The first wave of attacks was discovered in March and April 2021, while the most recent attacks occurred in late March 2022.
Education Cisco Talos researchers discovered the suspected Pakistan-linked advanced persistent threat (APT) group Transparent Tribe targeting educational institutions and university students in India since December 2021. The APT previously focused on government or military entities, with the new campaign suggesting the group is actively expanding its network of victims, including civilians. The ongoing campaign involves the delivery of CrimsonRAT via spear phishing emails.

News and information concerning each mentioned industry over the last week.

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Silobreaker
This website uses cookies.
See our privacy policy at www.silobreaker.com/legal