Weekly Cyber Digest

16 June 2022

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Trending Vulnerable Products

Open Source
Name Heat 7
Snapdragon Mobile
Apple M1
SINEMA Remote Connect Server
Qualcomm Snapdragon
Android 12
Deep & Dark Web
Name Heat 7
Microsoft PowerPoint
Europa Universalis
ChromeBook
Comodo Dragon
Apple M1

The tables show the products which have been mentioned more than usual during the last week in connection with vulnerabilities.

Data Leaks & Breaches

Leaks & Breaches
Company Information Affected
Goodman Campbell Brain and Spine (US) Hive ransomware added the company to its leak site on June 8th, 2022. Certain files provided as proof included personal and financial information on doctors, passwords for important accounts, and information on named patients. Unknown
TheTruthSpy (Vietnam) Data collected by the stalkerware app is freely available on the company’s website, with the data also dumped on a Tor onion service. Among the exposed data are images of children. Unknown
Mobike (China) An unprotected Amazon storage bucket exposed unencrypted data on users in Latin America dating back to 2017. Included in the exposed data are 120,000 passports, driver’s licences, and identification documents. Customer selfies and signatures for user identity verification were also exposed. Unknown
Ellsworth (US) The city was hit by ransomware on June 2nd, 2022. It remains unknown if or what personal information may have been accessed. Unknown
MyEasyDocs (India) A data breach in a Microsoft Azure cloud account exposed 30.5GB of data since April 25th, 2016. Possibly compromised data on students in India and Israel includes names, subject majors, national ID and university registration numbers, dates of graduation, grades, email addresses, and phone numbers.  ~54,700
OnDeck (US) Unauthorised access occurred on March 10th, 2022, during which the attacker transferred sensitive data to a private cloud storage. Potentially compromised information includes names, Social Security numbers, tax ID numbers, driver’s licence and passport numbers, financial account information, and more. Unknown
AdviceOne LLC (US) Unauthorised access to its network occurred between February 23rd and March 5th, 2022. Potentially exposed information includes names, dates of birth, Social Security numbers, driver’s licence numbers, bank account information, and usernames and passwords. 7,008
MCG Health (US) On March 25th, 2022, an unauthorised party obtained personal information of patients and members, including names, Social Security numbers, medical codes, postal addresses, telephone numbers, email addresses, dates of birth, and gender. Unknown
Tehama County Social Services (US) Quantum threat actors leaked certain company data on their dark web site that allegedly includes financial information, budgets, birth certificates, personal medical information, confidential documents, and more. Unknown
Yuma Regional Medical Center (US) The hospital experienced a ransomware attack during which a subset of files was removed from its systems. Potentially exposed data includes names, Social Security numbers, health insurance information, and limited medical information. ~700,000
Choice Health (US) On May 7th, 2022, an unauthorised individual accessed and stole certainf files from an unsecured database. Potentially compromised data includes names, Social Security numbers, dates of birth, addresses and contain information, health insurance information, and Medicare beneficiary identification numbers. Unknown
Aesto Health (US) An unauthorised actor gained access to the company’s systems between December 25th, 2021, and March 8th, 2022. Data from patients of the Oscealo Medical Center (OMC) was involved, including names, dates of birth, physician names, and report findings related to radiology imaging at OMC. Unknown
Shoprite Group (South Africa) On June 10th, 2022, the company became aware of a suspected data compromise which potentially affected some customers who engaged in money transfers to and within Eswatini, and within Namibia and Zambia. The incident reportedly involved names and ID numbers. Unknown
Val Verde Regional Medical Center (US) Cyber criminals accessed or acquired confidential files that contained personally identifiable information. This includes names, Social Security numbers, dates of birth, medical information, health insurance information, and other personal information. 86,562
Travis CI Tens of thousands of user tokens were exposed via the Travis CI API, which allows anyone to access historical clear-text logs. Over 770 million logs of free tier users are available, which can be used to extract tokens, secrets, and credentials for cloud service providers. Unknown
National Registration Department and MySejahtera (Malaysia) An open-source intelligence tool can allegedly be used to search for the personal information of Malaysians. This includes MyKad numbers, addresses, phone numbers, voting details, vehicle ownership histories, and JPJ and police summons history. The website supposedly uses the same database belonging to Malaysia’s National Registration Department which was leaked in May 2022. Unknown
Kaiser Permanente (US) Unauthorised email access occurred on April 5th, 2022. Possibly exposed data includes first and last names, medical record numbers, dates of service, and lab test result information. 69,589
PM Kisan (India) A vulnerable endpoint on the website of the government-funded income support scheme exposed the Aadhaar numbers of all farmers based on region. 110,000,000
The Allison Inn & Spa (US) ALPHV ransomware operators claimed to have stolen 112GB of data from the Oregon hotel. Potentially compromised employee data includes names, Social Security numbers, dates of birth, phone numbers, and email addresses. Customer guest data is also thought to be involved, including names, arrival dates, and stay costs. >1,500
Uganda Securities Exchange A misconfigured database exposed over 32GB of data that allegedly belonged to the exchange’s portal. This includes names, usernames, addresses, dates of birth, access tokens, plaintext passwords, bank details, and more. Unknown
Multiple Government Organisations (Belarus) On June 14th, 2022, the hacktivist group Cyber Partisans of Belarus released alleged wiretapped audio of foreign embassies, consulates, and other calls in Belarus. The calls were reportedly secretively gathered by the Belarusian Ministry of Internal Affairs, who the group claimed to have hacked in 2021. A group representative stated they possess around 1.5TB of voice calls, equal to 50,000 hours of recordings. Unknown
University of Pisa (Italy) On June 11th, 2022, the BlackCat ransomware group listed the university as a victim. It remains unknown what data may be involved. Unknown
Montrose Environmental Group Inc (US) On the weekend of June 11th, 2022, the company was targeted in a ransomware attack. The company does not believe their backup data and cloud-based enterprise systems, including email, were affected. Unknown
StoreHub (Malaysia) An unsecured Elasticsearch server belonging to the company contained over 1TB of data, amounting to over 1.7 billion records. Exposed data of customers and businesses includes full names, phone numbers, physical addresses, email addresses, partially masked credit card information, store names, and more. Unknown
BeanVPN (Romania) An open Elasticsearch database contained 18.5GB of connection logs generated by the app. The dataset had over 25 million records, including user device and Play Service IDs, IP addresses, connection timestamps, and other diagnostic information. Unknown

Malware mentions in Government

Time Series

This chart shows the trending malware related to Government within a curated list of cyber sources over the past week.

Weekly Industry View

Industry View
Industry Information
Technology Wide-spread exploitation attempts of the critical Atlassian Confluence flaw, tracked as CVE-2022-26134, continue to be observed. Among the adversaries are AvosLocker and Cerber2021 ransomware operators, DEV-0234, and DEV-0401. Other attacks have involved the deployment of various malware, including cryptocurrency miners, Cobalt Strike, malicious web shells, and Mirai and Kinsing botnets.
Cryptocurrency In March 2022, Confiant identified a cluster of activity, dubbed SeaFlower, that distributes backdoored versions of popular web3 wallets that exfiltrate seed phrases. Among the targeted wallets are Coinbase, MetaMask, TokenPocket, and imToken. The malicious wallets are distributed via fake cloned websites that are typically accessed through search engines, particularly Chinese ones like Baidu. More effort appears to have been put into the iOS versions, with provisioning profiles, automatic deployment and sophisticated backdoor code used to sideload the apps.
Retail IBM identified five squatting domain registrations impersonating AliExpress. The domains, all registered with GoDaddy, are likely used to steal login credentials. WhoisXML API identified a further 13,737 domains and subdomains impersonating AliExpress, Amazon, Avito, eBay, Etsy, Rakuten, and Walmart. The domains were all newly registered between May 1st and June 1st, 2022, with 960 resources flagged as malicious. 
Government DragonForce Malaysia hacked and defaced over 70 Indian government and private websites. The group reportedly defaced the websites in response to recent comments made about Prophet Muhammad by former Bharatiya Janata Party members Nupur Sharma and Naveen Kumar Jindal. Its messages also called on hackers and activists globally to start a campaign against India.
Banking & Finance F5 Labs identified a new Android banking trojan, dubbed MaliBot. It currently targets customers in Spain and Italy, though a broader targeting is likely to be added eventually. The malware is spread via supposed cryptocurrency apps. MaliBot appears to be a heavily modified version of SOVA, with some changes in functionality, targets, C2 servers, domains, and packing schemes. The malware steals financial information, credentials, cryptocurrency wallets, and personally identifiable information.

News and information concerning each mentioned industry over the last week.

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Silobreaker
This website uses cookies.
See our privacy policy at www.silobreaker.com/legal