Upcoming Webinar – Tools and Tactics to solve the top 3 Open-Source Intelligence Challenges Learn More +

Weekly Cyber Digest

19 January 2023

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker.

Trending Vulnerable Products

Deep & Dark Web
Name Heat 7
Nmap
Linux Kernel
Fortinet FortiOS
Tatsu Builder
Windows 2000
Open Source
Name Heat 7
Oracle MySQL
Oracle Fusion Middleware
Oracle Linux
Oracle E-Business Suite
Apache Superset

The tables show the products which have been mentioned more than usual during the last week in connection with vulnerabilities.

Data Leaks & Breaches

Company Information Affected
Ontario’s Liquor Control Board (Canada) Malicious code embedded into the website stole customer’s data between January 5th, and January 10th, 2023. Potentially compromised data includes names, email and physical addresses, Aeroplan numbers, account passwords, and credit card information. Unknown
Royal Mail (UK) The company was hit by a cyberattack later confirmed as a LockBit ransomware attack. The LockBit operation alleged that they did not conduct the attack themselves, instead blaming the incident on other threat actors using their leaked builder. Unknown
Gen Digital (USA) A credential stuffing attack targeted Norton customer accounts on around December 1st, 2022. Compromised information includes names, phone numbers, and mailing addresses. The attackers may also have obtained details stored in the Norton Password Manager feature if a user’s Password Manager key is identical or similar to their Norton account password. Unknown
New York City Bar Association (US) CL0P ransomware added the organisation to their leak site on January 13th, 2023, claiming to be in possession of 1.8TB of data. Screenshots shared as proof include a portion of a file directory and passports. Unknown
Mail[.]ru (Russia) The company confirmed a data leak occurred in early 2022, attributing it to a third-party service. Amongst the compromised data are user IDs, names, email addresses phone numbers, and more. 3,500,000
City Council of Durango (Spain) The council was targeted in a ransomware attack on January 7th, 2023, that impacted computers and corporate email accounts. Unknown
Attorney General’s Office of Quintana Roo (Mexico) A file with 7,910 complaints was published on a popular hacking forum, including forms relating to the loss of documents, minor thefts, threats, and more. The hacker allegedly responsible claims they were able to obtain the entire database of complaints. Unknown
Government of Brazil On January 10th, 2023, GhostSec hackers claimed to have gained access to the governments webmail, allegedly acquiring 845MB of personal data, including IDs, passport information, emails, and more. Unknown
Home Care Providers of Texas (US) A ransomware attack occurred after hackers accessed and encrypted patient information between June 25th and June 29th, 2022. Compromised data includes names, addresses, dates of birth, Social Security numbers, certain medical information, and more. 124,363
University of Duisburg-Essen (Germany) Vice Society published data they claim to have stolen in a ransomware attack, first disclosed on November 28th, 2022. The files reportedly include student spreadsheets, research papers, and financial documents, although these have not been verified. Unknown
China Airlines Two data breaches in January 2023 reportedly exposed the private information of customers. Hackers released allegedly stolen data, although the airline asserted that the leaked data is not ‘completely consistent’ with the information recorded in its database. Unknown
Nissan North America The company disclosed a data breach after one of its third-party service providers exposed the data in an unsecured database. Nissan was first alerted by the vendor on June 21st, 2022. Compromised data includes full names, dates of birth, and Nissan finance account numbers. 17,998
myrocket[.]co (India) A publicly accessible database exposed 260GB of sensitive personal data of employees and job candidates. Potentially comrpomised data includes names, personal identification numbers, emails, phone numbers, bank details, dates of birth, and more. ~9,200,000
Multiple (US) Bay Bridge Administrators, Circle of Care, The Elizabeth Hospital, St Rose Hospital, and Mindpath Health disclosed breaches stemming from incidents in 2022. Potentially compromised data includes names, contact information, Social Security numbers, medical data, financial information, and more. 347,666
Mailchimp (US) An unamed threat actor gained access to 133 Mailchimp accounts. One affected customer, WooCommerce, was notified that names, store web addresses, and email addresses of its customers were compromised. Unknown

Malware mentions in Eduation

This chart shows the trending malware related to Education within a curated list of cyber sources over the past week.

Weekly Industry View

Industry Information
Cryptocurrency
MetaMask detailed a new attack vector, named Address Poisoning, that tricks cryptocurrency users into transferring funds to a scammer rather than the intended recipient. The scam leverages victims’ reliance on copying and pasting addresses, as each wallet has its own cryptographically-generated address formed as a long string of characters that is difficult to remember. The technique uses vanity address generators and relies on user error.
Healthcare
The United States Health Sector Cybersecurity Coordination Center warned of BlackCat and Royal ransomware operations targetting the sector. The ransomware-as-a-service BlackCat engages in triple extortion involving data theft and encryption, with leaks taking place on its dedicated site. Royal is now the most active ransomware operation, with the group engaging in double extortion involving data theft and encryption. It is known to conduct callback phishing attacks as well as attacks that leverage an encryptor masquerading as healthcare patient data.
Retail & Hospitality
The National Association of Independent Hotel and Restaurant Operators disclosed that around a dozen hotels in France, along with their customers, have been impacted by two cyberattacks that occurred via Booking[.]com. The attackers are sending emails with malware and contacting Booking[.]com customers directly in an attempt to steal their bank card information.
Technology
Microsoft researchers identified threat group DEV-0671 hacking Microsoft Exchange servers to deploy Cuba ransomware. The activity targets servers vulnerable to the critical server-side request forgery vulnerability, tracked as CVE-2022-41080, which can be exploited using a zero-day exploit dubbed OWASSRF. The OWASSRF exploit has been used in Play ransomware attacks since late November 2022.
Government
Fortinet researchers determined that threat actors are exploiting a critical vulnerability in FortiOS SSL-VPN appliances, tracked as CVE-2022-42475, to conduct highly targeted attacks against government or government-related targets. The attacks use a complex exploit consisting of custom implants and self-signed certificates to deliver a generic Linux implant customised for FortiOS. The threat actor used advanced capabilities to manipulate FortiOS logging, and is capable of reverse engineering various parts of FortiOS.

News and information concerning each mentioned industry over the last week.

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker.