Weekly Cyber Digest

19 May 2022

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Trending Vulnerable Products

Open Source
Name Heat 7
Aruba ClearPass Policy Manager
Apple watchOS
Apple iPadOS
VMware vRealize Automation
Apple tvOS
Deep & Dark Web
Name Heat 7
OpenSSL
CPython
FreeBSD
F5 BIG-IP
Synapse X

The tables show the products which have been mentioned more than usual during the last week in connection with vulnerabilities.

Data Leaks & Breaches

Leaks & Breaches
Company Information Affected
Cameron County (US) An unauthorised individual gained access to files in the Easy Vote online storage system in January 2022. The files contained personally identifiable information, including names, Social Security numbers and driver’s licence numbers. Unknown
Yik Yak (US) The app exposed the GPS coordinates of all posts and comments of users, as well as user IDs. Combining the two puts millions of users at risk, as such data could be used to de-anonymise users. ~ 2,000,000
Refuah Health Center (US) Unauthorised access to its network occurred between May 31st and June 1st, 2021. Possibly compromised data includes names, Social Security numbers, driver’s licence numbers, dates of birth, bank and financial account information, credit or debit card information, and more. 260,740
Quantum Imaging & Therapeutic Associates (US) A data security incident was detected on October 7th, 2021. Possibly compromised data on patients includes names, mailing address, dates of birth, Social Security numbers, and protected health information. Unknown
Schneck Medical Center (US) On September 29th, 2021, an unauthorised party removed one or more files containing protected health information on certain patients. Possibly compromised information includes names, addresses, dates of birth, medical record numbers, health insurance information, Social Security numbers, financial account information, and more. Unknown
Cincinnati (US) Between April 8th and April 19th, 2022, the Ohio city accidentally posted the personal information of current and former city employees online. Exposed information includes names, addresses, insurance information, and, in some cases, Social Security numbers. 2,000
PT Rea Kaltim Plantations (Indonesia) Anonymous Group leaked around 314,044 emails allegedly stolen from the company’s database on DDoSecrets. Unknown
Banco Bradesco Financiamentos (Brazil) The Banco Bradesco subsidiary detected an incident on May 13th, 2022, which may have allowed unauthorised viewing of financing contracts. The contracts of around 53,000 clients are thought to be affected. Unknown
Multiple Companies (Russia) Anonymous released data archives containing emails allegedly stolen from multiple entities as part of the OpRussia campaign. These include SOCAR Energoresource, the Achinsk City Government, the Polar Branch of the Russian Federal Resarch Institute of Fisheries and Oceanography, and the Port and Railway Projects Service of JSC UMMC. Unknown
Averly (South Africa) On May 9th, 2022, the platform suffered a data breach following a ransomware attack against a third-party supplier. Compromised customer data includes names and surnames, email addresses, identification numbers, residential addresses, and login information for Averly and the Tenant Profile Network. Unknown
CHRISTUS Health (US) Unauthorised access in one of its regions was identified in early May 2022. AvosLocker ransomware claimed responsibility, leaking data allegedly stolen in the incident. Potentially compromised data inlcudes names, dates of birth, phone numbers, health insurance information, and more. Unknown
Shaker Heights City School District (US) A data security incident was discovered on January 30th, 2022, but began as early as September 1st, 2021. Data was exfiltrated by the attackers, including names and Social Security numbers. 3,725
Parker-Hannifin (US) The company suffered a data breach between March 11th and March 14th, 2022. In April 2022, Conti ransomware claimed an attack against the company and released 419GB of allegedly stolen data, including full names, Social Security numbers, dates of birth, home addresses, driver’s licence numbers, and more. Unknown
Elgin County (Canada) Personal information was compromised in a recent cybersecurity incident that knocked out the county’s website and email system for most of April 2022. On May 3rd, 2022, the county was informed that the information had been dumped on the dark web. Dumped data includes health card numbers, social insurance numbers, and financial information. 330
Mercyhurst University (US) LockBit 2.0 added the university to its leak site on May 17th, 2022. The attackers threatened to publish 300GB of allegedly stolen data if a ransom deadline of May 22nd was not met. Unknown
Bank of Zambia On May 9th, 2022, the bank was targeted in Hive ransomware attack. Hive claimed to have encrypted the bank’s network attached storage device. The bank has refused to pay the ransom. Unknown
Behavioral Health Partners of Metrowest (US) Unauthorised access of their systems took place between September 14th and September 18th, 2021. Possibly compromised information includes names, Social Security numbers, dates of birth, medical information, health insurance information, and more. 11,288
Allwell Behavioral Health Services (Canada) Data allegedly belonging tothe company was leaked on a dark web leak site on April 4th, 2022. The attackers claim to have exfiltrated a total of 200GB of data. Included in the leaked data are names, dates of birth, phone numbers, prescription information, medical conditions, and health insurance information. 330
National Registration Department (Malaysia) A 160GB database supposedly belonging to the department is currently advertised for sale on a forum. JPN’s dataset contains personal information of Malaysians born between 1940 and 2004, including names, IC numbers, addresses, dates of birth, gender, and more. The Ministry of Home Affairs has denied the alleged data leak. Initial findings from an ongoing investigation suggest that the data was obtained from different sources. 22,500,000
Michigan Avenue Immediate Care (US) Hackers identified as Targetware Team allegedly stole over 580GB of personal ifnormation on patients in December 2021. Possibly exposed information includes names, dates of birth, addresses, Social Security numbers, and more. 43,000

Threat Actor mentions in Banking & Finance

Time Series

This chart shows the trending threat actors related to Banking & Finance within a curated list of cyber sources over the past week.

Weekly Industry View

Industry View
Industry Information
Technology Microsoft researchers discovered a new variant of the Sysrv botnet, dubbed Sysrv-K, that has been upgraded with new capabilities. This includes exploiting vulnerabilities in the Spring Framework and WordPress in order to deploy cryptomining malware on vulnerable Windows and Linux servers. The exploited vulnerabilities, all of which have been patched, include old flaws in WordPress plugins, as well as newer flaws such as CVE-2022-22947 in the Spring Cloud Gateway Library. Sysrv-K scans for WordPress configuration files and their backups to steal database credentials, later used to take over the web server.
Cryptocurrency Sophos researchers identified a number of fraud rings conducting ‘liquidity mining’-themed scams. The complexity of the legitimate form of cryptocurrency-based decentralised finance is used by cybercriminals as a cover for a variety of scams that promise extraordinary returns on investments. The identified rings operate primarily from China. They use a mixture of fraudulent blockchain contracts, websites, and applications on both Android and iOS to conduct their activity.
Government The operators of Conti ransomware have escalated their threats in continued attempts to force the Costa Rican government to pay a ransom following a spate of attacks in April 2022. The group’s latest message attributes the intrusion to an affiliate named UNC1756The attackers claim to have an insider within the Costa Rican government, and are supposedly working on gaining access to other systems. The latest message additionally threatened to ‘overthrow’ the government through a cyberattack.
Critical Infrastructure Positive Technologies analysed a new hacker group, named Space Pirates, that began its activity no later than 2017. Their main goals are espionage and the theft of confidential information. Their victims are government agencies and IT departments, as well as aerospace and power enterprises in Russia, Georgia, and Mongolia. The Space Pirates’ toolkit includes unique downloaders, previously unobserved backdoors, and known malware, including MyKLoadClient, BH_A006, Deed RAT, Zupdax backdoor, PlugX, ShadowPad, Poison Ivy, and more.
Retail On May 13th, 2022, the Brazilian e-commerce company Americanas reported a loss of $183 million in sales following two cyberattacks. The attacks occurred between February 19th and 20th, 2022, and rendered the e-commerce operation unavailable. Lapsus$ Group was reportedly behind the attacks. Americanas stated that physical stores continued to operate, and that the logistics arm of the company continued to deliver orders placed after the incident.

News and information concerning each mentioned industry over the last week.

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Silobreaker
This website uses cookies.
See our privacy policy at www.silobreaker.com/legal