Weekly Cyber Digest

21 April 2022

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Trending Vulnerable Products

Open Source
Name Heat 7
Oracle MySQL
Beanstalk DeFi Platform
7-Zip
Juniper Junos OS
Windows Print Spooler
Deep & Dark Web
Name Heat 7
Apple iOS
7-Zip
Microsoft Windows
Elementor
Ledger Nano S

The tables show the products which have been mentioned more than usual during the last week in connection with vulnerabilities.

Data Leaks & Breaches

Leaks & Breaches
Company Information Affected
MetroHealth System (US) On November 13th, 2021, patient records were unintentionally disclosed while the healthcare provider’s electronic medical records system was being upgraded. Potentially compromised information includes patient names, care provider names, and appointment details. 1,700
Nordex Group (Germany) On March 31st, 2022, a cybersecurity incident was detected, and multiple IT systems shut down. On April 14th, 2022, Conti ransomware operators claimed responsibility for the attack. Unknown
Touchstone Medical Imaging (US) A data breach occurred in December 2021. Compromised information includes names, addresses, Social Security numbers, medical information, and health insurance information. 46,799
Blue Earth County (US) An employee accessed the private information of individuals between June 5th, 2020 and May 24th, 2021. Potentially compromised information includes names, addresses, medical history, and Social Security numbers. 222
Home Office (UK) The visa service has apologised for a data breach that occurred on April 7th, 2022, after the email addresses of numerous individuals were mistakenly copied into an email. 170
CMG Mortgage Inc (US) On March 18th, 2022, the company discovered that an unauthorised party may have gained access to some customers’ information. Potentially compromised information includes names, addresses, dates of birth, Social Security numbers, driver’s licence numbers, bank account numbers, and loan application numbers. Unknown
Royal Spanish Football Federation (Spain) Data was stolen during a cyberattack. This includes documents and information from email accounts, and private texts and audio conversations from top executives of the federation, including president Luis Rubiales. Unknown
Contra Costa County (US) Unauthorised access to certain employee accounts occurred between June 24th and August 12th, 2021. Possibly compromised information includes names, Social Security numbers, driver’s licence or state issued identification numbers, financial account numbers, and more. Unknown
Newman Regional Health (US) Unauthorised access to a limited number of employee email accounts occurred between January 26th and November 23rd, 2021. Possibly exposed information includes names, dates of birth, physical and email addresses, health insurance information, and more. 52,000
McDonald’s (Costa RIca) A data breach affecting customers occurred after a provider was compromised by hackers. Potentially exposed information includes names, marital status, addresses, emails, document identity numbers, and phone numbers. Unknown
Ministry of Finance (Costa Rica) Historical data from the General Directorate of Customs was exposed following a Conti ransomware attack.The attackers allegedly stole 1TB of data, which they have threatened to release on April 23rd, 2022. Unknown
Arnprior Regional Health (Canada) Unauthorised access to their IT systems was discovered on December 21st, 2021. The incident is thought to have also affected its non-profit organisation, Arnprior and District Family Health Team (ADFHT). Data was compromised but the Electronic Health Record systems were not impacted. Unknown
United Government of Wyandotte County and Kansas City (US) The county office’s data centres were subject to a cyberattack on the weekend of April 16th, 2022. Efforts are ongoing to determine what, if any, data was impacted. Unknown
Lower Makefield Township (US) Ransomware was discovered on their systems in the week of April 11th, 2022. Multiple systems were impacted, including email. Unknown
Sri Lanka Bureau of Foreign Employment Hacking group Lulz Security Sri Lanka claimed to have hacked the online database. The group published a link to download what they allege to be email, password, and user details. Unknown

Attack Type mentions in Critical Infrastructure

Time Series

This chart shows the trending attack types related to Critical Infrastructure within a curated list of cyber sources over the past week.

Weekly Industry View

Industry View
Industry Information
Healthcare The United States Department of Health and Human Services (HSS) Cybersecurity Program warned the healthcare sector of the threat from the ‘exceptionally aggressive’ Hive ransomware group. The warning comes following the group’s frequent targeting of the sector. In total, Hive has claimed attacks on approximately 355 companies within 100 days of operations. HSS urges provider organisations to bolster preventative security measures and adopt an aggressive proactive strategy to defend against Hive ransomware.
Banking & Finance The US Federal Bureau of Investigation warned of an ongoing phishing and social engineering campaign in which users are sent text messages made to appear as a bank fraud alert. Users are asked to initiate an instant money transfer using digital payment applications, which are ultimately hijacked by the attackers. The attackers are often in possession of the victim’s address, Social Security number, and last four digits of their bank accounts.
Cryptocurrency On April 17th, 2022, the decentralised, credit-based finance system Beanstalk lost $182 million in a flash loan attack, including $80 million in cryptocurrency assets. The hacker drained all of the protocol’s funds to a private Ethereum wallet. The incident resulted in the Beanstalk market being compomised and the value of its BEAN stablecoin to collapse.
Government Ukraine’s Computer Emergency Response Team detected new hacker campaigns targeting government agencies with attacks exploiting a Zimbra flaw and phishing attacks distributing IcedID malware. The IcedID campaign is attributed to UAC-0041, who also deploy the GzipLoader malware. A second campaign attributed to UAC-0097, involved emails sent to government agencies in Ukraine that contain malicious image attachments.
Critical Infrastructure Cybersecurity authorities from the United States, Australia, Canada, New Zealand, and the United Kingdom warned that evolving evidence indicates the Russian government is exploring options for potential cyberattacks. Potential cyber threats include destructive malware, ransomware, distributed denial-of-service attacks, and cyber espionage. Included in the advisory are technical details on malicious cyber operations by actors associated with the Russian government, which include Berserk Bear, APT29, APT28, Sandworm Team, Temp.Veles, Primitive Bear, Nobelium and Venomous Bear. Additional Russian-aligned cybercrime groups that pose a threat to critical infrastructure organisations include CoomingProject, Killnet, Mummy Spider, Salty Spider, Scully Spider, Smokey Spider, Wizard Spider, and The XakNet Team.

News and information concerning each mentioned industry over the last week.

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Silobreaker
This website uses cookies.
See our privacy policy at www.silobreaker.com/legal