On-demand Webinar – World vs Cyber: Bridging the Gap to Mitigate Threats Learn More +

Weekly Cyber Digest

21 July 2022

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Trending Vulnerable Products

Open Source
Name Heat 7
MiCODUS
Oracle MySQL
Foxit PDF Reader
Juniper Junos OS
Oracle Financial
Deep & Dark Web
Name Heat 7
Apple iOS
Android 12
Google Android
Sophos Firewall
Team Fortress Classic

The tables show the products which have been mentioned more than usual during the last week in connection with vulnerabilities.

Data Leaks & Breaches

Leaks & Breaches
Company Information Affected
Multiple Companies The Hive ransomware gang added seven new victims to its leak site on July 14th, 2022. The victims include Apetito, Exela, AdaptIT, RTVCM,Sando, G4S Australia, and Authentic Brands Group. Apetito confirmed that it suffered a sophisticated cyberattack at the end of June 2022. The other listed victims have not yet publicly addressed the alleged attacks. Unknown
Hilton Garden Inn Cleveland Downtown (US) Unauthorised code on a point-of-sale system was designed to access card data. Card numbers and expiration dates were then sent to a third party. A small number of individuals who used a payment card in the food and beverage area between September 24th, 2021, and May 5th, 2022, may have had their data compromised. Unknown
Colorado Springs Utilities (US) Sensitive data stored by a subcontractor was accessed by an unauthorised party on June 15th, 2022. This includes names, addresses, account numbers, phone numbers, and email addresses. ~ 200,000
The Narragansett Bay Commission (US) The commission was targeted in a cyberattack in which data on certain computers and systems was encrypted. It remains unclear whether any customer information was impacted. Unknown
Alio.lt (Lithuania) The website was hit by a cyberattack on July 14th, 2022. The alleged Russian hackers reportedly attempted to extract the data of 345,000 users from the website’s database during the attack. It currently remains unclear how much data may have been exfiltrated. Unknown
Mooresville Schools (US) A new ransomware group, dubbed BianLian, claims to have hacked the district and stolen around 4,200 student records. Data included in the records supposedly includes phone numbers, email addresses, and Social Security numbers. Unknown
Collège Montmorency (Canada) A cyberattack may have resulted in the theft of personal data. DataBreaches[.]net confirmed the incident was an Avos Locker ransomware attack, after the attackers added the school to their leak site. ~ 200,000
Morgan Hunt (UK) A cyber security incident resulted in an unauthorised third-party gaining access to and copying personal data stored on the company’s database. Compromised data includes names, contact details, identity documents, proof of address documents, National Insurance numbers, and dates of birth. Unknown
Frederick, Colorado (US) On July 14th, 2022, the operators of LockBit ransomware added the town to its list of victims. An investigation is ongoing to confirm the claim. Unknown
Cleartrip (India) Hackers were observed selling allegedly stolen data on a private dark web forum. The company has since confirmed a data breach, stating that no sensitive customer information was compromised. The exact nature of the stolen data is currently not known, but possibly includes customer information, revenues, as well as data that might suggest insider involvement. Unknown
Roblox (US) A hacker posted 4GB of data allegedly stolen from an employee. The documents appear to relate to popular games and creators on the platform. The data also contains the personal information of multiple individuals, such as email addresses and identification documents. Roblox stated that the documents were illegally obtained ‘as part of an extortion scheme.’ Unknown
Baton Rouge General Medical Center (US) A ransom note shared with DataBreaches[.]net indicated that Hive ransomware targeted the centre in a ransomware attack. Hive has since denied this claim, stating that DataBreaches had ‘incorrect info’. Unknown
Plateau State Contributory Health Care Management Agency (Nigeria) Eleven open and unsecured AWS S3 buckets belonging to the healthcare agency are exposing over 75,000 files, totalling around 45GB of data. This includes ID cards, applicants’ personally identifiable information, and applicant photos. ~37,000
Fedfina (India) Everest ransomware operators threatened to leak 1,130GB of internal data belonging to the company. The stolen data allegedly includes financial documents like loans and budgets, internal correspondence, Know Your Customer data, personal data, and documents of employees. Unknown
Better Way Thailand Company Limited Threat actor Desorden Group announced that they hacked the company and stole 180GB of data and 60GB of files. These include information on customer sales representatives, employees, suppliers, export, ecommerce, corporate, HR, and financial records. Among the stolen data are over 20 million personally identifiable records that contain ID card number, birthdate, name, address, and contact details. Unknown
Knauf Group (Germany) Knauf confirmed that it suffered a cyberattack on June 29th, 2022. The Black Basta ransomware group took responsibility for the incident and published 20% of the files they allegedly stole during the attack. These include email communication, user credentials, employee contact information, production documents, and ID scans. Unknown
Feelyou (Japan) A vulnerability in the mental health app exposed the email addresses of users. The email addresses could be linked to posts that were intended to be anonymous. Users’ post history and profile information were also accessible. 77,967
Benson Health (US) On May 5th, 2021, the company discovered that it was targeted in a cyberattack. An unauthorised individual may have accessed a data set containing personal information. Unknown
LendingTree (US) The firm confirmed that it suffered a data breach in February 2022. The breach exposed individuals’ names, addresses, birthdates, and Social Security numbers. An additional 700 clients were notified about a separate data breach that occurred in November 2021. 70,700
Neopets (US) A hacker named ‘TarTarX’ claims to have stolen a database and approximately 460MB of compressed source code from the site. The database allegedly contains account information of members, including names, email addresses, dates of birth, gender, country, and more ~ 69,000,000
Mainspring Fund Services (UK) A ransomware attack on July 12th, 2022, led to a data breach of personal data. Potentially compromised information includes names, residential addresses, work emails, location data, and in some cases, corporate bank details and investment holdings. Unknown
Waterloo Region District School Board (Canada) The board disclosed that it is working to restore its IT system after it was targeted in a cyberattack. They were unable to say what files, if any, may have been accessed during the attack, or if the board has paid money to regain access to its systems. Unknown
Ardagh Glass Inc (US) Hackers had access to the company’s computer network between April 23rd and May 19th, 2021, and subsequently posted stolen data on the dark web. Potentially compromised personal information may include names, Social Security numbers, driver’s license numbers, passport numbers, and more. 5,656

Attack Type mentions in Government

Time Series

This chart shows the trending attack types related to Government within a curated list of cyber sources over the past week.

Weekly Industry View

Industry View
Industry Information
Government The website of the Israeli Ministry of Health was targeted in a distributed denial-of-service (DDoS) attack on July 17th, 2022, which intermittently restricted access to the site from abroad. The Pro-Iran group Al-Tahira has claimed responsibility for the attack. Last week, the group additionally claimed to have hacked the Jerusalem Municipality website and the website of the state-owned company, Rafael Advanced Defense Systems. On July 18th, 2022, Al-Tahira also targeted the website of the Tel Aviv Municipality.
Retail & Hospitality Insikt Group researchers discovered two separate, ongoing Magecart campaigns that are targeting the online ordering platforms MenuDrive, Harbortouch, and InTouchPOS. To date, at least 311 restaurants have become infected with skimmers, though this number is expected to grow. Over 50,000 compromised payment card records are currently for sale on the dark web as a result of the campaigns.
Education Intrusiontruth researchers determined that recent activity from the Chinese state-backed group, APT41, has focused on targeting universities in Taiwan and Hong Kong. The researchers observed multiple sustained connections to the C2 servers of the custom malware tool, RouterGod, from IP addresses associated with the Hong Kong University of Science and Technology and Education universities. APT41 also allegedly exfiltrated personally identifiable information on staff, students, and alumni from the National Taiwan University databases.
Cryptocurrency The FBI warned of threat actors impersonating legitimate cryptocurrency investment services to defraud investors. The attackers convince victims to download a fake app and deposit cryptocurrency. When attempting to withdraw the funds, the victims are sent an email stating that they need to pay taxes on their investments before making withdrawals. Between October 4th, 2021, and May 13th, 2022, the campaigns have resulted in an estimated loss of $42.7 million from 244 victims. Among the impersonated brands were YiBit and Supayos.
Technology Dragos researchers discovered a campaign targeting industrial engineers and operators with software that supposedly cracks passwords for programmable logic controllers, human-machine interfaces, and project files. The software infects the machine with Sality malware and makes it part of the Sality peer-to-peer botnet. The program does not crack passwords, but instead exploits a vulnerability in the firmware to retrieve the password. The identified flaw, tracked as CVE-2022-2003, affects Automation Direct’s DirectLogic 06. The researchers warned that other vendors are also affected.

News and information concerning each mentioned industry over the last week.

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.