On-demand Webinar – World vs Cyber: Bridging the Gap to Mitigate Threats Learn More +

Weekly Cyber Digest

 

24 November 2022

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker.

Trending Vulnerable Products

Deep & Dark Web
Name Heat 7
Ninja Forms
WhatsApp
WordPress Plugin
Microsoft Exchange Server Enterprise
SQLNinja
Open Source
Name Heat 7
TensorFlow
WordPress
Symlinks
Mastodon Software
Mozilla Firefox ESR

The tables show the products which have been mentioned more than usual during the last week in connection with vulnerabilities.

Data Leaks & Breaches

Company Information Affected
Uponor (US) On November 5th, 2022, the company was targeted in a ransomware attack that impacted its operations in Europe and North America. The incident caused a data breach affecting employee, customer, and other partners’ data. Unknown
Tel Aviv Light Rail (Israel) The firm’s contractor, China State Construction Engineering Corporation, suffered a data breach after its servers were hacked. Stolen data was uploaded to a hacker forum and includes personal information of Chinese and Israeli employees, such as phone numbers, employment contracts, residential addresses, photocopies of IDs, and more. Engineering schematics of the Green Line stations were also stolen. Unknown
Gateway Rehab (US) The non-profit discovered a data security incident on June 13th, 2022, that may have resulted in the personal and protected health information of current and former patients being accessed without authorisation. Potentially compromised data includes names, dates of birth, Social Security numbers, financial account numbers, medical information, and more. Unknown
AirAsia Group (Malaysia) On November 11th and November 12th, 2022, Daixin Team targeted the airline with ransomware. The group claims to have obtained the personal data passengers and all employees, including names, dates of birth, country of birth, and more. Daixin Team plan to leak the stolen data on their data leak site. 5,000,000
Tehama County (US) An unauthorised third party gained access to the county systems between November 18th, 2021, and April 9th, 2022. Compromised information includes names, addresses, birth dates, Social Security numbers, driver’s license numbers, and details about the services that the impacted individuals might have received. Quantum ransomware operators previously listed the county on their leak site in June 2022. Unknown
The Smith Family (Australia) The children’s charity suffered a cyberattack after it first detected a breach in October 2022. The hacker gained access to a staff member’s email which contained donors’ confidential information. This includes names, addresses, contact information, and partial credit card data. Unknown
Booz Allen Hamilton (US) A former staff member downloaded tens of thousands of employees’ personal information from the internal network on April 14th, 2022. It comprised information of active employees as of March 29th, 2021, including names, Social Security numbers, compensation, gender, race, ethnicity, dates of birth, and security clearance status and eligibility. Unknown
Westmount, Montreal (Canada) The city suffered a ransomware attack over the weekend of November 19th, 2022. The Lockbit gang took responsibility for the attack and claimed to have copied 14TB of data. They threatened to release the stolen information within two weeks if a ransom is not paid. Unknown
Kannur University (India) The personal data of students who registered at the university between 2018 and 2022 was leaked on a dark web portal. Compromised information includes names, Aadhaar numbers, photos, and phone numbers. It is currently assumed that a technical error on the university’s website may have enabled the leak. 30,000
DOCS Medical Group (US) The urgent and primary care provider was targeted in a ransomware attack on September 7th, 2022. The targeted server contained the personal information of an unspecified number of patients, including names and contact information, medical history, Social Security numbers, financial information, and more. Unknown
Doctors Center Hospital (Puerto Rico) On November 9th, 2022, the hospital disclosed a ransomware attack, conducted by Project Relic, who claim to have exfiltrated 211GB of files. The threat actors have already leaked 114MB of files, including internal hospital files, and scans of named patients’ medical records or notes. 1,195,220
Xavier College (Australia) Hackers threatened to publish the personal information of current and prospective students after gaining access to an email account in June 2022. Stolen sensitive information includes birth certificates, visa applications, parenting arrangements, and financial information, and more. 100
Sapo (Vietnam) Hackers are advertising data allegedly stolen from the firm for sale. The stolen data is said to include names, emails, addresses, and phone numbers. Unknown
All India Institute of Medical Sciences (India) The server for the National Informatics Centre’s eHospital used by the All India Institute of Medical Sciences is currently offline as a result of a suspected ransomware attack. The hospital is currently running in manual mode, with the outpatient and sample collection services impacted.  Unknown
HomeTrust Mortgage (US) The firm disclosed a data breach in which the names, addresses, and Social Security numbers of certain customers were stolen. The data breach is a result of a ransomware attack that was first identified on July 15th, 2022. Unknown
Community Health Network (US) Patients were notified that their protected health information was transmitted to third parties via Google and Meta trackers installed on their website since April 6th, 2017. Potentially compromised information includes names, email addresses, phone numbers, medical record numbers, IP addresses, and more. 1,500,000
Ontario Secondary School Teachers’ Federation (Canada) The teaching union was the victim of a ransomware attack between May 25th and May 30th, 2022, which compromised the personal information of current and former members. Potentially compromised data includes addresses and social insurance numbers. Unknown
Wright & Filippis (US) The Michigan healthcare company was targeted in a cyberattack between January 26th and January 28th, 2022. Potentially compromised data includes names, dates of birth, patient numbers, Social Security numbers, financial account numbers, and health insurance information. 877,584
San Gorgonio Memorial Hospital (US) The hospital experienced a six-day shutdown of electronic health records following a malware attack on November 10th, 2022. Archive patient information was breached during the attack, however the compromised data was reportedly limited to a very small percentage of older records. Compromised data likely includes names and addresses. Unknown
Radio Free Asia (US) A data breach occurred following unauthorised access to a limited number of servers on June 17th, 2022. Compromised data includes addresses, driver’s licence numbers, health insurance and medical information, Social Security and passport numbers, and limited financial information. 3,779

Attack Type mentions in Banking & Finance

This chart shows the trending attack types related to Banking & Finance within a curated list of cyber sources over the past week.

Weekly Industry View

Industry Information
Cryptocurrency
PIXM researchers are tracking an active cybercriminal group operating four campaigns that target cryptocurrency exchanges and wallet users. In the last 30 days, the group has expanded their campaign to target MetaMask, Crypto[.]com, and KuCoin, in addition to Coinbase. New domains associated with this campaign also use two-factor authentication (2FA) relay interception tactics. The attackers then use an in-browser chat window to initiate a remote desktop session on the victim’s device and grant their own device access to the user’s account, before draining cryptocurrency from the victim’s wallet.
Healthcare
The Department of Health and Human Services Cybersecurity Coordination Center (HC3) warned healthcare organisations of the potential threat posed by the Lorenz ransomware group. The group operates a dedicated data leak site and has been active for at least two years. They demand ransom payments ranging from $500,000 to $700,000. Lorenz typically maintain persistent access for reconnaissance purposes for an extended period of time before deploying the ransomware. Victims unwilling to pay will usually have their data made available for sale to other threat actors. The group targets organisations with custom executable code tailored to the target and attempts to find a Windows domain controller to obtain administrator credentials.
Government
The website of the European Parliament went offline following a distributed denial-of-service (DDoS) attack claimed by Anonymous Russia. The group is reportedly a part of the pro-Russian hacktivist group, Killnet. The European Parliament President confirmed the incident, adding that experts are working to push back against the attack and protect its systems. The attack came soon after the European Parliament officially recognised Russia as a state sponsor of terrorism, with members of the European Parliament calling for further international isolation of Russia.
Critical Infrastructure
The United States Government Accountability Office (GAO) determined that offshore oil and gas infrastructure face ‘significant and increasing’ cybersecurity risks, which include threat actors, vulnerabilities, and potential impacts. Successful attacks on this infrastructure may lead to environmental, economic, and physical harm. Threat actors, including cyber criminals and nation-state actors, have been observed launching cyberattacks against offshore oil and gas infrastructure, and are expected to continue doing so. The greatest threats are considered to come from China, Iran, North Korea, and Russia, as they can launch disruptive attacks against critical infrastructure.
Retail
Check Point researchers recorded a significant increase in fake shopping-related websites leading up to Black Friday sales. Of all malicious files distributed via email in November 2022, 17% were related to orders, deliveries, and shipping. Out of all new shopping-related websites in November 2022, 4% are malicious. Impersonated brands include Louis Vuitton and DHL. Some of the emails contained malicious links which aimed to steal victims’ credentials. Akamai researchers similarly observed a new and highly sophisticated phishing kit that mimics multiple large retail brands in connection with the holiday season. The campaign targets North America, with the kit blocking access outside of the intended target geography.

News and information concerning each mentioned industry over the last week.

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker.