Weekly Cyber Digest

28 April 2022

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Trending Vulnerable Products

Open Source
Name Heat 7
IBM Cognos Analytics
SourceCodester
IBM QRadar
Jira
Everscale Ever Surf
Deep & Dark Web
Name Heat 7
Cisco AnyConnect VPN
Google Drive
ExifTool
Trillium Security MultiSploit
Instagram

The tables show the products which have been mentioned more than usual during the last week in connection with vulnerabilities.

Data Leaks & Breaches

Leaks & Breaches
Company Information Affected
Government of Costa Rica The Ministry of Science, Innovation, Technology and Telecommunications, the Instituto Meteorológico Nacional, the Radiográfica Costarricense, and Caja Costarricense de Seguro Social were hit by Conti ransomware attacks. The group has published a total 39.77GB of allegedly exfiltrated data. Unknown
Bill’s Red Mill Natural Foods (US) A data scraping cyberattack occurred between February 23rd and March 1st, 2022. Possibly compromised information includes payment card information, billing and shipping addresses, email addresses, phone numbers, and purchase amounts. Unknown
Finance Department of Rio de Janeiro On April 22nd, 2022, the department confirmed it suffered a ransomware attack. The LockBit ransomware group claimed responsibility for the attack, claiming to have stolen around 420GB of data. Unknown
Business Services Organisation (Northern Ireland) The organisation disclosed a data breach after personal data was forwarded to a staff member’s personal email account. The data was since deleted from the account. >2000
Lewis and Clark Community College (US) The college disclosed a data breach following the ransomware attack in November 2021. Quantum ransomware operators later dumped 26GB of data allegedly exfiltrated from the college. It remains unclear what information is included in the dump. Unknown
Coventry Public School District (US) The data of students enrolled in the school district may have been impacted in the January 2022 breach of Illuminate Education. The breach affecting Coventry students stemmed from the eduCLIMBER software. ~ 1,700
Adaptive Health Integrations (US) An unauthorised individual may have gained access to a limited amount of data on or around October 17th, 2021. Potentially compromised information includes names, dates of birth, contact information, and Social Security numbers. 510,574
GHT Coeur Grand Est (France) On April 19th, 2022, a cyberattack against the hospitals of Vitry-le-François and Saint-Dizier forced the group to disconnect internet connections to the hospitals. The attackers succeeded in copying administrative computer data. Hackers posted 28.7GB of allegedly stolen data for sale on the dark web, claiming it includes patients’ Social Security numbers, passport scans, banking information, emails, and phone numbers. Unknown
Deutsche Windtechnik AG (Germany) A cyberattack between April 11th and April 12th, 2022, left them unable to remotely control around 2,000 wind turbines. The company was later listed on the leak site of Black Basta ransomware operators. Unknown
Junta Administrativa del Servicio Eléctrico de Cartago (Costa Rica) A ransomware attack on the weekend of April 23rd, 2022, encrypted all adminsitrative systems. Conti ransomware added the company to its victim site on April 25th. Investigations are ongoing to determine if any data was exfiltrated in the attack. Unknown
Illinois Gastroenterology Group (US) An unauthorised actor gained access to certain systems on October 22nd, 2021. Data contained in those systems may have been viewed or accessed, including names, addresses, dates of birth, Social Security numbers, passports, financial account information, biometric data, and more. Unknown
ARcare (US) The healthcare provider suffered a data breach between January 18th and February 22nd, 2022. Personal information on individuals was contained in files viewed by the actor, including names, Social Security numbers, dates of birth, financial account information, health insurance information, and more. Unknown
Healthplex (US) An employee of the dental insurance provider was the victim of a phishing attack on November 24th, 2022, resulting in unauthorised access to the employee’s email account. Possibly exposed information includes names, addresses, dates of birth, Social Security numbers, banking information, and more. 76,262
Aeropost (US and Mailpac Group) Aeropost informed customers that credit cards stored on file may have been compromised in a recent data breach. The breach also affects certain Mailpac Group customers who had specific account types for a specific transaction type on file. Unknown
Coca-Cola (US) Stormous ransomware operators claimed to have stolen 161GB of data from Coca-Cola. Coca-Cola confirmed they are probing for a possible network intrusion to confirm the validity of the claim. Unknown
Tenet Healthcare Corporation (US) The company experienced a cybersecurity incident in the week beginning April 18th, 2022. Good Samaritan Medical Center and the St. Mary’s Medical Center in Florida were amongst the Tenet-owned hospitals affected. Phone and computer systems were reportedly affected during the hack. Unknown
American Dental Association (US) On April 22nd, 2022, the organisation suffered a cyberattack that forced the organisation to take affected systems offline. The Black Basta ransomware group briefly began leaking data allegedly stolen from the company before removing the company from its their leak site. Among the leaked files were W2 forms, non-disclosure agreements, accounting spreadsheets, and information on ADA members. Unknown
CorpMSP (Russia) NB65 claims to have stolen 675GB of data from the company, which allegedly includes lists of clients, banks, and government agencies the company works with, including several contracts with the Russian Ministry of Defence. Unknown
Smile Brands (US) The company updated the breach tally of the April 2021 data breach that resulted from a ransomware attack. In July 2021, the breach was initially recorded as having impacted 199,683 individuals. 2,592,494
Austin Peay State University (US) On April 27th, 2022, the university suffered a ransomware attack, forcing an alert that all university-connected computers must be shut down. The university’s IT staff later reported they believe to have contained the attack. Unknown
Multiple Russian companies Since April 17th, 2022, the Anonymous collective and affiliates claim to have stolen and leaked data from Tendertech, Neocom Geoservice, the General Department of Troops and Civil Construction, Synesis and Kipod surveillance systems, Enerpred, Accent Capital, Sawatzky, Worldwide Invest, Gazregion, and Metrospetstekhnika. The group has additionally leaked the personal data of over 600 Russian Federal Security Service officers operating in Moscow. The data includes names, dates of birth, registration addresses, passport numbers, debts, air tickets, SIM cards, and more. Unknown

Malware mentions in Banking & Finance

Time Series

This chart shows the trending malware related to Banking & Finance within a curated list of cyber sources over the past week.

Weekly Industry View

Industry View
Industry Information
Government On April 21st, 2022, the outgoing president of Costa Rica, Carlos Alvarado, stated that the recent Conti ransomware attacks targeting state computer systems are aimed at destabilising the country as it transitions to the new government of president-elect Rodrigo Chaves. According to Alvarado, the threat of attacks remains ‘latent.’ Certain platforms, including for tax and customs, remain suspended. This has affected imports and exports, amounting to $200 million in losses.
Critical Infrastructure Deutsche Windtechnik AG was targeted in a cyberattack between April 11th and April 12th, 2022. The incident left them unable to remotely control around 2,000 wind turbines for at least a day, as they were switched off for security reasons. The company was later listed on the leak site of Black Basta ransomware operators. It is the third German wind-energy company to have reported an incident since Russia’s invasion of Ukraine.
Banking & Finance Hackers of Savior claim to have hacked into the system used to transfer money between Israeli banks. This consequently gave them access to the personal accounts of individuals. The attackers, who are reportedly linked to Iran, uploaded their claims in a video on April 25th, 2022. Israel’s National Cyber Directorate and the Bank of Israel claim they have found no indication that such hacking took place. The alleged attack is largely thought to have been faked in order to create panic.
Technology IBM researchers identified a phishing campaign by the likely financially-motivated group Hive0117 targeting the telecommunications, electronic, and industrial sectors in Lithuania, Estonia, and Russia. The campaign, first observed in February 2022, delivers a fileless malware variant dubbed DarkWatchman. The phishing emails impersonate the Russian Government’s Federal Bailiffs Service and contain Russian-language text relating to enforcement procedures associated with the Kuntevsky District Court of Moscow. A malicious ZIP archive attachment contains an executable designed to deliver the DarkWatchman JavaScript backdoor and encrypted source code for a keylogger.
Cryptocurrency Cybercriminals hacked the Bored Ape Yacht Club’s Instagram account and posted a link to a copycat website that aimed to harvest users’ assets. The post promised a free airdrop to users that connected their MetaMask wallets to the scammers’ digital wallet. The attackers successfully stole numerous non-fungible tokens (NFTs) with a total estimated value of $3 million. It remains unclear how the attacker gained access to the account.

News and information concerning each mentioned industry over the last week.

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Silobreaker
This website uses cookies.
See our privacy policy at www.silobreaker.com/legal