Weekly Cyber Digest

28 July 2022

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Trending Vulnerable Products

Open Source
Name Heat 7
Veritas NetBackup
Google Chrome Browser
Symantec NetBackup
Apple watchOS
PrestaShop
Deep & Dark Web
Name Heat 7
WooCommerce
Microsoft Support Diagnostic Tool
Microsoft Windows 10 Pro
Windows 7
SQLite

The tables show the products which have been mentioned more than usual during the last week in connection with vulnerabilities.

Data Leaks & Breaches

Company Information Affected
Eastern Health (Canada) The health authority notified individuals that their personal information was compromised in an October 2021 data breach. The number of affected individuals could potentially still rise. 37,800
St. Marys, Ontario (Canada) On July 20th, 2022, the town was hit by a ransomware attack that locked staff out of internal systems, and encrypted data. LockBit operators added the town to their dark web site on July 22nd, 2022, and published previews of allegedly stolen files. Unknown
WMTEK (US) On July 21st, 2022, pro-choice hacktivists leaked over 74GB of data from over 120 databases connected to evangelical organisations that supported the Dobbs v. Jackson ruling reversing Roe v. Wade. The files were allegedly obtained by hacking the Florida company WMTEK, which offers web design and development, as well as ‘donor management services’. Unknown
Multiple Organisations (Australia) Multiple arts organisations in Western Australia have been subject to a data breach that compromised customers’ personal information. Potentially exposed data includes names, email addresses and phone numbers. The impacted companies include Barking Gecko Theatre Company, Black Swan State Theatre Company, Co3 Contemporary Dance, Perth Festival, Tura New Music, West Australian Ballet, West Australian Opera, and the Yirra Yaakin Theatre Company. Unknown
Newport, Rhode Island (US) Unauthorised activity occurred on the city’s network between June 8th and June 9th, 2022. Potentially compromised data on current and former employees includes names, addresses, dates of birth, Social Security numbers, financial account numbers, and information relating to group health insurance. Unknown
Tooele County School District (US) The district suffered a data breach after a ‘technical problem’ occurred during a software transition. Users logging into their new Skyward accounts found the personal information of other students attached. The exposed data includes pictures, addresses, student IDs, and personal data. ~ 1,000
Policybazaar (India) Multiple vulnerabilities on the company’s IT systems resulted in unauthorised access. At present, no significant customer data is believed to have been exposed. Unknown
Bellingham Public Library (US) A recent data breach at Whatcom County Library System also resulted in the unauthorised downloading of patron data of Bellingham Public Library. The data of patrons was downloaded, including names, birthdates, library card numbers, and library passwords. 735
Twitter (US) A Breached Forums user is advertising a Twitter database allegedly containing the data of millions of users for $30,000. The data was reportedly collected in December 2021 by exploiting a vulnerability in Twitter’s Android client. Twitter is currently investigating the authenticity of the hacker’s claims. 5,400,000
Entrust (US) The company was hit by a cyberattack on June 18th, 2022, in which the attackers stole corporate data. Whilst Entrust did not state whether ransomware was involved, BleepingComputer reported that a well-known ransomware group was behind the attack. Unknown
Oklahoma City Housing Authority (US) An unauthorised actor may have accessed certain email accounts and files between November 30th and December 21st, 2021. Potentially compromised data includes names, Social Security numbers, driver’s licences or government identification, financial account information, and medical or health information. Unknown
Lopes (Brazil) Threat actor ‘Boldenis77’ claimed to have exfiltrated 13GB of data from the company. An inspection of the files revealed internal documents from December 2021 to May 2022, with some documents relating to customers or buyers. Unknown
Italian Revenue Agency The Lockbit ransomware gang added the agency as a victim on its data leak site. The group allegedly stole 78GB of data, including company documents, scans, financial reports, and contracts. Unknown
Unjected (US) The dating site’s administrator dashboard was openly accessible to anyone and exposed the private email addresses members. Attempts to fix the issue may have exposed additional user information like IP addresses, browser information, and more. 3,500
Afni Inc (US) An unauthorised individual gained access to the company’s computer system on or before June 7th, 2021, and may have viewed or removed certain data. The exposed information varies depending on the individual and may include name, address, Social Security number, and date of birth. Unknown
WordFly (US) A ransomware attack against WordFly on July 10th, 2022, saw the attackers siphon data belonging to the Toronto Symphony Orchestra, the US-based Smithsonian Institution, the Courtauld Institute of Art in London, and the Sydney Dance Company. The data is believed to largely consist of names and email addresses. It may also include other data used by the organisations to communicate with their fans via WordFly. Unknown
SolarMan (China) A GitHub repository belonging to the platform contained a username and password for the administrator account. The credentials enabled access to all customer data, including GPS coordinates, production data, and current faults. Unknown
Wootton Upper School (England) Hive ransomware group allegedly hacked the school and encrypted all of the its servers. Hive also claimed to have exfiltrated sensitive data, including home addresses, bank details, medical records, and physiological reviews. Unknown
Paytm Mall (India) The Indian e-commerce platform reportedly suffered a data breach in 2020 that exposed users’ information. This includes phone numbers, email addresses, dates of birth, names, income levels, and more. Paytm has denied these claims. > 3,400,000

Malware mentions in Technology

This chart shows the trending malware related to Technology within a curated list of cyber sources over the past week.

Weekly Industry View

Industry Information
Banking & Finance Since late 2021, Proofpoint researchers observed TA4563 targeting European financial and investment entities with an updated version of the EvilNum backdoor, in particular ones with operations supporting foreign exchanges, cryptocurrency, and decentralised finance (DeFi). Recently observed campaigns have targeted the DeFi industry exclusively. The malware has been delivered via different files, with ISO and LNK files seen in early 2022, and Microsoft Word files from mid-2022. In each case, a financial-themed lure is used that asks the victim to submit ‘proof of ownership of missing documents.’
Technology Microsoft researchers determined that threat actors are increasingly leveraging Internet Information Services (IIS) extensions as covert backdoors into servers. These hide deep in target environments and provide persistence mechanisms. Attackers typically exploit a critical vulnerability in the hosted application for initial access, before dropping a script web shell as the first stage payload. An IIS backdoor is later installed. There are multiple types of IIS backdoors, including web shell-based variants, IIS handlers, credential stealers, and open-source variants sourced on GitHub.
Cryptocurrency Sucuri researchers detailed a recent incident in which attackers abused WebAssembly to inject cryptojacking malware into a victim’s website without being detected. At present, 207 websites have been found with the cryptominer. A JavaScript cryptominer was found in the theme files of the victim’s website that starts mining when a visitor lands on the compromised site. The miner leverages WebAssembly to run low-level binary code directly on the browser, along with a custom pool. In another incident, a variant of the miner disguised itself as a legitimate Google Ads script.
Retail Attackers are exploiting a combination of known and unknown vulnerabilities to inject malicious code into PrestaShop websites. The flaws allow attackers to execute arbitrary instructions and potentially steal customers’ payment information. The attack requires the shop to be vulnerable to SQL injection exploits. An identified, previously unknown, vulnerability chain is reportedly being fixed. The company stated it is not certain that is the only way threat actors can conduct the attack.
Government The Lockbit ransomware gang added the Italian Revenue Agency as a victim on its data leak site. The group allegedly stole 78GB of data, including company documents, scans, financial reports, and contracts. The group stated it will publish screenshots of exfiltrated files in the future and threatened to leak all data by July 31st, 2022. The government organisation managing the agency’s IT infrastructure, Sogei, stated that current investigations do not indicate that an attack occurred.

News and information concerning each mentioned industry over the last week.

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Silobreaker
This website uses cookies.
See our privacy policy at www.silobreaker.com/legal