Upcoming Webinar – Tools and Tactics to solve the top 3 Open-Source Intelligence Challenges Learn More +

Weekly Cyber Digest

29 September 2022

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Trending Vulnerable Products

Open Source
Name Heat 7
Sophos Firewall
Apple watchOS
Cisco IOS
Cisco IOS XE
Deep & Dark Web
Name Heat 7
Microsoft Windows Defender
Microsoft Windows
Sophos Firewall
Windows Powershell

The tables show the products which have been mentioned more than usual during the last week in connection with vulnerabilities.

Data Leaks & Breaches

Company Information Affected
Wheat Ridge (US) The municipality was hit by BlackCat ransomware on August 29th, 2022. A ransom was demanded to unlock data and computer systems. Investigations into the incident remain ongoing. Unknown
Sierra College (US) Vice Society added the college to its leak site, following a cyberattack on August 20th, 2022. Unknown
Sunshine Coast Regional District (Canada) A ransomware attack against its computer servers occurred between September 8th and September 9th, 2022. LockBit ransomware operators added the district to its leak site on September 21st, 2022, and threatened to publish allegedly stolen data by October 4th, 2022. Unknown
Fulton County (US) County election officials confirmed that personal data was leaked from the Georgia county. The exposed data includes names, dates of birth, Social Security numbers, addresses, and race. 1,900
Daylesford (UK) Snatch Team leaked 80GB of data allegedy obtained in a June 2021 cyberattack. The data includes the personal details and home addresses of famous UK clients, as well as sensitive company data. Unknown
Elbit Systems of America (US) The US arm of the Israeli defence contractor revealed that its network was compromised in early June 2022. Potentially compromised data of employees includes names, addresses, dates of birth, Social Security numbers, and more. 369
Ministry of Economy (Argentina) On September 20th, 2022, ‘Everest’ listed data from the ministry on a popular hacking-related forum, before later appearing on the Everest ransomware leak site on September 21st, 2022. The ministry has reportedly denounced the hack. Unknown
Sercom Informatica SL (Spain) Sparta Blog recently added the company to their leak site, providing samples of files exfiltrated from customers, including the Hospital Puigcerda. The sample revealed IP addresses, plaintext passwords, domains, subdomains, and staff emails. Unknown
PT Care Technologies (Indonesia) On September 22nd, 2022, Desorden Group claimed responsibility for hacking the vendor and stealing 2.2GB of data from its network. The group provided links to the full data leak, including CSV files containing client and employee information. Unknown
Centre Hospitalier Sud Francilien (France) LockBit ransomware operators have dumped data from the French hospital, after they refused to pay the demanded multimillion dollar ransom. The dumped data includes Social Security numbers, lab reports, and other health data. Unknown
Yukon Department of Education (Canada) The department suffered a data breach after an employee included an unidentified person’s email address when forwarding a spreadsheet containing student data. Exposed data includes names, phone numbers, email addresses, dates of birth, and social insurance numbers. 500
City of Quincy (US) Following a May 2022 ransomware attack some residents may have had their personal information compromised, despite a ransom being paid. Potentially compromised data includes names, addresses, dates of birth, driver’s licenses, Social Security numbers or state-issued identification numbers, military identification numbers, and health insurance information. 36,080
redONE Network Sdn Bhd (Malaysia) On September 19th, 2022, Desorden Group claimed to have hit redONE Network Sdn Bhd, allegedly conducting a second attack on September 21st, 2022. Desorden claims to have acquired redONE databases and source code, as well as personal data of customers. This includes names, national identification numbers, addresses, phone numbers, email addresses, and more. Unknown
Physician’s Business Office (US) Data was likely stolen following an attack on its network in April 2022. Potentially compromised data includes names, Social Security numbers, dates of birth, driver’s licences, contact details, and more. 196,573
Reiter Affiliated Companies (US) A hack led to the theft of personal and health information of patients tied to the health and welfare plans for Reiter Affiliated Health and Southern Pacific Farming. Potentially compromised data includes names, Social Security numbers, and dates of birth. 93,000
Reelfoot Family Walk-in Clinic (US) A data breach occurred after certain computer systems were hacked between July 10th and August 14th, 2022. Potentially compromised data includes names, Social Security numbers, dates of birth, contact information, medical records, financial account information, and more. 58,562

Attack Type mentions in Education

This chart shows the trending attack types related to Education within a curated list of cyber sources over the past week.

Weekly Industry View

Industry Information
Critical Infrastructure Dragos researchers examined the cyber threats currently targeting water and wastewater systems (WWS) in the Gulf Cooperation Council (GCC) region. Threat groups currently impacting GCC industrial organisations include Parisite, Chrysene, Magnalium, Hexane, Xenotime, and Raspite. Common attack scenarios include industrial control system-focused attacks, espionage and destruction attacks, ransomware, exposed assets, supply chain and third-party threats, and vulnerabilities. Growth in the WWS sector will likely attract increased activity from cyber criminals and other adversaries.
Banking & Finance ReasonLabs researchers recently uncovered a large online credit card fraud scheme that has operated globally since 2019. The attackers operate a massive network of fake dating and adult websites with functional customer support capabilities. Evidence suggests the scheme originates from Russia and is operated by a crime syndicate. Once the sites are live, the attackers coerce payment providers to gain the ability to accept credit card payments. They then acquire thousands of stolen credit cards from the dark net and charge them to their fake websites’ services. It is estimated that the scheme has amassed tens of millions of US dollars from tens of thousands of victims.
Cryptocurrency SentinelOne researchers recently observed a new variant of the malware used in Lazarus Group’s Operation In(ter)ception campaign that has targeted macOS users by using lures for job vacancies at Coinbase. The new variants instead use lures for jobs at the ‘crypto[.]com’ exchange. The campaign appears to be extending its targets from users of crypto exchange platforms to their employees in what may be an effort to conduct both espionage and cryptocurrency theft.
Healthcare The United States Health Sector Cybersecurity Coordination Center issued a warning about the Chinese state-sponsored threat actor, APT41. The group has historically targeted the healthcare sector, as well as education, technology, media, retail, software, telecommunications, and more. The group conducts spear phishing, watering hole, and supply chain attacks, and frequently deploys backdoors to gain persistence access. More recently, the group has used SQL injection for initial attacks as well as Cobalt Strike beacons.
Technology SentinelLabs researchers identified a new long-running advanced threat actor, dubbed Metador, who primarily targets telecommunications, internet service providers, and universities in the Middle East and Africa. The group’s primary motivation appears to be espionage aligned with state interests, though high-end contractor arrangements to unspecific countries may also be possible. Metador achieves initial compromise via an unusual living-off-the-land binary and the Microsoft Console Debugger. Also used are two Windows backdoors, dubbed metaMAIN and Mafalda, which use a custom implant, dubbed Cryshell. An unknown Linux malware is used to steal materials from other machines and route their collection back to Mafalda.

News and information concerning each mentioned industry over the last week.

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.