On-demand Webinar – World vs Cyber: Bridging the Gap to Mitigate Threats Learn More +

Weekly Cyber Digest

03 November 2022

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Trending Vulnerable Products

Open Source
Name Heat 7
OpenSSL
macOS Ventura
Apple watchOS
macOS Monterey
Chrome V8 JavaScript Engine
Deep & Dark Web
Name Heat 7
OpenSSL
Google Chrome Browser
Windows Server 2022
Windows 10 v1909
Chrome V8 JavaScript Engine

The tables show the products which have been mentioned more than usual during the last week in connection with vulnerabilities.

Data Leaks & Breaches

Company Information Affected
Twilio (US) The company disclosed a new data breach stemming from a security incident on June 29th, 2022, where the same attackers behind the August 2022 hack accessed some customers’ information. The attackers used vishing to trick an employee into handing over their credentials, which were then used to access customer contact information for a limited number of customers. Unknown
Chartered Insurance Institute (UK) An unauthorised third party gained access on or around September 30th, 2022, and accessed a limited amount of personal data. Potentially compromised data includes names, physical and email addresses, telephone numbers, and dates of birth. Unknown
Thomson Reuters (Canada) A 3TB ElasticSearch database publicly exposed sensitive, up-to-date information from across the company’s platforms. This includes plaintext credentials to third-party servers, login and password reset logs, and SQL logs, which include corporate and legal documents. Unknown
South Australian Liberal Party
Attackers reportedly impersonated party officials and sent fraudulent requests for membership lists which contained names, addresses and phone numbers of party members. ~2,000
Ascension St. Vincent’s Coastal Cardiology (US) A data breach occurred following a ransomware attack that targeted its legacy computer systems. Compromised patient information includes names, Social Security numbers, addresses, email addresses, phone numbers, insurance information, clinical information, and billing and insurance information. Unknown
Shas Party (Israel) An anonymous researcher discovered a four-year-old vulnerability in an online PHP-based system debugging tool used by the Shas Party’s election management system. The issue can reportedly be easily exploited to gain access to personal data stored in the system. Possibly compromised data includes detailed personal information, such as family ties, phone numbers, and bank account information of Israeli voters. Unknown
SSKB (Australia) The company was targeted in a ransomware attack, in which about 200GB of data was reportedly stolen. The attackers claim to be in possession of construction project data, customer financial information, management correspondence, and contracts and agreements. Unknown
Reinier van Arkel & Ypse (Netherlands) The Carenzorgt client portal in the Netherlands was hacked in October 2022. The incident resulted in the compromise of data from the files of 184 clients of the Reinier van Arkel and Ypse in Den Bosch mental health organisations. It remains unclear what type of data was involved. Unknown
Asahi Group Co Ltd (Hong Kong) BlackByte ransomware claims to have stolen gigabytes of documents, including financial and sales reports, in an alleged ransomware attack. The group is demanding a ransom to purchase or delete the stolen data. Unknown
Events DC (US) The sports company was targeted in a cyberattack on or around September 30th, 2022, that may have compromised sensitive employee and customer data. BlackCat ransomware was reportedly involved. Unknown
HENSOLDT (France) Snatch ransomware group claims to have hacked the electronics company. The group published a sample pack of 94MB of data as proof of the hack. Unknown
Multi-Color Corporation (US) Unauthorised access to its network was discovered on September 29th, 2022. The incident may have compromised the personal information of current and former employees, as well as a limited number of employee spouses, partners, and dependents who are enrolled in the benefits program. Unknown
Nationwide Optical Group and Nationwide Vision Center (US) The companies were impacted by a USV Optical data breach in April and May 2021. Potentially compromised data includes names, dates of birth, contact details, Social Security numbers, financial account information, health insurance details, and more. Unknown
Fred Hutchinson Cancer Center (US) Suspicious activity was discovered in an employee email account on March 26th, 2022. The actor may have viewed or accessed a range of personal and protected health information. Unknown
Michigan Medicine (US) Employees were targeted in an eight-day phishing campaign that resulted in the compromise of four employee email accounts. Potentially compromised data includes names, medical record numbers, contact information, dates of birth, and more. 33,850
Wenco Management (US) Unauthorised access to its network was discovered on August 21st, 2022. The attacker accessed the enrolment records of participants of Wenco’s employer-sponsored health plan. Potentially compromised data includes names, Social Security numbers, and plan section information. Unknown
Unknown (Pakistan) A video of a mobile application named ‘Asan Bash’ claims that the app can provide access to the personal data of subscribers to telecommunications companies operating in Pakistan. Anyone can reportedly access an individual’s CNIC number, family tree and other information just by entering their mobile number on the app. Unknown
Universidad Piloto de Colombia
ALPHV ransomware actors added the university to their leak site in the week of October 24th, 2022. The group claims to have stolen 300GB of student, faculty, and administration files, and provided samples of data as proof. Unknown
Comando Conjunto de las Fuerzas Armadas del Ecuador
ALPHV added the branch of the armed forces to its leak site. Sample files appear to include a very small sample of personal data of military personnel. The military body has denied any compromise of its systems. Unknown
Universidad Nacional de Educación Enrique Guzmán y Valle (Peru) BlackByte ransomware operators added the university to its leak site. A sample of data includes affidavits of employees. Unknown
Chihuahua (Mexico) BlackByte ransomware added the municipality to its leak site, claiming to have exfiltrated 100GB of data. Sample data includes voting credentials, driver’s licences, and vaccination documents. Unknown
Fulton City Police (US) The department discovered a data breach in November 2021 that compromised the personal data of individuals. Potentially compromised data includes names, Social Security numbers, identification numbers, and personal financial account information. 28,282
Dropbox (US) An attacker stole 130 GitHub repositories following a successful phishing campaign. Included in the code were the names and email addresses of a few thousand enmployees, customers, sales leads, and vendors. Unknown
Thales (France) LockBit 3.0 claims to have stolen some of the company’s data, and are threatening to publish it online on November 7th, 2022. Thales added that it has so far not received any direct ransom notification, and no proof of data theft has been provided. Unknown
Royal Mail (UK) Royal Mail temporarily suspended access to its online postage and parcel tracking services after reports that some customers were able to see information on other users’ orders. The company has not disclosed how many customers’ data may have been compromised. Unknown
CorrectCare (US) The personal health information of inmates in Louisiana may have been exposed during a cybersecurity incident at the contracted third-party health administrator. This includes names, dates of birth, Social Security numbers, DOC ID numbers, and limited health information. The file also contains protected health information of inmates treated by Mediko Inc between January 1st, 2012, and July 7th, 2022. ~80,000
Osaka General Medical Center (Japan) On October 31st, 2022, the hospital’s electronic medical record system was the target of a ransomware attack. The attacker reportedly sent an email to the hospital’s server and requested a ransom payment in Bitcoin. Unknown
Vodafone Italia
Commercial partner, FourB S.p.A, was the target of a cyberattack that resulted in the compomise of sensitive subscriber details, including identity documents with sensitive data, and contact details. On September 3rd, 2022, hacker group KelvinSecurity claimed to have stolen 295,000 files totalling 310GB of data from Vodafone Italia. It remains unknown if the two incidents are related. Unknown
Harcourts Real Estate (Australia) On October 24th, 2022, the company became aware that an unauthorised third party had accessed its rental property database. Potentially exposed information of tenants and landlords includes names, addresses, phone numbers, photo identification, bank information, and more. Unknown

Malware mentions in Critical Infrastructure

This chart shows the trending malware related to Critical Infrastructure within a curated list of cyber sources over the past week.

Weekly Industry View

Industry Information
Cryptocurrency
CrowdStrike researchers identified a new cryptojacking campaign, dubbed Kiss-a-dog, that targets vulnerable Docker and Kubernetes infrastructure with XMRig. The campaign uses multiple C2 servers to launch attacks that attempt to mine cryptocurrency, with user and kernel mode rootkits used to hide the activity. It uses a host mount for container escape before stopping and uninstalling cloud monitoring services using public GitHub code. Network scanning tools such as pnscan, masscan, and zgrab are also used.
Banking & Finance
Cyble researchers observed an upgraded version of the Drinik Android banking malware impersonating the Income Tax Department of India to target 18 different Indian banks. The new variant contains screen recording capabilities to harvest credentials, as well as keylogging. It abuses CallScreeningService to manage incoming calls and receives commands via FirebaseCloudMessaging.
Critical Infrastructure
The New Jersey Cybersecurity & Communications Integration Cell warned that the global maritime sector, including ports, vessels, and shipping companies, will remain an attractive target for a range of cyberattacks designed to disrupt daily operations, steal sensitive data, and more. The sector contains extensive vulnerabilities, including in the physical environment, operational technology and IT environment, ICS, SCADA, distributed control systems, and programmable logic controllers.
Technology
BlackBerry researchers discovered that the RomCom threat actor is leveraging multiple products in their campaigns to distribute RomCom RAT. This includes SolarWinds Network Performance Monitor, KeePass Open-Source Password Manager, and PDF Reader Pro. Whilst Ukraine appears to remain the primary target, some English-speaking countries are also being targeted, including the UK. Based on the targeting and the current geopolitical situation, BlackBerry assesses that RomCom is likely not purely cybercriminal in nature.
Government
On October 27th, 2022, the parliament of Slovakia was targeted in a cyberattack that paralysed its entire computer network, preventing lawmakers from voting on several bills. The parliament of Poland was similarly targeted, with the Polish Senate describing it as ‘multi-directional, including from inside the Russian Federation.’ According to Polish Senate speaker Tomasz Grodzki, the attack may be linked to the Senate’s vote on October 26th, 2022, that declared the Russian government a ‘terrorist regime.’

News and information concerning each mentioned industry over the last week.

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.