05 January 2023
Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker.
Trending Vulnerable Products
Open Source
| Name | Heat 7 |
|---|---|
| NVIDIA GPU Display Driver |  |
| VPN Plus |  |
| ArcGIS |  |
| IBM Sterling B2B Integrator Standard Edition | |
| Aruba ClearPass Policy Manager | |
Deep & Dark Web
| Name | Heat 7 |
|---|---|
| Atlassian Bitbucket |  |
| Gentoo Linux | |
| Bitcoin Core | |
| iPad | |
| iPhone 11 |  |
The tables show the products which have been mentioned more than usual during the last week in connection with vulnerabilities.
Data Leaks & Breaches
| Company | Information | Affected |
|---|---|---|
| Port of Lisbon (Portugal) | The website was hit by a cyberattack on December 25th, 2022, and was shut down as a precaution. LockBit ransomware operators have since claimed responsibility for the attack, allegedly acquiring all financial reports, personal data of customers, port documentation, mail correspondence, and more. | Unknown |
| Copper Mountain Mining Corporation (Canada) | The firm confirmed it was the target of a ransomware attack on December 27th, 2022, that impacted operations but did not compromise safety measures. The infected systems were isolated, and the mill was shut down as a preventative measure, with other processes switched to manual operations. | Unknown |
| Azienda Ospedaliera di Alessandria (Italy) | On December 28th, 2022, the operators of Ragnar Locker ransomware claimed to have stolen data from the healthcare system, including clients’ personal information, medical cards, financial reports, and department reports. The group leaked 37GB of stolen data, which they claim amounts to only 5% of the stolen data. | Unknown |
| Multiple (Malaysia) | An alleged data leak reportedly concerns the personal data of users stolen from Maybank, the Election Commission, and Astro. The data was reportedly made available by a threat actor on the dark web. It is said to include full names and identity card numbers, as well as contact information. Astro and Maybank have both denied the leak. | 13,000,000 |
| Howard Memorial Hospital (US) | The hospital revealed that files may have been stolen by an unknown actor between November 14th and December 4th, 2022. Possibly stolen information includes patient names, contact information, dates of birth, Social Security numbers, health insurance numbers, medical record numbers, and more. | Unknown |
| City of Tomball (US) | The Texas city was targeted in a ransomware attack on December 20th, 2022. The incident impacted the city’s online payment systems, though emergency services remained operational. City Manager David Esquivel did not reveal whether utility customers’ passwords or credit card information was compromised. | Unknown |
| Sargent & Lundy (US) | The Chicago-based engineering firm was targeted in a Black Basta ransomware attack in October 2022. The hackers reportedly stole data belonging to multiple electric utilities. | Unknown |
| Lake Charles Memorial Health System (US) | The health system was targeted in a Hive ransomware attack detected on October 21st, 2022. Impacted information may include patient names, addresses, dates of birth, medical record of patient identification numbers, payment information, and more. | Unknown |
| Toyota Kirloskar Motor (India) | One of its service providers experienced an incident that may have exposed the personal information of some Toyota Kirloskar Motor customers on the internet. The company has not disclosed the size of the breach, or how many customers were affected. | Unknown |
| Wabtec (US) | A LockBit ransomware attack occurred on March 15th, 2022, with stolen data published on August 20th, 2022. Compromised information includes names, dates of birth, non-US national ID numbers and social insurance numbers or fiscal codes, passport numbers, IP addresses, NHS numbers, Social Security numbers, financial account information, and more. | Unknown |
| Volvo Cars (Sweden) | Threat actor IntelBroker claims to be selling data allegedly stolen from the manufacturer in an Endurance ransomware attack. The data allegedly includes database access, CICD access, Atlassian access, API, employee lists, keys and system files, and more. | Unknown |
| Centro Médico Virgen De La Caridad (Spain) | Hive ransomware added the Spanish health system to its leak site, allegedly encrypting their systems on December 21st, 2022. The listing indicates data was stolen, however no data pack is currently available. | Unknown |
| Housing Authority of the City of Los Angeles (US) | On December 31st, 2022, the LockBit ransomware operators claimed to be in possession of 15TB of stolen data. The currently uploaded information includes a HACLA bank statement and a list of folders suggesting the group may be in possession of sensitive data like payroll and audits. | Unknown |
| Monarch NC (US) | The healthcare provider disclosed a data breach following a ransomware attack against its systems on August 29th, 2022. A group calling themselves Don#t_Leaks added Monarch to their leak site on September 1st, 2022, however the listing was quickly removed. | 56,155 |
| Monte Cristalina S.A. (Brazil) | On December 19th, 2022, LockBit ransomware added the company to their leak site, claiming to have stolen 135GB of data. The threat actors uploaded some data as proof. | Unknown |
| Einatec (Spain) | Snatch Team actors added the firm to their leak site on December 28th, 2022. The group claims to be in possession of 105GB of data, and posted three file images as proof of claim. | Unknown |
| Cerveceria Regional (Venezuela) | PLAY ransomware added the brewery to their leak site on December 18th, 2022, before dumping data allegedly stolen from the firm on December 26th, 2022. | Unknown |
| Argentina de Soluciones Satelitales | On December 16th, 2022, PLAY ransomware actors claimed responsibility for a December 2nd, 2022, attack. They began to leak data on December 23rd, 2022. | Unknown |
| Retreat Behavioral Health (US) | A ransomware attack occurred in July 1st, 2022, in which attackers may have gained access to a dataset. Potentially compromised data includes names, addresses, Social Security numbers, and in some cases, dates of birth, and medical and treatment information. | Unknown |
| Queensland University of Technology (Australia) | On January 1st, 2023, Royal ransomware operators claimed responsibility for a cyberattack. The actors have since begun to leak data allegedly stolen from the university. This includes HR files, email and letter communications, ID cards and documents, and financial administrative documents that they state represents 10% of the stolen data. | Unknown |
| Huron-Superior Catholic District School Board (Canada) | A Royal ransomware attack on December 15th, 2022, resulted in the theft of a ‘significant number of files’ from a file server. The data includes social insurance numbers and banking information for staff members employed between 2019 and 2022. | Unknown |
| Twitter (US) | On January 4th, 2023, a threat actor published a data leak allegedly containing email addresses for Twitter users on the Breached hacking forum for about $2. The data is reportedly the same as the set of 400 million that circulated in November 2022, but cleaned up to remove duplicates. The validity of many of the email addresses has been confirmed by BleepingComputer, however they also confirmed duplicates in this latest leaked data. | 200,000,000 |
| Cricketsocial[.]com | The platform exposed over 100,000 entries of private customer data and admin credentials in an open Amazon Web Services instance. The database contains email addresses, phone numbers, names, hashed user passwords, dates of birth, and physical addresses. Plaintext credentials for a website administrator account were also identified. | Unknown |
| RailYatri (India) | The train ticketing platform confirmed that it suffered a data breach on December 28th, 2022, in which unauthorised individuals may have viewed user information. This includes age, email, preference city, and phone numbers pertaining to over 30 million user records. | Unknown |
| Five Guys (US) | Unauthorised access to a single file server occurred on September 17th, 2022. The files contained personally identifiable information of individuals who applied to work for the fast-food chain. It remains unclear what type of data may have been accessed, aside from individuals’ names. | Unknown |
Attack Type mentions in Banking & Finance
This chart shows the trending attack types related to Banking & Finance within a curated list of cyber sources over the past week.
Weekly Industry View
| Industry | Information |
|---|---|
| Banking & Finance |
Researchers at Security Joes identified a new version of Raspberry Robin that is currently targeting the financial sector in Europe, specifically focusing on Spanish and Portuguese speaking organisations. The improved version boasts additional anti-analysis capabilities, with changes made to the execution mechanism, code obfuscation, and added encryption layers. At least five layers of protection are used before the actual malicious code is executed. The malicious code is compiled as a x86 shellcode only available in memory. |
| Technology |
On December 30th, 2022, PyTorch learned of a malicious dependency package that was uploaded to the PyPI code repository, with the same name as the framework’s ‘torchtriton’ library. The dependency was automatically installed for users installing PyTorch-nightly Linux packages via pip, leading to a successful compromise via a dependency confusion attack. The malicious dependency has had over 2,300 downloads. The malicious package surveys compromised systems for basic fingerprinting information and steals sensitive data. The actor behind the campaign claims that the operation was not malicious. |
| Education |
Security researcher Will Thomas detailed an ongoing phishing campaign targeting Chinese-speaking students at UK universities with fraudulent calls since at least May 2021. The threat actor, dubbed RedZei, attempts to obtain personal information from users by posing as the Bank of China, China Mobile, government officials, and couriers like Royal Mail, DHL, and UPS. RedZei alternates between SIM cards from different UK mobile carriers, using a new pay-as-you-go number for each wave of scam calls. |
| Healthcare |
On December 31st, 2022, the LockBit ransomware gang released a free decryptor for the Hospital for Sick Children (SickKids) after revealing that one of its members violated their rules by attacking the Canadian healthcare organisation on December 18th, 2022. The ransomware attack impacted internal and corporate systems, hospital phone lines, and the website. Only a few systems were encrypted, however SickKids stated that delays in receiving labs and imaging results were experienced, as well as longer patient wait times. |
| Cryptocurrency |
Multiple financial regulators in the United States warned banking organisations of security risks associated with cryptocurrency assets and the sector’s participants. This includes fraud, lack of maturity and robustness, vulnerabilities related to cyberattacks, outages, lost or trapped assets, and illicit finance. |
News and information concerning each mentioned industry over the last week.
Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker.
