08 April 2021

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Trending Vulnerable Products

Open Source
Name Heat 7
Fortinet FortiOS
Apple tvOS
ImageIO
Facebook
VMware Carbon Black Cloud
Deep & Dark Web
Name Heat 7
Microsoft Outlook
Coldcard Wallet
VMware vCenter
Fortinet FortiOS
FreeBSD

The tables show the products which have been mentioned more than usual during the last week in connection with vulnerabilities.

Data Leaks & Breaches

Leaks & Breaches
Company Information Affected
Cardpool (US) Researchers at Gemini Advisory reported that in February 2021 a cybercriminal actor sold 330,000 stolen payment cards which they linked back to the now defunct gift card exchange service. The criminal also sold 895,000 stolen gift cards; the researchers assess with moderate confidence that these also came from Cardpool. The gift cards were for well known companies such as Amazon, Nike, Target, and American Airlines. The breach likely occurred between February 4th and August 4th, 2019. Unknown
Administrative Advantage (US) The company, which provides billing support services to healthcare providers, discovered that an unauthorised individual may have accessed an employee email account between June 23rd and July 9th, 2020. Patient names, Social Security numbers, financial account information, driver’s license or state identification numbers, full credit or debit card information, dates of birth, and more may have been compromised. Unknown
Office Depot (US) Security researcher Jeremiah Fowler and Website Planet researchers discovered a non-password protected Elasticsearch database containing 974,050 records. The exposed data included SSH Login and other internal employee information. In addition, European customer records were present, the majority of which referenced Germany. They contained personally identifiable information of customers, including names, phone numbers, physical addresses, and more. Unknown
Facebook (US) Mobile numbers, names, dates of birth, email addresses, and more, were freely shared on a hacker forum. The data, which was allegedly harvested in 2019, was previously sold for a reported price of $30,000 in June 2020. Alon Gal of Hudson Rock stated that the threat actor likely gained the mobile numbers via a flaw in Facebook’s ‘Add Friend’ feature which was patched in 2019. 533,313,128
Asteelflash (France) BleepingComputer reported that the company has been infected with REvil ransomware. The attacker’s Tor site shows a brief conversation between the threat actor and the company, during which the attackers shared files which they allegedly stole during the attack. Unknown
MedData (US) Security researchers Jelle Ursem and Dissent Doe speculated that patient records kept by MedData, which were uploaded by one of the company’s employees prior to or during September 2019, could now be stored in the GitHub Artic Vault. The company recently released an incident notice and contacted impacted patients. The exposed information includes names, addresses, dates of birth, Social Security numbers, medical data, and more. Unknown
Home Hardware Stores Ltd (Canada) The hardware retailer was targeted in a DarkSide ransomware attack. The group leaked screenshots of some of the exfiltrated data on its dark web site. Unknown
Allied Press (New Zealand) The publisher was informed by the country’s computer emergency response team about a breach of its Otago Daily Times archive. The publisher took the service offline, and informed an unspecified number of individuals affected by the breach. Unknown
Bricker & Eckler LLP (US) The Ohio-based law firm was targeted in a ransomware attack on January 31st, 2021. An investigation into the incident revealed that the attacker gained access to internal systems and obtained some data. The stolen data included names, addresses, and in some cases medical-related or education-related information, driver’s license numbers, and Social Security numbers. Unknown
Arup Group (UK) The engineering company was impacted by a ransomware attack that hit the managed services provider Symatrix in mid-January 2021. An unspecified number of Arup staff had their names, bank accounts, national insurance numbers, dates of birth, addresses, and more exposed. Unknown
Trello (Japan) Japanese users of the task management software had their data exposed to the internet. The compromised data includes names, addresses, and phone numbers of COVID-19 vaccine clinical studies applicants, bank account details of various individuals and companies, and mobile phone numbers of student jobseekers. According to the company, the exposed data belongs to users who chose to make their accounts public. Unknown
Affton School District (US) The Missouri schools were targeted in a ransomware attack. On March 3rd, 2021, the attackers leaked the personal data of 400 of the district’s employees, including their Social Security numbers.    1,183

Attack Types mentions in Banking & Finance

Time Series

This chart shows the trending Attack Types related to Banking & Finance over the last week.

Weekly Industry View

Industry View
Industry Information
Technology Onapsis and SAP released a joint alert and report detailing active exploitation attempts of unprotected SAP applications. The companies noted that patches for the exploited vulnerabilities have been available for months, and in some cases years, yet many organisations have failed to apply the proper mitigations. Organisations are advised to apply SAP patches and secure configurations immediately.
Government A spokesperson for the European Commission announced that the commission and several other European Union (EU) organisations were targeted by a cyberattack in March 2021 which impacted IT infrastructure. Although details are scant at present, an anonymous source who is familiar with the matter informed Bloomberg that the attack was bigger than standard cyberattacks that regularly target the EU. The source also said that the severity of the attack was high enough that senior commission officials were alerted.
Banking & Finance Researchers at ESET found that the Janeleiro banking trojan has been targeting corporate users in Brazil since 2019. The attacks start via phishing emails which have been sent to targets in a range of sectors, including engineering, government, finance, healthcare, and manufacturing. Janeleiro uses pop-up windows that imitate the biggest banks in Brazil and attempt to get users to enter their personal information which is sent to the attackers’ C2.
Retail & Tourism VISA reported that throughout 2020 they increasingly saw JavaScript-based credit card skimming scripts injected into hacked online web stores via web shells. The skimmers allow attackers to steal payment and personal data belonging to shoppers. The web shells were predominantly used by Magecart threat actors to backdoor hacked online store servers. The company stated that at least 45 skimming attacks in 2020 used web shells. The trend reportedly mirrors a rise in the use of web shells across the wider threat landscape.
Cryptocurrency Security researcher Justin Perdok identified attackers using GitHub Actions to mine for cryptocurrency. The attack, which targets GitHub repositories, begins with the threat actor forking a legitimate repository that uses GitHub Actions. The attacker then injects malicious code into the forked version and merges the code back to the original repository maintainers by filing a Pull Request. The original project maintainer does not have to approve the Pull Request. At least 95 repositories were targeted by the threat actor who sought to deliver a cryptominer hosted on GitLab. A copycat attack spotted by security researcher Mark Dodgson impacted over 50 legitimate repositories. BleepingComputer found a variation of this attack pulling the open-source XMRig cryptominer from XMRig’s official GitHub repository.

News and information concerning each mentioned industry over the last week.

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Silobreaker's Weekly Cyber Digest

Sign up for weekly news on data breaches, hacker groups, malware and vulnerabilities.

Silobreaker
This website uses cookies.
See our privacy policy at www.silobreaker.com/legal