Threat Reports / Weekly Threat Reports

Threat Summary: 03 – 09 April 2020

03 – 09 April 2020

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Trending Vulnerable Products

Open Source
Name Heat 7d
Juniper Junos OS

Mozilla Firefox

Mac Zoom Client

Apple Safari

Mozilla Firefox ESR
Deep & Dark Web
Name Heat 7d
Microsoft SMBv3

Microsoft Windows 10 Pro

Apple MacBook

PlayStation Network

Mozilla Firefox

The tables show the products which have been mentioned more than usual during the last week in connection with vulnerabilities.

Data Leaks & Breaches
Company Information Affected
10x Genomics (US) The biotechnology company was hit by ransomware in March 2020. According to 10x Genomics Inc, data was stolen in the attack, but they managed to restore their operations. The operators of REvil ransomware uploaded an internal document belonging to the company on March 13th, 2020, that is said to include information of over 1,200 employees and the company’s computer systems. The group claims to have stolen 1TB of data. Unknown
OGUsers The popular hacking forum OGUsers disclosed a data breach that occurred on April 2nd, 2020, in which the details of over 200,000 users were stolen and leaked on a rival hacking forum. OGUsers stated that the attackers breached their server through ‘a shell in avatar uploading in the forum software.’ All users had their passwords reset by the administrators and are urged to enable two-factor authentication. The forum has since been taken offline. >200,000
Key Ring (US) Researchers at vpnMentor identified five misconfigured Amazon Web Services S3 buckets owned by Key Ring. The researchers found that users uploaded credit cards, IDs, driver licenses, and other sensitive information which was exposed. Key Ring also operates as a marketing platform for companies such as Walmart, Kleenex, Kids Eat Free Campaign, La Madeleine Bakery chain, and others. The breach exposed CSV files with membership lists and reports for these companies. Unknown
Groupement Berkine (Algeria) Maze ransomware operators claimed to have compromised the system of Groupement Berkine, a joint venture between the Algerian state-owned Sonatrach, and the US firm Oxy Occidental, on April 1st, 2020. The group also uploaded documents allegedly belonging to the company, including information on investment plans, financial details, and sensitive files. Unknown
HTC Mania (Spain) Spanish mobile phone forum HTC Mania was impacted by a data breach in January 2020 that exposed the passwords, email addresses, IP addresses, and other information belonging to its users. The data from the breach has been shared on hacking websites. 1,488,089
Rand Hospital (Bahamas) On April 4th, 2020, Bahama’s Public Hospitals Authority launched a criminal investigation into the leak and spread of a ‘purported confidential document’ on social media that relates to patients of the Grand Bahama Health Services. Unknown
Commercial Development Company Inc (US) The DoppelPaymer ransomware operators uploaded data belonging to Commercial Development Company Inc, a company whose clients include BHP, Citi, Armco Steel, Wells Fargo, and more. Leaked data includes sensitive information such as corporate account statements and ledgers. Unknown
Email[.]it (Italy) ZDNet reported that hackers, operating under the alias NN Hacking Group, are selling the data of over 600,000 Email[.]it users online. The hackers claim that they gained access to the company’s system in January 2018. The Italian email provider confirmed the theft to ZDNet on April 6th, 2020. >600,000
Wolfe & Associates Property Services (US) On March 5th, 2020, law enforcement authorities informed Wolfe & Associates Property Services that their online database had been breached and information stolen. The breach may have occurred up to six months ago. The theft resulted in the exposure of rental applications which contained names, Social Security numbers, dates of birth, addresses, and more. The company has begun to inform impacted individuals. Unknown
Stockdale Radiology (US) Databreaches[.]net previously reported that Maze operators claimed that they had been involved in the attack which took place on January 17th, 2020. The data breach notice sent to patients stated that a limited number of files were leaked by the intruder while other files were accessed but not exposed. The company stated that accessible information included names, addresses, personal health information, doctor’s notes, and Social Security numbers. Unknown
Vianet Communications (Nepal) The internet service provider has confirmed a breach of its database that included customer data. The stolen data included user names, addresses, phone numbers, and the email IDs. Vianet is currently attempting to retrieve the stolen data and has notified any potentially impacted customers. 160,000

This table shows a selection of leaks and breaches reported this week.

Malware mentions in relation to the Coronavirus outbreak

This chart shows the trending malware related to the Coronavirus outbreak over the last week.

Weekly Industry View
Industry Information
Banking & Finance The Bankers Association of the Philippines (BAP) has received reports of emails asking users to click on a link to prevent the deactivation of their account due to coronavirus. The BAP advises users not to click on such links, as these are phishing attacks seeking to steal personal and sensitive information with the aim of accessing the user’s account.
Healthcare Threat actors with links to the Iranian government have reportedly been targeting the personal email accounts of World Health Organisation (WHO) staff in phishing attacks. A WHO spokesman confirmed the attacks, yet stated that the organisation does not know who is responsible. The Iranian government denied any involvement, referring to the allegation as ‘sheer lies to put more pressure on Iran’ and adding that the country has been a victim of hacking itself. The attacks have been ongoing since March 2nd, 2020, and are aimed at stealing passwords by sending fake Google web services messages. It is unclear if any accounts have been compromised.
Government Italy’s social security website was hit by multiple attacks, which forced the Istituto nazionale della previdenza sociale (INPS) to shut down the site on April 1st, 2020. Before the INPS site was taken offline, users had reported severe disruptions and being able to see the data of other individuals. The site is intended for self-employed or seasonal workers to apply for a coronavirus benefit.
Cryptocurrency Researchers at Trend Micro discovered a malicious installer for the video conferencing app Zoom that has been bundled with a coinminer. The compromised files are not available on Zoom’s official download centre and are likely distributed via fraudulent websites. When downloading the official installer, a Autolt compiled malware, detected as Trojan.Win32.MOOZ.THC CABO, is downloaded, which then drops several files including the coinminer and the legitimate Zoom installer. At present, the malware only runs in a 64-bit environment.
Critical Infrastructure Maze ransomware operators claimed to have compromised the system of Groupement Berkine, a joint venture between the Algerian state-owned Sonatrach, and the US firm Oxy Occidental, on April 1st, 2020. The group also uploaded documents allegedly belonging to the company, including information on investment plans, financial details, and sensitive files.

News and information concerning each mentioned industry over the last week.

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.
The Silobreaker Team

More News

  • COVID-19 Alert – 05 June 2020

    Silobreaker's Daily COVID-19 Alert for 05 June 2020
  • Cyber Alert – 05 June 2020

    Cyber Alert: troyhunt - RT @haveibeenpwned: New breach: Indian self-drive car rental company Zoomcar was breached in 2018 and had 3.5M records exposed then...
  • Threat Summary: 29 May – 04 June 2020

    29 May – 04 June 2020 Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are...
View all News

Request a demo

Get in touch