10 December 2020

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Trending Vulnerable Products

Open Source
Name Heat 7
ImageMagick
Apple iPadOS
Apple iOS 14
Apple watchOS
Viber
Deep & Dark Web
Name Heat 7
Google Play
Viber
Grindr
OkCupid
Microsoft Edge

The tables show the products which have been mentioned more than usual during the last week in connection with vulnerabilities.

Data Leaks & Breaches

Leaks & Breaches
Company Information Affected
Verizon (US) Ars Technica reported that a glitch in Verizon’s chat system exposes the personal details of individuals who engage with company representatives about Fios services. When a user clicks on the chat window they are shown the content of past chats. The viewable information includes names, addresses, phone numbers, and an account number if the individual is already a client.  Unknown
Shirbit (Israel) The hacker group BlackShadow has been leaking data belonging to the insurance company following a recent cyberattack. The leaked information, which includes documents, audio recording, passport images, and more, is being posted on a Telegram channel created by the hackers. Unknown
Absa Group (South Africa) Absa Group disclosed that the personal information of its clients was sold to a third party, allegedly by one of the company’s credit analysts. The leaked details include customer addresses, contact details, customer ID numbers, and descriptions of vehicles that were purchased on finance. 200,000
Brazilian Ministry of Health Reporters at Estadao identified a password within the source code of the ministry’s website that allowed them to access the official Sistema Único de Saúde database. It contains the data of all Brazilians who signed up for the public-funded health care system. The exposed data includes names, addresses, phone numbers, and medical records. It is unknown if the database was accessed by anyone other than the reporters.  Unknown
Bpost (Belgium) DataBreaches[.]net reported on a VRT News investigation into a possible data leak on the website of the Belgian post office. Users had been able to look up parcel and pick up information for packages intended for others, before the leak was secured. Unknown
The Alaska Division of Elections (US) The agency was targeted by an unknown threat actor in a breach discovered on October 27th, 2020. The incident exposed residents’ names, addresses, birth dates, driver’s license or state identification numbers, the last four digits of social security numbers, and their party affiliation. 113,000
Randstad (the Netherlands) The HR services company was targeted in an Egregor ransomware attack, resulting in the breach of data concerning its operations in the US, Poland, Italy and France. The ransomware operators have published a sample of the allegedly stolen data. Unknown
Golden Gate Regional Center (US) The non-profit was targeted in a cyberattack discovered on September 23rd, 2020. Conti ransomware operators uploaded some files allegedly exfiltrated from the victim on a dark web site. Names, GGRC-issued unique client identifier numbers, and service information were stolen during the attack. 11,315
Database of Indian users On December 1st, 2020, Cyble researchers discovered a database containing records of Indian citizens being sold on the dark web. The database of around 103GB includes records dated between 2016-2020 such as birth dates, PAN details, salary information, phone numbers, and email address. The leak also contains data from a few companies. Part of the data appears to be compiled from yellow-pages or marketing databases.  Unknown
Kopter Group (Switzerland) On December 4th, 2020, data belonging to the helicopter maker was published online by LockBit ransomware operators. The leaked data includes business documents, aerospace and defence industry standards, and internal projects. Unknown
Leonardo SpA (Italy) Italy’s interior ministry reported that a former Leonardo worker and company director have been arrested for allegedly stealing defence data from the aerospace and electronics group. The attacks, which occurred from May 2015 until January 2017, reportedly stemmed from a program delivered to dozens of company computers via a USB stick. The incident resulted in the theft of around 100,000 files from the company’s plant at Pomigliano d’Arco. Unknown
Embraer (Brazil) ZDNet reviewed files posted by RansomExx that allegedly belong to the aeroplane maker. The files include employee details, photos of flight simulations, source code, business contracts and more.  Unknown
USNR LLC  (US) The Washington-based manufacturing firm was hit with ransomware on September 28th, 2020, the company noticed the attack on October 25th, 2020. Unnamed attackers encrypted files and may have accessed information of current and former employees. Exposed details include names, addresses, dates of birth, social security numbers, bank account details, and the information of beneficiaries.  3,950
Dutch municipality of Hof van Twente THe municipality was targeted in a cyberattack discovered on December 1st, 2020. Data stored on the municipality’s servers, including residents’ personal data was reportedly ‘destroyed’. The actor had ‘access’ to the targeted servers, which may suggest some data has been exposed. Unknown
Foxconn (Mexico) Foxconn Technology Group disclosed that the focus of the DoppelPaymer ransomware attack against the company on November 29th, 2020, was an information system located in the US.. DoppelPaymer operators published data which they claim belongs to Foxconn on their data leak site. The information reportedly includes ‘generic’ business documents and reports. Unknown
Mercy Health (US) On October 7th, 2020, the Missouri healthcare provider discovered that an employee accessed personal patient information outside the scope of their responsibilities. The exposed data included names, addresses, dates of birth, medical information, and, for a ‘very small number of individuals’, health insurance identification numbers. Unknown
City of Ottawa OC Transpo My Alerts (Canada) The notification system has been breached under unclear circumstances, potentially resulting in the exposure of user email addresses and passwords.   Unknown
 HM Revenue and Customs (UK) The HMRC annual report revealed that the agency reported 11 ‘serious’ personal data breaches affecting an estimated 23,000 individuals in 2020. In two of the most serious incidents, the data of 18,864 was disclosed when incorrect national insurance letters were sent out in May, while 573 individuals were impacted following ‘a fraudulent attack’ in February. 23,000
Loch Rannoch Highland Club (UK) The holiday resort exposed the email addresses, phone numbers, and club reference numbers of timeshare owners. The data was available on the club’s website. 2,400
Instagram (US) Data Breach Today reported that on October 19th, 2020, researcher David Stier reported a flaw in the Instagram website which exposed the personal data of minors. The HTML source code of the site revealed the email addresses of minors who converted their profiles from personal use to business accounts. Unknown
Indian card holders Security researcher Rajshekhar Rajaharia discovered a public Google Drive database containing the data of debit and credit card holders. The exposed data includes names, employer data, income levels, phone numbers, email addresses, permanent account numbers and some card activity information. The leak may have originated from third-party card sellers contracted by banks. 7,000,000
Technology Management Resources (US) A threat actor was active on TMR’s network between August 5th, 2018, and May 31st, 2020, during which time they may have viewed images containing checks and protected health information of  Louisiana’s Monroe Surgical Hospital patients. Unknown
Fax Express (US) Emails and plain-text passwords of the New-Jersey based fax company’s customers were leaked in a Russian hacking forum. 500,000
Dental Care Alliance (US) The Florida-based association suffered a data breach due to a ‘hacking incident’ which started on September 18th, 2020, and was discovered on October 11th, 2020.  According to DataBreaches[.]net, the names, addresses, billing, health insurance and treatment information of patients may have been exposed during the breach.Additionally, approximately 10% of those impacted may have had their bank numbers exposed. 1,004,304 

Malware mentions in Banking & Finance

Time Series

This chart shows the trending Malware related to Banking & Finance over the last week.

Weekly Industry View

Industry View
Industry Information
Retail & Hospitality  On December 4th, 2020, the doors of 2,732 PickPoint package lockers in Moscow were forced open by a cyberattack. The company operates lockers in both Moscow and Saint Petersburg. The unknown attacker utilised a yet-to-be-discovered exploit to open the doors. PickPoint notified authorities of the incident and are working to restore their damaged network.
Government Researchers at Cybereason observed an espionage campaign utilising malware that uses Facebook, Dropbox, Google Docs and Simplenote for C2 and data exfiltration. The active campaign is targeting high-ranking political figures and government officials in the Middle East.The campaign leverages new backdoors named SharpStage and DropBook, as well as a new MoleNet downloader to execute arbitrary code and steal data. The attackers lure targets with phishing messages related to Middle Eastern events such as the alleged meeting between Saudi Crown Prince Mohammed bin Salman, US Secretary of State Mike Pompeo and Israeli PM Benjamin Netanyahu. The new malware, which was used in conjunction with the Spark backdoor and Quasar RAT, has been attributed to the Molerats threat actor by Cybereason.
Technology FireEye disclosed that it was targeted by a likely nation-state sponsored group who accessed its systems and stole Red Team tools. The company stated that the tools range from simple scripts to entire frameworks. None of the stolen tools contain zero-day exploits. FireEye said that there is no evidence that the ‘highly sophisticated threat actor’ exfiltrated data from systems containing customer information. The tools have also not been seen disseminated or used by adversaries. In response to the incident, the company released countermeasures and launched an investigation alongside key partners, such as Microsoft and the Federal Bureau of Investigation.
Healthcare  The European Medicines Agency (EMA) issued a brief statement revealing that it had been hit with a cyberattack which is currently being investigated by the organisation alongside law enforcement bodies and other relevant entities. A statement issued by BioNTech revealed that the attack against the EMA allowed the threat actors to access ‘some documents relating to the regulatory submission for Pfizer and BioNTech’s COVID-19 vaccine candidate, BNT162b2,’.
Cryptocurrency An active phishing scam targeting MetaMask wallets is being spread via Google Ads. The adverts, which target those who search for MetaMask in the Google search engine, direct users to a spoofed MetaMask phishing page where they are encouraged to install a MetaMask browser extension. Targets who already have a wallet are prompted to import their wallet by entering their 12-word secret phase which is then sent to the attackers. The scammers have registered multiple domains and some MetaMask users have reported losing thousands of dollars in cryptocurrency.

News and information concerning each mentioned industry over the last week.

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Silobreaker Weekly Cyber Digest

Sign up for weekly news on data breaches, hacker groups, malware and vulnerabilities.

Silobreaker
This website uses cookies.
See our privacy policy at www.silobreaker.com/legal