Threat Reports

Threat Summary: 04 – 10 October 2019

04 – 10 October 2019

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Trending Vulnerable Products

Open Source
Name Heat 7d
Huawei P20

SugarCRM

Xiaomi Redmi

Samsung Galaxy S7

Oreo
Deep & Dark Web
Name Heat 7d
Huawei P20

Xiaomi Redmi

Google Pixel

Oreo

ProtonMail

The tables show the products which have been mentioned more than usual during the last week in connection with vulnerabilities.

Data Leaks & Breaches
Company Information Affected
Goshen Health (US) Personal health information of 9,160 Goshen Health patients may have been exposed in a data breach that took place between August 2nd, 2018 and August 13th, 2018, during which an unauthorised individual gained access to two employee’s email accounts. On August 1st, 2019, Goshen Health determined that the email accounts stored patient information. Potentially exposed data includes names, addresses, dates of birth, physician names, health insurance information, limited clinical information, Social Security numbers and driver’s licenses. 9,160
Focus Brands (US) On October 2nd, 2019, Focus Brands subsidiaries McAlister’s Deli, Moe’s Southwest Grill, and Schlotzsky’s announced that corporate and franchised restaurants had been impacted by a card security incident. Stolen information includes expiration dates, card numbers, internal verification codes, and in some cases the name of the cardholder. Hy-Vee also released an update about a point-of sale attack that was disclosed in August 2019, which reveals that six HyVee locations may have been compromised since November 9th, 2018, and in one location the compromise may have lasted until August 2nd, 2019. Additionally, HyVee fuel pumps may have been compromised since December 14th, 2018. Unknown
Sberbank (Russia) Russia’s Sberbank is investigating a data leak that ‘may be the biggest ever in the history of Russian banking.’ The data leak may affect at least 200 customers, however, that number is said to be merely a sample that was offered to buyers on the darkweb and the seller claims to have data on 60 million credit cards. Unknown
StreetEasy (US) StreetEasy was impacted by a data breach in June 2016 that exposed roughly 988,000 email addresses, names, usernames, and SHA-1 hashes of passwords. The information appeared for sale on the dark web in February 2019. 988,000
Sephora Southeast Asia (Multinational) Sephora Southeast Asia had the data of 780,073 customers stolen in January 2017. Exposed information included names, dates of birth, email addresses, ethnicities, and more. Sephora customer data has also appeared on online hacker forums. 780,073
Brazilian Government A user going by the name of X4Crow is advertising a database on the darkweb which they claim contains the details of 92 million Brazilians. The seller states that the records are separated by province and includes names, dates of birth, taxpayer numbers, and more. The seller is auctioning the database for $15,000. 92 million
UAB Medicine (US) On August 7th, 2019, UAB Medicine employees were targeted by attackers that sought to gain access to the payroll system by posing as executives conducting a staff survey and asking for usernames and passwords, which a number of employees provided. Although the attack on the payroll failed, the hackers had access to the information of 19,557 patients via the compromised accounts. Exposed data included names, medical record numbers, dates of service, and more. A small number of patients also had their Social Security numbers divulged. 19,577
Tū Ora Compass Health (New Zealand) Following the website defacement of Tū Ora Compass Health on August 5th, 2019, an investigation into the incident revealed previous cyber attacks dating from 2016 to March 2019 that could impact anyone enrolled with a medical centre from the greater Wellington, Wairarapa and Manawatu regions since 2002. Potentially accessed data includes National Health Index Numbers, names, dates of birth, ethnicities, addresses, as well as some medical information. Unknown
Electronic Arts (US) Players who attempted to register for FIFA 20 Global Series were shown the details of customers who had already registered. Exposed information included usernames, email addresses, and dates of birth. Unknown
Sarrell Dental (US) Sarrell Dental is informing its patients of a ransomware attack in July 2019 that may have exposed the sensitive data of 391,472 of its patients. Compromised data included patient names, addresses, dates of birth, Social Security numbers, insurance information, and more. 391,472
Cancer Treatment Center of America As a result of a phishing attack, an unauthorised individual had access to a Cancer Treatment Center of America (CTCA) employee email account from July 22nd, to July 29th, 2019, which potentially exposed protected health information of 3,290 patients. Potentially accessed data included names, addresses, phone numbers, dates of birth, health insurance information, and more. No Social Security numbers were exposed. 3,290
TransUnion Canada Between 28th, June and July 11th, 2019, an unauthorised party retrieved consumer credit files on a TransUnion Canada business portal. The attacker gained access to the systems by using the credentials of TransUnion customer CWB National Leasings Inc. Performing a successful credit file lookup search would have allowed an attacker to view consumer’s names, dates of birth, addresses, loan obligations, payment history, and more. Unknown
Beeline (Russia) Russian news agency Kommersant reported that data belonging to 8.7 million customers of Russia ISP Beeline is available online. The security incident which led to the disclosure of the data occurred in 2017, however, the breach was never publicly disclosed. Following Kommersant’s report, Beeline revealed that the information belonged to Russian customers who signed up for broadband connections prior to November 2016. Exposed information includes names, mobile and home phone numbers, and addresses. 8.7 million
University of Pittsburgh (US) The University of Pittsburgh Graduate School of Public Health is informing its students of a data leak in which an email containing a spreadsheet with tuition information of 38 students was mistakenly sent to seven students on September 24th, 2019. No banking or Social Security information was exposed. 38
PAL Airlines (Canada) Canada’s PAL Airlines is currently investigating a ‘data security incident’ involving an email account containing information from its employee pass travel program. Potentially exposed information includes names, dates of birth and credit card information. Affected customers are being notified. Unknown
Methodist Hospitals (US) Two Methodist Hospitals Inc employees fell victim to phishing attacks that resulted in an unauthorised individual gaining access to their email accounts. One was accessed on June 12th and from July 1st to July 8th, 2019, whilst the other was accessed from March 13th to June 12th, 2019. Potentially accessed data included names, dates of birth, addresses, Social Security numbers, driver’s licenses, passport numbers, payment card information, and more. Unknown
Women’s Care Florida (US) On July 27th, 2019, North Florida OB-GYN, part of Women’s Care Florida, discovered that parts of its computer systems were compromised on or before April 29th, 2019 by file-encrypting malware. Most files have since been decrypted. Officials did not confirm whether it was a ransomware attack. The incident potentially left private health data of 528,188 patients exposed, including names, demographic details, dates of birth, Social Security numbers, driver’s licenses, and more. 528,188
Freedom Healthcare Staffing (US) On September 16th, 2019, researchers at Security Discovery identified an unprotected database that belonged to Freedom Healthcare Staffing. The database contained 957,000 records that related to internal notes and communications. Exposed information contained personal and sensitive conversations about employees and several records also contained Social Security numbers. The database also contained information such as IP addresses, ports, pathways, and storage information. Unknown

This table shows a selection of leaks and breaches reported this week.

Attack types Mentions in Banking

This chart shows the trending attack types related to banking over the last week.

Weekly Industry View
Industry Information
Banking & Finance Researchers at ESET security have identified a Latin American banking trojan named Casbaneiro. The malware features backdoor capabilities and can take screenshots, simulate mouse and keyboard actions, record keystrokes, restrict access to websites, and more.
Healthcare The recent ransomware attacks on three of DCH Health System hospitals, as well as on the Ontario-based Michael Garron Hospital, Listowel Memorial Hospital and Wingham & District Hospital, involved Ryuk ransomware.
Retail Check Point Security researcher Marcel Afrahim discovered that threat actors had injected malicious JavaScript into the infrastructure of Volusion. The company provides shopping software for 3,126 online shops. Trend Micro researchers suspect FIN6 to be behind the attack, based on similarities in the code and the group’s modus operani.
Government Researchers at Microsoft discovered Phosphorus group, who have links with the government of Iran, targeting the email accounts of individuals associated with a US presidential election campaign, former and current US officials, journalists, and prominent Iranians living out with Iran. The researchers identified over 2,700 attempts to identify Microsoft customer email accounts.
Critical Infrastructure Context Information Security researchers discovered a new threat actor, dubbed AVIVORE, conducting a series of attacks against UK and European aerospace and defence entities. AVIVORE is described as a ‘previously unknown and untracked nation-state level adversary’. Their primary motivation is believed to be intellectual property theft. They have also been described as ‘highly capable’ in their masquerading techniques and operational security awareness.

News and information concerning each mentioned industry over the last week.

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.
The Silobreaker Team

More News

  • Silobreaker Daily Cyber Digest – 15 October 2019

      Ongoing Campaigns Researchers analyse sextortion spam that uses infected devices to mine Monero Reason Cybersecurity researchers have analysed a recent sextortion campaign, which...
  • Silobreaker Daily Cyber Digest – 14 October 2019

      Malware Tarmac malware targets macOS Researchers at Confiant found an ‘advanced piece of macOS malware’, dubbed OSX/Tarmac, being delivered by OSX/Shlayer malware. OSX/Shlayer...
  • Silobreaker Daily Cyber Digest – 11 October 2019

      Malware Researchers discover malware targeting Russians since at least 2013 ESET researchers have discovered a new malware, dubbed Attor, that has been in...
View all News

Request a demo

Get in touch