04 – 10 September 2020

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Trending Vulnerable Products

Open Source
Name Heat 7
Snapdragon Mobile
SAP 3D Visual Enterprise
Adobe InDesign
Adobe Experience Manager
Palo Alto Networks PAN OS
Deep & Dark Web
Name Heat 7
Cisco Jabber
Intel Kaby Lake
OnlyFans
Windows Server
Malwarebytes Premium

The tables show the products which have been mentioned more than usual during the last week in connection with vulnerabilities.

Data Leaks & Breaches

Leaks & Breaches
Company Information Affected
Warner Music Group (US) The music recording company issued a breach notification stating that a number of its US-based e-commerce websites were compromised between April 25th and August 5th, 2020. Potentially stolen data includes customer names, email addresses, phone numbers, billing and shipping addresses, as well as full payment card details. Unknown
View Media (US) CyberNews researchers discovered an unsecured Amazon Web Services bucket belonging to the online marketing company. The database was secured by Amazon on July 29th, 2020. It contained 5,302 files, of which 59 were CSV and XLS files containing 38,765,297 records of US citizens. Exposed data included full names, email and street addresses, phone numbers and ZIP codes. Unknown
Roper St Francis Hospital (US) The South Carolina hospital stated that an employee’s email account was accessed by an unauthorised individual between June 13th and June 17th, 2020. The attacker gained access to the personal information of 6,000 patients, including names, dates of birth and detailed medical records. In some cases, health insurance and Social Security numbers were also affected. 6,000
Dirección Nacional de Migraciones (Argentina) The immigration agency was targeted in a ransomware attack that impacted its systems and led to ‘delays in entry and exit to the national territory’. The attack, which was conducted by Netwalker ransomware operators, also led to the theft of data. The attackers initially demanded $2 million in Bitcoin, however, this has since been raised to $4 million. Unknown
Global Tel Link (US) Comparitech researchers identified an unsecured database on August 13th, 2020 containing millions of call logs, private messages and personal information of Telmate users. It was secured within three hours of discovery. Exposed data included inmate’s dates of birth, facility IDs, full names, account balances, and more. Exposed recipient information included full names, email addresses, street addresses, and more. Medical data, passwords and consumer payment information were not affected. Unknown
Assured Imaging (US) The Arizona-based provider of health screening and diagnostic services was targeted in a ransomware attack on May 19th, 2020. Further investigation revealed that the attackers had exfiltrated ‘limited data’ prior to deploying the ransomware. It could not be determined which type of data was stolen. Potentially affected data includes full names, addresses, dates of birth, patient IDs, and more. 244,813
Haywood County School District (US) The North Carolina district was hit with SunCrypt ransomware on August 24th, 2020, which led the district to shut down its network and suspend online learning. The attackers published a 5GB archive containing data stolen in the attack. Exposed information includes sensitive documents and personal information of students, teachers, and the school district. Unknown
Service NSW (Australia) The government agency reported that the data of its customers and staff was stolen in a phishing attack that was detected on April 22nd, 2020. An investigation revealed that 47 staff members’ email accounts had been illegally accessed. The compromised data consisted of 3.8 million documents which include handwritten notes and forms, scans, and records of transaction applications. Individual customer account data and Service NSW databases were not exposed. 186,000
Ministry of Health (Georgia) The Ministry, as well as its constituent Lugar laboratory, were targeted in a cyberattack on September 1st, 2020. The attacker reportedly sought to obtain medical records databases, and documentation concerning the management of the Covid-19 pandemic. The stolen data was uploaded to a freely accessible public site, alongside forged documents, in what is believed to be an attempt at intimidating the public. The attack was reportedly carried out by actors in an unspecified country neighbouring Georgia. Unknown
Assist Wireless (US) The government-subsidized mobile phone operator accidently exposed ‘tens of thousands’ of customer documents dated between 2019 and 2020. Exposed data includes driver licenses, passports and Social Security cards which were used to confirm customers’ identity. The company stated that the leak was caused by Imagify, a third-party image compression plugin, which backed-up uploaded images in a separate unsecure folder. The issue has since been resolved. Unknown
Newcastle University (UK) The university disclosed that it was impacted by a cyber incident which began on the morning of August 30th, 2020. DoppelPaymer ransomware operators have claimed responsibility for the attack. As proof of their attack, the threat actors shared 750Kb of stolen data on their data leak site. Unknown
Digital Point (US) Researcher Jeremiah Fowler discovered an unsecured Elasticsearch database containing over 62 million records. The database was first discovered on July 1st, 2020 and secured within hours of discovery. Leaked data included names, email addresses, and internal user ID numbers. Internal records and user post details were also exposed. 863,412
Clark County School District (US) The district disclosed a ransomware attack that took place on August 27th, 2020, and impacted some of its computer systems. At present, it is unclear whether any sensitive information was accessed or stolen during the attack. Potentially affected data includes names and Social Security numbers of current and former employees. Unknown
K-Electric (Pakistan) The power supplier was targeted in a Netwalker ransomware attack on September 7th, 2020. The attackers are reportedly demanding a payment of $3,850,000, and claim to have stolen unspecified company data which they have threatened to publish if the payment is not made. Unknown
Unity Bank (Nigeria) On August 25th, 2020, Twitter user ‘Bank Security’ stated that a database belonging to the bank had been shared online on hacker forums. According to Bank Security, the database contains the personal data of over 53,000 customers. Further analysis revealed that it was recruitment data, not customer data, exposing names, house addresses, emails, phone numbers and dates of birth. The bank has informed its customers that it is aware of reports of a data breach, yet neither confirmed nor denied any connection to the leaked data. 53,000
Access Bank (Nigeria) On August 31st, 2020, a hacker, who exposed himself as Ihebuzo Chris, claimed to have discovered sensitive customer data belonging to Access Bank. The bank issued a statement acknowledging it was aware of reports of a data breach, but dismissed that an attack had taken place. Unknown
Virtual Mail Room (UK) The web email management interface accidentally left its system exposed, resulting in private data relating to more than 50,000 letters sent out by banks and local authorities being indexed by Google search. Exposed data includes the names and addresses of individuals in the UK, US and Canada. The data, which was exposed since June 2020, has since been secured. According to the company, the leak was the result of an attack. Unknown

Malware Mentions in Banking

Industry View

This chart shows the trending malware related to banking over the last week.

Weekly Industry View

Industry View
Industry Information
Banking & Finance In a press release on September 6th, 2020, Chilean public bank Banco Estado reported finding unspecified malware in its operating systems. The bank did not name the attackers involved, yet security researcher Germán Fernández named the operators of REvil ransomware as the attackers. On September 7th, 2020, the Chilean bank announced that its branches would be temporarily closed.
Education US Federal Student Aid organisation issued an alert following multiple reports of ransomware attacks against educational institutions in the country. Some schools have reported losing access to critical systems and data. The organisation warned that educational institutions make for attractive targets for criminals seeking to obtain personal and financial data, as well as research and intellectual property.
Technology Tower Semiconductor Ltd notified authorities of a cyberattack after discovering ‘an incident in its information and communication systems’ on September 4th, 2020. Details on the nature of the attack were not disclosed, yet Yossi Rachman of Cybereason speculated that it was a ransomware attack carried out by hackers targeting several companies.
Retail, Hospitality & Tourism In February 2020, researchers at Visa identified a JavaScript e-commerce skimmer dubbed Baka. The skimmer contains some advanced features that allow it to obfuscate code by using unique encryption parameters for each victim, and to dynamically load to avoid static malware scanners. Despite these features, which suggest that the skimmer has been designed by a skilled malware developer, Baka also contains regular features such as using image requests for data exfiltration, and the use of configurable target form fields. The skimmer can also remove itself when it has successfully stolen data, or when it identifies the ‘possibility of dynamic analysis with Developer Tools’. The researchers warned that Baka was present on multiple online stores from several countries.
Law An investigation has been launched by the Paris public prosecutor’s office following a cyberattack against magistrates and Parisian lawyers in charge of sensitive cases, including Paris prosecutor Rémy Heitz. One of the affected lawyers informed Agence France-Presse that they had received emails from contacts they had not spoken to in three years. On September 6th, 2020, the Interior Ministry also disclosed that it had been the victim of an ‘email attack campaign.’

News and information concerning each mentioned industry over the last week.

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

 

Silobreaker
This website uses cookies.
See our privacy policy at www.silobreaker.com/legal