11 February 2021

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Trending Vulnerable Products

Open Source
Name Heat 7
Chrome V8 JavaScript Engine
Foxit Studio Photo
Adobe Acrobat Reader
Cisco Small Business
Google Chrome Browser
Deep & Dark Web
Name Heat 7
Roblox
Burp Suite
Google Drive
Blockchain
Apple macOS

The tables show the products which have been mentioned more than usual during the last week in connection with vulnerabilities.

Data Leaks & Breaches

Leaks & Breaches
Company Information Affected
Unknown CyberNews researchers discovered a compilation of data breaches containing 3.2 billion unique pairs of cleartext emails and passwords. It is currently unknown where the data is from, but it appears to be an aggregation of past leaks. Unknown
SitePoint (Australia) The web development education site emailed some users to inform them of a security breach. The disclosure follows a report made by BleepingComputer in December 2020, which stated that a threat actor was advertising stolen data belonging to the company. Impacted data includes names, usernames, email addresses, hashed passwords, and IP addresses. 1,000,000
E-Pay Malaysia ‘Bank Security’ discovered a threat actor advertising the data of the company’s users on a dark web forum. The data, dated January 2020, is said to include usernames, email addresses, dates of birth, contact addresses, and mobile phone numbers. Passwords and related tokens appear to have been masked. The company stated that the supposed leak contains only online reload and bill payment collection data. 380,000
Spotify (Sweden) Security researcher Bob Diachenko discovered a database collected by a malicious Spotify logger containing the information of more than 100,000 accounts. The data, taken from other data leaks, was used in credential stuffing attacks against the platform. 100,000
Nevada Health Centers (US) Unauthorised access to an employee’s email account may have resulted in the breach of patient data. The incident took place between November 20th and December 7th, 2020. Potentially accessed data includes patients’ names, addresses, phone numbers, dates of birth, insurance and appointment information, medical record numbers, provider names, and more. Unknown
UPMC (US) A number of email accounts used by employees of UPMC billing services provider Charles J. Hilton & Associates were accessed by unauthorised actors between April 1st and June 25th, 2020. The compromised accounts contained information such as Social Security numbers, dates of birth, financial account numbers, driver’s license or state identification card numbers, medical information, and more. 36,000
Unknown (Brazil) Brazilian news sources reported that a database containing private information of Brazilian individuals is being sold online. The data includes photographs, social security details, vehicle registrations, and social media login credentials. 200,000,000
Nocona General Hospital (US) Conti ransomware operators published stolen data including patient names, addresses, dates of birth, Social Security numbers, diagnoses, admission records, and more. Unknown
SN Servicing Corporation  (US) The mortgage company suffered ransomware attacks against its servers which took place on or around October 15th, 2020. Data of customers active in 2018, including their names, address, loan numbers, balance information and billing information, was compromised during the incident. The company was listed on the Egregor ransomware victims site. Unknown
Stormshield (France) The cybersecurity company revealed that a technical portal used by its customers and partners to manage support tickets on Stormshield products had been accessed by an unauthorised party. Technical exchanges and personal data may have been impacted, as well as some of Stormshield Network Security source code. Unknown
Eletrobras (Brazil) The Brazilian electrical company disclosed that it had been hit by a ransomware attack. The incident took place at its Electronuclear subsidiary and impacted some administrative network servers. Unknown
Ness Digital Engineering (Israel) The company was targeted in a Ragnar Locker ransomware attack that appears to have begun in its Israeli branch, before also affecting other branches globally. Unknown
Somerset ISD (US) Avaddon ransomware operators posted some files they claim belong to Somerset ISD. The leaked data appears to include names, email addresses, state ID information, and more. Unknown
Imobiliare (Romania) The real estate portal suffered a data breach potentially affecting all of its clients. An exposed bucket containing over 200,000 of its records was found to be freely accessible. The bucket contained full names, phone numbers, home address, CNP numbers, and more. The company reported ‘a potential vulnerability’ in data storage. Unknown
Tokyo Gas (Japan) Furo Koi, an online dating simulation game developed by Tokyo Gas, was targeted in a data breach exposing user email addresses. 10,365
Emisoft (New Zealand) Emsisoft disclosed that they had been hit with an automated attack that resulted in a data breach on one of its test systems. The stolen data included customer emails and technical logs relating to update protocols and similar information. 14
CD Projekt Red (Poland) On February 9th, 2021, the video game company disclosed that they had been hit with ransomware. HelloKitty attackers claimed in their note that they exfiltrated the source code for Cyberpunk 2077, the Witcher 3, and other games, as well as stole accounting, administration, legal, and HR documents. Unknown
Chatham County (US) In late January 2021, the operators of DoppelPaymer ransomware uploaded a second batch of the county’s data on its leak site. The batch is said to contain sensitive data files, including personnel records of employees, medical evaluations of children, eviction notices and documents related to ongoing investigations within local Sheriff’s office. Unknown
Hackley Community Care (US) The email account of an employee was accessed by a malicious actor at some point between September 7th and 24th, 2020, after the victim clicked on a phishing link. Patient data was compromised in the incident, most likely exposing only names and addresses. 2,500
SapphireSecure and KS-Hosting (UK) The pirate IPTV services, believed to be owned by the same entity, were targeted in a cyberattack on or around February 8th, 2021. The attacker took both sites down and posted a message claiming customer data was not secured correctly. The KS-Hosting site additionally displayed personal information relating to the owner of the sites, including their name and address. Unknown
No Support Linux Hosting The web hosting service was taken down at around February 8th, 2021, in an attack which compromised its site, admin section, and customer database. Unknown
KeepChange (Finland) The Bitcoin exchange was targeted in a cyberattack and attempted Bitcoin theft discovered on February 7th, 2021. The attack resulted in stolen company data, including customer email addresses, names, details of trades, and hashed passwords. Unknown
British Mensa Graham Cluley reported that 35MB of files containing over 700 private conversations between British Mensa forum members have been posted on underground forums. In some cases, the information in the messages contains email addresses and telephone numbers. Unknown
Accellion (US) The breach of Accellion’s File Transfer Appliance has resulted in the compromise of data belonging to the University of Colorado, the personal information of QIMR Berghofer Medical Research Institute patients, and Singtel data. Unknown
Syracuse University (US) An unauthorised individual was found to have accessed an employee’s email account between September 24th and 28th, 2020. The account contained the names and Social Security numbers of students, alumni and applicants. 9,800

Malware mentions in Banking

Time Series

This chart shows the trending Malware related to Banking over the last week.

Weekly Industry View

Industry View
Industry Information
Government Researchers at Graphika reported changes in the pro-Chinese propaganda ‘Spamouflage’ network. The network recently started to break out of its ‘echo chamber of fake accounts’ and has had its content amplified by political figures in Venezuela, Pakistan, and the UK, as well as a senior figure at Huawei Europe, and YouTube channels with Chinese followers. It is also increasingly using accounts made to appear as genuine individuals operating them. A change of tone has also been noted, with Spamouflage content increasingly reflecting the narrative of the Chinese Communist Party and adopting a confrontational attitude to the US. The researchers were able to attribute 1,400 unique videos to the network between February 9th, 2020, and January 26th, 2021.
Critical Infrastructure On February 5th, 2021, remote attackers accessed computers at the Florida City of Oldsmar’s water treatment plant two times. The Pinellas County Sheriff’s Office reported that the second intrusion, which lasted between three to five minutes, involved the intruder attempting to raise the level of sodium hydroxide in the water from 100 parts per million to 11,100 parts per million. The change was reversed immediately by an operator and ‘at no time was there a significant effect on the water being treated’ according to Sheriff Gualtieri.
Technology On January 15th, 2021, Taiwan’s National Communications Commission issued an official recall order of Taiwan Mobile’s Amazing A32 devices. Taiwan Mobile previously warned its 7,557 subscribers of a trojan present on the devices that resulted in identity theft. The malware, which is capable of intercepting one-time password messages, was reportedly implanted during the manufacturing process of the devices in China.
Banking & Finance Cisco Talos researchers discovered a campaign, ongoing since October 2020, that is targeting organisations in Bangladesh, specifically banks and carrier-grade voice-over-IP software vendors. The campaign involves both a Windows and an Android version of LodaRAT, a remote access trojan attributed to a threat actor called Kasablanka. The Android version, dubbed Loda4Android, was newly developed by the group, whereas the Windows samples are updated versions of LodaRAT that contain additional commands to extend its capabilities. The initial attack vector is similar to previous LodaRAT campaigns, in which a malicious RTF file is used to exploit CVE-2017-11882.
Cryptocurrency Kaspersky researchers observed a cryptocurrency scam active on Discord. The scammers target users in crypto-themed servers with messages purporting to come from new trading platforms offering free cryptocurrency, typically Bitcoin or Ethereum. The messages contain a link directing users to a site imitating the appearance of a real exchange, featuring fake two-factor authentication and anti-phishing protection. To register, the user is asked to make a small cryptocurrency deposit or go through a ‘Know Your Customer’ identity check. Following registration, users are awarded with the fake reward, however, they will not be able to withdraw it. The researchers believe the scammers may be collecting a database with intention to subsequently sell it.

News and information concerning each mentioned industry over the last week.

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Silobreaker
This website uses cookies.
See our privacy policy at www.silobreaker.com/legal