11 March 2021

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Trending Vulnerable Products

Open Source
Name Heat 7
Microsoft Exchange Server Enterprise
Apple iPadOS
Microsoft Internet Explorer
Aruba Airwave
Joomla
Deep & Dark Web
Name Heat 7
Microsoft Exchange Server Enterprise
Uplay
Microsoft Windows
iPhone
vBulletin

The tables show the products which have been mentioned more than usual during the last week in connection with vulnerabilities.

Data Leaks & Breaches

Leaks & Breaches
Company Information Affected
CompuCom (US) The company was breached by attackers who installed Cobalt Strike beacons in its environment. The attackers acquired administrator credentials and deployed Darkside ransomware on February 28th, 2021. BleepingComputer stated that it is likely that the attackers have exfiltrated files, however, this has not been confirmed. Unknown
Singapore Air The airline stated that a breach of its passenger services system (SITA PSS) servers affected KrisFlyer and PPS members. Impacted information includes membership numbers and tier status, and some membership names. 580,000
Air New Zealand The airline issued a data breach notice, stating that one of its Star Alliance partners had been hit by a data breach. The breach reportedly affects ‘only a small subset of Airpoints customers.’ Unknown
The Center for Early Education (US) According to The Hollywood Reporter, the centre’s servers were recently breached, with the attackers publishing confidential staff payroll documents and parent contact information via emails. Unknown
Cochise Eye and Laser (US) The ophthalmology and optometry provider was hit by a ransomware attack on January 13th, 2021. No evidence of a patient data leak was identified, but the possibility could not be ruled out. Potentially exposed information includes names, dates of birth, addresses, phone numbers and some Social Security numbers. Unknown
Sandhills Medical Foundation (US) The company’s third-party vendor was attacked using compromised credentials. Data was stolen from Sandhills’ system on November 15th, 2020. Compromised data includes patient names, dates of birth, addresses, driver’s licenses and  Social Security numbers, and more. Unknown
SITA Passenger Service System (Switzerland) SITA PSS servers have been impacted by a data security incident. A spokesperson for the company stated that Lufthansa, Air New Zealand, Singapore Airlines, Scandinavian Airlines, Cathay Pacific, Jeju Air, Malaysian Airlines, and Finnair have been impacted. All Nippon Airways and Japan Airlines are also reportedly impacted. Unknown
Saint Agnes Medical Center (US) An employee email account at the sister health system Saint Alphonsus Health System was compromised by an unauthorised user and used to send phishing emails. Potentially impacted data includes patient names, addresses, telephone numbers, and more. Unknown
Elara Caring (US) A number of the company’s employee email accounts containing employee and patient information was compromised. Potentially impacted information includes addresses, Social Security numbers, driver’s license numbers, financial information, and more. No evidence was found to suggest such data was downloaded, accessed, or misused by the attacker. 100,400
ProPath (US) The company disclosed that two email accounts were accessed by an unauthorised party. The accounts contained personal or protected health information of patients who had laboratory or pathology tests. Impacted data includes names, dates of birth, test orders, and more. In some cases, Social Security and passport numbers, financial accounts, and other information was also affected. Unknown
Spirit Airlines (US) Nefilim ransomware operators published files allegedly stolen from the airline. The leaked data consists of financial and personal information of customers who purchased the airline’s tickets between 2006 and 2021. According to TechNadu, this includes credit card lists, as well as email addresses, names and partial credit card numbers. Unknown
Allergy Partners (US) Several of the clinic’s locations in North Carolina were hit by a ransomware attack on February 23rd, 2021. The attack may have compromised patient data, including addresses, phone numbers, Social Security numbers, and possibly some medical data. Unknown
Standley Systems (US) REvil ransomware operators claim to have stolen service contracts, medical documents, employee passports and more than 1,000 Social Security numbers from the IT services provider. Personal data from Standley’s clients was also allegedly obtained, including information related to Chaparral Energy, Crawley Petroleum, the Ellis Clinic, EverQuest, the Oklahoma Medical Board, and W&W Steel. Unknown
Woodcreek Provider Services (US) A ransomware attack on Netgain Technology is believed to have involved the exfiltration of Woodcreek data. The impacted information featured various personal, financial, education, criminal record, and health data, including Social Security and bank account numbers for 557 clients and employees. A further 25,360 individuals will also be notified due to their data being associated with the affected victims. 25,917
Unknown (UK) The Guardian reported that the Foreign, Commonwealth and Development Office and the National Cyber Security Centre are investigating how a hacker acquired information relating to British aid projects. The exposed information includes names, work and contact details, locations and nationalities. Unknown
American Armed Forces Mutual Aid Association The organisation detected unauthorised access to their systems on January 28th, 2021. The intruder may have viewed or exfiltrated clients’ names, addresses, Social Security numbers and bank account information. 161,621
Unknown Cyble Inc researchers identified a Russian-speaking threat actor, going by the alias ‘LUCIFER6,’ selling Social Security numbers, names, addresses, email IDs, bank account details, and more. The data was reportedly collected between 2018 and 2020. 16,000,000
Verkada (US) Verkada is investigating hackers’ claims that they breached 150,000 security cameras that are used by schools, hospitals, clinics, prisons, and companies, such as Tesla and Cloudflare. APT 69420 Arson Cats claimed credit for the hack and stated that they collected about 5GB of data from the company. Unknown
West Ham United (UK) Forbes reported that the club’s website was displaying admin messages from Drupal. Forbes created an account on the site and were shown the details of a West Ham supporter when he logged in. The exposed data includes names, dates of birth, phone numbers, addresses, and email addresses. Unknown
Nuffic (Netherlands) The foreign credential assessment service was impacted by a data leak resulting from unspecified failures to anonymise the customer data seen by the company’s software vendors in Serbia. The data was viewable since August 2020, while the leak was discovered on February 9th, 2021. 18,000
PEI-Genesis Inc (US) An investigation revealed that an unauthorised party accessed a PEI employee’s email account between June 23rd and July 2nd, 2020. Potentially accessed data includes names, dates of birth, Social Security numbers, payment card information, and more. Unknown
Gab (US) On March 8th, 2021, the account of Gab CEO Andrew Torba was taken over by an attacker, who asserted that they were in possession of 831 verification documents. Following a brief outage, Torba regained control of his account. Unknown
Flagstar Bank (US) On March 5th, 2021, the bank disclosed that its data was accessed after Clop ransomware exploited a vulnerability in Accellion’s file sharing platform. The impacted information includes customer and employee data, such as Social Security numbers, names, addresses, phone numbers, and tax records. Unknown
Pan-American Life Insurance Group REvil ransomware operators claim to have stolen 170GB of data from the company. The compromised files reportedly include financial reports and health-related data. Unknown
Urban Research (Japan) The company stated that the personal data of its online store clients was accessed by an unauthorised third party. Possibly viewed data includes names, addresses, phone numbers, email addresses, and more. No credit card data was impacted. 317,326
myNewJersey (US) Attackers reportedly used harvested login credentials from the dark web to target state employee accounts. The accounts store personal and financial information, including Social Security numbers, dates of birth, and pension information. According to the agency, the attackers gained access to a relatively small number of user accounts. Unknown
Premier Diagnostics (US) Comparitech reported that the COVID-19 testing service exposed its patients’ data online for at least a week. The data was secured on March 1st, 2021. Exposed information consisted of 207,524 images of patients’ photo ID scans, including passports, and medical insurance cards. A second bucket contained names, dates of birth, and test samples IDs. 52,000
Walmart (US) Walmart was informed that one of its data hosting services was compromised on January 20th, 2021. The incident involved an unauthorised party accessing the service and stealing records. Potentially affected information includes names, addresses, dates of birth, phone numbers, other data of Walmart pharmacy patients. Unknown

Attack Type mentions in Government

Time Series

This chart shows the trending Attack Types related to Government over the last week.

Weekly Industry View

Industry View
Industry Information
Banking & Finance Researchers at PRODAFT analysed the activity of the FluBot malware botnet, which has infected over 60,000 Android devices in two months, with 97% of the victims located in Spain. More than 11 million phone numbers have been collected by the malware’s C2, and it was suspected to be capable of targeting the entire population of Spain within six months. The malware contains a worm-like capability to collect the victim’s address book on its C2, and distribute FluBot to the victim’s contacts via SMS spam. When granted relevant permissions by the user, FluBot can set itself as the default SMS app, make USSD and phone calls, show phishing screens on top of legitimate apps, and more. On March 2nd, 2021, four men suspected of managing the malware were arrested in Barcelona by Catalan police.
Government According to Prague’s mayor Zdeněk Hřib, a ‘massive’ cyberattack has targeted the public administration systems, resulting in a temporary outage of its email systems as a precautionary measure. The attack reportedly did not damage any data. Minister of Labour and Social Affairs Jana Maláčová stated that the ministry had also been targeted. The Czech Republic National Cyber and Information Agency, which is working with affected organisations, did not provide details on the extent of the attack. It remains unclear who was behind the incident.
Healthcare Proofpoint researchers identified multiple campaigns exploiting public interest in COVID-19 relief, vaccines and variant news. The researchers note that they have not previously seen attacks using a single social engineering lure for such a long period of time. Among the recently observed campaigns are three malware campaigns that deliver Dridex, Amadey downloader, and AsyncRAT. Two business email compromise attacks and one credential phishing campaign were also observed.
Technology KrebsOnSecurity was informed by anonymous sources that the Chinese Hafnium group has hacked at least 30,000 organisations in the US and hundreds of thousands worldwide by exploiting four recently disclosed zero-day issues in Microsoft Exchange Servers. Researchers at ESET reported that, in addition to Hafnium, groups that exploited the flaws include Tick, LuckyMouse, Calypso, Websiic, the Winnti Group, Tonto Team, DLTMiner and Mikroceen. According to ESET, all the groups, besides DTLMiner, are focused on espionage.
Cryptocurrency Aquasec researchers detected the return of a campaign first discovered in September 2020, in which threat actors target automated build processes of GitHub and Docker Hub. In the most recent campaign, the threat actors set up 92 malicious Docker Hub registries and 92 Bitbucket repositories within four days, the resources of which are used for cryptocurrency mining. The campaign involves the attackers setting up fake email, Bitbucket and Docker Hub accounts and making their repositories and registries appear as benign to evade detection. The threat actors build images on the service providers’ environments and then hijack their resources.

News and information concerning each mentioned industry over the last week.

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Silobreaker
This website uses cookies.
See our privacy policy at www.silobreaker.com/legal