07 – 13 August 2020

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Trending Vulnerable Products

Open Source
Name Heat 7
Qualcomm Snapdragon
Microsoft Internet Explorer
vBulletin
Windows Print Spooler
TeamViewer
Deep & Dark Web
Name Heat 7
vBulletin
TeamViewer
Google Android
Qualcomm Snapdragon
ImageMagick

The tables show the products which have been mentioned more than usual during the last week in connection with vulnerabilities.

Data Leaks & Breaches

Leaks & Breaches
Company Information Affected
Boyce Technologies (US) On their blog, the operators of DoppelPaymer ransomware posted files allegedly stolen in an attack against the ventilator manufacturer. Stolen files include sales and purchase orders, assignment forms, and more. The group has threatened to leak more data in a week’s time if their demanded ransom is not met. Unknown
Interactive Data LLC (US) Personal and financial records are reportdely advertised by scammers to be used in fraudulent loan applications, with much of the data appearing to come from Interactive Data. The company acknowledged that ‘a handful’ of customer accounts had been compromised and stated that a law enforcement investigation is ongoing. Compromised data includes full Social Security numbers, dates of birth, current and former physical addresses, and more. ~2,000
ProctorU (Australia) A database containing 440,000 ProctorU user records was published by ShinyHunters. Honi Soit reported that the breach exposed records with emails for numerous Australian universities, including the University of Sydney, the University of New South Wales, the University of Melbourne, the University of Queensland, the University of Tasmania, and others. Unknown
Metrolinx (Canada) Metrolinx accidentally exposed the email addresses of over 2,000 customers when sending out a mass-email to users who had interacted with Go Transit compliance services. 2,000
Slice (India) Cyble Inc discovered a hacker selling 56GB of data containing the personal data of over 21,000 Indian students, which according to the seller was taken from an exposed Cloudinary bucket belonging to the fintech start-up. The data was reportedly stolen in July 2020 and contains Aadhaar cards, university IDs, photos and full signatures, revealing names, phone numbers, email addresses, Aadhaar numbers, dates of birth, and more. ~21,000
Pepperstone (Australia) One of the financial exchange broker’s third-party vendors was hit by a malware attack on July 22nd, 2020. The attackers then used stolen credentials to access the company’s internal client relationship management system, impacting the personal data of some of its clients. This includes names, contact details, and dates of birth. Unknown
Monsoon Accessorize (UK) VPNPro researchers found that Monsoon Accessorize is using the unpatched version of Pulse Connect Secure VPN servers containing the critical flaw CVE-2019-11510. The researchers managed to gain access to the company’s internal files, including customer information, sensitive business documents, and more. Unknown
Bridgford Foods (US) The operators of Netwalker ransomware claim to have targeted the company and uploaded screenshots of data they have supposedly stolen. This includes files related to accounting, Amazon, Walmart, marketing, payroll files, and more. They have threatened to make the stolen data public within 29 days. Unknown
Government of San Juan (Argentina) Researchers at Comparitech identified an exposed Elasticsearch cluster containing 115,281 patient records. The records include information such as names, genders, photos, DNI numbers, CUIL numbers, and more, of individuals who applied for a COVID-19 circulation permit. The details in the database could be used to gain access to even more data, including employers, employer locations, curfew times, and more. The database has been secured. Unknown
Ma Labs (US) In a blogpost, the operators of REvil ransomware stated that they had stolen 949GB of data from the company. This allegedly includes confidential data about the company, its employees, clients, partners, and other documents. The blogpost also claims that the group’s attack affects over 1,000 servers. The group published screenshots of some of the stolen data and has threatened to publish the stolen data within 48 hours. Unknown
Scholarship America (US) Around April 28th, 2020, Scholarship America detected suspicious activity within its email system. An investigation revealed that an unauthorised party accessed Microsoft Office 365 email accounts. Data that was potentially exposed in the incident includes names, mailing addresses, telephone numbers, and in some cases Social Security numbers. Unknown
The SPIE Group (France) On their blog, the group behind Nefilim ransomware published ‘Part 1’ of a leak involving 11.5GB of data which they claim to have stolen from the company. This includes corporate operational documents such as the company’s telecom services contracts, dissolution legal documents, power of attorney documents, and more. Unknown
Unknown (US) Cyble Inc researchers discovered two threat actors leaking a total of 2,267,453 records relating to doctors working in the US. Leaked data includes national provider identifiers, full names, residential addresses, contact numbers, license numbers, and more. Unknown
Michigan State University (US) The university disclosed that an attacker exploited a vulnerability in the website of MSU’s online store to deploy malicious code which exposed the details of shoppers. The attack impacted roughly 2,600 customers between October 19th, 2019, and June 26th, 2020. The data exposed in the attack included names, addresses, and credit card numbers. 2,600
Olympia House Rehab (US) The operators of Netwalker ransomware published screenshots of data they claim to have stolen from the California-based rehabilitation clinic. This includes files related to the facilities, HIPAA, first names, outcomes, and possible QuickBooks information. A second set of files includes financial information and photocopied patient IDs. Unknown
Piedmont Orthopedics (US) The operators of Pysa ransomware published about 3.5GB of data belonging to Atlanta-based Piedmont Orthopedics / OrthoAtlanta. The data includes files related to rentals and business aspects, as well as detailed medical records that include patient names, dates of birth, addresses, contact information, and more. Unknown
Premier Health Partners (US) The information of patients and clients of the Clinical Neuroscience Institute, Help Me Grow Brighter Futures, Samaritan Behavioral Health Inc, and CompuNet Clinical Laboratories may have been exposed after an unauthorised party gained access to certain accounts. The company first discovered unusual activity relating to Premier Health email accounts on June 8th, 2020 and an investigation is currently ongoing. Unknown
Owen’s Ear Center (US) Owen’s Ear Center in Texas was targeted in a ransomware attack on May 28th, impacting the personal data of its patients. This includes names, dates of birth, healthcare information, and Social Security numbers. No evidence to indicate that the information has been misused was found. 19,908
SANS Insitute (US) A SANS Institute employee was successfully targeted in a phishing attack on August 6th 2020, allowing the attacker to set up a forwarding to rule an external email address. The attacker received 513 emails containing names, email and physical addresses and phone numbers. Passwords and financial information were not affected. 28,000
Unknown CyberNews researchers discovered an unprotected Amazon AWS server containing 300 million unique strings of email addresses, 50 million of which were unencrypted. The data appears to have been stolen or acquired on the black market in October 2018. The database was secured on June 10th, 2020. The owner of the database remains unknown. 300,000,000
Seek (Australia) The job search engine Seek reported that an ‘internal technical issue’ resulted in users being able to see other candidate’s career history and education. No names, contact details, or resumes were impacted. 2,000
FHM (US) An unauthorised individual accessed the Illinois healthcare system’s email accounts between February 12th and February 13th, 2020. It remains unclear whether any emails or attachments in the accounts were viewed during this period. Potentially exposed data includes patient names, dates of birth, medical record or patient account numbers, health insurance and social security and more. Unknown
Adit (US) Security researcher Bob Diachenko discovered an unsecured database belonging to the medical software company containing patients’ personal data.This included names, email addresses, phone numbers, and the practices where patients receive treatment. The database was exposed for about 10 days before being destroyed by ‘meow bot’, a malicious bot that has been attacking unprotected databases in recent weeks. >3,100,000
Devire (Poland) Cyble Inc researchers discovered a threat actor leaking a database containing about 570,000 records of personal information of Devire customers. The data includes Recruitment IDs, first and last names, email addresses, phone numbers, addressed and job position details. Unknown
Canadian Tire (Canada) The operators of Netwalker ransomware claim to have breached the retail company and stolen sensitive data from one of its stores, which they have threatened to publish in eight days. The group posted screenshots that show folders and files containing employee details, financial statements, bank reconciliation statements, and more. Unknown
Woodstream Corporation (US) In a blogpost, the operators of Netwalker ransomware shared screenshots of data they claim to have stolen from Woodstream Corporation. This includes audit reports, confidentiality agreements, endorsement related documents, and more. The group has threatened to release the stolen data within 29 days. Unknown

Malware Mentions in Banking

Industry View

This chart shows the trending malware related to banking over the last week.

Weekly Industry View

Industry View
Industry Information
Critical Infrastructure Since August 10th, 2020, the Southeastern Pennsylvania Transportation Authority (SEPTA) has been experiencing issues with sharing important travel information with customers. An ongoing investigation revealed that its servers had been targeted with malware. SEPTA Key card information was not compromised, nor did the attack affect its services or cause disruptions. According to SEPTA, other organisations were also impacted, though no further details were provided.
Government Between June and August 2020, ClearSky researchers investigated an espionage campaign, dubbed Dream Job, that primarily targets defence and governmental companies. The attacks have been ongoing since the start of the 2020 and have targeted companies and organisations globally. Some of the attacks were successful. The campaign has been attributed with high probability to Lazarus Group and involves several social engineering methods in job offer-themed campaigns.
Technology Security researchers at Shadow Intelligence reported that a threat actor, operating under the alias bcorp33, has been providing access to the networks of large and small companies across the globe. The attacker is using botnets to identify and enumerate targets and exploits CVE-2019-11510 in Pulse Secure VPN and CVE-2020-5902 in F5’s Big-IP devices. Breaches associated with bcorp33 include Hyundai Corporation, LG Electronics, PepsiCo, the Cernavoda Nuclear Plant, government organisations in Taiwan and Peru, and many others. Shadow Intelligence reported that bcorp33, alongside ‘Drumrlu’ and ‘Marlon_Brando,’ are new affiliates of the FXMSP group. The group had previously advertised access to the networks of Symantec, Trend Micro, and McAfee.
Healthcare Researchers at Checkpoint identified that the number of vaccine-related coronavirus domains doubled between June and July 2020. Out of every 25 malicious coronavirus-themed sites, one is now vaccine related. Two malspam campaigns were observed, the first of which purported to contain information about an approved vaccine and delivered an info stealer on the victim’s device. The second email informed the user that the UK coronavirus vaccine effort was progressing badly. The message contained a link, which at one point redirected to a medical phishing site that impersonated a Canadian pharmacy.
Cryptocurrency The cryptocurrency platform Ethereum was targeted by the same attacker on July 31st and August 6th, 2020, resulting in the theft of over $5 million worth of Ethereum Classic. In response to the attacks, Coinbase has increased its confirmation time for ETC to two weeks, while Ethereum Classic is also recommending all exchanges, mining pools and other ETC service providers raise their confirmation times.

News and information concerning each mentioned industry over the last week.

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Silobreaker Weekly Cyber Digest

Sign up for weekly news on data breaches, hacker groups, malware and vulnerabilities.

Silobreaker
This website uses cookies.
See our privacy policy at www.silobreaker.com/legal