14 January 2021

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Trending Vulnerable Products

Open Source
Name Heat 7
Google Chrome Browser
SAP 3D Visual Enterprise
Android 10
Android Pie
OX Software App Suite
Deep & Dark Web
Name Heat 7
YubiKey
Microsoft Office
Telegram App
USB-C
Bitcoin

The tables show the products which have been mentioned more than usual during the last week in connection with vulnerabilities.

Data Leaks & Breaches

Leaks & Breaches
Company Information Affected
United Nations Environmental Programme & International Labour Organization Researchers at Sakura Samurai discovered exposed Git directories and credentials associated with UNEP and ILO, which ultimately enabled them to access over 100,000 UNEP employee records. Exposed data includes employee IDs, names, employee groups, travel history, demographic data, and more. Unknown
Reserve Bank of New Zealand The bank disclosed that attackers had accessed data stored at a third party file sharing service it uses. Potentially accessed data includes commercially and personally sensitive information. Unknown
Dassault Falcon Jet (France) The company issued a data breach notification informing current and former employees that their personal data, as well as that of their spouses and dependents, had been accessed during a ransomware attack. This may include names, email addresses, mailing addresses, driver’s license numbers, passport information, Social Security numbers, and more. According to LeMagIT, Ragnar Locker ransomware operators were behind the attack. Unknown
SweetChat (South Korea) CyberNews researchers discovered an unsecured Amazon S3 database belonging to the service, likely related to the dating app Sweet Talk, containing over one million private photos. About half of the images are thought to be explicit in nature. The researchers note that no personally identifiable information was found on the database, but that all images contained user IDs that could potentially be used to identify users. Unknown
Communauto (Canada) The car-sharing service’s CEO Benoît Robert revealed that the company was targeted by REvil ransomware operators, exposing customer data. The affected data included subscriber numbers, names, civic addresses and email addresses. Unknown
eHealth Saskatchewan (Canada) The Saskatchewan’s Privacy Commissioner’s Office revealed that the December 2019 ransomware attack on the province’s electronic health information network may have compromised up to 547,145 files with personal details and health data. Unknown
Leon Medical Centers (US) On November 8th, 2020, Leon Medical Centers discovered malware on some portions of its computer network. An investigation into the attack revealed that certain files containing personal information had been accessed by the attackers. This may include names, contact information, Social Security numbers, financial information, dates of birth, and more. Unknown
Prestera Center (US) An unspecified data security incident resulted in the exposure of patient names, dates of birth, medical record numbers, healthcare provider details and, in some cases, Social Security numbers. 3,708
ClickIndia (India) Security researcher Rajshekhar Rajaharia discovered data dumps sold by ShinyHunters allegedly containing 8 million ClickIndia user records, such as names, email addresses, phone numbers, and other personal details. Unknown
WedMeGood (India) Hacker group ShinyHunters are selling what they claim to be data dumps containing 1.3 million records. These supposedly include names, email addresses, hashed passwords, and more. Unknown
ChqBook (India) Data dumps allegedly containing 1 million ChqBook records are currently being sold by ShinyHunters. The records are said to include names, email and physical addresses, and phone numbers. Unknown
Amey (UK) The infrastructure management company was targeted in a Mount Locker ransomware attack around December 16th, 2020. On December 26th, the attackers started publishing data stolen from the company on their leak site. The stolen data includes employee passports and driving licences, company financial and confidential partnership documents, correspondence, technical blueprints, and more. Unknown
OmniTRAX & Broe Group (US) Colorado-based logistics provider and its parent company were targeted in a Conti ransomware attack sometime before December 24th, 2020. The attackers leaked 70GB of data allegedly stolen from the company, which reportedly includes the contents of individual employee work computers. Unknown
Mirror Trading International (South Africa) An actor self-identifying as Anonymous published data attributed to the cryptocurrency business Mirror Trading International (MTI) on the open internet. MTI has been found to be a ponzi scheme by a South African court, which has also issued a liquidation order for the company. The leak exposed the names, account information, addresses, and contact information of the scheme’s top earners. 200
Ubiquiti (US) The networking device manufacturer emailed customers on January 11th, 2021, warning them that an attacker had hacked a third-party cloud provider and accessed parts of Ubiquiti’s system. Potentially impacted information includes names, email addresses, one-way encrypted passwords, and in some cases addresses and phone numbers. Unknown
Vietnamese e-shoppers According to The Saigon Times, Raidforum user ‘kjkwwfw’ is selling the personal data of Vietnamese citizens. The information being sold includes full names, addresses and phone numbers. 300,000
Parler (US) Twitter user ‘crash override’ has archived around 99% of all content posted on Parler using a crowdsourcing system. The actor crawled posts, images, and some 1.1 million Parler video URLs which all include raw video files with GPS metadata of where they were taken. The actor also successfully preserved deleted posts, which was possible because Parler marked deleted posts as unviewable and omitted them from search results instead of removing them. Unknown
AKVA Group (Norway) The aquaculture manufacturing company was targeted in a ransomware attack on January 10th, 2021, in which the attackers obtained the company’s production data. Unknown
Socialarks (China) Researchers at Safety Detectives identified an exposed Elasticsearch database containing data scraped from Facebook, Instagram, and LinkedIn. The database contained 408GB of data and 318 million records. Exposed data included names, country of residence, workplace, position, subscriber data, contact information, links to user profiles, and more. The server was secured on December 14th, 2020. 214,000,000
Aurora Cannabis (Canada)   A hacker has begun to sell data stolen in an attack against the company. The seller provided proof by leaking images of eleven files stolen in the attack. BleepingComputer reported that the data includes images of passports, checks, business documents, and driver’s licences. Unknown
Mono Next PCL (Thailand) According to DataBreaches[.]net, ALTDOS stated that they have hacked several of the Thai company’s domains, allegedly exfiltrating hundreds of gigabytes of data. Unknown
The Royal Dutch Touring Club    The club sent an email to current and former customers, informing them that their data may have been compromised in a ransomware that occurred in December 2020. The attack impacted ANWB’s supplier Trust Krediet Beheer. Unknown
Window to the World Communications (US) The company notified employees of a data breach that is believed to have started in December 2018 and ended in August 2020. The breach affected emails and personal information of around 40 members of staff. ~40
Jammu and Kashmir residents According to Cyble researchers, a threat actor posting on a cybercrime market forum has claimed to be in possession of 224,489 unique records related to residents of Jammu and Kashmir. The records contain personally identifiable information such as names, gender, mobile numbers, email IDs, residential addresses and dates of birth. Unknown
Ambulance Tasmania (Australia) According to ABC News, Ambulance Tasmania’s paging system suffered a data breach. The incident affected the private data of Tasmanians who have used the ambulance service since November 2020. This includes patients’ HIV status, gender, age, condition, as well as the address of the incident. The breached data amounted to over 26,000 pages of pager messages that were posted on a public website. Unknown
SolarWinds (US) A website called ‘SolarLeaks,’ registered through NJALLA, is selling data it claims was stolen from companies breached in the recent SolarWinds compromise. NJALLA is a known registrar used by Russian threat actors Fancy Bear and Cozy Bear. The data for sale supposedly includes Microsoft source code, as well as source code for multiple Cisco products, FireEye red team tools and source code, and SolarWinds source code and a dump of the customer portal. Unknown
 European Medicines Agency An investigation into the December 2020 attack against the EMA revealed that some documents related to COVID-19 medicines and vaccines were leaked online. Sources informed BleepingComputer that the leaked data includes email screenshots, EMA peer review comments, Word documents, PDFs and PowerPoint presentations. Unknown
Sangoma Technologies (Canada) The company suffered a ransomware attack disclosed on December 24th, 2020.The attackers reportedly encrypted, exfiltrated and published a significant number of confidential files, including financial information, corporate development efforts, private employee data, as well as some customer information and ordering history. Unknown
Eneco (Netherlands) Energy supplier reportedly observed ‘a number of irregular log-in attempts,’ with private and business My Eneco accounts accessed by an authorised party. The company stated that access was gained using email addresses and passwords compromised in other data breaches. 1,700
Jefferson Healthcare (US) A phishing attack against Jefferson Healthcare on November 9th, 2020, resulted in a data breach. An unknown party obtained unauthorised access to an employee’s email, exposing patient names, dates of birth, phone numbers, home addresses, as well as diagnosis, treatment and health insurance information. 2,550
Ledger (France) Hardware cryptocurrency wallet maker Ledger informed its clients that their data has been compromised by two rogue Shopify employees. The two employees were illegally accessing data concerning over 200 merchants in an incident revealed in September 2020. They reportedly also obtained Ledger customer transaction records in April and June 2020. Unknown
Transform Hospital Group (UK) The cosmetic surgery provider disclosed that its IT systems were accessed by an unauthorised party on December 6th, 2020. The attack was reportedly claimed by REvil ransomware operators, who allege to have stolen 900GB of data from the company, including patient photographs from plastic surgery procedures, information on doctors, practitioners, surgeons, aestheticians, and more. The group has already leaked 600GB of the data. Unknown
Private hospital in Kerala (India) According to the Observation Research Foundation, a large multi-speciality private hospital in Kerala experienced a data leak involving complete patient records dated between 2015 and 2021.The leaked data includes names, email addresses, phone numbers, test results, scans, prescriptions, hospitalisation documentation and more. The data is searchable by unique patient IDs and available on the open internet. 200,000
National Board for Certified Counselors (US) The organisation discovered a cyberattack on its networks which involved unauthorised access to its system between August 31st and September 7th, 2020. Names, addresses, Social Security numbers, dates of birth, and credential information were potentially exposed. Unknown
King and Pierce County Schools (US) The Washington state schools were targeted in a data breach possibly affecting the personal information of employees and students. Potentially exposed information includes names, dates of birth, Social Security numbers, financial account information, and high-level medical information.  Unknown
Promutuel Assurance (Canada) Following a cyberattack against the company in December 2020, documents supposedly stolen in the attack have reportedly been uploaded on the dark web by DoppelPaymer ransomware operators. According to the company, only about 15 files were uploaded, none of which contained any Social Security numbers, driver’s licenses, credit card numbers or banking information. Unknown
Moreton Police District (Australia) A police officer in Queensland, Australia, reportedly sent an email concerning firearms safety to 350 local gun owners without hiding their names or email addresses. 350

Malware mentions in Banking and Finance

Time Series

This chart shows the trending Malware related to Banking and Finance over the last week.

Weekly Industry View

Industry View
Industry Information
Government Director of the US National Counterintelligence and Security Center William Evanina has alleged that China and Russia are interfering with the US COVID-19 vaccine distribution operation, dubbed Operation Warp Speed. Evanina stated that the US adversaries are ‘trying to disrupt that supply chain.’
Banking & Finance  Abnormal Security researchers identified a phishing campaign using fake automated notifications from BB&T Bank as a lure. The notification falsely informs the victim that they have been locked out of their account due to too many login attempts and directs them to a phishing landing page. Both the notification and the page feature convincing official iconography of the bank. The IP of the phishing page originates from a commercially available VPN service, and is hosted on a suspicious domain. It immediately redirects to a disguised page registered to the Libyan Spider Network, where the victims are asked to enter their banking credentials.
Healthcare Cofense researchers detected an ongoing phishing campaign targeting employees via emails purporting to come from their employer that asks them to fill out a COVID-19 screening form. To appear more legitimate, references to guidelines and protocols issued by the United States Department of Health are also made.The email contains a link that redirects the user to a Google Form landing page hosting the malicious website. Common screening questions are mixed with requests for sensitive credentials and the user is asked to digitally sign the form once completed. The data is then sent to the attacker’s C2.
Education Ben-Gurion University stated that it was targeted in a cyberattack on January 6th, 2021, that resulted in a number of its servers being breached. The university added that it is currently operating regularly, with some ‘isolated difficulties.’ An investigation into the incident is ongoing.
Cryptocurrency BleepingComputer reported that they received an email via their contact form which demanded that they leave a five-star review for the Coinmama cryptocurrency exchange and like and share the site. The sender threatened to create millions of backlinks to BleepingComputer’s site from porn sites unless they complied within 48 hours. BleepingComputer reported that other website owners have also received the emails, with some leaving negative reviews for Coinmama on Trustpilot. The CEO of Coinmama Sagi Bakshi informed BleepingComputer that they are not responsible for the attack.

News and information concerning each mentioned industry over the last week.

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Silobreaker
This website uses cookies.
See our privacy policy at www.silobreaker.com/legal