Threat Reports / Weekly Threat Reports

Threat Summary: 10 -16 July 2020

10 -16 July 2020

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Trending Vulnerable Products

Open Source
Name Heat 7d
Windows Server

Oracle Fusion Middleware

Windows 7

Oracle VM VirtualBox

SAP NetWeaver AS JAVA
Deep & Dark Web
Name Heat 7d
Oracle MySQL

Microsoft Internet Explorer 11

cURL project

VirtualBox

EsteemAudit

The tables show the products which have been mentioned more than usual during the last week in connection with vulnerabilities.

Data Leaks & Breaches
Company Information Affected
Hamilton Brown (UK) Data reportedly belonging to Hamilton Brown was published online by the Ako ransomware operators after the firm refused to pay the demanded ransom. This includes personal data relating to the company’s employees. The attackers have threatened to release more data within seven days. Unknown
Alfanar (UK) The operators of NetWalker ransomware have leaked data which they claim belongs to electrical manufacturing company Alfanar. The exposed data appears to contain contracts, audit reports, insurance documents, and more. Unknown
Religare Health Insurance (India) Cyble reported that data belonging to the firm has been put up for sale on the dark web. The data was reportedly accessed via a misconfigured server, upon which the attacker also allegedly uploaded a web shell. The threat actor is selling the data of over five million individuals, with the exposed information belonging to both customers and employees. This includes names, addresses, mobile numbers, dates of birth, and more. 5,000,000
Government of Russia (Unknown) A database containing the data of citizens participating in the recent blockchain-based e-vote on Russia’s Constitutional amendments was publicly available on the government website for several hours on July 1st, 2020. The data has since been circulating on Telegram. A second archive was also freely available on the website, containing the passport numbers of over a million voters from Mosco and Nizhniy Novgorod. Although the data was encrypted, reporters investigating the leak stated it could be ‘very easily’ decoded using free software. The Ministry of Digital Development, Communications and Mass Media said that they excluded ‘any possibility of leakage.’ Unknown
Unknown Researchers at Cyble reported that a credible dark web user claimed to have the data of over 45 million travellers, from multiple countries, who had visited Thailand and Malaysia. The data purportedly relates to names, mobile numbers, passport details, and more. 45,000,000
Dunzo (India) The delivery start-up disclosed a data breach that leaked the phone numbers and email addresses of its users. The breach was the result of compromised servers at a third-party service that Dunzo uses to store its database. Payment information, such as credit cards or transaction details, was not affected. Unknown
DataViper On July 13th, 2020, a hacker emailed multiple cybersecurity reporters with a link to a dark web portal containing details about a hack into DataViper’s backend servers. The hackers posted a list of 8,225 databases indexed inside DataViper and put 50 of the biggest ones on the Empire dark web marketplace. According to ZDNet some have not been seen before. Vinny Troia acknowledged the breach, but asserted that the server was a test instance, adding that the data has been public for years and that the hacker is selling their own databases rather than data stolen from him. Unknown
Doctor Atadan Egemen Koyuncu (Turkey) The Turkish data protection authority (KVKK) revealed that a cyberattack targeted Doctor Atadan Egemen Koyuncu on July 5th, 2020. Exposed data includes email addresses, medical histories, phone numbers, and more. 10,000
eToro (Israel) On July 6th, 2020, a threat actor using the alias ‘Sheriff’ advertised an auction for 62,000 active accounts belonging to the users of social trading platform eToro. The exposed data includes login credentials, phone numbers, postal addresses, and balances. A security researcher, known as Bank Security, identified a separate threat actor also advertising eToro accounts on multiple forums. 62,000
Collabera (US) An investigation into a ransomware attack against the company on June 8th, 2020, revealed that an attacker obtained some data from its systems. This includes employee names, addresses, contact and Social Security numbers, dates of birth, employment benefits, and passport and immigration visa details. Unknown
Benefit Recovery Specialists Inc (US) On April 30th, 2020, the Texas-based billing and collection company discovered malware on its systems that enabled unauthorised individuals to access and potentially exfiltrate stored protected health information. Exposed data includes names, dates of birth, dates of service, provider names, and more. In some cases, Social Security numbers may also have been compromised. 274,837
LiveAuctioneers (US) On July 10th, 2020, a data breach broker began selling data stolen from auction site LiveAuctioneers, which they claim to include 3.4 million user records. LiveAuctioneers confirmed that one of its data processing partners had suffered a breach on June 19th, 2020, and analysis of the advertised data found that it contains information for UK and US users. This includes email addresses, usernames, addresses, social medical profiles, and MD5 hashed passwords. The data broker also claims that the passwords for 3 million of the accounts have been decrypted. >3,000,000
Mid-Delaware Imaging (US) The company was targeted in a ransomware attack on January 30th, 2020, and an investigation revealed that some patient information may have been accessed by the attacker, or was unrecoverable as a result of the attack. Potentially compromised data includes demographic information, dates of birth, driver’s license numbers, medical information, billing and financial information, and more. Unknown
Citrix (US) An investigation into claims that their network was compromised revealed that the data obtained by the threat actor came from a third party. Access to the data has since been terminated. Citrix adds that the third party only possesses ‘low sensitivity business contact information.’ Unknown
Wattpad (Canada) Since July 7th, 2020, BleepingComputer has been tracking chatter related to the private sale of a Wattpad database. The seller states that the database contains details of 271 million users, however, Wattpad reportedly only had 80 million total users in 2019. The seller has recently begun to offer the data for free, which includes usernames, hashed passwords, emails, and general geographic locations. Unknown
Unknown (UK) ­KELA researchers found 4.8 million records for sale on the dark web containing emails and usernames. An analysis of a sample of 10,000 emails showed that only 3% are duplicates. Users from the UK, US, New Zealand, Australia, South Africa, Germany and France are affected. The hacker offering the database claims that the data is from a ‘shopping and forex trading site’ but the researchers are confident it belongs to a ticket provider based in the UK. Unknown
Unknown On July 14th, 2020, the Distributed Denial of Secrets group published a collection of data relating to WikiLeaks. The data, named AssangeLeaks, dates back to at least 2010 and contains reproduced chat records linked to Jeremy Hammond, Sigurdur Thordarson, and pseudonyms used by Assange. Unknown
UFO VPN (Hong Kong) Comparitech researchers discovered an unprotected, publicly available database that contained user logs and API access records. Comparitech found that the 894GB of leaked data could be used to identify individual users. Exposed data includes passwords in plain text, VPN session secrets and tokens, IP addresses of user devices and VPN servers, connection timestamps, geo-tags, and more. The database was exposed for three weeks before being secured. Unknown
LPM Property Management (New Zealand) Jake Dixon of Vadix Solutions discovered an unsecured Amazon S3 database that appears to belong to firm. The database has since been secured. Exposed data included 31,610 files, with only 15 of them not being images. The images were of users’ passports, driver’s licenses, evidence of age documents, application pictures and images of damaged property. Unknown

This table shows a selection of leaks and breaches reported this week.

Attack Types Mentioned in Healthcare

This chart shows the trending Attack Types related to Healthcare over the last week.

Weekly Industry View
Industry Information
Banking & Finance Researchers at Trustwave have identified GoldenHelper malware within Chinese Tax software. The malware was used in campaigns from January 2018 to July 2019 and was operational prior to the recently discovered GoldenSpy backdoor malware. In both cases the malware was linked to the Aisino Corporation, with subsidiaries of the company being used to create Golden Tax related software which contained the malware. The primary purpose of GoldenHelper is to download and execute a final payload with SYSTEM level privileges.
Government A former US official informed Yahoo News that the US Central Intelligence Agency (CIA) has been conducting covert cyber operations against Iran and other targets since 2018 following a secret authorisation by President Trump. At least a dozen operations are said to have been carried out under the directive, including hack-and-dump operations. The authorisation reportedly enabled the CIA to conduct these operations without the need of the approval from the White House. They are said to involve offensive cyber operations aimed at disruption and destruction, rather than the collection of intelligence. Countries directly mentioned in the directive include Russia, China, Iran and North Korea, yet the directive reportedly also applies to other countries. In addition, banks and other financial institutions, as well as media organisations, charities, religious institutions, or businesses believed to be working for adversaries’ foreign intelligence services may also be targeted under this directive.
Healthcare Cyble reported that data belonging to the Indian firm Religare Health Insurance has been put up for sale on the dark web. The data was reportedly accessed via a misconfigured server, upon which the attacker also allegedly uploaded a web shell. The threat actor is selling the data of over five million individuals, with the exposed information belonging to both customers and employees. This includes customer names, addresses, mobile numbers, dates of birth, and more. Employee details include names, dates of birth, usernames, passwords, and similar information.
Retail, Hospitality & Tourism A hacker is currently selling the details of 142,479,937 MGM hotel guests on the dark web. Initial reports on the 2019 MGM data breach suggested that 10.6 million guests were affected, but ZDNet now speculates the breach may be even larger than 142 million. Another batch with data of 20 million individuals was posted on July 12th, 2020, whilst other posts on Russian-speaking hacking forums recently also advertised the data of over 200 million guests. MGM informed ZDNet that they were aware of the scope of the breach and had informed all impacted individuals. The company has not yet disclosed the full scope of the breach.
Cryptocurrency A series of high-profile Twitter accounts, such as those belonging to Barack Obama, Jeff Bezos, Kanye West, and other celebrities, tech executives, crypto currency exchanges, and tech companies, have been hijacked by Bitcoin scammers. Twitter revealed that a coordinated attack which targeted its employees allowed the hackers to take control of the user accounts. In response to the attack, the company stopped many verified accounts from tweeting and disabled some account functions. The scammers tweeted that users who sent them cryptocurrency would receive double the amount in return. BleepingComputer reported that a wallet associated with the scam contained roughly $105,000 in cryptocurrency.

News and information concerning each mentioned industry over the last week.

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.
The Silobreaker Team

More News

  • COVID-19 Alert – 03 August 2020

    Silobreaker's Daily COVID-19 Alert for 03 August 2020
  • Cyber Alert – 03 August 2020

    Cyber Alert: InfoSecHotSpot - 10 billion records exposed in unsecured databases, study says The databases contain personal information that could… https://t.co/LYBl2kpNgL...
  • COVID-19 Alert – 02 August 2020

    Silobreaker's Daily COVID-19 Alert for 02 August 2020
View all News

Request a demo

Get in touch