17 December 2020
Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.
Trending Vulnerable Products
Open Source
| Name | Heat 7 |
|---|---|
| Solarwinds Orion |  |
| Android 11 |  |
| ImageIO |  |
| picotcp | |
| Red Hat Product Security | |
Deep & Dark Web
| Name | Heat 7 |
|---|---|
|
|
| WordPress | |
| NVIDIA GeForce Now |  |
| Ardamax Keylogger | |
| Telerik Fiddler | |
The tables show the products which have been mentioned more than usual during the last week in connection with vulnerabilities.
Data Leaks & Breaches
Leaks & Breaches
| Company | Information | Affected |
|---|---|---|
| Habana Labs (Israel) | The operators of Pay2Key ransomware published data they claim to have stolen from the company. The leaked data includes Windows domain account information, DNS zone information for the domain, a file listing from its Gerrit development code review system, as well as business documents and source code images. | Unknown |
| Cardinal Logistics Management (US) | FreightWaves reported that the REvil ransomware operators leaked a sample of data allegedly stolen from the trucking firm. The actor alleges to have 700GB of Cardinal data, including ‘Financial documents, contracts, NDA, and employee data.’ The leaked sample contains information on finances, performance, customer relationships, and employees. | Unknown |
| Chinese Communist Party | According to Sky News, Chinese dissidents extracted a list of 1.95 million Chinese Communist Party members, mostly from Shanghai, and 79,000 communist party branches, from servers in Shanghai in April 2016. The database contains the names, party positions, birthdays, national ID numbers and ethnicities of operatives active in the country and abroad. | 1,950,000 |
| Konikoff Dental Associates (US) | The company disclosed a cyberattack that was discovered on October 11th, 2020. Unauthorised individuals were found to have potentially accessed emails containing patient and employee names, addresses, billing information, bank account numbers, health insurance and treatment information for an unspecified number of individuals. | Unknown |
| Fotor (UK) | On October 15th, 2020, security researcher Jeremiah Fowler discovered an unprotected database belonging to the photo-editing tool Fotor that contained over 123 million records. The exposed data included internal records such as testing and production data, as well as 13 million user records, such as names, email addresses, and geolocation. | Unknown |
| Brooklyn Defender Services (US) | On September 13th, 2020, Brooklyn Defender Services determined that the personal data of its clients may have been exposed in a security breach. An unauthorised actor obtained access to employee emails and may have viewed the names, addresses, financial account numbers, Social Security numbers, driver’s license numbers, passport numbers, health information, and/or biometric data of employees and clients. | Unknown |
| Unknown (Russia) | Cyble Inc researchers discovered the details of Russian Covid-19 patients being shared for free on a dark web forum. The data includes names, dates of birth, citizenship status, passports, addresses, medical analyses, details about the medical care, and more. | Unknown |
| Automation Personnel Services (US) | CyberNews researchers found a 440GB archive supposedly belonging to the company that was leaked on a popular hacker forum on November 24th, 2020. The data appears to have been made public following a failed ransom negotiation. The data includes confidential company data, as well as sensitive documents pertaining to users, partners, and employees of the company. | Unknown |
| Sonoma Valley Hospital (US) | California’s Sonoma Valley Hospital notified its patients of a possible breach of their personal data, caused by a ransomware attack in October 2020. The attackers may have stolen patient names, addresses, dates of birth, as well as insurance and medical information. | 67,000 |
| Dade City (US) | According to DataBreaches[.]net, Avaddon ransomware operators claim to have stolen data from Florida’s Dade City. Some of the stolen files appear to relate to police department personnel issues such as complaints and injuries. | Unknown |
| African Union | According to reporting by Kahawa Tungu, Bronze President is believed to have successfully captured and exfiltrated surveillance videos from the AU headquarters in Addis Ababa. The attacker reportedly stole ‘huge volumes of traffic’ from the AU, disguising the theft by operating only during business hours, to blend in with normal traffic. | Unknown |
| Taylor Made Diagnostics (US) | Conti ransomware operators claim to have attacked Taylor Made Diagnostics in Virginia. The actor posted proof of the allegedly stolen files, which reveal that patient names, addresses, dates of birth, phone numbers, full or partial Social Security numbers, driver’s licenses and medical histories may have been compromised. | Unknown |
| Apex Laboratory (US) | DoppelPaymer ransomware operators uploaded data allegedly stolen from the company. The information, leaked by the actor on December 14th, 2020, includes the names, dates of birth, Social Security numbers, Medicare and Medicaid numbers, and medical information of patients in Long Island. | 1,000 |
| Total System Services (US) | On December 8th, 2020, Conti ransomware operators published more than 10GB of data allegedly stolen from the payment processing company. Security researcher Brian Krebs reported that the compromised data included prepaid card information. | Unknown |
| UiPath (US) | The robotics automation startup suffered a data breach discovered on December 1st, 2020. The names, email addresses, usernames, company names, country locations, and more personal information of UiPath Academy users was published on an unspecified online source. No password or financial information was leaked. | Unknown |
| Cedar Springs Hospital (US) | According to a public notification, a surveyor from the Colorado Department of Public Health & Environment (CDPHE) ‘misplaced’ an external memory device containing sensitive information of the hospital’s patients. The information held on the device, which was unencrypted, contained the patients’ names, addresses dates of birth, Social Security numbers, as well as health insurance and medical information concerning each patient. | Unknown |
| Country Group Securities (Thailand) | According to DataBreaches[.]net, a threat actor named ALTDOS reached out to them, and Thai news outlets, to claim a cyberattack against the company. The attack is said to have taken place on December 4th, 2020. The attackers posted some files purportedly attributed to the company on public file sharing sites, which reportedly contain sensitive personal and financial information of customers and employees. | Unknown |
| Spotify (Sweden) | Spotify notified authorities of a data breach which may have exposed user email addresses, display names, passwords, genders, and dates of birth to certain business partners of the streaming company. The data was exposed due to a software vulnerability in its systems discovered on November 12th, 2020. | Unknown |
Attack Types mentions in Healthcare
Time Series
-1.png)
This chart shows the trending Attack Types related to Healthcare over the last week.
Weekly Industry View
Industry View
| Industry | Information |
|---|---|
| Retail & Hospitality | A highly targeted phishing campaign is currently targeting UK users via fake Subway order confirmations. The emails contain a link that leads to a malicious Excel document which installs Trickbot malware. Subway UK disclosed that a server used for its email campaigns had been compromised. The company stated that no evidence was found to suggest guest accounts had been hacked, nor are any bank or credit card details impacted. |
| Government | ESET researchers observed the HyberBro backdoor, Korplug RAT, and Tmanger being delivered via Able Desktop, used by 430 government agencies in Mongolia. The software’s update system appears to have been compromised since at least June 2020, with trojanised installers delivered since at least May 2018. The campaign, dubbed StealthyTrident, has been linked to LuckyMouse, which shares its access to compromised devices with TA428. Both are believed to be subgroups of the same threat actor. The researchers also identified a connection with ShadowPad backdoor. |
| Technology | FireEye researchers discovered a trojanised version of the SolarWinds Orion plugin being distributed via business software updates since spring 2020. The ongoing supply chain attack has targeted a range of governmental, consulting, technology, telecom and extractive organisations globally. The backdoor, dubbed SUNBURST, is capable of transferring and executing files, profiling the system, rebooting the device, and disabling system services. FireEye researchers attributed the attacks to UNC2452. Three individuals familiar with the US investigation into the attacks informed Reuters that Russia is believed to be responsible. The Russian foreign ministry called the accusation ‘unfounded.’ |
| Banking & Finance | IBM researchers discovered an ongoing mobile banking fraud campaign that uses mobile device emulators to set up spoofed devices to access compromised accounts. The accounts were likely previously infected by malware or the credentials collected via phishing pages. The attackers ensure that each emulator appears exactly as the legitimate device or as a new device added by the user. An automated process is used to match all device characteristics and technical specs from a database of compromised device logs, including the account holder’s username and password for bank accounts. A mix of legitimate, publicly available tools, and custom applications are used in the operation. The researchers note that the emulator attacks have the potential to work on any application with online access, including obtaining access codes via SMS. In some cases, over 20 emulators were used to spoof over 16,000 devices to steal millions of dollars. |
| Healthcare | An investigation into medical device security by researchers at CybelAngel revealed that many devices are vulnerable to attacks or expose sensitive data due to the technology being outdated. Over 45 million unique cases of Digital Imaging and Communications in Medicine files were discovered that were exposed on the open web on unprotected servers. This includes X-rays, MRI and CT scans, and accompanying data that could identify the individual in the images. |
News and information concerning each mentioned industry over the last week.
Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.
