17 December 2020

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Trending Vulnerable Products

Open Source
Name Heat 7
Solarwinds Orion
Android 11
ImageIO
picotcp
Red Hat Product Security
Deep & Dark Web
Name Heat 7
WhatsApp
WordPress
NVIDIA GeForce Now
Ardamax Keylogger
Telerik Fiddler

The tables show the products which have been mentioned more than usual during the last week in connection with vulnerabilities.

Data Leaks & Breaches

Leaks & Breaches
Company Information Affected
 Habana Labs (Israel) The operators of Pay2Key ransomware published data they claim to have stolen from the company. The leaked data includes Windows domain account information, DNS zone information for the domain, a file listing from its Gerrit development code review system, as well as business documents and source code images.  Unknown
Cardinal Logistics Management (US) FreightWaves reported that the REvil ransomware operators leaked a sample of data allegedly stolen from the trucking firm. The actor alleges to have 700GB of Cardinal data, including ‘Financial documents, contracts, NDA, and employee data.’ The leaked sample contains information on finances, performance, customer relationships, and employees. Unknown
Chinese Communist Party According to Sky News, Chinese dissidents extracted a list of 1.95 million Chinese Communist Party members, mostly from Shanghai, and 79,000 communist party branches, from servers in Shanghai in April 2016. The database contains the names, party positions, birthdays, national ID numbers and ethnicities of operatives active in the country and abroad. 1,950,000
 Konikoff Dental Associates (US) The company disclosed a cyberattack that was discovered on October 11th, 2020. Unauthorised individuals were found to have potentially accessed emails containing patient and employee names, addresses, billing information, bank account numbers, health insurance and treatment information for an unspecified number of individuals. Unknown
Fotor (UK) On October 15th, 2020, security researcher Jeremiah Fowler discovered an unprotected database belonging to the photo-editing tool Fotor that contained over 123 million records. The exposed data included internal records such as testing and production data, as well as 13 million user records, such as names, email addresses, and geolocation. Unknown
Brooklyn Defender Services (US) On September 13th, 2020, Brooklyn Defender Services determined that the personal data of its clients may have been exposed in a security breach. An unauthorised actor obtained access to employee emails and may have viewed the names, addresses, financial account numbers, Social Security numbers, driver’s license numbers, passport numbers, health information, and/or biometric data of employees and clients. Unknown
Unknown (Russia) Cyble Inc researchers discovered the details of Russian Covid-19 patients being shared for free on a dark web forum. The data includes names, dates of birth, citizenship status, passports, addresses, medical analyses, details about the medical care, and more. Unknown
Automation Personnel Services  (US) CyberNews researchers found a 440GB archive supposedly belonging to the company that was leaked on a popular hacker forum on November 24th, 2020. The data appears to have been made public following a failed ransom negotiation. The data includes confidential company data, as well as sensitive documents pertaining to users, partners, and employees of the company. Unknown
Sonoma Valley Hospital (US) California’s Sonoma Valley Hospital notified its patients of a possible breach of their personal data, caused by a ransomware attack in October 2020. The attackers may have stolen patient names, addresses, dates of birth, as well as insurance and medical information.  67,000
Dade City  (US) According to DataBreaches[.]net, Avaddon ransomware operators claim to have stolen data from Florida’s Dade City. Some of the stolen files appear to relate to police department personnel issues such as complaints and injuries. Unknown
African Union According to reporting by Kahawa Tungu, Bronze President is believed to have successfully captured and exfiltrated surveillance videos from the AU headquarters in Addis Ababa. The attacker reportedly stole ‘huge volumes of traffic’ from the AU, disguising the theft by operating only during business hours, to blend in with normal traffic. Unknown
Taylor Made Diagnostics  (US) Conti ransomware operators claim to have attacked Taylor Made Diagnostics in Virginia. The actor posted proof of the allegedly stolen files, which reveal that patient names, addresses, dates of birth, phone numbers, full or partial Social Security numbers, driver’s licenses and medical histories may have been compromised. Unknown
 Apex Laboratory  (US) DoppelPaymer ransomware operators uploaded data allegedly stolen from the company. The information, leaked by the actor on December 14th, 2020, includes the names, dates of birth, Social Security numbers, Medicare and Medicaid numbers, and medical information of patients in Long Island. 1,000
Total System Services   (US) On December 8th, 2020, Conti ransomware operators published more than 10GB of data allegedly stolen from the payment processing company. Security researcher Brian Krebs reported that the compromised data included prepaid card information. Unknown
UiPath (US) The robotics automation startup suffered a data breach discovered on December 1st, 2020. The names, email addresses, usernames, company names, country locations, and more personal information of UiPath Academy users was published on an unspecified online source. No password or financial information was leaked. Unknown
Cedar Springs Hospital  (US) According to a public notification, a surveyor from the Colorado Department of Public Health & Environment (CDPHE) ‘misplaced’ an external memory device containing sensitive information of the hospital’s patients. The information held on the device, which was unencrypted, contained the patients’ names, addresses dates of birth, Social Security numbers, as well as health insurance and medical information concerning each patient. Unknown
Country Group Securities (Thailand) According to DataBreaches[.]net, a threat actor named ALTDOS reached out to them, and Thai news outlets, to claim a cyberattack against the company. The attack is said to have taken place on December 4th, 2020. The attackers posted some files purportedly attributed to the company on public file sharing sites, which reportedly contain sensitive personal and financial information of customers and employees. Unknown
Spotify (Sweden) Spotify notified authorities of a data breach which may have exposed user email addresses, display names, passwords, genders, and dates of birth to certain business partners of the streaming company. The data was exposed due to a software vulnerability in its systems discovered on November 12th, 2020. Unknown

Attack Types mentions in Healthcare

Time Series

This chart shows the trending Attack Types related to Healthcare over the last week.

Weekly Industry View

Industry View
Industry Information
Retail & Hospitality A highly targeted phishing campaign is currently targeting UK users via fake Subway order confirmations. The emails contain a link that leads to a malicious Excel document which installs Trickbot malware. Subway UK disclosed that a server used for its email campaigns had been compromised. The company stated that no evidence was found to suggest guest accounts had been hacked, nor are any bank or credit card details impacted. 
Government  ESET researchers observed the HyberBro backdoor, Korplug RAT, and Tmanger being delivered via Able Desktop, used by 430 government agencies in Mongolia. The software’s update system appears to have been compromised since at least June 2020, with trojanised installers delivered since at least May 2018. The campaign, dubbed StealthyTrident, has been linked to LuckyMouse, which shares its access to compromised devices with TA428. Both are believed to be subgroups of the same threat actor. The researchers also identified a connection with ShadowPad backdoor.
Technology FireEye researchers discovered a trojanised version of the SolarWinds Orion plugin being distributed via business software updates since spring 2020. The ongoing supply chain attack has targeted a range of governmental, consulting, technology, telecom and extractive organisations globally. The backdoor, dubbed SUNBURST, is capable of transferring and executing files, profiling the system, rebooting the device, and disabling system services. FireEye researchers attributed the attacks to UNC2452. Three individuals familiar with the US investigation into the attacks informed Reuters that Russia is believed to be responsible. The Russian foreign ministry called the accusation ‘unfounded.’ 
Banking & Finance IBM researchers discovered an ongoing mobile banking fraud campaign that uses mobile device emulators to set up spoofed devices to access compromised accounts. The accounts were likely previously infected by malware or the credentials collected via phishing pages. The attackers ensure that each emulator appears exactly as the legitimate device or as a new device added by the user. An automated process is used to match all device characteristics and technical specs from a database of compromised device logs, including the account holder’s username and password for bank accounts. A mix of legitimate, publicly available tools, and custom applications are used in the operation. The researchers note that the emulator attacks have the potential to work on any application with online access, including obtaining access codes via SMS. In some cases, over 20 emulators were used to spoof over 16,000 devices to steal millions of dollars.
Healthcare An investigation into medical device security by researchers at CybelAngel revealed that many devices are vulnerable to attacks or expose sensitive data due to the technology being outdated. Over 45 million unique cases of Digital Imaging and Communications in Medicine files were discovered that were exposed on the open web on unprotected servers. This includes X-rays, MRI and CT scans, and accompanying data that could identify the individual in the images.

News and information concerning each mentioned industry over the last week.

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Silobreaker
This website uses cookies.
See our privacy policy at www.silobreaker.com/legal