17 June 2021

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Trending Vulnerable Products

Open Source
Name Heat 7
Apple iOS 12
JerryScript
Android 11
ZOLL Defibrillator Dashboard
Android 10
Deep & Dark Web
Name Heat 7
NVIDIA GeForce Now
TeamSpeak
SN1PER
Tenable Nessus
OpenCart

The tables show the products which have been mentioned more than usual during the last week in connection with vulnerabilities.

Data Leaks & Breaches

Leaks & Breaches
Company Information Affected
Cognyte (Israel) Comparitech researchers discovered a database belonging to the cybersecurity company that contained 5,085,132,102 records collected from past data breaches. The database was first indexed by search engines on May 28th, 2021, and secured on June 2nd, 2021. The records included names, email addresses, passwords, and sources from which the data came. Unknown
Presque Isle Police Department (US) Nearly 200GB of data stolen from the department in Maine were published on the Avaddon ransomware leak site. The leak contains 15,000 emails, police reports, and witness statements from the 1970s to the present. Unknown
Free (France) TechNadu saw a threat actor claiming to have access to a database owned by the company. Other actors on the same dark web forum also claimed to have access to the victim’s data. The threat actor claims to have stolen customer details, such as names, email addresses, mobile numbers, IP addresses, and more. Unknown
ThailandIntervac Security researcher Richard Barrow found that Thailand’s COVID-19 vaccination site contained a flaw which exposed user details. Logging in revealed the names, passport numbers and locations of other users. Unknown
USA Waste-Management Resources An unauthorised party was found to have accessed and stolen files containing the personal information of 268,510 individuals between January 21st and January 23rd, 2021. Unknown
Arnoff Moving & Storage (US) The company stated that customer data may have been stolen in a breach that was first identified on June 10th, 2021. The attackers posted data samples they claim to have taken from the company, which includes forms that contain names, contact information and credit card numbers. Unknown
Electronic Arts (US) Hackers claim to have stolen a total of 780GB of data from the company, including software development kits, EA frameworks, the source code for the Frostbite engine, FIFA 21, Battlefield, and more. EA confirmed the theft. Unknown
Edward Don & Company  (US) The company was targeted in a ransomware attack which impacted its phone systems, network and email. As a precaution, the foodservice supplier shut down portions of its network. Unknown
CoWIN (India) DarkTracer researchers observed a dark web actor named Dark Web Market selling data allegedly composed of 150 million records stolen from the COVID-19 vaccination registration site. The records purportedly contain names, mobile numbers, Aadhaar IDs, and geolocation information. India’s Ministry of Health stated that the claims appear to be fake. Unknown
 Dutch National Police  De Volkskrant reported that Russian APT groups breached the network of the Dutch police in September 2017 after exploiting a software vulnerability. The intrusion was undetected at the time but reportedly later uncovered by the AIVD. The attack was reportedly conducted by APT29 and APT28 was also involved. The alleged intrusion took place at the same time as the investigation into the MH-17 crash. Unknown
GlobeMed Saudi Arabia The Xing Team added the healthcare provider to its leak site on May 6th, 2021, claiming to have stolen 201GB of data. On May 11th, 2021, the group dumped 100GB of files, which contain personal and sensitive data, as well as routine medical records, and more. Unknown
OSF HealthCare System (US) The healtchcare provider was targeted on May 18th, 2021, and Xing Team leaked the entire 112GB it claims to have exfiltrated on June 3rd, 2021. The data includes patient files revealing names, types of their tests, and more. Unknown
Coastal Family Health Center (US) The centre was added to the Xing Team leak site on May 24th, 2021. The group dumped the entirety of stolen data, comprising 506GB, due to the company refusing to cooperate. Among the leaked data are files containing personally identifiable information. Unknown
Sol Oriens LLC (US) The operators of REvil ransomware added the company to its list of victims and leaked data it claims to have stolen. The company is a subcontractor for the United States Department of Energy National Nuclear Security Administration. Its website has been unavailable since June 3rd, 2021. Some of the leaked data exposed employee names, Social Security numbers, and quarterly pay. Unknown
Arizona Asthma & Allergy Institute (US) The company issued a data breach notification, stating that limited protected health information may have been impacted by a cyberattack that occurred in 2020. The compromised data included names in combination with patient identification numbers, provider names, health insurance information, and more. DataBreaches[.]net noted that the operators of Maze ransomware had listed the targeted company as ‘Medical Management Inc’ or ‘MedMan.’  Unknown
Five Rivers Health Centers (US) The company is informing some of its patients of a phishing attack that resulted in the attacker having access to email accounts between April 1st and June 2nd, 2020. The accounts contained personal and protected health information, including names, dates of birth, addresses, financial account numbers, payment card numbers, driver’s licenses, Social Security numbers, and more. Unknown
Volkswagen (Germany) The company stated that customer data was left exposed by one of its vendors. The exposed data relates to data from 2014 to 2019 and was freely accessible between August 2019 and May 2021. Most of the compromised data included names, postal and email addresses, and phone numbers. Over 90,000 customers from the United States and Canada also had information such as driver’s license numbers, dates of birth, and Social Security numbers exposed. 3,300,000
Carter’s (US) vpnMentor researchers discovered a data breach to Carter’s parcel tracking pages, which are provided via the URL shortener tool Linc. The researchers found that the URLs were easily discoverable, lacked authentication, and never expired. The confirmation pages contained full names, physical addresses, email addresses, phone numbers, financial information, and more. Unknown
McDonald’s (US) McDonald’s revealed it suffered an unauthorised access incident which exposed the business contact information for employees and franchisees in the United States. The breach has also compromised the emails, phone numbers, and addresses of customers and employees in South Korea and Taiwan. Employees in South Africa and Russia may have also been affected by the breach. Unknown
Invenergy (US) On June 11th, 2021, the clean energy company disclosed that its information systems were subjected to unauthorised activity. REvil ransomware operators claim to possess 4TB of information stolen from the company, including projects and contracts data, as well as the personal emails of Invenergy CEO Michael Polsky. Unknown
AsiaPay (China) The online payment platform revealed that it suffered a possible credit card data leak between September 17th, 2020, and May 2nd, 2021. The company notified merchants of the potential leaks. Unknown
Intuit (US) An undisclosed number of TurboTax accounts were breached in takeover incidents using credentials obtained from other sources. The attackers may have obtained names, Social Security numbers, addresses, dates of birth, driver’s license numbers and financial information that was stored on the affecte accounts. Unknown
Taobao (China) Chinese publication 163[.]com reported that an affiliate marketer collected over a billion data points from Alibaba-owned company by using a crawler. The scraping occurred between November 2019 and July 2020 and involved the collection of data such as usernames and mobile phone numbers. Unknown
Pole-Emploi (France) Twitter users reported observing personal job-seeker data from the state-owned job site exposed on a hacker forum. Security researcher Olivier Laurelli stated that he believes that the actor has sold 1.2 million records including names, ages, telephone numbers, email addresses, postal codes, and more job-seeker information. Unknown
Vicksburg Warren School District (US) The operators of Grief ransomware claimed responsibility for a recent security incident, stating that they were in possession of 10GB stolen from the school district’s servers, including internal documents and personal information. Unknown
AmeriGas (US) The propane provider was affected by a data breach against its compliance services vendor J. J. Keller. J. J. Keller discovered a data breach on May 10th, 2021, resulting from a successful employee phishing attempt. The incident, which only lasted for eight seconds, exposed the Lab IDs, Social Security numbers, driver’s license numbers, and dates of birth of AmeriGas employees. 123
CVS Health (US) WebsitePlanet and Jeremiah Fowler identified 1,148,327,940 records being exposed via a non-password protected database. The information was discovered on March 21st, 2021, and totals 204GB. The exposed data includes configuration settings, production records showing visitor IDs, session IDs, and device information, and more. Unknown
Gateley (UK) The law firm disclosed that it identified unauthorised activity on its network. The incident impacted roughly 0.2% of its data, with the affected information including some client data. Unknown
UnitingCare Queensland (Australia) DataBreaches[.]net saw the transcript of the ransom negotiations between REvil ransomware operators and a representative of UnitingCare Queensland, revealing that the actor stole personal patient information. REvil showed passport copies and incident reports for named patients to the company’s negotiator. Unknown

Malware mentions in Healthcare

Time Series

This chart shows the trending Malware related to Healthcare within a curated list of cyber sources over the past week.

Weekly Industry View

Industry View
Industry Information
Retail and Tourism Over the past 30 days Check Point researchers found 2,300 newly registered domains related to Amazon, 46% of which were deemed malicious, while a further 32% were suspicious. The malicious domains are believed to be associated with the upcoming Amazon Prime Day on June 21st, 2021. The researchers also observed a phishing email impersonating Amazon customer services, featuring an account verification prompt which directs users to a currently inactive site. Additionally, the researchers found a fake Japanese Amazon login website.
Government Researchers at Crowdstrike have been tracking an activity cluster, dubbed DiplomaticOrbiter, since October 2020. The attacks target Western think tanks and sensitive government organisations. The sophisticated spear phishing operation involves a delivery chain that uses HTML lure documents and a multi-step loading chain for Cobalt Strike beacon. The malware used in the campaign is tracked by other security researchers at EnvyScout, BoomBox, NativeZone, and VaporRage. The operation has been attributed to the Russian threat actor COZY BEAR.
Technology Microsoft researchers discovered and disrupted a large-scale business email compromise (BEC) infrastructure hosted in multiple web services. The campaign compromised mailboxes via phishing and added forwarding rules that allowed the attackers to gain access to victims’ emails regarding financial transactions. The phishing emails used a typical voice message lure and an HTML attachment containing JavaScript that would lead to a fake Microsoft sign-in page. Once the user entered their password, they were shown a ‘file not found’ message, whilst the JavaScript silently transmitted the user’s credentials to the attackers. The researchers identified hundreds of compromised mailboxes in various organisations, all of which had the same pattern of forwarding rules.Cryptocurrency
Critical Infrastructure 360 Core Security Lab researchers discovered a campaign that began in January 2021 distributing a recent version of PJobRAT spyware via several fake dating apps. The spyware has been around since December 2019 and can make video and audio recordings and exfiltrate documents, WhatsApp messages and contacts, text messages, and more. The apps, primarily targeting Indian military personnel, are spread on military forums and distributed via third-party app stores. Following installation, the apps mimic the icon of WhatsApp or other apps to hide in the apps list. TechNadu speculated that the targeting may suggest Chinese or Pakistani actors are behind the malware.

News and information concerning each mentioned industry over the last week.

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

 

Silobreaker Weekly Cyber Digest

Sign up for weekly news on data breaches, hacker groups, malware and vulnerabilities.

Silobreaker
This website uses cookies.
See our privacy policy at www.silobreaker.com/legal