Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Trending Vulnerable Products

Open Source
Name Heat 7
Philips Patient Information Center iX
Philips PerformanceBridge Focal Point
VMware Workstation
Bitcoin Core
Apple iPadOS
Deep & Dark Web
Name Heat 7
Bitcoin Core
Internet Explorer 11
Btcd
Bcoin
Namecoin

The tables show the products which have been mentioned more than usual during the last week in connection with vulnerabilities.

Data Leaks & Breaches

Leaks & Breaches
Company Information Affected
Fairfax County Public Schools (US) Maze ransomware operators published a ZIP file containing a sample of data which they claim to have stolen during an attack against the school. The ransomware operators stated that the ZIP contains only 2% of exfiltrated data. Unknown
DXP Enterprises (US) REvil ransomware operators posted multiple screenshots on their data leak site of information they claim to have stolen from the company. The screenshots contain service reports, purchase reports, PST files of numerous employees, files containing customer information, and other confidential information. Unknown
Razer Inc (Singapore & US) Security researcher Bob Diachenko discovered a misconfigured Elasticsearch cluster belonging to the company. It was first publicly exposed on August 18th. The database contained customer data. Exposed data included full names, emails, phone numbers, customer internal IDs, order numbers, order details, as well as billing and shipping addresses. ~100,000
United Airlines (US) Security researcher Oliver Linow identified a bug in United Airlines’ website which allowed him to view the details of customers who requested a refund. The website was supposed to allow users to view their refund status by entering their ticket number and last name, however, the site was not validating the last name. Altering the ticket number therefore exposed traveller surnames, refund amounts, and the payment type and currency used to purchase tickets. Unknown
Equinix (US) The company was targeted in a Netwalker ransomware attack, whose operators sent a tailored ransom note with a link to a screenshot of the purportedly stolen data. The screenshot shows folders which appear to have originated from the company’s Australian office and suggest that financial, payroll, accounting information, and audits and data centre reports may have been compromised. Unknown
Zhenhua Data (China) A database containing data compiled from open-source information on about 2.4 million individuals was leaked to US academic Christopher Balding. According to Balding, the data focuses on influential individuals and institutions that Balding believes could be used for monitoring purposes or to understand how to exert influence. Cybersecurity consultancy firm Internet 2.0 recovered the records of about 250,000 individuals. Speaking to the Guardian, Zhenhua Data stated that ‘the report is seriously untrue.’ 250,000
Artech Information Systems (US) On January 11th, 2020, the operators of the REvil ransomware leaked data they claimed to belong to Artech. The company confirmed a REvil ransomware attack first reported on in January, stating that an unauthorised individual had access to the systems from January 5th to January 8th, 2020. Names, Social Security numbers, medical information, health insurance information, and more, were stored on the compromised system. In September 2020, Maze ransomware operators also claimed to have successfully attacked the company and uploaded a ZIP file of data allegedly stolen from the company. Unknown
Fourth Judicial District Court of Louisiana (US) Conti ransomware operators claim to have successfully breached the Fourth Judicial District Court of Louisiana. Documents purportedly exfiltrated from its system were published on the dark web as proof of the attack. The revealed documents include sentencing verdicts, excuses given by jurors and a meeting of judges. Unknown
Mailfire (Netherlands) On August 31st, 2020, an ethical hacker informed vpnMentor that they had identified an Elasticsearch server exposing the details of users of over 70 sites, the majority of which are adult dating websites. The server contained 882.1GB of data and 370 million records from the previous four days. Tens-of-millions of records were being uploaded to the server during the investigation. The exposed information includes personally identifiable information, private messages, email content, authentication tokens, and more. Unknown
CU Collections (US) On September 11th, 2020, CU Collections announced that it became aware of a cyberattack in February 2020. The incident allowed unauthorised parties to access personal information that had been shared to CU Collection by partner credit unions. The impacted personal information may include names, addresses, Social Security numbers, financial account numbers, and driver license numbers of individuals who failed on their credit union accounts or loans. Unknown
Department of Veterans Affairs (US) The personal information of about 46,000 veterans may have been compromised. Unauthorised users were found to have accessed one of the VA Financial Services Center’s online applications and managed to change financial information and divert payments by using social engineering techniques and exploiting authentication protocols. 46,000
Staples (US) The office retail firm sent a brief notification letter to its customers informing them that an unauthorised party accessed ‘a limited amount’ of customers’ order data. The issue was caused by two misconfigured endpoints, which has since been resolved. Exposed data included names, addresses, emails, phone numbers, the last four digits of payment cards, and information about the cost, delivery and product ordered. Account credentials and full payment card details were not exposed. Unknown
Public Health Wales (UK) Public Health Wales accidentally leaked the data of residents who have received positive Covid-19 test results. The data was posted to the service’s searchable public server on August 30th, 2020. The majority of the leaked records revealed the initials, date of birth, geographical area and sex of each compromised individual, while the records of 1,928 care home and supported housing residents also included their full address. 18,105
Yaskawa Electric Corporation (Japan) LockBit ransomware operators posted a database allegedly stolen from the company on their blog site. The data includes proprietary information, such as records of purchases, bank accounts, technical product information, and other internal documents. Unknown
Overseas Express Shipping Company (Hong Kong) LockBit ransomware operators claim to have stolen data from the company and posted a database containing 5.8 million records to their blog site. The leaked data includes names, addresses, and other internal documents. Unknown
University Hospital New Jersey (US) SunCrypt ransomware operators published a 1.7 GB archive containing more than 48,000 documents, which they claim to have stolen in a September 2020 attack. The data exposed by the attackers includes patient information, drivers’ licenses, Social Security numbers, dates of birth, and details about the Board of Directors. The attackers claim to have stolen over 240 GB of data. Unknown
Quebec Ministry of Justice (Canada) Researchers at ESET and journalist Hugo Joncas reported that the Quebec Ministry of Justice was targeted with Emotet malware on August 11th and August 12th, 2020. The attackers gained access to 14 mailboxes under the Ministry’s jurisdiction. The attackers contacted individuals who had messaged the mailboxes with emails containing malicious attachments. The attackers also stole the personal information of roughly 300 current and former employees. 300

Attack types Mentions in Education

Industry View

This chart shows the trending attack types related to education over the last week.

Weekly Industry View

Industry View
Industry Information
Banking & Finance In July 2020, the source code for the mobile banking trojan Cerberus was auctioned, with an advert stating its development team was breaking up. Security researcher Dmitry Galov stated that the developer has since published the source code, under the name Cerberus v2, for premium users on a popular Russian-speaking underground forum. Galov noted that there was an ‘immediate rise’ in infections following the publication. Infections were observed in Europe and Russia, with the attack landscape having changed since the code was released.
Government In recent weeks, Microsoft observed numerous attacks against individuals and organisations involved in the upcoming US presidential elections, including individuals associated with both the Trump and Biden campaigns. The attacks were found to have been carried out by foreign actors and were consistent with previous attack patterns. Russian-linked group Strontium was observed launching a number of attacks aimed at harvesting login credentials or compromising accounts, with over 200 organisations having been targeted since September 2019. Since March 2020, attacks by Chinese-linked Zirconium resulted in nearly 150 compromises. The group was found to target individuals associated with US presidential campaigns and candidates, as well as individuals affiliated with universities and international affairs organisations. The most recent activity by Iranian-linked Phosphorus targeted personal and work accounts of individuals associated with the US election, including current administration officials and campaign staff.
Education The UK National Cyber Security Centre (NCSC) issued an alert warning education establishments of increased attacks against the sector. The NCSC reported it has been investigating an increased number of ransomware attacks affecting schools, colleges and universities since August 2020.
Technology Tencent Security researchers discovered a new malware, dubbed MrbMiner, that has been targeting Microsoft SQL Servers (MSSQL) in recent months. Thousands of MSSQL databases have already been infected. It is being spread via brute-force attacks, after which a backdoor account is added for future access. It then connects to its C2 to download an app that mines Monero. Although only MSSQL infections were observed, the researchers also discovered MrbMiner versions written to target Linux server and ARM-based systems. A Monero wallet linked to the Linux version was discovered, containing 3.38 XMR (about $300), which suggests that the Linux version is also being actively distributed.
Retail, Hospitality & Tourism Sansec researchers detected 1,904 Magento stores that had been infected with a unique keylogger between September 10th and September 12th, 2020, potentially impacting the private data of tens of thousands of customers. All affected sites were running Magento version 1, which reached end-of-life in June 2020. The automated Magecart campaign appears to have used a new attack method, with the researchers speculating it may be related to a Magento 1 remote code execution zero-day that was for sale recently.

News and information concerning each mentioned industry over the last week.

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Silobreaker
This website uses cookies.
See our privacy policy at www.silobreaker.com/legal