18 February 2021

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Trending Vulnerable Products

Open Source
Name Heat 7
SHAREit
Centreon
mbconnect24
Magento
Microsoft Windows Defender
Deep & Dark Web
Name Heat 7
Google AdSense
Microsoft Windows 10 Pro
Apple iOS
Telegram App
Freepik

The tables show the products which have been mentioned more than usual during the last week in connection with vulnerabilities.

Data Leaks & Breaches

Leaks & Breaches
Company Information Affected
Adorcam (China) Researchers at Rainbowtable reported that an exposed ElasticSearch database was exposing over 124 million rows of customer data. This information includes user email addresses, hashed passwords, WiFi network names, and more. Unknown
Canadian Discount Car and Truck Rentals DarkSide ransomware operators claimed responsibility for the attack against the company on their data leak site. The attackers stated that they have stolen over 120GB of unencrypted data, including financial, marketing, and banking information. BleepingComputer stated that it is unclear if the data is genuine. Unknown
Astoria Company (US) Cyble Inc researchers observed ShinyHunters selling a database allegedly including users’ names, email addresses, dates of birth, and more. The seller also claims to have gained access to over 40 million users’ Social Security numbers, checking account and routing numbers, driver’s license numbers, and more. 100,000,000
Jones Day (US) The operators of CLOP ransomware posted screenshots of files they supposedly stole from the law firm, including current and confidential documents.  Unknown
Unknown (Malaysia) A threat actor posted a database supposedly containing the names, IC numbers, addresses, and more belonging to Malaysian voters. The database is split into individual birth years from 1950 to 1996. 10,000,000
PrivatBank (Ukraine) Researchers at CyberNews discovered a hacker attempting to sell data from the Ukrainian bank. The seller claims that the database contains 40 million entries, including full names, dates of birth, passport details, taxpayer identification numbers, and more. The bank denies being compromised. Unknown
Yandex (Russia) One of the company’s employees has been providing unauthorised access to users’ email accounts ‘for personal gains.’ 4,887
Indian National Congress  According to OpIndia, the website used by the party to register social media volunteers exposed the applicants’ data. A Twitter user found that the database of registered volunteers can be obtained from the site without admin access by running a few PHP queries. Exposed data includes names, addresses, phone numbers, emails, voter IDs, social media profiles, and more. Unknown
Automatic Funds Transfer Services (US) The third-party vendor for the city of Bainbridge Island in Washington, was targeted in a ransomware attack on February 3rd, 2021. The breach appears to have also affected the cities of Redmond, Monroe, Mountlake Terrace and Auburn. The incident may have resulted in a breach of customer data, including identification numbers, names, addresses, and more. Unknown
Nebraska Medicine (US) The September 2020 ransomware attack against Nebraska Medicine may have resulted in a data breach. The incident affected data stored on the network, which also included information from Faith Regional Health Services, Great Plains Health, and Mary Lanning Healthcare. Potentially compromised data may include names, contact information, dates of birth, health insurance information, a limited number of Social Security numbers, and medical information. 219,000
Bannock County (US) The Idaho county discovered that an unknown actor may have accessed its computer network on or about June 22nd, 2020. Compromised data may have included names, Social Security numbers, driver’s licenses. financial account information, and more. Unknown
Koo App (India) According to security researcher Robert Baptiste, the app is leaking user data, including names, dates of birth, gender, and more. The company behind the app stated that no data leak is taking place. Unknown
Vivo (Brazil) A threat actor is selling what they claim to be 57.2 million customer data sets from Vivo. Leaked data reportedly includes names, taxpayer registration numbers, minutes spent on phone calls, and more. The company denies that any data was leaked. Unknown
Claro (Brazil) A threat actor is selling alleged 45.6 million customer data sets from Claro. Leaked data reportedly includes names, taxpayer registration numbers, and more. The company denies that any data was leaked. Unknown
Valdès Analysis Laboratory (Italy) The Cagliary laboratory was targeted in a RagnarOK ransomware attack on February 6th, 2021. Data stolen in the attack includes online reports, laboratory documents and regulatory references to COVID-19, and more. Unknown
Rehoboth Mckinley Christian Health Care Services (US) The New Mexico healthcare provider was hit by a Conti ransomware attack. The attackers uploaded sample files on their data leak sites, which included driver’s licenses, Social Security cards, protected health information and other sensitive personal data. Unknown
Capital Medical Center (US) The Washington healthcare provider was hit by an Avaddon ransomware attack. The attackers uploaded sample files on their data leak sites, which included driver’s licenses, Social Security cards, protected health information and other sensitive personal data. Unknown
Meddi Laboratório (Brazil) The Avaddon ransomware operators added the diagnostics laboratory to their data leak site. Files dumped include certifications, photo IDs, contact information, payment information, and more. Unknown
Unknown (France) Researchers at Cyble reported that data of French patients was leaked on a Russian-speaking hacking forum. The exposed details include names, telephone and mobile numbers, addresses, medical information, and more. The breach also exposed 156,000 email addresses. 491,000
CityBee (Lithuania) A threat actor is selling user data they claim to have stolen from the car sharing service. The data was allegedly taken from an unsecured February 2018 backup and includes customer names, email addresses, personal identification numbers, and encrypted passwords. 110,000
Gastroenterology Consultants (US) The Nevada clinic is investigating a data breach which occurred on December 8th, 2020. Names, mailing addresses, phone numbers and other personally identifiable information are believed to have been exfiltrated from the practice. 2,500
Amazon and Ebay (US) CyberNews researchers observed a hacker selling data supposedly taken from Amazon or eBay accounts from 2014 to 2021 in 18 countries. Leaked data is said to include customers’ full names, postal codes, delivery addresses, and shop name, as well as 1.6 million phone records. The researchers stated it remains unclear where the attacker obtained the data, and Amazon found no data breaches. 14,000,000
Kia Motors America BleepingComputer obtained a ransom note created during an alleged ransomware attack. The ransom note contains a link leading to a DoppelPaymer Tor payment site that states a ‘huge amount’ of data was stolen and will be released if the company does negotiate. The company found no evidence of a ransomware attack. Unknown
California’s Department of Motor Vehicle (US) The ransomware attack against vendor Automatic Funds Transfer Services may have compromised the data of the DMV, including the last 20 months of California vehicle registration records. The potentially compromised information includes names, addresses, license plate numbers and vehicle identification numbers. Unknown
Granite Wellness Centers (US) The healtcare provider was targeted in a ransomware attack discovered on January 5th, 2021. Patient names, birth dates, dates of care, health and health insurer data were exposed during the incident. 15,600
Simon Fraser University (Canada) The university was targeted in a cyberattack discovered on February 5th, 2021, which exposed the data of current and former students, staff, and applicants. The affected data includes student and employee ID numbers, admissions information, academic standing, and more. 200,000
Wilmington Surgical Associates (US) The healtcare provider was targetted in a ransomware attack in October 2020. The actor allegedly stole 13GB of data affecting employees and patients.The stolen data included Social Security numbers, insurance details, protected health information, and more. 114,834
Singtel (Singapore) The personal details of Singtel customers were exposed during the recent breach of the company’s file-sharing services vendor, Accellion. The compromised data includes names, dates of birth, mobile numbers, physical addresses, and more. 129,000

Threat Actor mentions in Healthcare

Time Series

This chart shows the trending Threat Actors related to Healthcare over the last week.

Weekly Industry View

Industry View
Industry Information
Banking & Finance Researchers at Seguranca Informatica observed the Javali trojan utilising a legitimate Avira antivirus PE file as an injector to carry out DLL side-loading. The malicious DLL, which impersonates a legitimate Avira one, is packed and enlarged with junk, a common technique with Latin American trojans to evade detection. The malware is spread via phishing emails and its main functions include the theft of banking information and other personal information.
Government Anomali researchers discovered a campaign which they state is very likely attributable to the Iranian group Static Kitten. The operation involves targeting government agencies in the United Arab Emirates and likely similar targets throughout the Middle East. The attacks begin with a phishing email containing a snippet of a lure document which directs the target to download a ZIP file. The file hosted by Onehub, contains a ScreenConnect tool, which has been customised to target domains belonging to Ministries of Foreign Affairs. The tool can be used to take screenshots and video, acquire remote control and view internet connected devices, and maintain a persistent connection.
Critical Infrastructure Bloomberg reporters alleged that Chinese actors exploited the US microchip manufacturer Super Micro Computer Inc to spy on various entities in the US and in other countries. The reporters believe that the exploitation relied on modified hardware supplied to the manufacturer from its plant in China. Bloomberg stated that the vendor was associated with the 2010 Pentagon hack which was made possible using code hidden in the affected machines’ basic input-output system. Super Micro stated that they were unable to verify Intel’s report but took steps out of an abundance of caution. Super Micro strongly refuted the other portions of Bloomberg’s story, stating that the report ‘draws farfetched conclusions’. The Chinese Foregin Ministry also rejected the report.
Healthcare According to committee member Ha Tae-keung, South Korea’s National Intelligence Service informed the National Assembly’s intelligence committee that North Korea attempted to hack into the servers of Pfizer. Details on when the attack occurred and whether it was successful were not provided. Ha told reporters that the cyberattack was directed at stealing COVID-19 vaccine and treatment technology.
Cryptocurrency Palo Alto Networks Unit 42 researchers discovered a Monero cryptojacker, dubbed WatchDog, that has been targeting users since January 27th, 2019, and collected at least 209 Monero (approximately $32,056). At least 476 compromised systems, mainly Windows and NIX cloud instances, were performing mining operations at any one time. The researchers warned that, although no additional cloud compromising activity has been observed at present, the threat actors could likely find IAM-related information on the already compromised systems.

News and information concerning each mentioned industry over the last week.

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Silobreaker
This website uses cookies.
See our privacy policy at www.silobreaker.com/legal