Threat Reports / Weekly Threat Reports

Threat Summary: 14 – 20 February 2020

14 – 20 February 2020

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Trending Vulnerable Products

Open Source
Name Heat 7d
Voatz

IOTA Cryptocurrency

SuiteCRM

Node.js

Adobe Acrobat
Deep & Dark Web
Name Heat 7d
SN1PER

WPScan

Magento

Tails OS

sqlmap

The tables show the products which have been mentioned more than usual during the last week in connection with vulnerabilities.

Data Leaks & Breaches
Company Information Affected
Computer Facilities Pty Ltd (South Africa) Nedbank Group is investigating a security incident at its third-party provider Computer Facilities Pty Ltd that potentially compromised personal information of its clients. Potentially compromised data includes names, ID numbers, telephone numbers, physical addresses, and/or email addresses. According to Nedbank, no client bank accounts were compromised, nor have any clients suffered any financial loss. 1,700,000
Rutter’s (US) Rutter’s revealed that 71 locations were infected by point-of-sale (POS) malware. Evidence that certain fuel pumps and in-store transaction systems had been compromised was discovered on January 14th, 2020. The malware sought to exfiltrate cardholders’ names, card numbers, expiration dates, and internal verification codes. The first location compromised by POS malware may have been infected as early as August 30th, 2018. Rutter’s stated that the general timeframe of the attack occurred between October 1st, 2018 to May 29th, 2019. Unknown
Institute of International Education (US) Security researcher Bob Diachenko discovered a database belonging to the Institute of International Education that was accessible without a password. The database itself did not contain any documents, but logs and links to private student documents stored elsewhere were present. The links included ones to passport scans, application forms, visas, emails, and more. Unknown
PhotoSquared App (US) vpnMentor researchers discovered an unsecured database belonging to PhotoSquared, containing 100,000 customer entries. The exposed entries included user photos for editing and printing, PDF order records and receipts, USPS shipping labels for delivery, users’ full names, home/delivery addresses, and order values in USD. 100,000
Wake County (US) A phishing attack against a former administrator resulted in the personal data of nearly 1,900 Wake County employees being exposed. The breach occurred between July 19th and December 31st, 2019. Exposed data included names, dates of service and partial Social Security numbers. In some cases, names, addresses, and full Social Security numbers were exposed. 1,900
NextMotion (France) Researchers at vpnMentor discovered an exposed Amazon Web Services S3 bucket database that belonged to plastic surgery technology company NextMotion. The database contained over 900,000 individual files. The exposed information included images and videos of patients, paperwork relating to plastic surgery, invoices for treatments, and more. Access to the database was restricted on February 2nd, 2020. Unknown
Lunds & Byerlys (US) One self-checkout terminal at each Lunds & Byerlys store in Woodbury, Eagan, Northeast Minneapolis and St Louis Park was found to contain a credit card skimmer. According to an investigation, no chip reader was present on the skimmers. The company believes the impact on customers is limited to 10 transactions in the Northeast Minneapolis location between January 30th and February 5th, 2020. No swipe transactions took place at the other three locations. 10
Canadian federal departments and agencies The Canadian government released information on a range of data breaches affecting Canadians over the last two years. Most data breaches occurred at the Canada Revenue Agency and affected close to 60,000 individuals between January 2018 and December 2019. Health Canada reported 122 breaches impacting close to 24,000 individuals, while a breach at the Canadian Broadcasting Corporation affected 20,000 employees. Other breaches were reported by Employment and Social Development Canada, Immigration, Refugees and Citizenship Canada, the Canadian Security Intelligence Service, the Correctional Service of Canada, Department of National Defence, and others. >144,000
Idaho Central Credit Union (US) The Idaho Central Credit Union (ICCU) informed affected customers of a data breach that was first discovered on November 5th, 2019, after the ICCU noticed suspicious activity related to a third-party mortgage portal. Exposed data included names, dates of birth, Social Security numbers, financial account information, tax identification numbers, and more. A second data breach was discovered in December 2019, when unusual activity related to an employee’s email account was observed. Unknown
VM Wealth (Jamaica) On February 13th, 2020, a member of VM Wealth accidentally sent out an email containing personal information of clients, such as names, addresses, email addresses, tax registration numbers and, for some clients, Jamaica Central Securities Depository numbers. No financial data was present in the email. Unknown
FairBridge Inn & Suites (US) Security researcher Jeremiah Fowler discovered an open and publicly accessible database belonging to FairBridge Inn & Suites that contained about 8.1 million records. The majority of exposed data were records of Nginx logs. Other data included customer emails, reservation numbers, customer IP and location data, employee IDs and more, as well as IP addresses, ports, pathways, and storage information. 150,000
PSL Services (US) An unauthorised individual may have accessed personal data present in a number of employee email accounts of the Maine-based non-profit PSL Services. The breach lasted from December 16th until December 19th, 2019. Potentially accessed data includes names, addresses, dates of birth, Social Security numbers, driver’s license numbers, medical information and identifying numbers for individuals part of the Medicaid programme MaineCare. Unknown
MGM Resorts (US) The database, which was disovered by Under The Breach, contained the personal details of MGM hotel guests including that of celebrities, tech CEOs, reporters, government officials, and others.MGM Resorts stated that the data came from a security incident involving unauthorised access to one of its cloud servers in the summer of 2019, of which affected customers were reportedly informed. Leaked data includes full names, home addresses, phone numbers, emails, and dates of birth. 10,683,188
Community Care Physicians (US) The New York-based medical practice is informing its patients of a data breach that took place in December 2019. Potentially accessed data includes first and last names, medical record numbers, dates of birth, CPT codes, and insurance descriptions. No medical records or Social Security numbers were affected. Unknown
Public Services and Procurement Canada Public Services and Procurement Canada accidentally sent a report containing the private details of 69,087 Canadian government employees to over 161 chief financial officers and 62 HR heads in 62 departments. The affected individuals are employees that had been overpaid or underpaid via the Phoenix payroll system. 69,087
MyEyeDr (US) MyEyeDr Optometry of Colorado was targeted in a ransomware attack in October 2019. An investigation into the incident determined that patients who received care between December 1st and 10th, 2019 may have been affected. Potentially exposed data includes names, dates of birth, diagnoses, clinical information and treatment information. 1,475

This table shows a selection of leaks and breaches reported this week.

Attack Types Mentions in Critical Infrastructure

This chart shows the trending Attack Types related to Critical Infrastructure over the last week.

Weekly Industry View
Industry Information
Banking Researchers at Lookout observed a phishing campaign, which has been operational since June 2019, targeting customers of TD, BNC, Chase, RBC, and many other US and Canadian banks. The attack is directed against mobile users and is primarily disseminated through SMS messages. The attack, which utilises an automated SMS tool, redirects the target to a convincing copy of a bank login page. The campaign, which has been taken offline, used more than 200 phishing pages in an attempt to gain users’ login details and credentials.
Critical Infrastructure ClearSky researchers discovered a campaign, dubbed ‘Fox Kitten’, that has been targeting companies and organisations in the IT, telecommunications, oil and gas, aviation, government, and security sectors in the last three years. The researchers believe this campaign to be one of Iran’s ‘most continuous and comprehensive campaigns revealed until now.’ The aim of the campaign is to gain control and access targeted networks, as well as spread and activate malware, such as ZeroCleare and Dustman. The threat actors mostly exploited 1-day vulnerabilities in VPN services to gain a foothold in an organisation’s infrastructure. An overlap between this campaign’s infrastructure and the activity of APT34, APT33, and APT39, was found, with the researchers assessing with medium-high probability that APT34 and APT33 share the same attack infrastructures.
Government On February 16th, 2020, the Israeli military reported that dozens of soldiers had their phones hacked by Hamas militants posing as women on social media. Similar attacks directed against Israeli soldiers have been reported in the past, however, this most recent campaign is described as the most sophisticated to date. The operatives, tracked by Check Point as APT-C-23, posed as recent immigrants and communicated with the soldiers via social media. The attackers then convinced their targets to download either the Catch&See, ZatuApp or GrixyApp application. The applications, which contained MRAT, had been created by the attackers. Each application also had a corresponding website in order to appear legitimate. MRAT is capable of collecting data on the target’s device. The malware can also ‘expand its code via received commands’. Israeli military spokesman Lieutenant Colonel Jonathan Conricus stated that the campaign was detected at an early stage.
Healthcare The World Health Organization (WHO) issued a communication warning that criminals are posing as the WHO in an effort to steal money and sensitive information. The criminals have been using emails, websites, phone calls, text messages, and fax messages for their scams. At present, a phishing campaign taking advantage of the 2019-nCov emergency is targeting individuals, asking for sensitive information and encouraging users to click on malicious links or open malicious attachments.
Cryptocurrency On February 12th, 2020, IOTA Foundation was targeted in an attack in which hackers exploited a vulnerability in the IOTA wallet app Trinity to steal user funds. In response, the non-profit shut down ‘Coordinator,’ a node used for the final approval of any IOTA currency transaction. This inadvertently shut down the entire IOTA cryptocurrency. At least 10 ‘high-value’ IOTA accounts were targeted using the Trinity exploit to steal funds. Open-source estimates put the value of stolen funds at $1.6 million in IOTA coins.

News and information concerning each mentioned industry over the last week.

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.
The Silobreaker Team

More News

  • COVID-19 Alert – 05 June 2020

    Silobreaker's Daily COVID-19 Alert for 05 June 2020
  • Cyber Alert – 05 June 2020

    Cyber Alert: troyhunt - RT @haveibeenpwned: New breach: Indian self-drive car rental company Zoomcar was breached in 2018 and had 3.5M records exposed then...
  • Threat Summary: 29 May – 04 June 2020

    29 May – 04 June 2020 Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are...
View all News

Request a demo

Get in touch