21 January 2021

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Trending Vulnerable Products

Open Source
Name Heat 7
Dnsmasq
Snapdragon Mobile
Oracle E-Business Suite
Juniper Junos OS
Oracle MySQL
Deep & Dark Web
Name Heat 7
NVIDIA GeForce Now
BusyBox software
Windows 10
TikTok
Linux Mint

The tables show the products which have been mentioned more than usual during the last week in connection with vulnerabilities.

Data Leaks & Breaches

Leaks & Breaches
Company Information Affected
Scottish Environment Protection Agency (UK) The agency was targeted in a ransomware attack on December 24th, 2020. More than 1.2GB of the agency’s data, including information about employees, was stolen by Conti operators, and a number of systems remain badly affected. Unknown
3BB (Thailand) According to DataBreaches[.]net, the actor ALTDOS obtained the data of 3BB customers, and claims to have leaked 100,000 records. The actor alleges to have stolen customer emails, MD5-encrypted passwords, which have since been cracked, payment histories, as well as unspecified ‘card ID numbers’ and ‘details’ of ‘millions of customers.’ No payment card numbers were compromised. Unknown
Saskatchewan Province (Canada) The Saskatchewan privacy commissioner is investigating a data breach concerning an email sent from a third-party agency Aspira to customers of the province’s hunting, angling, and trapping licence system (HAL). On January 7th, 2020, Aspira incorrectly addressed about 33,000 emails, sending messages containing a customer name and HAL account identification number to unintended recipients. Unknown
Hendrick Health System (US) An investigation revealed that patient information may have been accessible between October 10th and November 9th, 2020. This includes names, Social Security numbers, demographic data, and more. Electronic health records were not impacted. Unknown
Taylor Made Diagnostics (US) UPS and Norfolk Southern are currently investigating a possible data breach after hackers began posting medical records of truck drivers and rail workers on a leak website. The leak appears to be in relation to a Conti ransomware attack. According to FreightWaves, over 3,000 files were leaked including health records from smaller trucking firms, US government agencies, and defense contractors, some of which are from December 2020. Exposed personal data includes full names, Social Security numbers and scans of driver’s licenses. Unknown
Wentworth Golf Club (UK) The Surrey-based club was targeted in a ransomware attack, resulting in a breach of the ClubHouse Online system and the exposure of the data of over 4,000 club members. The exposed details include names, genders, home and email addresses, landline numbers, and dates of birth. 4,000
Familyhan Credit Corp (Phillipines) The company has been ordered by the Philippines’ National Privacy Commission to stop processing the personal information of over 6,000 borrowers and take its master database offline after it was found to be leaking personal information.The database currently remains accessible online. Exposed data includes customer names, passport numbers, email addresses, and more. 6,000
OpenWrt The company reported that an administrator account for the OpenWrt forum was breached on January 16th, 2021. The attacker downloaded a list of forum user information that contained email addresses, handles, and statistical information. Unknown
Nohow International (UK)  CyberNews researchers discovered an unsecured Microsoft Azure blob owned by the UK staffing agency. The database contained passport scans, national IDs, birth certificates, tax returns and self-employment contracts for construction workers. 12,000
Squid Inc (US)  Researchers at vpnMentor reported that the now defunct ‘X-rated’ social app Fleek exposed the data of its users via a misconfigured AWS S3 bucket. The breach exposed roughly 377,000 files and primarily impacted individuals in the US. The entries in the bucket included account avatars and images uploaded by users that had been stored by the developers and placed in folders with offensive names. Unknown
Bangladesh Export Import Company Limited ALTDOS hackers contacted DataBreaches[.]net with claims that they had hacked the Bangladeshi conglomerate. The attackers asserted that they have ‘stolen hundreds of gigabytes of files, source coding and databases’. ALTDOS provided a sample of data to DataBreaches[.]net, which included a file with employee attendance records containing employee ID numbers, names, departments, and email addresses. Unknown
Nitro Software (Australia) A threat actor, claiming to be part of ShinyHunters, leaked a 14GB database containing 77,159,696 records for free on a hacker forum. The records include users’ email addresses, full names, bcrypt hashed passwords, titles, company names, IP addresses, and other system-related information. Unknown
Inmagine (Malaysia) ShinyHunters posted a database containing 1.9 million Pixlr user records for free on a hacker forum. The database is said to contain email addresses, login names, SHA-512 hashed passwords, a user’s country, newsletter subscription status, and other internal information.The threat actor claims to have stolen the data during a 2020 breach of the 123rf stock photo site, which is also owned by Inmagine. Unknown
Center for Alternative Sentencing and Employment Services (US) The New York-based center discovered that unauthorised third parties had access to a limited number of employee email accounts between July 6th and October 4th, 2020. Some client information was acquired by the third party, possibly including names, dates of birth, medical records, and, in limited instances, health insurance information, financial account information, Social Security numbers, and driver’s license numbers. Unknown
Salem Clinic (US) The clinic informed its patients that it was affected in the May 2019 data breach targeting service provider Metro Presort. The names, addresses and health identifications of its patients may have been compromised during the Ryuk ransomware attack. A further 3,172 patients of the Oregon Heart Center were also affected by the incident. 20,928

Attack Type mentions in Healthcare

Time Series

This chart shows the trending Attack Types related to Healthcare over the last week.

Weekly Industry View

Industry View
Industry Information
Government The Federal Bureau of Investigation (FBI) warned that the Iranian ‘Enemies of the People’ online operation is threatening and doxing US federal, state, and private sector officials, to ‘create fear, divisions, and mistrust in the United States and undermine public confidence in the US electoral process.’ The threat actors are utilising social media to promote their operation.
Retail According to the BBC, the social shopping app Depop has been targeted by scammers attempting to take over user accounts. Using the stolen accounts, attackers create fake listings to sell non-existing goods. Credential stuffing in combination with weak passwords were identified as the ‘greatest source of account takeover’ by Depop CEO Dominic Rose. According to Blueliv researchers, Depop accounts can be bought on the dark web for as little as $1.05 per account.
Healthcare The European Medicines Agency (EMA) reported that correspondence relating to the evaluation process for COVID-19 vaccines, which were stolen in a recent cyberattack and consequently leaked, had been manipulated by the attackers in such a way that could undermine trust in vaccines. The leaked information includes internal and confidential email correspondence dating back to November 2020.
Cryptocurrency  Intezer researchers observed a cryptojacking campaign leveraging exposed Docker API ports to gain initial access to Linux machines and install a Monero cryptominer. Currently 95 machines are believed to be compromised by the campaign, most of them with computing power amounting to a standard personal computer. The attacker uses SSH to establish a stable connection to the victim by adding their own SSH key to the host and editing the configuration of the SSH service. The attacker also places files in the ‘usr’ directory, possibly as a detection avoidance measure.
Technology Over the weekend beginning January 16th, 2021, members of the IObit forum began receiving emails which purported to offer them free IObit software but instead directed them to download DeroHE ransomware. The message contained a link to a now-defunct page hosted on IObit that directed to a ZIP file containing digitally signed files from the real IObit License Manager program. The attackers inserted a malicious DLL which installed and executed DeroHE ransomware. As of January 18th, 2021, IObit forums were promoting unwanted software through compromised subscription buttons, and also redirecting to adult sites.

News and information concerning each mentioned industry over the last week.

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Silobreaker
This website uses cookies.
See our privacy policy at www.silobreaker.com/legal