18 – 24 September 2020

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Trending Vulnerable Products

Open Source
Name Heat 7
WeChat
Windows Server
IBM Data Risk Manager
Google Chrome Browser
Apple iOS 14
Deep & Dark Web
Name Heat 7
Microsoft Internet Explorer 11
Metasploit
NetCat
VirtualAlloc
Mimikatz

The tables show the products which have been mentioned more than usual during the last week in connection with vulnerabilities.

Data Leaks & Breaches

Leaks & Breaches
Company Information Affected
College of Nurses of Ontario (Canada) The organisation disclosed a ransomware attack first discovered on September 8th, 2020. Unspecified ransomware operators uploaded screenshots revealing data allegedly stolen from the college. Data leaked by the hackers includes complaints and lawsuits by nurses with their full names, home addresses and phone numbers. 195,000
Nonin Medical (US) The operators of Pysa ransomware claim to have stolen data belonging to the medical device manufacturer. Screenshots shared by the hackers indicate this may include tax files, budget calculations, formations, current settlements, and more. Unknown
University of Missouri Health Care (US) An unauthorised individual or group gained access to some employee email accounts between May 4th and May 6th, 2020, potentially exposing patient data. This may have included names, dates of birth, medical record or patient numbers, and more. In some cases, Social Security numbers may also have been exposed. 5,074
IPG Photonics (US) The laser company has been struck by a ransomware attack that led to the shutdown of the its IT systems worldwide. A ransom note seen by BleepingComputer appears to show that RansomExx ransomware operatives are behind the attack. The note claims that the attackers have exfiltrated data from ‘TFS repositories and something else.’ Unknown
Belarusian Police On September 19th, 2020, unidentified hackers leaked a Google spreadsheet containing the personal information of Belarusian police officers. The leaked sheet contained names, dates of birth, departments and job titles of each of the officers. 1,003
Microsoft (US) On September 12th, 2020, researchers at WizCase discovered an unsecured database exposing Microsoft Bing app data. The server was found to have been password protected until the first week of September. A total of 6.5TB was exposed, with the database growing by about 200GB per day. Exposed data included users’ search terms, location coordinates, exact times of their search, Firebase Notification Tokens, and more. The server was twice targeted in Meow bot attacks in mid-September. Unknown
Montefiore Medical CenterUS (US) The medical centre terminated an employee after discovering they had stolen roughly 4,000 patient records between January 2017 and July 2020. Potentially stolen data includes patient addresses, dates of birth and Social Security numbers. At present, no evidence was found to suggest the data has been used for identity theft. An investigation is ongoing. Unknown
University of Tasmania (Australia) The university disclosed a data breach that was caused by a misconfiguration of its security settings on shared files. Personally identifiable information of its students was visible and accessible to unauthorised individuals after it was sent to all users with a university email address. 19,900
ArbiterSports (US) The software provider disclosed that ransomware attackers had stolen a copy of its backups in July 2020. The stolen backup included data from ArbiterGame, ArbiterOne and ArbiterWorks and contained sensitive information of its users. This includes account usernames, passwords, real names, addresses, dates of birth, email addresses and Social Security numbers. ~540,000
Sixth Form Bolton (UK) The Bolton college stated that a cyberattack, believed to have involved ransomware, resulted in data being exfiltrated. Unknown
Virgin Mobile KSA (Saudi Arabia) The company suffered a cyberattack resulting in the exposure of company data. Unspecified actors reportedly attempted to sell the stolen data on the dark web. The leaked data includes recent employee emails, account manager performance reports, more than 1,000 accounts with employee usernames, email addresses, password change logs, reports of new customer activations, and more. >1,000
Midwest Property Management (Canada) Security researcher Jeremiah Fowler discovered a publicly accessible database belonging to the Alberta residential rental property holder. A total of 1.2 million records were exposed, all of which lacked encryption. Exposed data included client, tenant and visitors’ names, emails, addresses, phone numbers, and more. Unknown
State of Uttar Pradesh (India) Researchers at vpnMentor discovered vulnerabilities in the Covid-19 platform used by the Indian state. The code for the surveillance platform, as well as admin dashboard login credentials in plain text, were found in an unsecured git repository. Additionally, a directory listing of CSV files with the details of over 8 million individuals who were tested for Covid-19 in UP were accessible without authentication via an exposed web index. The exposed personal data included full names, ages, gender, home addresses, phone numbers and medical information. >8,000,000
Shopify (Canada) The e-commerce platform suffered a data breach carried out by two ‘rogue’ employees who allegedly obtained some customer transaction records without authorisation. The customer data of fewer than 200 vendors may have been exposed, including names, email and physical addresses and order details. No financial information was compromised during the incident. Unknown
Town Sports International (US) The fitness chain’s unsecured Amazon S3 bucket contained 600,000 records of members and employees. The exposed information includes full names, addresses, phone numbers, email addresses, last four digits of credit cards, credit card expiration dates, and billing histories. The database was initially seen in the wild on November 30th, 2019. It was secured on September 22nd, 2020. Unknown
Skyline Exhibitions (US) According to the ‘Information Leaks’ Telegram channel, sensitive data allegedly belonging to the US trade show organiser Skyline was published by LockBit ransomware operators. The leak contains 182,719 files which purportedly include passport scans and bank account forms of US residents. It is unclear if the data belonged to the victim’s employees or trade visitors. Unknown

Attack Types Mentions in Banking

Industry View

This chart shows the trending Attack Types related to Banking over the last week.

Weekly Industry View

Industry View
Industry Information
Government In August 2020, Qi’anxin Red Raindrops and QuoIntelligence identified Russian hacking group APT28 targeting government bodies with fake NATO training documents that deliver a strand of Zebrocy malware. QuoIntelligence informed BleepingComputer that they assessed with medium to high confidence that the attack targeted Azerbaijan, other countries cooperating with NATO exercises, and NATO members.
Technology The US-based software development and technology company Tyler Technologies began to suffer website issues on September 23rd, 2020. An email sent from the company’s CIO Matt Bieri and seen by BleepingComputer stated that it was investigating an issue ‘involving unauthorized access to our internal phone and information technology systems by an unknown third party.’ The email also revealed that the attack had prompted the company to shut down points of access to its external systems. Bieri asserted that the incident was limited to the company’s local network. Anonymous cybersecurity sources familiar with the incident informed BleepingComputer that the company, which also provides services to local governments in the US, had been hit with RansomExx ransomware.
Retail, Hospitality & Tourism On the evening of September 18th, 2020, users began to report that the websites for companies owned by Luxottica, including Ray-Ban, Sunglass Hut, LensCrafters, EyeMed, and Pearle Vision, were not functioning properly. Portions of Luxottica’s site also displayed maintenance messages. The company has since confirmed it was targeted in a ransomware attack. Luxottica’s information security manager, confirming the incident via LinkedIn, asserted that consumer information was not stolen during the attack.
Healthcare A reported DoppelPaymer ransomware attack against Duesseldorf University Clinic’s systems disrupted access to its data for a week, resulting in emergency patients having to be transported elsewhere and operations being postponed. A woman in life-threatening condition subsequently died as she had to be transferred to a hospital 20 miles away. An investigation against the ransomware attackers on suspicion of negligent manslaughter has been launched by prosecutors. According to a report by the North Rhine-Westphalia state’s justice minister, the ransom note involved was addressed to the Heinrich Heine University, and not the hospital itself. Duesseldorf police informed the attackers of this, after which they withdrew their extortion attempt and provided the hospital with the decryption key.
Law On September 19th, 2020, unidentified hackers leaked a Google spreadsheet containing the personal information of 1,003 Belarusian police officers. The leaked sheet contained names, dates of birth, departments and job titles of each of the officers. The majority of affected individuals are high-ranking officers, such as lieutenants, majors, and captains. The spreadsheet was sent to the Belarusian news agency Nexta, who published an unredacted copy on its Telegram channel. Nexta also stated it would publish data ‘on a massive scale’ if the government continues the detentions of protesters.The leak was confirmed in a statement on the Belarusian Ministry of Internal Affairs website. Several Twitter users have alleged that the Ministry website was subsequently successfully targeted in a distributed denial-of-service attack.

News and information concerning each mentioned industry over the last week.

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Silobreaker
This website uses cookies.
See our privacy policy at www.silobreaker.com/legal