19 – 25 June 2020

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Trending Vulnerable Products

Open Source
Name Heat 7d
Mattermost

Snapdragon Mobile

Microsoft IIS

BitDefender Internet Security

Sony PlayStation 4
Deep & Dark Web
Name Heat 7d
Netsparker

Rapid7 AppSpider

HP WebInspect

Cobalt Strike

L0phtCrack

The tables show the products which have been mentioned more than usual during the last week in connection with vulnerabilities.

Data Leaks & Breaches
Company Information Affected
Cebu Normal University (Philippines) The subdomains of the university’s Library and Journal for Higher Education (JHE) were hacked on June 17th, 2020. Compromised JHE data includes names, email addresses, and list of countries. The incident follows recent cyberattacks against two other Philippine universities. Unknown
Crozer-Keystone Health System (US) The Philadelphia-based health care provider confirmed a malware attack on its computer systems. for which the operators of Netwalker ransomware claimed responsibility. The group published screenshots of data belonging to the company on their website and are threatening to publish the stolen information in six days if no ransom is paid. Unknown
Netsential (US) On June 19th, 2020, Distributed Denial of Secrets leaked almost 270GB of data in a collection dubbed ‘BlueLeaks.’ It is said to include data from over 200 police departments, fusion centers, and other law enforcement training and support resources. Exposed data includes names, email addresses, phone numbers, PDF documents, images, as well as text, video CSV and ZIP files. Netsential confirmed that a threat actor likely gained access via a compromised customer user account and introduced malicious content on the web platform’s upload feature. Unknown
Unknown (Indonesia) Researchers at Cyble reported that they identified a credible dark web marketplace user selling a database which contained over 230,000 coronavirus patient records. The exposed data includes names, addresses, diagnosis dates, results, and more. The Indonesian government denied that there has been a breach of COVID-19 test data. An investigation is ongoing. 230,000
BlueKai (US) Security researcher Anurag Sen discovered a database belonging to Oracle’s BlueKai that contained billions of records of web tracking data, with some logs dating back to August 2019. This includes names, home addresses, email addresses, and other personally identifiable information, as well as browsing activity. An Oracle spokesperson confirmed they had been made aware of the leak, stating that an investigation revealed misconfigurations at two unnamed companies. Unknown
Mid-Michigan College (US) The college disclosed that ten employees had their email accounts compromised by a hacker. The incident may have compromised the data of up to 16,000 individuals. 16,000
North Shore Pain Management (US) The operators of Ako ransomware published data belonging to the practice on their site in May 2020. At the time, North Shore Pain Management did not make a statement regarding the breach. The practice has since issued a data breach notification. The notification does not mention whether ransomware was involved, nor that the compromised data has been leaked online. 14,472
Indiabulls Group (India) On June 22nd, 2020, CLOP ransomware attackers posted screenshots of files which they claim to have stolen from Indiabulls Group. They uploaded screenshots of a voucher, a letter, and four spreadsheets and instructed the company to contact them within 24 hours. Indiabulls Group confirmed it had been the target of a cyberattack on June 22nd, 2020, stating that no sensitive data was leaked in the incident. Unknown
jobstreet.com (Malaysia) Cyble Inc discovered a database belonging to jobstreet.com that was leaked by a credible actor on a dark web forum. The database contains 42,242 Singapore user records from a 2012 data breach. This includes dates of birth, email addresses, gender, geographic location, government-issued IDs, names, and more. 42,242
BigWorld Technology (Australia) Cybernews researchers discovered a database with over 1.2 million user records from the Stalker Online game, as well as a database of over 136,000 user records from Stalker Online forums being sold separately on dark web forums. The databases contain usernames, passwords, email addresses, phone numbers, and IP addresses. Unknown
Florida Orthopedic Institute (US) The institute informed the California Attorney General’s Office of a ransomware attack that was discovered on April 9th, 2020. A template notification states that patient data may have been accessed during the attack, including names, dates of birth, Social Security numbers, medical information, and more. Unknown
Twitter Inc (US) The company stated that the billing information viewed on its ads and analytic services domains may have been cached by web browsers. Twitter explained that users on a shared computer may have been able to see the data in the browser’s cache. The exposed data includes phone numbers, billing addresses, the last four digits of payment card numbers, and email addresses. The issue was fixed on May 20th, 2020. Unknown
CHI St. Luke’s Health-Memorial Lufkin (US) On April 23rd, 2020, the hospital discovered that two employee email accounts containing patient information may have been accessed by an unauthorised third party. Potentially exposed data includes patient names, diagnosis, dates of service and facility account number. Unknown
Telegram A database containing nearly 900MB of Telegram user data was found on a dark web forum. The database includes phone numbers linked to millions of Telegram accounts, identified by nicknames, as well as unique user IDs. The source of the leak remains unclear but the data was confirmed to have been collected using the Telegram contact import function. ~40,000,000
American Medical Technologies (US) The California-based organisation stated it had suffered a cyberattack in December 2019 that resulted in a data breach affecting 47,767 individuals. Personal information potentially compromised in the incident includes patient names, Social Security numbers, medical record numbers, and more. 47,767
Frost & Sullivan (US) On June 22nd, 2020, KelvinSecurity Team advertised data belonging to the consulting firm on a hacker forum, claiming that the data includes 6,000 customer records and 6,146 records for companies. The group stated that they did not plan on selling the data but sought instead to gain Frost & Sullivan’s attention. Beenu Arora of Cyble stated that the breach was caused by a ‘misconfigured backup directory on one of Frost and Sullivan public-facing servers.’ which has since been secured. Unknown
Choice Health Management Services (US) The company discovered suspicious activity on certain employee email accounts in late 2019. An unauthorised individual may have accessed emails or attachments that contained personal health information. Choice Health Management Services stated that no evidence of actual misuse of data was found. Unknown

This table shows a selection of leaks and breaches reported this week.

Attack Types Mentions in Banking

This chart shows the trending Attack Types related to Banking over the last week.

Weekly Industry View
Industry Information
Banking & Finance IBM Security Intelligence researchers found evidence that Ginp banking malware may be shifting towards targeting Turkey in the near future. The Android malware has previously primarily targeted Spanish banks. Ginp was also seen evolving, adding new features such as fake SMS push notifications, blocking all push notifications from legitimate apps, RAT capabilities or an injections locker.
Government Australia’s Prime Minister Scott Morrison stated that government, public services and businesses are being hit by ongoing cyberattacks carried out by a ‘state-based’ actor. No large-scale breaches of personal data are believed to have taken place. Senior sources speaking to ABC confirmed that China is believed to be behind these attacks. Morrison stated the government is not making ‘any public attribution.’
Technology Microsoft reported that they had seen an increase in attackers attempting to exploit remote code execution vulnerabilities affecting the Internet Information Service component of Exchange servers. An example of one of these issues is CVE-2020-0688, which has been patched for several months, but continues to be targeted by threat actors. Despite seeing a rise in these attacks, the more common method to compromise Exchange servers continues to be via social engineering or drive-by-download attacks that target endpoints.
Retail, Hospitality & Tourism Following an initial ransomware attack on June 8th, 2020, Lion Australia informed its employees on June 18th, 2020, that the company was impacted by a second incident. iTWire reported that the first incident is tied to REvil ransomware, with the threat actors allegedly demanding $800,000 to decrypt files. A spokesperson for the company confirmed that they had been hit by ransomware in the first incident but chose not to comment on the second incident.
Healthcare ESET researchers analysed a new ransomware, dubbed CryCryptor, that is targeting Android users by purporting to be the official COVID-19 tracing app ‘COVID Alert’ by Health Canada. The ransomware is based on open source code found on GitHub for a ransomware called CryDroid. The developers of this open source ransomware assert their project to have research purposes, a claim the ESET researchers dismiss. A bug in the malicious app allowed the researchers to create a decryption tool for the ransomware.

News and information concerning each mentioned industry over the last week.

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.
The Silobreaker Team
Silobreaker
This website uses cookies.
See our privacy policy at www.silobreaker.com/legal