29 October 2020

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Trending Vulnerable Products

Open Source
Name Heat 7
macOS Catalina
Apple watchOS
Apple iOS 13
Apple iOS 12
Apple iPadOS
Deep & Dark Web
Name Heat 7
NVIDIA GeForce Now
XAMPP Control Panel
Exim (MTA)
Windows NT
Cisco AnyConnect

The tables show the products which have been mentioned more than usual during the last week in connection with vulnerabilities.

Data Leaks & Breaches

Leaks & Breaches
Company Information Affected
Shionogi & Co (Taiwan) The Taiwanese subsidiary of the Japanese pharmaceutical company Shionogi & Co was targeted in a cyberattack in mid-October 2020, resulting in a data breach. The attacker leaked medical equipment import licenses and employee resident permits on the dark web, threatening to release more data if a ransom is not paid.   Unknown
Scalable Capital (Germany) Digital wealth manager Scalable Capital suffered a data breach caused by ‘unlawful access’. The affected data includes a subset of documents containing personal and contact details, investment account information, and tax data.   Unknown
Australian embassy The Australian embassy in Paris exposed the contact details of 15 Australian citizens in the CC section of an email sent to Australians in France who are attempting to return back to Australia. 15
Japan Post Co   An employee accidently attached a file containing the personal information of employees at 2,750 companies to an email sent to 32 other partner companies. The attached file contained the names and telephone numbers of employees, as well as bank account numbers of the firms. The recipients have been asked to delete the file. Unknown
WedMeGood (India) Cyble researchers discovered a data leak attributed to the Indian wedding planning site WedMeGood containing the data of 1.34 million users. The 500MB file contained email IDs, hashed passwords, phone numbers, activity details, and other information.   Unknown
Walled Lake Consolidate Schools district (US) Doppelpaymer ransomware operators added Walled Lake Consolidate Schools district to their data leak site following an attack that occurred in mid-October 2020. The threat actors have leaked two files containing names of students in certain programs, and absentee lists. Unknown
Fragomen, Del Rey, Bernsen & Loewy LLP (US) The firm discovered that an unauthorised third party gained access to a file containing personal data relating to I-9 employment verification services for some Google employees. A Form I-9 includes an employee’s full name, mailing address, date of birth, email address, Social Security number, passport numbers, and other immigration identifiers.   Unknown
Nitro Software (US) According to the company, an unauthorised third party gained limited access to one of its databases, which reportedly did not contain any user or customer documents. Cyble observed a threat actor selling files supposedly stolen from Nitro Software. This includes a user database, reportedly containing 70 million user records, including email addresses, full names, bcrypt hashed passwords, titles, company names, IP addresses, and other system-related data.     Unknown
Guilford Technical Community College (US) Data belonging to the North Carolina-based college, which was hit with DoppelPaymer ransomware on September 13th, 2020, has been shared online by the ransomware operators. One of the leaked files contains the names, dates of birth, Social Security numbers, postal addresses, phone numbers, and email addresses of 43,000 students. 43,000  
Nando’s (UK) Multiple customers of Nando’s reported that their accounts had been compromised and used to place high-value orders. Some of the victims, who also had phone numbers linked to their accounts altered, asserted that their payment details were not stored in their accounts. Nando’s acknowledged that some customer accounts had been breached, however, the company attributed the issue to credential stuffing rather than a breach of their systems. Unknown
Amazon (US) Several Amazon employees were fired for supplying customer email addresses to an unspecified third party. Affected users received emails notifying them of the breach. It is unclear how many individuals were affected by the incident.   Unknown
Enel group (Italy) On October 19th, 2020, BleepingComputer saw a Netwalker ransomware note linked to an attack on Enel Group. In the following days, the Netwalker operators added Enel Group to their support chat, and then their data leak site. The attackers claim to have stolen 5TB of data and are threatening to publish it unless they are paid $14 million in Bitcoin.   Unknown
Gunnebo Security Group (Sweden) Swedish newspaper Dagens Nyheter reported that data was stolen from the Gunnebo Security Group in August 2020. The attackers reportedly acquired 19 GB of information and roughly 38,000 files, which have since been leaked online. The stolen information contains security arrangements for the Swedish parliament, plans for a new office for the Swedish Tax Agency, and security details and layouts of banks in Germany and Sweden.   Unknown
Mount Diablo Unified District (US) Mount Diablo Unified District informed parents of a data breach that occurred on September 14th, 2020. Users of the SchoolMessenger mobile application were able to view a list of about 30 unique names, emails, and phone numbers not associated with their family. According to Intrado, the company behind the app, the breach was due to a coding error.  Unknown
City of Port Phillip (Australia) The City of Port Phillip Council accidentally leaked private user information on an Australian government data website. The leaked data included names, phone numbers and email addresses for individuals who have reported graffiti defacement to the council. The leaked reports included details of the defaced locations, which may be associated with the locations of the individuals who submitted the reports.   Unknown
Imperial Valley College (US) Imperial Valley College informed campus community members that the ransomware attack against the college on August 6th, 2020, resulted in unauthorised access to the personal information of some members. It is unclear what data was accessed and how many individuals were affected by the breach. Unknown
CHIRP Community Health (Australia) On September 18th, 2020, the healthcare organisation discovered that an unauthorised individual gained access to its IT system. An investigation into the incident revealed that the attacker viewed historical client registration information dating from 2005 to 2014. No evidence was found to suggest that any of the data was removed. Unknown
Four Winds Hospital (US) The Four Winds Hospital in Katonah was targeted in a ransomware attack on September 1st, 2020, which may have resulted in patient data at the Four Winds-Saratoga and Four Winds-Westchester having been accessed. Unknown
Home Depot (Canada) Several Home Depot Canada customers reported having received over 600 emails ‘order ready for pickup’ reminder emails and shipment-related notifications, with each referring to a different order not related to the customer’s account. The emails exposed a range of personal information, including customer names, home addresses, order numbers, ordered items, and partial payment card information.   Unknown
True (US) Security researcher Mossab Hussein discovered a dashboard of one of the app’s databases exposed online without password protection. The database, which appears to have been exposed since at least early September 2020, has since been removed by True. Exposed data included daily server logs dating back to February 2020, which had the user’s registered email address or phone number, the contents of private posts and messages between users, and the user’s last known geolocation   Unknown
Hanover Chamber of Crafts (Germany) The Hanover Chamber of Crafts disclosed that all four of its locations, and its subsidiary Projekt- und Servicegesellschaft, were hit with Sodinokini ransomware. The Chamber of Crafts revealed that employee data, exchanges with members, and more, may have been impacted.   Unknown
Maruti Suzuki (India) Security researcher Sami Toivonen discovered a publicly accessible Microsoft Azure Blob dataset belonging to Maruti Suzuki, an India-based Suzuki Motor Corporation subsidiary. The dataset contained the details of 20,445 investors and 89 international investors. The records included full names, addresses, Aadhaar numbers, PAN-numbers, and more.   20,534  

Malware mentions in Healthcare

Time Series

This chart shows the trending Malware related to Healthcare over the last week.

Weekly Industry View

Industry View
Industry Information
Government Microsoft warned that the Iranian Phosphorus group targeted over 100 high-profile individuals by posing as conference organisers. The phishing campaign targeted potential attendees of the Think 20 Summit in Saudi Arabia and the Munich Security Conference. The emails, which appeared legitimate, offered recipients remote conference sessions. The targets included government officials, academics, and policy experts, who were directed to phishing pages, and asked to enter their email credentials. Microsoft stated that the campaign appears to be focused on intelligence collection. The threat actors’ efforts successfully compromised some victims, including senior policy experts and a former ambassador. 
Education  Sophos reported that the Silent Librarian APT group attempted to infect the University of British Columbia (UBC) with ransomware by sending phishing emails to staff. The message linked to a fake COVID-19 survey hosted on Box and DropBox. The document contained a malicious macro, the ultimate purpose of which was to download Vaggen ransomware onto the target’s device. The researchers found that files could be recovered free of charge. The researchers reported their findings to UBC, who stated it was already aware of the incident and had managed to prevent any successful attacks. 
Retail & Hospitality  An anonymous source informed BleepingComputer that Boyne Resorts, which operates skiing and golfing resorts in North America, has been impacted by a WastedLocker ransomware incident. A further anonymous employee informed the publication that the incident impacted the company’s corporate office and subsequently spread to the resorts’ IT systems. To prevent the spread of the ransomware, the company reportedly shut down portions of its network. 
Healthcare   The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) warned of an ‘increased and imminent’ cyber threat to the Healthcare and Public Health (HPH) sector. The agencies stated that threat actors are using Trickbot malware against the HPH sector. Post-compromise activities often involve deploying Ryuk ransomware on the target’s system. Researchers at FireEye also warned that they had seen Ryuk operators, tracked as UNC1878, deploying the ransomware following compromise carried out by campaigns that distribute other malware, such as KEGTAP and SINGLEMALT, or WINEKEY. These malware are linked to BazarLoader and BazarBackdoor, which are thought to be developed by Trickbot operators. KrebsOnSecurity was informed by Alex Hold of Hold Security, that cybercriminals affiliated with Ryuk had been discussing plans to deploy ransomware against over 400 healthcare facilities in the US. 
Cryptocurrency   On October 26th, 2020, a hacker stole approximately $24 million worth of cryptocurrency from Harvest Finance. The decentralized finance service disclosed that the ‘attacker exploited an arbitrage and impermanent loss that influences the value of individual assets inside the Y pool of Curve[.]fi’. The company went on to state that the issue was caused by an engineering error. The hacker, who returned $2.5 million for an unknown reason, has reportedly been identified according to a Discord posting by Harvest Finance. 

News and information concerning each mentioned industry over the last week.

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Silobreaker
This website uses cookies.
See our privacy policy at www.silobreaker.com/legal