25 September – 01 October 2020

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Trending Vulnerable Products

Open Source
NameHeat 7
Cisco IOS XE
Cisco IOS
Cisco Catalyst
TensorFlow
cPanel
Deep & Dark Web
NameHeat 7
Instagram
Facebook
Google Android
Apple iOS
Minecraft

The tables show the products which have been mentioned more than usual during the last week in connection with vulnerabilities.

Data Leaks & Breaches

Leaks & Breaches
CompanyInformationAffected
Stark Summit Ambulance (US) An investigation revealed that several email accounts had been compromised, with six of them holding personal and protected health information. This may have included first or first initials and last names, Social Security numbers, driver’s license numbers, state ID numbers, passport numbers, credit or debit card numbers, medical information, and more. Unknown
Scouts Victoria (Australia) The organisation disclosed that it was targeted in a suspected phishing attack first identified in late July and early August 2020. Exposed data included names, phone numbers, email and residential addresses, bank and credit card information, passports and other personal identity documents, handwritten signatures, and more. 900
Xpertdoc (Canada) The document automation company was listed as a victim on the NetWalker ransomware operator’s blog. A September 2020 ransomware attack was confirmed by Xpertdoc CEO Richard Brossoit, stating that the damage was limited, and no confidential client information was exposed following payment of a ‘very low’ ransom. Unknown
Accreon (Canada) The cloud services provider was listed as a victim on the NetWalker ransomware operator’s blog. Accreon would not comment on its situation. Its ransom deadline purportedly expires on the first weekend of October. Unknown
Airbnb (US) Hosts reported that they were able to inadvertently access private inboxes of other hosts, allowing them to view people’s addresses, names, booking earnings, property views and other information, including property access codes. The issue did not impact guest accounts and has since been fixed. Unknown
Century Specialty Script (US) On or around July 28th, 2020, the pharmacy became aware of unauthorised access to an employee Office365 email account. This may have exposed some customer information, including names, dates of birth, address, contact information, prescription information and insurance information. Financial information and Social Security numbers were not affected. Unknown
Stone Refurb (UK) The IT equipment company suffered a data breach that affected customers’ financial information. Some customers have since claimed that fraudulent payments have been made using the stolen information. The company stated the breach was the result of ‘a compromise that occurred on an asset managed by a third party on which [their] website is hosted.’ Unknown
ShopBack (Singapore) The Straits Times reported that the e-commerce cashback platform suffered a data breach. Customers’ personal data was reportedly accessed, however, it is unclear what type of data was compromised. Unknown
RedDoorz (Singapore) One of its IT databases was breached, but no sensitive data pertaining to financial information was affected. Unknown
BrandBQ (Poland) The company, which owns multiple retail and fashion brands in Eastern Europe, exposed over 1TB of data containing over 1 billion records via an open and unencrypted Elasticsearch database. The exposed data includes full names, phone numbers, email addresses, product searches, payment records, and more. The database was secured on August 20th, 2020. ~6,700,000
Chubb Fire and Security (UK) NetWalker ransomware operators claim to have successfully attacked fire safety provider Chubb Fire and Security. Five screenshots showing the alleged victim’s directories and other information were posted on the operator’s site as proof. Unknown
Clark County School District (US) Las Vegas Clark County School District employee and student data was made public following an unfulfilled ransom demand from an unspecified threat actor. The data includes employee Social Security numbers, addresses and retirement paperwork, as well as student names, birth dates, addresses, grades and attended schools. Unknown
Telus Health (Canada) Medisys Health Group and Copeman Healthcare, which belong to Telus Health, disclosed that they paid a ransomware attacker following a security breach that was detected on August 31st, 2020, during which client data was stolen. This includes ages, addresses, some personal health numbers, and in certain instances test results, consultation reports, and prescription information. 60,000
Unknown (China) Cyble Inc researchers identified a threat actor leaking over 27.6 million records containing names, phone numbers, full home addresses, sex, and registration dates, and more, of Chinese citizens. Most of the registration dates are from December 2019. The researchers speculate that the data may have been taken from a Chinese e-commerce site. Unknown
Edureka (India) On August 1st, 2020, Safety Detectives researchers discovered an unsecure US-based Elasticsearch server belonging to the e-learning platform that contained over 25GB of personal information. It was secured in mid-August 2020. Exposed data included first names, email addresses, phone numbers, login activity records, previously accessed courses and various auth token information. ~2,000,000
CloudBees (US) An attacker was found to have accessed a failover database instance between June 2019 and June 2020, which may have exposed all information stored in the pipelines of CodeShip Basic account holders, including scripts, environment variables, access tokens and other data. The hashed account passwords, one-time password recovery codes and OTP secret keys for all CodeShip users may have also been exposed, alongside CodeShip Pro account holders’ advanced encryption standard keys and business invoicing information. Unknown
District of Columbia Bar (US) An anonymous whistle-blower alleged that a misconfiguration of the DC bar website is exposing applicants’ data. Information reportedly exposed by the flaw includes names, phone numbers, physical and email addresses, Social Security numbers, employment history and disciplinary records. According to reporters, several applicants confirmed being able to access their applications while logged out of the system. The flaw in the website has since been fixed and DC Bar issued a statement that claims the files of only one applicant were accessed. Unknown

Malware Mentions in Banking

Industry View

This chart shows the trending Malware related to Banking over the last week.

Weekly Industry View

Industry View
IndustryInformation
Banking & FinanceHungarian telecoms company Magyar Telekom reported that they had been targeted by hackers who also attacked Hungarian financial institutions. The distributed-denial-of-service (DDoS) attacks, which occurred on September 24th, 2020, briefly disrupted services. Magyar Telekom stated that the attack was 10 times larger than typical DDoS events. The attack was attributed by the company to Russian, Chinese, and Vietnamese hackers. OTP Bank also confirmed that they had been impacted by the attack.
Critical InfrastructureZscaler researchers observed an increase in targeted attacks against oil and gas sector entities in the Middle East since July 2020, and identified a new spear phishing campaign targeting supply chain and government organisations in the region, particularly in the United Arab Emirates and Qatar. The phishing email appears to be sent from an Abu Dhabi National Oil Company official with a Gmail-based address. The email features a PDF attachment, purporting to be a supply contract quote or a legal tender, containing links to legitimate file sharing sites where additional project specifications are allegedly hosted. The hosted file is a ZIP archive with a malicious .NET executable which decrypts, loads, and executes an embedded AZORult trojan.
GovernmentA recent United Nations (UN) report disclosed that at least 28 UN officials, including at least 11 representing the UN Security Council countries, were targeted in spear phishing attacks aimed at their Gmail accounts. The spear phishing emails were made to appear as official UN security alerts or requests for interviews from reporters, attempting to lure the victims to access phishing pages or download malicious files. According to the report, the UN was made aware of the attacks by one of its member states, who stated that similar attacks were aimed at its own government, with some attacks also using WhatsApp messages. The attacks, which took place across March and April 2020, have been attributed to North Korean threat actor Kimsuky. The UN also noted that the campaign appears to have been active for over a year and is still ongoing.
HealthcareUniversal Health Services (UHS), which runs more than 400 health care facilities in the US and UK, disclosed that the IT network across its facilities is offline due to an ‘IT security issue’. Their statement asserted that employee and patient data did not appear to have been accessed. According to BleepingComputer, employees in various facilities in the US have stated that they lost access to computer and phone systems. An employee also informed BleepingComputer that files were being encrypted with an extension used by Ryuk ransomware. Vitali Kremez of Advanced Intel stated that the incident likely started with a phishing email and that Emotet and TrickBot affected UHS in 2020, most recently in September. These details have not been confirmed by UHS.
CryptocurrencyOn September 26th, 2020, KuCoin disclosed that tokens, such as Bitcoin, and ERC-20, had been withdrawn in large transfers from their hot wallets. The transferred funds are approximately worth more than $150 million. The company stated that cold wallets were secure and hot wallets are being re-deployed.

News and information concerning each mentioned industry over the last week.

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Silobreaker
This website uses cookies.
See our privacy policy at www.silobreaker.com/legal