01 April 2021

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Trending Vulnerable Products

Open Source
Name Heat 7
OpenSSL
VMware vRealize Suite
Aruba Instant
Apple iOS 14
IBM Jazz Foundation
Deep & Dark Web
Name Heat 7
Kingdom Hearts
Microsoft Windows 10 Pro
Apple iOS
Instagram
OpenSSL

The tables show the products which have been mentioned more than usual during the last week in connection with vulnerabilities.

Data Leaks & Breaches

Leaks & Breaches
Company Information Affected
Apollo (US) CyberNews reported that a threat actor is advertising 10,930,000 records which they claim to have stolen from the sales and marketing company. The poster claims that the data, which belongs to French users, includes names, phone numbers, workplace information, and more. Unknown
SalusCare (UK) The company stated that its database was likely accessed in the week of March 15th, 2021, as a result of a phishing scam. The attacker, found to be based in Ukraine, then downloaded the database containing up to 85,688 files. Potentially impacted files relate to patient and employee data, including Social Security numbers and credit card numbers. Unknown
City of Alton (US) The Illinois city disclosed that it was impacted by what Mayor Brant Walker described as a ‘data incident’ on March 5th, 2021. A source informed DataBreaches[.]net that the incident was a ransomware attack which impacted Social Security numbers. Unknown
PDI Group (US) The military equipment supplier appears to have been hit with Babuk Locker ransomware. The attacker claims to have exfiltrated over 700GB of data. The group posted a screenshot which allegedly showed purchase orders for over 350 of the company’s customers. The exposed data includes credit card details. Unknown
Faxinating Solutions (Canada) The electronic data interchange provider for Faxinating suffered a Conti ransomware attack discovered on March 3rd, 2021. The ransomware operators leaked 15 files stolen from the company on their site. Unknown
NorQuest College (Canada) The college was affected by a data breach resulting from an error made by one of its employees. The affected data includes the social insurance numbers of approximately 5,000 individuals, and the names, home addresses, and study information of approximately 11,000 students. 11,000
Carding Mafia The credit card hacking and trading forum was hacked, exposing the email addresses, IP addresses, usernames, and hashed passwords of its users.   297,744
MobiKwik (India) A threat actor advertised what they claim to be 8TB of data taken from the company, including Know Your Customer details of 3.5 million individuals and over 99 million phone numbers, emails, hashed passwords, addresses, as well as bank account and card details. The hacker has since claimed to have deleted all stolen data from its servers. 3,500,000
Lexington Medical Center (US) An unauthorised individual gained access to an archived Healthgrades Operating Company Inc server with backup files containing LMC patient information from mid-2010 to mid-2011, including names, addresses, contact information, Social Security numbers, and more. Unknown
Canterbury District Health Board (New Zealand) The board is apologising for a software coding error that resulted in the exposure of personal details. This includes names, gender, ages, and NHI numbers. 716
Broward County Public Schools (US) Broward confirmed a ransomware attack against them in March 2021. The attackers claim to have exfiltrated 1TB of files from the district, including personal information of students and employees, as well as financial information. Unknown
Personal Touch Holding Corp (US) The parent company of multiple US healthcare providers discovered an unspecified data breach on January 27, 2021. Affected information may include patient and member names, addresses, telephone numbers, Social Security numbers, as well as financial and medical information, and more. Unknown
Jefit (US) A security bug led to a breach of customer data affecting individuals registered before September 20th, 2020. Usernames, email addresses, hashed and salted passwords, and IP addresses of users may have been compromised as a result of the incident. Unknown
Alba (Scotland)  The Herald on Sunday revealed that the website of the new political party contained a flaw which exposed private data. The IDs of registered users could be enumerated to reveal the names of other users. 4,325
Yemeksepeti (Turkey) The online food delivery chain was reportedly targeted in a cyberattack that compromised customers’ names, dates of birth, phone numbers, email addresses, addresses and hashed passwords. Unknown
Royal Dutch Shell (Netherlands) The operators of Clop ransomware have begun to leak some employee data they claim to have stolen from the company. Leaked files include scans of employees’ US visas alongside a passport page, as well as files from its US and Hungarian offices. Unknown
The Harris Federation (UK) The federation disclosed that it became aware of a cyberattack on March 27th, 2021. The ransomware incident led the school to disable its email system, telephone system, and devices issued to pupils. Unknown
Vhive (Singapore) The furniture retail chain was targeted in a cyberattack on March 23rd, 2021. The threat actor ALTDOS claims to have stolen over 300,000 customer records, which include names, addresses and phone numbers. In addition, other types of documents such as transaction records and payment records were stolen. Unknown
Multiple US Universities Researchers at Seguranca Informatica reported that Cl0p ransomware operators claim to have stolen data from six US universities, including Yeshiva University, Stanford University, and Universities of Maryland, Miami, Colorado and California. The group leaked some files as proof of the stolen data on March 20th, 2021. The leaked records include screenshots of passports and tax documents, and revealed sensitive personal information such as names, photos, dates of birth, home addresses, passport numbers, Social Security numbers, and more. Unknown
Ubiquiti (US) A security professional informed KrebsOnSecurity that the breach which the company disclosed on January 11th, 2021, was far more wide reaching than reported. The attackers allegedly had access to all S3 data buckets, all databases, all user database credentials, all application logs, and more. Unknown
Allina Health (US) The operators of the Apple Valley Clinic in Minnesota, were affected by the breach of its IT provider Netgain Technology. The names, dates of birth, Social Security numbers, bank and medical information of the clinic’s patients were compromised during the incident. 157,939
DeKalb County School District (US) Students’ names, student ID numbers and dates of birth were potentially exposed to unauthorised access in December 2019 in a PCS Revenue Control Systems Inc breach. Unknown
Citygate Global (Nigeria) Security researcher Jeremiah Fowler found that the microfinance bank was exposing data linked to its Monéé app. An exposed database contained 271,000 records, including customer names, account data, passwords, plain text credit card data, and more. Unknown
New York Foundling (US) CyberNews researchers discovered a publicly accessible Microsoft Azure Blob that appears to belong to the child welfare agency. Leaked data included employee information, patient names, dates of birth, phone numbers, addresses, Social Security numbers, and more. Unknown
Maharashtra Industrial Development Corporation (India) The company’s servers were targeted in a ransomware attack on March 21st, 2021. According to the Hindustan Times, the attackers are alleged to have contacted the victim by email, asking for 5 billion Indian rupees, or nearly $70 million, in ransom. Unknown
Boggi Milano (India) The Italian menswear company Boggi Milano was targeted in a Ragnarok ransomware attack. The attackers claim to have stolen around 40GB of data, including human resources files containing salary information. The theft was confirmed by sources known to Bloomberg. Unknown
  ECU Worldwide (India) Mount Locker ransomware operators claimed to have stolen 2TB of data during a February 2021 attack against the shipping company. The attackers threatened to release the allegedly stolen data. Unknown
Shanghai’s Public Security Bureau (China) ABC News saw a database attributed to the bureau, which was compromised in 2020. The database reportedly contains watchlists of persons of interest, informant reports, immigration data, records from questionings of ethnic Uyghurs, passport details and photographs of more than 5,000 foreigners,and more. 25,000

Malware mentions in Government

Time Series

This chart shows the trending Malware related to Government over the last week.

Weekly Industry View

Industry View
Industry Information
Technology PHP developer Nikita Popov announced that commits were made to the php-src repo under his account name and the account name of fellow developer Rasmus Lerdorf. The developers stated that the evidence so far indicated that the Git PHP server was compromised, rather than individual Git accounts. The commits mentioned the name of exploit broker Zerodium, whose CEO stated that the company ‘obviously’ is not linked to the compromised commits. Popov stated that they will no longer maintain their own Git infrastructure and that changes will no longer be pushed to the server but will be directly made to GitHub.
Government Der Spiegel reported that Bundestag members of the Christian Democratic Union and Social Democratic Party were targeted by phishing emails linked to the Ghostwriter campaign. The attackers also targeted 31 state legislators as well as dozens of activists. The Ghostwriter campaign, which is said to be associated with Russia’s military intelligence service (GRU), reportedly began in 2017. It seeks to spread disinformation and aligns with Russian security interests according to researchers at Mandiant.
Banking & Finance  The New York Department of Financial Services (DFS) issued a renewed warning of an ongoing fraud campaign targeting consumers. The DFS first warned of the campaign in February 2021, but has since received additional reports of data theft. The attackers use web-debugging tools to steal unredacted, plaintext Nonpublic Information (NPI) while in transit from a data vendor to a company, or credential stuffing techniques to gain access to insurance agent accounts and steal consumer NPI. Social engineering scams have also been observed.
Healthcare Proofpoint reported that TA453, whose activities have historically matched the intelligence collection priorities of the Islamic Revolutionary Guard Corps, have been targeting US and Israeli medical researchers. The credential phishing operation began in late 2020 and was directed at less than 25 senior researchers involved with genetic, neurology, and oncology research. The campaign, dubbed BadBlood, begins with emails that are constructed to appear as if they come from a prominent Israeli physicist.
Cryptocurrency Palo Alto Networks Unit 42 researchers identified 30 malicious images on Docker Hub that have been downloaded 20 million times and are being used in cryptojacking operations worth an estimated $200,000. The malicious images were found on ten individual Docker Hub accounts. The most popular cryptocurrency was found to be Monero, likely due to the anonymity it provides, its use of CPU for mining, and the coin’s popularity. The majority of attacks involved the Monero miner XMRig.

News and information concerning each mentioned industry over the last week.

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Silobreaker
This website uses cookies.
See our privacy policy at www.silobreaker.com/legal