03 December 2020

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Trending Vulnerable Products

Open Source
Name Heat 7
AirDrop
Apple iOS 13
iPhone
Raspberry Pi
Trend Micro Apex One
Deep & Dark Web
Name Heat 7
AirDrop
Microsoft Autopilot
cPanel
Tenda
iPhone

The tables show the products which have been mentioned more than usual during the last week in connection with vulnerabilities.

Data Leaks & Breaches

Leaks & Breaches
Company Information Affected
Albert Einstein Hospital (Brazil) An employee of the hospital uploaded a spreadsheet containing usernames, passwords, and access keys to Brazilian government systems onto their GitHub account. The credentials could be used to access the E-SUS-VE database which is used to record COVID-19 patients with mild symptoms, and the Sivep-Gripe database which featured the data of hospitalised patients. The accessible databases exposed names, addresses, ID information, and health records. Unknown
US Fertility (US) The company stated that between August 12th and September 14th, 2020, an unnamed threat actor acquired ‘a limited number of files.’ The exposed data includes names, addresses, dates of birth, MPI numbers, and Social Security numbers. Unknown
Parler (US) According to reporting by Business Insider (BI), a misconfigured Amazon Web Services bucket belonging to third-party vendor Political Media has enabled a malicious actor to exfiltrate user data from the social networking app Parler. Other researchers have reportedly confirmed that the dump contains passwords, photos, email addresses and other backup data from several companies, including Parler and the Washington Examiner. Unknown
Spring Independent School District (US) DataBraches[.]net reported that Egregor ransomware operators claim to have attacked the school. A 2011 audit file allegedly stolen from the school was published by the actor as proof of the attack. Unknown
CBS   (US) Security researchers Seb Kaul and Bob Diachenko discovered a PHP Symfony app belonging to Last[.]fm running in ‘debug’ mode that exposed multiple admin usernames, passwords and secret tokens. This could be used by an attacker to access and modify user account details. Unknown
Advantech (Taiwan) On November 26th, 2020, Conti ransomware operators published 3.03GB of data which they claim belongs to the company. Unknown
Unidas (LCAM3) Unidas disclosed a security incident that involved unauthorised access and possible theft of some of its data. Unknown
Unknown (UK) A hacked web server of an unnamed insurance company has reportedly led to the exposure of personal data belonging to motorists in the UK in October 2020. The compromised data includes names, addresses, phone numbers, dates of birth, email addresses, and driving licences.  21,000
Royal Dutch Cycling Union The union’s legacy database MijnKNWU suffered a data breach that impacted the personal data of its members and any individuals included in the former database. Names, email addresses, payment details, residential addresses, dates of birth, and more, were reportedly stolen in a ransomware attack. Unknown
Absa (South Africa) Absa is informing its clients of a data breach affecting a ‘limited number’ of customers. The breach was the result of an internal data leak, after an employee leaked selected customer data to third parties. Exposed information includes identity numbers, contact details, physical addresses, and account numbers. Unknown
 McLeod Health (US) An unauthorised actor gained access to and downloaded the content of an employee account potentially containing patient data between April 13th and April 16th, 2020. Unknown
AspenPointe (US) An unauthorised user breached the company’s network in September 2020, exposing full names and one or more additional details such as Social Security numbers, Medicaid ID numbers, dates of birth, dates of visit, dates of admission, dates of discharge, and diagnosis codes. 295,617
Apodis Pharma (France) An exposed Kibana database discovered by CyberNews contained over 1.7TB of confidential business-related data, including pharmaceutical sales data, full names of the company’s partners and employees, client warehouse stock statistics, pharmaceutical shipment locations and addresses, and more. Unknown
Stride Inc (US) The company disclosed it paid the attackers to secure stolen data following a Ryuk ransomware attack. The attack compromised some corporate back-office systems and the attackers accessed student and employee information. Unknown
Unknown (Cayman Islands) A misconfigured Microsoft Azure blob exposed the backup data of an unnamed investment fund. The exposed data included shareholder information, scan of directors’ passports, correspondence with investors, share certificates, a scanned copy of its online banking PIN to the blob, and more. Unknown
NTreatment (US) TechCrunch identified an exposed cloud storage server hosted on Microsoft Azure. The exposed data consists of 109,000 files, including medical records, insurance claims, doctors’ notes, and some of the company’s internal documents. Unknown
Regional Court of the First Region (Brazil) R7 reported that the court’s systems were hit by hackers on November 27th, 2020. The attackers claim to have accessed files in more than 40 court databases. Unknown
Shirbit (Israel) Shirbit was hit by a cyberattack in which data was stolen. The Times of Israel reported that many of those impacted by the breach are civil servants. A group, calling themselves BlackShadow, claimed responsibility for the incident. According to their claim, stolen data, including ‘identity documents, financial statements and other company-related documents,’ are available for download. Unknown
Harvard Pilgrim Health Care (US) An error in the software used by the company caused an ‘individual’s mailing addresses to be associated with another address associated with that individual’s health plan.’ Potentially exposed data includes ID numbers, dates of birth, telephone numbers, treatment information and more.  8,022
Indian Health Council Inc (US) The company’s patient data may have been impacted by a ransomware attack that was discovered on September 22nd, 2020. The attackers could have accessed files containing patients’ names, dates of birth, treatment, health information, and health insurance information.  Unknown
E-Land (South Korea) Clop ransomware operators allege to have compromised E-Land Retail over a year ago and deployed point-of-sale malware on its network before activating ransomware at the end of November 2020. They claim to have exfiltrated over 2 million credit cards containing Track 2 data, including credit card numbers, expiration dates, and more.  Unknown
Government of Estonia The Estonian Ministry of Economic Affairs and Communications, the Ministry of Foreign Affairs, and the Ministry of Social Affairs were hit by cyberattacks in November 2020. Data pertaining to the containment of infectious diseases was stolen from the latter. 9,158
Intersport (US) The operators of Conti ransomware have dumped over two dozen files they claim to have stolen from Intersport.   Unknown
Gardiner Public Schools (US) DoppelPaymer ransomware operators uploaded three files they claim to have stolen from the Montana school district. The district confirmed that an attack has taken place. Unknown
OGUsers Security researcher Brian Krebs reported that the account hijacking site OGUsers has been hacked. A defacement message on the site’s homepage stated that the forum’s user database was compromised. Unknown
Finistère Habitat (France) The social housing landlord was targeted in a NetWalker ransomware attack, which has impacted office functions since November 13th, 2020. Netwalker threatened to release allegedly stolen data if a ransom demand is not met. Unknown
BTC Markets (Australia) The cryptocurrency exchange exposed the names and email addresses of customers via a marketing email sent out on December 1st, 2020. The emails, which were sent in batches of 1,000, exposed the details of 999 users to each individual. 1,000

Malware mentions in Healthcare

Time Series

This chart shows the trending Malware related to Healthcare over the last week.

Weekly Industry View

Industry View
Industry Information
Banking & Finance The Financial Industry Regulatory Authority (FINRA) warned member firms that an ongoing phishing campaign is spoofing the organisation’s domain. FINRA has asked the internet domain registrar to suspend services for the malicious domain. 
Government The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) warned that US think tanks are being targeted by advanced persistent threat (APT) groups. The attacks primarily focus on individuals or organisations working on international affairs or national security policy. CISA and FBI warned that APT groups are compromising targets via a range of methods, including spear phishing, targeting flawed web-facing devices and remote connection capabilities, and more. The attackers aim to gain user credentials, steal sensitive data, and establish persistence in target networks. 
Education  Researchers at RiskIQ analysed the operations of a threat actor, dubbed ‘Shadow Academy,’ targeting universities globally. The group uses techniques similar to those of the Iranian actor Mabna Institute, and is believed to be associated with 20 attacks against universities in Australia, Afghanistan, the UK, and the USA between July and October 2020. Most of the actor’s phishing campaigns focused on credential harvesting and financial theft by spoofing brands like Amazon and Instagram, and online banking services. The actor was linked to an attack against Louisiana State University due to their use of domain shadowing, a technique leveraged against three other schools. Another threat actor called Murrez, a likely member of the hacker collective W4coders, was found to be using techniques similar to those of Shadow Academy, and is believed to be their competitor. 
Technology BleepingComputer reported a massive phishing campaign that impersonates Zoom to acquire users’ Microsoft login credentials. The email is a fake Zoom meeting invite that prompts the user to click on a link. The user is then redirected to a spoofed Microsoft login page and prompted to enter their password. Security researcher TheAnalyst informed BleepingComputer that phishing pages are checking entered credentials by attempting to log into the victims’ accounts via IMAP. The campaign, which is still ongoing, uses numerous landing pages. BleepingComputer verified that at least 3,600 email credentials have been stolen in the attack so far, but warned that this figure may be far higher. 
Healthcare Reuters reported that an investigation by four security researchers revealed that North Korean hackers have been targeting health organisations since September 2020. The attacks involved web domains made to appear as legitimate online login portals to obtain credentials from employees of those organisations. Targeted organisations reportedly include Johnson & Johnson, Novavax Inc, AstraZeneca, Beth Israel Deaconess Medical Center, the University of Tuebingen, Genexine Inc, Boryung Pharma Co Ltd, Shin Poong Pharm Co Ltd and Celltrion Inc. Reuters could not determine whether any of the attacks had been successful. According to Reuters, the web domains and servers used in the attacks have previously been linked to a North Korean hacking campaign by the US government and other security researchers. 

News and information concerning each mentioned industry over the last week.

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Silobreaker
This website uses cookies.
See our privacy policy at www.silobreaker.com/legal