03 June 2021

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Trending Vulnerable Products

Open Source
Name Heat 7
Siemens Simatic S7-1200
IBM Jazz Foundation
IBM Cognos Analytics
Fortinet FortiOS
Deep & Dark Web
Name Heat 7
Playstation 3
Google Play
Tor Browser

The tables show the products which have been mentioned more than usual during the last week in connection with vulnerabilities.

Data Leaks & Breaches

Leaks & Breaches
Company Information Affected
Union Community School District (US) On May 28th, 2021, DoppelPaymer ransomware operators dumped 2GB of files containing the personal information of current and former employees and students. The employee data includes personal addresses, phone numbers, names of partners, dates of birth, Social Security numbers, and more. Among the student data are transcripts for students who graduated between 2003 and 2019, which reveal names, dates of birth, full addresses, and more. Unknown
DDoS-Guard (Russia) On May 26th, 2021, Group-IB researchers discovered a database supposedly belonging to the bulletproof hosting provider being advertised for sale on a cybercrime forum. According to the seller, the DDoS-Guard database contains customer data, including names, IP addresses, and payment information. They also claim to be in possession of the source code of DDoS-Guard’s infrastructure. Unknown
UCWeb (China) Security researchers found that UCWeb, owned by Alibaba Group, is exfiltrating browsing and search history from users of its products on both Android and iOS devices, even when in incognito mode. Data sent to UCWeb’s servers include detailed information of browsed URLs, searched terms, device details, IP addresses, as well as other sensitive information. Unknown
20/20 Eye Care Network (US) The company, alongside 20/20 Hearing Care Network, discovered suspicious activity on their AWS environment on January 11th, 2021. An investigation revealed that all data stored on its S3 buckets may have been removed and then deleted. Data stored on the buckets included names, addresses, Social Security numbers, member identification numbers, dates of birth and health insurance information. 3,253,822
Cheetah Digital (US) Comparitech researchers discovered an email server belonging to the software provider that was accessible without a password.The server contained 18,065,470 records, including about 3.6 million unique email addresses of British Gas customers who had subscribed to marketing communications. Unknown
Scripps Health (US) Scripps is informing individuals of a ransomware attack that took place on May 1st, 2021, and involved the theft of personal information. This includes addresses, dates of birth, health insurance information, medical record numbers, and more. About 3,700 individuals may also have had their Social Security numbers and driver’s license numbers stolen. 147,267
Health Service Executive (Ireland) The HSE confirmed that data belonging to patients has been leaked online following a Conti ransomware attack. The data includes sensitive patient information and some corporate documents. 520
BLK Sport (Australia) DarkSide ransomware operators hit the company’s servers on April 21st, 2021. Potentially stolen data includes names, addresses, contact details, and possibly some credit card numbers. The company also stated that information relating to suppliers might also have been impacted, including names, addresses, contact details, contract information, order information, and bank account details. Unknown
The University of Maryland, Baltimore (US) UMB reported that sensitive data files in UMB’s Accellion FTA were posted on a cyber criminal’s website. The impacted data includes names, demographic information, Social Security numbers, health information, and more. Unknown
Caravus (US) The company disclosed that some legacy data stored during or before 2016 may have been accessed by an unauthorised party in the 2020 Netgain Technology ransomware incident. This includes names, addresses, Social Security numbers, health information, and in some cases financial account information and driver’s license numbers. Unknown
City of Azusa Police Department (US) On March 9th, 2021, the department discovered that portions of its computer systems were inaccessible due to a ransomware attack. An investigation revealed that the attackers potentially exfiltrated names, Social Security numbers, California identification card numbers, passport numbers, financial information, medical information, and more.  Unknown
The Sturdy Memorial Hospital (US) The hospital paid a ransom to attackers following an incident that occurred on February 9th, 2021. Some impacted data belonged to healthcare providers that it previously partnered with, including Harbor Medical Associates, South Shore Medical Center, and providers linked to the South Shore Physician Hospital Organization. The stolen data included addresses, phone numbers, Social Security numbers, financial information, medical information, and more. Unknown
Hoboken Radiology (US) Hoboken Radiology identified unauthorised connections to its medical imaging server between June 2nd, 2019, and December 1st, 2020. The server contained information such as names, genders, patient ID numbers, images, and more. Unknown
Unknown (India) Researchers at Cyble identified an active threat actor who claimed to have access to 130 million records relating to India-based customs data. The information includes port names, import and export data, supplier names, invoice details, pricing information, and more. Unknown
City of Philadelphia (US) A breach impacted individuals receiving services from the Department of Behavioral Health and Intellectual disability Services, and Community Behavioral Health. Various employee accounts were accessed between March 2020 and January 2021. The impacted accounts had access to names, dates of birth, addresses, medical records, copies of birth certificates, Social Security cards, driver’s licenses, and more. Unknown
Lotería Nacional and Pronósticos lottery (Mexico) Avaddon ransomware actors claim to have stolen data and encrypted devices from the lottery websites. The group stated that unless they are paid a ransom, they will release documents and conduct distributed denial-of-service attacks. Unknown
Porto Sant’Elpidio (Italy) Pay or Grief ransomware operators claim to have stolen 8GB of data from the municipality, 900MB of which has been leaked. The data includes sensitive information on residents, as well as administrative files. Unknown
Klarna (Sweden) The financing service provider suffered a severe technical issue on May 27th, 2021. Users reported seeing the information of other users instead of their own after logging into the bank’s app. Klarna stated the card and banking information was not affected, though some users reported being able to access names, mobile numbers, addresses, stored bank accounts, purchases, and saved credit cards. 90,000
The Woods Hole, Martha’s Vineyard and Nantucket Steamship Authority (US) The Steamship Authority announced that it was targeted in a ransomware attack. The attack affected some of its operations, leading to delays in its ticketing process. The company’s online reservation system as well as phone-based reservations are currently unavailable. Unknown
AMT Games (China) WizCase researchers discovered an unsecured ElasticSearch server belonging to AMT Games, containing unencrypted Battle for the Galaxy user data. A total of 1.47TB were exposed, including player profiles, 2 million transactions and 587,000 feedback messages. Among the exposed data were account IDs, email addresses, player IDs, usernames, countries, Facebook, Apple and Google account data for those who had linked their account, and more. 5,900,000
Fujifilm (Japan) The company disclosed a potential ransomware attack at its Tokyo headquarters on June 1st, 2021. The company chose to partially shut down its network and disconnect from external correspondence. The incident also impacted email and phone sytstems at Fujifilm USA. Vitali Kremez of Advanced Intel stated that Fujifilm was infected with Qbot trojan last month, often a precursor for ransomware. Unknown
Glacier Medical Associates (US) The Montana medical clinic discovered and stopped a security breach of its network on April 7th, 2021. An investigation into the incident found no evidence that the information of individuals has been misused as a result. Glacier Medical Associates did not specify whether ransomware was involved. Unknown
Clover Park School District (US) The group behind the recent ransomware attack claims to have published data stolen from the district. The actor claims to have 5GB of data including ‘internal company documents, personal and customers data.’ The files seen by Kiro 7 include a ZIP file containing student assignments and presentations, and images of letters, one of which exposes non-existing address. Unknown

Attack type mentions in Critical Infrastructure

Time Series

This chart shows the trending Attack Types related to Critical Infrastructure within a curated list of cyber sources over the past week.

Weekly Industry View

Industry View
Industry Information
Banking & Finance Researchers at Bitdefender reported that the Android banking trojans TeaBot and FluBot are being distributed via malicious apps mimicking popular apps. The TeaBot campaign started in December 2020 and is still ongoing, mainly targeting users in Spain, Italy and the Netherlands. The malware impersonates five popular apps available on Google Play. One distribution method uses a fake Ad Blocker app as a dropper for the malware, though the researchers note that other methods are also likely used. In comparison, FluBot is being spread via SMS messages. The malware most commonly imitates a DHL Express Mobile app and is mainly targeting users in Germany, Spain, Italy and the UK.
Government The US Cybersecurity and Infrastructure Security Agency and the Federal Bureau of Investigation warned that a sophisticated threat actor is currently leveraging a compromised end-user account from Constant Contact to target government organisations, intergovernmental organisations, and non-governmental organisations by posing as the United States Agency for International Development. The campaign was first identified by Microsoft, who have attributed it to Nobelium. The group uses a range of custom tools, including NativeZone, which SentinelLabs researchers also observed being used as a poisoned update installer targeting the Ukrainian government.
Technology Fujifilm announced that it ‘became aware of the possibility of a ransomware attack’ at its Tokyo headquarters on June 1st, 2021. The company chose to partially shut down its network and disconnect from external correspondence. The incident also impacted Fujifilm USA, who are suffering network issues that affected their email and phone systems. Vitali Kremez of Advanced Intel informed BleepingComputer that Fujifilm was infected with Qbot trojan last month. Kremez stated that Qbot infections can result in the risk of future ransomware attacks, noting that the Qbot malware group is currently working with the REvil ransomware group.
Retail & Tourism The meat processing firm JBS was targeted in a cyberattack, first reported to have impacted JBS Australia. JBS USA confirmed that the attack impacted some servers of its North American and Australian IT systems. Back-up servers were reportedly not impacted and the company stated that it is currently unaware of any evidence that any customer, supplier or employee data was compromised. The Federal Bureau of Investigation has attributed the attack to REvil ransomware group.
Healthcare On May 27th, 2021, the Swedish Public Health Agency shut down the country’s infectious diseases database, known as SmiNet, after experiencing a series of attempted intrusions. The shutdown has impacted reporting of COVID-19 cases. At present it is not believed that any information was taken, though it remains unclear if the attackers had access to sensitive data.

News and information concerning each mentioned industry over the last week.

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Silobreaker Weekly Cyber Digest

Sign up for weekly news on data breaches, hacker groups, malware and vulnerabilities.

This website uses cookies.
See our privacy policy at www.silobreaker.com/legal