06 May 2021

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Trending Vulnerable Products

Open Source
Name Heat 7
WebKit Software Component
Exim (MTA)
WordPress Plugin
iPad
iPad mini 4
Deep & Dark Web
Name Heat 7
Exim (MTA)
WebKit Software Component
Spartan Protocol
IBM QRadar
iPad

The tables show the products which have been mentioned more than usual during the last week in connection with vulnerabilities.

Data Leaks & Breaches

Leaks & Breaches
Company Information Affected
Schepisi Communications (Australia) The Melbourne-based Telstra partner was hit by Avaddon ransomware. The information of some ‘high level’ Telstra business customers has been impacted. The attackers claim to have data on mobile devices and tens of thousands of SIM cards, including financial information, contracts, and banking information. Unknown
Groupe Boutin Inc (Canada) CLOP ransomware operators claimed responsibility for an attack against the Quebec-based company. The ransomware operators dumped several files which they claim to have stolen from the company’s servers. The files include employee photo IDs containing health insurance information and passport images. Unknown
CaptureRx (US) The company discovered that some of its files were accessed and acquired by an unauthorised actor on February 6th, 2021. The stolen files contained patient names, birth dates, and prescriptions. Unknown
Gifford Health Care (US) The care provider stated that its vendor CaptureRx was targeted in a ransomware attack. Data held by CaptureRX includes names, dates of birth, prescription information and, in some cases medical record numbers, of Bethel and Randolph patients. 6,777
Thrifty White (US) The company informed its customers of a data breach relating to unauthorised access of files on CaptureRx’s system. Unknown
 US Agency for Global Media The USAGM was hit by a phishing attack that resulted in a data breach in December 2020. The exposed information includes full names and Social Security numbers of current and former employees who worked for USAGM, Voice of America, and the Office of Cuba Broadcasting between 2013 and 2020. Unknown
Glovo (Spain) Security researcher Alex Holden discovered a hacker advertising access to computers used for the management of Glovo accounts. The company has confirmed the hack, and added that no customer card data was accessed. Holden noted that the hacker continues to advertise access to Glovo systems and data, which appears to be unencrypted. Holden also believes couriers’ international bank account numbers and tax ID numbers may have been exposed. Unknown
NSW Labor Party (Australia) The operators of Avaddon ransomware targeted the party and threatened to release sensitive data they claim to have stolen. This reportedly includes images of passports, driver’s license and employment contracts, and more. Unknown
WedMeGood (India) TechNadu reported that ShinyHunters leaked a 4.3GB database from the wedding planning platform. The platform previously suffered a breach in October 2020 when a threat actor uploaded 500MB of data exposing the details of 1.34 million users. Leaked data includes email addresses, password hashes, contact numbers, and more. Unknown
Raychat (Iran) A database attributed to the customer messaging platform was leaked on the Russian hacker website Raid Forum. The data includes customer names, IP addresses, email addresses, Telegram messenger IDs, and more. Security researcher Bob Diachenko previously discovered a Raychat data breach containing 267 million accounts with addresses, passwords, encrypted messages, and more. It is unclear if the leaked database was obtained from the same misconfigured server seen by the researcher. Unknown
Unknown (Colombia) Anonymous Colombia claimed to have shut down several Colombian government sites, including the official website of the country’s presidency. The actor also claimed to have attacked the Colombian Senate and the National Army, leaking over 160 names, emails, and passwords. Unknown
Twilio  (US) Twilio revealed that a small number of email addresses had likely been exfiltrated by an unknown attacker as a result of the unauthorised modifications to Codecov Bash Uploaders. Unknown
Jackson County Health Department (US) The department warned residents of a data breach. Between February 15th and March 5th, 2021, messages sent to residents to remind them to schedule COVID-19 vaccinations inadvertently revealed email addresses. Unknown
Amazon (US) Politico reported that an internal audit from 2015 revealed that 4,700 Amazon employees had unauthorised access to sensitive third-party seller data on the platform. In one case, an employee reportedly used such access to improve sales. Unknown
First Horizon Bank (US) The bank disclosed a data breach affecting the funds of its customers, as well as their personal information. Less than $1 million was reportedly stolen. The attack appears to have involved either stolen or brute-forced customer credentials, as well as a flaw in a third-party security software. 200
Tribunal de Justiça do Estado do Rio Grande do Su (Brazil) On April 28th, 2021, the tribunal was hit with REvil ransomware. The threat actors are reportedly demanding $5,000,000 and are threatening to leak data. Unknown
Banca di Credito Cooperativo (Italy) Security Affairs reported that the BCC was targeted in a ransomware attack claimed by the Darkside ransomware group. The attack impacted operations at 188 branches. The bank reportedly stated that the problems it is facing were caused by technical issues. Unknown
Resort Municipality of Whistler (Canada) The municipality was hit by ransomware on April 28th, 2021. The Whistler website was hacked to display a link that led to a dark web chat site. The message on the site reportedly suggests that the municipality’s network has been encrypted and that files have been stolen.  Unknown
Multiple (US) Gemini Advisory reported that they identified the exposures of approximately 343,000 payment cards via breaches at five online ordering platforms for restaurants. The breaches were identified in the past six months and led to the sale of customer payment cards online. Most cards were issued by banks based in the United States. Affected companies are Easy Ordering, MenuSifu, E-Dining Express, Food Dudes Delivery, and Grabull. Unknown
Insight Global (US) The Pennsylvania Department of Health revealed a data breach affecting the state’s COVID-19 contact tracing programme. Several employees of the department’s third-party contractor Insight Global allegedly created copies of residents’ personal information and then sent the data to outside sources. Potentially leaked data includes ages, genders, sexual orientations, phone numbers, email addresses, as well as COVID diagnoses. 72,000
AmeriFirst Financial (US) The subsidiary of the insurance provider AmeriTrust discovered a breach of its data storage that took place between December 2nd and December 10th, 2020. Stolen customer data includes names, dates of birth, driver licences, as well as Social Security, bank account, tax identification, passport and Internal Revenue Service numbers. Unknown
DLSY JV (Turkey) The company was hit with a cyberattack on April 24th, 2021. The attack led to the encryption of some servers and files. It impacted personal data belonging to employees, relatives of employees, and subcontractors. 20,000
Solicitor General of the Philippines Researchers at TurgenSec discovered 345,000 documents belonging to the office left freely accessible online. Among the exposed files were documents relating to staff training, internal passwords and policies, staffing payment information, and more. The researchers warned that an unknown third-party accessed and downloaded the data. Unknown
Swiss Cloud Computing AG The company was targeted in a ransomware attack that impacted its customers. 6,500
LECOM Health  (US) The therapeutic services provider discovered suspicious activity in two of its business email accounts. An investigation found unauthorised access to one email account from July 30th to August 3rd, 2020. Unknown
St John’s Well Child & Family Center  (US) The clinic is informing its patients of a data breach that took place on February 3rd, 2021. Possibly leaked data includes current and former patient names, birthdates, contact information, patient and personal identification numbers, and more. Unknown
Centre François Baclesse (France) The proton therapy centre identified and blocked a malware attack on April 21st, 2021. The malware used in the attack could reportedly retrieve data and encrypt devices. Unknown
The Centers for Advanced Orthopaedics (US) The company informed patients and employees of a data breach which took place between October 2019 and September 2020. Multiple employee email accounts were found to be accessible to cybercriminals. The actor had access to protected health information and dates of birth, as well as some Social Security, driver’s license numbers and more. 125,291
Centre François Baclesse (France) The proton therapy centre identified and blocked a malware attack on April 21st, 2021. The malware used in the attack could reportedly retrieve data and encrypt devices. Unknown
Midwest Transplant Network (US) The Kansas healthcare provider was hit by a ransomware attack discovered on February 11th, 2021. The attack exposed the names, dates of birth, and medical procedures of patients. 17,600
Transport Research Board (US) The annual meeting registration services database of the TRB was targeted in a ransomware attack in March 2021. The personal data of individuals that had registered for TRB meetings from 2015 to 2021 may have been exposed and stolen by the attacker. Compromised data includes names, email addresses, phone numbers, job titles, and more. Unknown
City of Toronto (Canada) The city disclosed that it may have suffered a data breach caused by the hacking of its Accellion FTA in January 2021. The personal health information of individuals may have been compromised. Unknown
Veritas Logistics (Israel) The N3tw0rm group named the company as a victim of a ransomware attack on their dark web site, and are threatening to publish 9GB of their data. Unknown
H&M Israel The N3tw0rm group claims to have targeted the company in a ransomware attack. The attackers are threatening to publish 110GB of stolen data. Unknown
Elekta (Sweden) The oncology and radiology systems company disclosed that they were impacted by a data security incident involving its cloud-based storage system. The company stated that a subset of US-based customers are impacted. InfoSecurity stated that reports suggest that the incident may be linked to ransomware. Unknown
Illinois Office of the Attorney General  (US) Following a ransomware attack that hit the office on April 10th, 2021, DoppelPaymer operators have begun to leak files. The exposed data includes private documents about state prisoners and their cases as well as public information. Unknown
Rochester Community Technical College (US) A LexisNexis public data request from the college revealed a data breach, as the college was found to have supplied the birth dates of students during previous requests. 5,392
The Orthopaedic Associates of Dutchess County (US) The clinic discovered that an unauthorised actor accessed certain systems on or around March 1st, 2021. The actor claims to have removed and viewed files. The data involved includes patient names, addresses, medical records, Social Security numbers, and more. 331,376 
Faxton St. Luke’s Healthcare  Dutchess County (US) The healthcare provider and its affiliate Mohawk Valley Health System were affected by the CaptureRx breach. The personal information of  Faxton St. Luke’s patients was exposed, including patient names, birth dates, prescriptions, and some medical record numbers. 17,655

Attack Type mentions in Healthcare

Time Series

This chart shows the trending Attack Types related to Healthcare over the last week.

Weekly Industry View

Industry View
Industry Information
Government On May 4th, 2021, Belnet, who provide internet services for government agencies, the parliament, universities, and scientific institutions in Belgium, disclosed that its network was under a distributed denial-of-service attack. The incident reportedly impacted online services for coronavirus vaccination centers and connections to several customers were disrupted. The company’s director stated that it was the first time that it had been confronted with ‘such a gigantic attack’.
Tourism & Retail Since March 28th, 2021, more than 30 workers of Shipt, Target’s personal shopping platform, have disclosed being targeted by phishing schemes that include spoofing Shipt’s corporate phone numbers. Scammers trigger password reset emails to simulate suspicious activity on the account, and subsequently call users to obtain their password for verification. The account credentials are then used to cash out the victims’ paychecks. Other gig economy workers have also reportedly experienced similar scams targeting Instacart, Postmates, Lyft, and DoorDash employees.
Critical Infrastructure Researchers at Cybereason identified a suspected Chinese APT group using an altered version of the RoyalRoad weaponizer to deliver a new stealthy backdoor, dubbed PortDoor, to target the Russian defence sector. The lure used in the attack indicates that the threat actors sought to compromise a general director at nuclear submarine designer Rubin Design Bureau. The attack began with a spear phishing email containing a malicious RTF document with a RoyalRoad payload that drops PortDoor. The malware can gather and exfiltrate information about a target’s machine, receive commands and download additional payloads from a C2, escalate privileges, and more.
Healthcare Security researcher Lukas Stefanko identified a new SMS worm that tricks users into downloading a fake COVID-19 vaccination registration app. An investigation by Cyble Inc found that the campaign is currently targeting users in India. The malware is capable of collecting sensitive information from a victim’s device, accessing location, reading a device’s state, and more. Once downloaded, the malware automatically sends a message containing a link to download the malware to all of the victim’s contacts.
Cryptocurrency Crypto wallet provider MetaMask warned its users of a phishing campaign using a bot to steal seed phrases. The bot, disguised as an apparently innocuous Twitter account, directs users to a Google Docs form impersonating MetaMask support. The users are then prompted to enter their secret recovery phrase.

News and information concerning each mentioned industry over the last week.

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Silobreaker Weekly Cyber Digest

Sign up for weekly news on data breaches, hacker groups, malware and vulnerabilities.

Silobreaker
This website uses cookies.
See our privacy policy at www.silobreaker.com/legal