05 November 2020

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Trending Vulnerable Products

Open Source
Name Heat 7
Snapdragon Mobile
Oracle WebLogic
Google Chrome Browser
GnuPG
Adobe Acrobat Reader
Deep & Dark Web
Name Heat 7
Gajim
Cisco VPN
Google Gmail
Oracle WebLogic
Snapchat App

The tables show the products which have been mentioned more than usual during the last week in connection with vulnerabilities.

Data Leaks & Breaches

Leaks & Breaches
Company Information Affected
Salem, New Hampshire (US) The town was targeted in a ransomware attack on October 21st, 2020. According to Town Manager Chris Dillon, the attackers ‘may have downloaded data from certain servers.’ Unknown
Reincubate (UK) Users were informed of a data breach concerning data from a backup created in November 2017. The data, stored on a private Amazon Web Services S3 storage bucket, was accessed using leaked credentials. Potentially exposed information includes names and email addresses, and for some users billing addresses and metadata on usage of the company’s products. Unknown
Hall County, Georgia (US) Data stolen from the county’s systems during an attack was published online by DoppelPaymer ransomware operators. The attackers leaked over 1GB of unencrypted files which contain spreadsheets, election documents, accounting and financial records, and lobby comment cards. Leaked voter registration records include names, registration IDs, addresses, and assigned ballots. The Social Security number of at least one voter has also been exposed. Unknown
Arkansas Methodist Medical Center (US) The third-party lockbox service provider Technology Management Resources Inc discovered that one of its employee’s user accounts had been compromised. The majority of threat actor activity took place between February and May 2020. Data potentially viewed by the threat actor includes names, addresses, checking account number and routing number, as well as information on billing statements, such as AMMC account numbers. Unknown
JM Bullion (US) The online metal retailer informed customers that a malicious script had been present on its site between February 18th and July 17th, 2020. During this period, the payment data of some customers was exfiltrated to the attacker’s remote server, including names, addresses, account numbers, card expiration dates, and security codes. Unknown
RedMart (Singapore) BleepingComputer received a communication from a seller claiming to possess a database containing over 1.1 million RedMart accounts. The exposed data includes email addresses, SHA-1 hashed passwords, partial credit card numbers, and more. 1,100,000
Eatigo (Thailand) Eatigo disclosed that an unauthorised user accessed their database. The company stated that the impacted data includes names, email addresses, and phone numbers. An anonymous seller claimed to possess the data of 2.8 million Eatigo accounts in a communication to BleepingCcomputer. 2,800,000
Gaming Partners International (US) REvil ransomware operators posted screenshots of directories allegedly belonging to GPI and claimed to have stolen 540GB of data, including company data, technical data, financial and bank documents, as well as contracts with casinos in Las Vegas, Macao, and Europe.   Unknown
Department of Social Services (US) The DSS is informing 37,000 current and former clients of a potential data breach involving personal health information. The DSS discovered spam emails being sent from a number of employee accounts following a series of phishing attacks between July 29th and December 2nd, 2019. Potentially compromised data includes names, dates of birth, client numbers, case numbers and Social Security numbers. 37,000
Isentia (Australia) Isentia reported that they are bringing their servers back online and monitoring for data leaks following a reported ransomware attack. The attack significantly impacted its operations. Unknown
GrowDiaries/Mauricio Styl sro (Czechia) On October 10th, 2020, security researcher Bob Diachenko discovered an unprotected database belonging to GrowDiaries that exposed over 3.4 million user records. Exposed data included about 1.4 million records with email addresses, IP addresses and usernames, as well as 2 million records with user posts and account passwords hashed using MD5, an algorithm that can be easily cracked. No payment data was exposed. Unknown
Folksam (Sweden)   Folksam shared the personal data of roughly 1 million Swedes with large companies. Companies that received the data, which detailed what customers and visitors searched for on the Folksam website, include Facebook, Google, Microsoft, LinkedIn, and Adobe. The data included information such as individuals’ insurance purchases and Social Security numbers. 1,000,000
GEO Group (US) On August 19th, 2020, the prison and secure facilities investment trust GEO Group discovered a ransomware attack against its servers. The attack impacted employee data as well as the information of inmates and residents for sites in Florida, Pennsylvania, and California. The resident and inmate data included some personally identifiable information and protected health information. Unknown

Attack Type mentions in Critical Infrastructure

Time Series

This chart shows the trending Attack Types related to Critical Infrastructure over the last week.

Weekly Industry View

Industry View
Industry Information
Government The Cybersecurity and Infrastructure Security Agency and the Federal Bureau of Investigation (FBI) reported that an Iranian advanced persistent threat actor targeted US state election sites. The attacker successfully acquired records in at least one instance by using website misconfiguration and scripted process. The threat actor conducted scans against the sites using Acunetix between September 20th and September 28th, 2020. Between September 29th and October 17th, 2020, the threat actor attempted to acquire information by exploiting known vulnerabilities, targeting unique flaws in websites, via web shell uploads, SQL injections, and more.
Education  Inky reported that they stopped thousands of malicious emails sent from compromised university email accounts. The emails, which pass by Secure Email Gateways, came from accounts such as Purdue University, University of Oxford, Stanford University, University of Chicago, and more.
Critical Infrastructure Red Sky Alliance researchers observed a number of phishing emails targeting the maritime shipping industry between October 26th and October 31st, 2020. The campaigns used existing vessel and company names to impersonate employees. One of the attacks targeted a Mediterranean Shipping Company tax officer with a targeted email which used the company name in the subject line. The email contained an executable attachment with the Fareit!ml malware disguised to appear like a zipped PDF file. Another campaign used the name of the MV Prabhu Sakhawat vessel in an attempt to trick victims into opening a Microsoft Word or Excel document and enabling macros to load malware.
Healthcare    An employee of Wyckoff Heights Medical Center in Brooklyn informed BleepingComputer that Ryuk ransomware had been deployed against the hospital. The ransomware reportedly encrypted many of the hospital’s devices before Wyckoff was able to shut down parts of its network. AP News reported that the University of Vermont Health Network was also hit with a cyberattack which impacted six hospitals in Vermont and New York. It is currently unknown if Ryuk ransomware was used in the attack. Security researchers at Check Point warned that they had identified a 71% rise in ransomware attacks against the US healthcare sector in October 2020. The researchers found that 75% of these incidents involved Ryuk.
Cryptocurrency    The new Axion Network token, named AXN, was hacked immediately after its launch on November 2nd, 2020. A threat actor minted 79 billion AXN and used the AXN Uniswap exchange to convert them to 1,300 Ethereum ETH coins, worth around $500,000. The AXN price fell to zero. According to the Coin Telegraph, the attack was carried out by an inside actor who injected malicious code that modified the OpenZeppelin AccessControl implementation. The code was injected after independent auditors had reviewed the platform, but before its deployment. The actor utilised an unstake function of the Axion Staking contract to carry out the attack. The function was added with the malicious injection, and was not intended to be a part of the platform.

News and information concerning each mentioned industry over the last week.

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Silobreaker
This website uses cookies.
See our privacy policy at www.silobreaker.com/legal