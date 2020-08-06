Threat Summary: 31 July – 06 August 2020
31 July – 06 August 2020
Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.
Trending Vulnerable Products
|Open Source
|Name
|Heat 7d
|Cisco Prime Data Center Network Manager
|WordPress
|IBM i2 Analyst Notebook
|Android Oreo
|Apple iCloud
|Deep & Dark Web
|Name
|Heat 7d
|Tor Browser
|Netsparker
|Red Hat Enterprise Linux
|Minecraft
|jQuery
The tables show the products which have been mentioned more than usual during the last week in connection with vulnerabilities.
Data Leaks & Breaches
|Company
|Information
|Affected
|Scentbird (US)
|Scentbird issued a data breach notification informing users that their names, email addresses, encrypted account passwords, and more, may have been exposed.
|5,800,000
|New Zealand Police
|The New Zealand Police announced that they had terminated their contract with research firm Gravitas, after data they sent the company was involved in a hacking incident. The information related to people who phoned the Police to report low level crimes such as burglary. The potentially exposed data contained names, phone numbers, addresses, and short descriptions of the crimes.
|5,700
|Flintshire County (UK)
|According to the Welsh county’s statement, the personal data of individuals who responded to a consultation were uploaded to the Local Development Plan section on the council’s website and left publicly exposed. The data included names and addresses.
|Unknown
|Pivot Technology Solutions (Canada)
|The managed service provider reported that it suffered a ransomware attack last month that impacted data held by the parent company, its subsidiaries, and former and current affiliates. The perpetrators weren’t able to encrypt any of the files but managed to access sensitive data of US employees and consultants, including names, addresses, dates of birth, banking details, Social Security numbers, and more.
|Unknown
|IndieFlix (US)
|CyberNews researchers discovered an unsecured data bucket on a publicly accessible Amazon S3 server that contained 90,000 files. This includes confidential motion picture acquisition agreements, tax ID requests including filmmakers’ Social Security numbers and employer identification numbers, contact information of film professionals, and thousands of video files and movie clips.
|Unknown
|Gujarat Technological University (India)
|Students of the university complained that their personal details were leaked on GTU’s website during mock tests that were held on July 28th. The data that was allegedly leaked contained college IDs, government IDs, including PAN or Aadhaar cards, and potentially bank account information.
|Unknown
|Government of Iran
|Lists and medical records leaked to the BBC by an anonymous source included names, age, gender, symptoms, time spent in hospital, and more. The leaked files revealed that the Iranian government’s coronavirus death toll stood at nearly 42,000 as of July 20th, 2020. The figure that was publicly reported by the health ministry was only 14,405.
|Unknown
|CWT (US)
|The travel agency confirmed it suffered a ransomware attack, which according to security researcher ‘JAMESWT’ involved Ragnar Locker. JAMESWT also stated that the attackers demanded $4.5 million in Bitcoin in return for recovering 2TB of data. This includes information of CWT’s clients such as AXA Equitable, Abbot Laboratories, AIG, Amazon, Boston Scientific, Facebook, and others.
|Unknown
|Havenly (US)
|The interior design website stated that it suffered a data breach after a database containing 1.3 million user records was leaked on a hacker forum. The database contained users’ logins, full names, MD5 hashed passwords, email addresses, phone numbers, ZIP, and other data related to the usage of the site.
|Unknown
|Sheldon Independent School District (US)
|The Texas-based school district notified current and former staff and students of an incident in which an unauthorised party accessed their computer network and was able to view and download documents. The affected information includes student names, year in school, school name, teacher name, sex, race, and more.
|Unknown
|Kiwibank (New Zealand)
|The bank sent 4,200 customers an email or bank statement with their own account number, name and address, but another customer’s transaction history.
|4,200
|Elkins Rehabilitation & Care Center (US)
|The West Virginia-based nursing home is notifying residents and employees of a data breach that was discovered in February 2019 and involved unauthorised access to some employee email accounts. The affected data included first and last names, limited protected health information, and more.
|Unknown
|Zello (US)
|On July 8th, 2020, Zello identified unusual activity on one of their servers. The company stated that it was possible that the intruder could have accessed the hashed passwords and email addresses employed by users on their Zello accounts. Zello asserted that they have no evidence that accounts have been improperly accessed.
|Unknown
|The Blacklist Alliance (US)
|The Blacklist Alliance leaked client information via its own website. The exposed data, which was available until last week, included API keys, phone numbers, employer, username and MD5 hashed passwords for 388 Blacklist customers. The site also exposed thousands of documents, emails, images, spreadsheets, and names tied to mobile phone numbers.
|Unknown
|Summit Medical Associates (US)
|The Indiana-based clinic was hit by a ransomware attack on June 5th, 2020. An investigation revealed that an unauthorised individual may have accessed its servers between January 24th and June 5th, 2020. The servers contained private patient data, including names, medical information, and Social Security numbers. No evidence was found to suggest that the data was accessed or stolen.
|Unknown
|Beaumont Health (US)
|On July 25th, 2020, Beaumont Health began to notify its patients of a data breach incident caused by a phishing attack. An investigation revealed that an unauthorised individual accessed employee email accounts between January 3rd and January 29th, 2020. Data accessible through the compromised accounts included patient names, dates of birth, diagnosis codes, treatment locations, prescription information, and more.
|6,000
|British Dental Association (UK)
|The British Dental Association (BDA) notified its members of an attack against its servers, during which the attacker may have stolen private member data. The attack was first discovered on July 30th, 2020, after the trade union’s website went offline. Names, contact details, transaction histories, direct debit details, including account numbers and sort codes, logs of correspondence, and notes of cases lodged with BDA may have been accessed.
|Unknown
|UberEats (US)
|Researchers at Cyble reported that a threat actor leaked nine TXT files containing details of UberEats drivers, delivery partners, and customers. The leak included login credentials for 579 UberEats customers, as well as login credentials, names, contact numbers, bank card details, trip details, and account creation dates of 100 delivery drivers.
|~700
|Allison-Smith Company LLC (US)
|The operators of REvil ransomware claim to have breached Allison-Smith Company LLC and shared screenshots and sample data as proof of their attack. This includes electrical commercial permits, certificates of liability insurance, accounting data folders, and more. The attackers have threatened to release more data.
|Unknown
|Netzsch Group (Germany)
|Clop ransomware operators published a leak post in which they claim to have obtained sensitive data belonging to the Netzsch Group. Screenshots and a sample leak were uploaded as evidence, which includes email conversations, personal images, multiple users’ details, and more. The operators also threatened to release a large amount of the data on August 4th, 2020.
|Unknown
|Canon (US)
|Canon issued a company-wide notification informing its employees that Canon USA was ‘experiencing widespread system issues affecting multiple applications.’ Bleeping Computer obtained a partial screenshot which allegedly shows a ransomware note displayed on Canon systems by Maze ransomware, whose operators have since claimed responsibility. The attackers claim to have exfiltrated 10TB of data.
|Unknown
|Corporate Renaissance Group (Canada)
|The operators of Netwalker ransomware claim to have breached the Corporate Renaissance Group and posted screenshots on their blog as proof. The screenshots show data folders that appear to include credit card statements, accounting documents, company policies, client data, and more.
|Unknown
|The Center for Fertility and Gynecology (US)
|On their blogpost, the operators of Netwalker ransomware claim to have attacked the fertility specialist and are threatening to publish stolen data within six days. The group also shared screenshots of folders and files, including credit card authorisation forms, passport copies, patient documents, billing documents, and more.
|Unknown
This table shows a selection of leaks and breaches reported this week.
Attack Types Mentions in Banking
This chart shows the trending Attack Types related to Banking over the last week.
Weekly Industry View
|Industry
|Information
|Government
|The Cybersecurity and Infrastructure Security Agency, the Federal Bureau of Investigation, and the Department of Defense collaboratively identified TAIDOOR malware, which they associate with Chinese government actors. The FBI stated that the malware is being used in combination with proxy servers to allow Chinese government actors to maintain persistence on target networks. US Cyber Command stated that the malware has been used since 2008. TAIDOOR has been deployed for espionage purposes against corporations, think tanks, and governments. The malware is installed on target devices as a service DLL composed of two files. The first file is started as a service and is the loader for the second file, which is the main RAT.
|Technology
|A list with the credentials for over 900 Pulse Secure VPN enterprise servers was leaked on a Russian-speaking hacker forum that is reportedly frequented by a number of ransomware gangs. The list includes the IP addresses of the servers, their firmware version, SSH keys, a list of all local users and their hashed passwords, admin account details, last VPN logins, which includes usernames and cleartext passwords, and VPN session cookies. Security researcher ‘Bank Security’ noted that all servers on the list run a firmware version that is vulnerable to CVE-2019-11510. According to Bad Packets, 677 of the unique IPs found on the list were detected as vulnerable in August 2019, when the flaw was first made public.
|Retail, Hospitality & Tourism
|The FBI reported that they received an increasing number of complaints from victims of shopping scams. Commonalities between the scams included victims receiving face masks from China regardless of what they ordered, payments made via online money transfer services, goods advertised at a significant discount, and sites constructed to look like the company was based in the US. The scams often spread via adverts on social media and online search engines’ shopping pages. Attempts by victims to receive their items or full reimbursement were all unsuccessful.
|Healthcare
|According to a US security official, Chinese hackers targeted coronavirus vaccine research developer Moderna in an effort to steal data earlier this year. The report follows the indictment of two Chinese nationals accused of spying on entities in the US, including three undisclosed US-based organisations involved in COVID-19 medical research. Moderna confirmed it was made aware of ‘information reconnaissance activities’ by the perpetrators mentioned in the indictment.
|Cryptocurrency
|Cryptocurrency trading platform 2gether reported that on July 31st, 2020, their servers were attacked by a threat actor who was able to steal €1.183 million in cryptocurrency from investment accounts. An investigation into the incident, which also compromised user passwords, is currently underway.
News and information concerning each mentioned industry over the last week.
