08 July 2021

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Trending Vulnerable Products

Open Source
Name Heat 7
Windows Print Spooler
MediaWiki Software
CMS Made Simple
PHP-Fusion
MikroTik RouterOS
Deep & Dark Web
Name Heat 7
Bitcoin
PrestaShop
VMware ESXi
OpenSLP
Zabbix

The tables show the products which have been mentioned more than usual during the last week in connection with vulnerabilities.

Data Leaks & Breaches

Leaks & Breaches
Company Information Affected
Rehabilitation Support Services Inc (US) The threat actor Grief added the company to its list of victims on June 2nd, 2021, stating that it stole 4GB of data from its servers. On June 29th, 2021, the group dumped a number of folders containing files that relate to financial matters, balance sheets, taxes, site plans, health insurance, bank statements, invoices, and more. Among the files are healthcare certifications, medical documentation, loan payment transmittal forms, and more. In some cases they contained Social Security numbers of clients and employees, driver’s license numbers, nursing home lists, and children’s lists. Unknown
Tamil Nadu Public Distribution System (India) Technisanct discovered a data breach linked to the Tamil Nadu Public Distribution System that exposes personal data of residents of the state. The exposed details include beneficiary member IDs, Aadhaar numbers, names of beneficiaries, addresses, mobile numbers, relationships, and more. MediaNama reported that the TNPDS breach has affected 31 million people, and that the data contained 19 million Aadhaar numbers. 31,000,000
Arthur J. Gallagher (US) The global insurance company disclosed that an unknown attacker ‘accessed or acquired data’ from parts of its network between June 3rd, 2020, and September 26th, 2020. The company stated that the types of information on the compromised systems include Social Security numbers, passport numbers, dates of birth, usernames, passwords, and more. 7,376
Washington State Department of Labor & Industries (US) Pacific Market Research recently informed its client the Washington L&I of a ransomware attack which took place on May 22nd, 2021. The company disclosed that its system contained an unencrypted document that listed the contact information, claim numbers, and dates of birth of 16,466 workers who had workers’ compensation claims in 2019. The document also featured the L&I account numbers for 9,400 employers. 16,466
Kawasaki Kisen Kaisha (Japan) The shipping company stated that its overseas subsidiary systems were breached and that some allegedly stolen information and data has since been published. The company is currently investigating the incident and believe that the unauthorised access has stopped. Unknown
Brenntag North America (US) The chemical distribution company released the results of its investigation into the April 2021 DarkSide ransomware attack. The report confirmed that its systems were accessed on April 26th, 2021, and that some information was stolen. The impacted data includes Social Security numbers, dates of birth, driver’s license numbers, and select medical information. 6,700
Good Shepherd Centres (UK) The organisation stated that it was targeted in a ransomware attack on September 27th, 2020, that impacted some protected health information. Unknown
New Skills Academy (UK) The learning provider disclosed a data breach which compromised their customers’ usernames, email addresses, and encrypted passwords.  Unknown
Fairbanks Cancer Physicians (US) The clinic was affected by an attack against their cloud storage vendor Elekta. Patients’ names, Social Security numbers, addresses, dates of birth, and medical information may have been exposed. Unknown
Dermatology Group of Arkansas (US) The clinic was hit by a phishing attack resulting in an unauthorised party gaining access to three employee accounts between November 12th and December 2nd, 2020. The attacker had access to some patients’ names, dates of birth, addresses, medical information, and more. Some Social Security numbers, driver’s license numbers, passport numbers, and financial and credit card account information were also exposed. Unknown
MasMovil (Spain) The operators of REvil ransomware claimed to have targeted the telecom operator and ‘downloaded databases and other important data.’ The attackers uploaded screenshots of the supposedly stolen data as proof of their attack.  Unknown
The CentraCare Health and Carris Health – Willmar Lakeland Clinic (US) The clinic disclosed being affected in the Netgain Technology ransomware attack. Historical patient records, including names, addresses, dates of birth, Social Security numbers, Medicare ID numbers, and more may have been accessed during the incident. Unknown
QSure (South Africa) The insurance company was impacted by a data breach discovered on June 9th, 2021. The attacker exfiltrated the data of policyholders who are clients of QSure’s customers, compromising their bank account numbers, bank branch codes, and names.   Unknown
LinkedIn (US) CyberNews researchers discovered a post on a popular hacker forum containing a 68MB JSON database featuring scraped LinkedIn data from United States business owners, all of whom, according to the poster, changed their jobs in the past 90 days. The database includes information publicly listed by the victims, including their profile summaries, names, locations, and some contact details including 6,520 email addresses. 88,000
LimeVPN (Singapore) On June 29th, 2021, a RaidForums user advertised a database obtained from LimeVPN. The stolen information includes usernames, passwords, emails, IP addresses, payment details, and private keys which can be used to decrypt users’ traffic. The backup database reportedly contains over 69,400 user records. Unknown
GETTR (US) A Hudson Rock researcher reported that hackers identified an unsecured API that allowed them to scrape the data of members of the pro-Trump social media platform. The hackers reported that the API has been secured, however, another forum user stated that they identified a second unsecured API. The scraped information was posted to a well-known hacker forum. BleepingComputer viewed a sample of the data and reported that it includes email addresses, profile names, dates of birth, location details, profile descriptions, and more. 87,973
Pakistan’s Sindh High Court Techjuice reported that the hacker group Indian Cyber Troops took over the website of the court on July 4th, 2021. Unknown
Practicefirst Medical Management Solutions (US) The company discovered an attempted ransomware attack on its systems on December 30th, 2020. The attacker was found to have copied some files on the company’s system before attempting to encrypt them. The stolen files contained the personal information of patients and employees, including names, addresses, email addresses, driver’s license numbers, Social Security numbers, medical information, financial information, and more. Unknown
Marsh McLennan (US) The insurance company  disclosed that it identified a data breach on April 26th, 2021. The company stated that a threat actor exploited a vulnerability in third-party software from at least April 22nd, 2021. The incident exposed a ‘limited set of data’ including names, Social Security numbers, and other federal tax identification numbers. Unknown

Attack Type mentions in Banking & Finance

Time Series

This chart shows the trending Attack Types related to Banking within a curated list of cyber sources over the past week.

Weekly Industry View

Industry View
Industry Information
Banking & Finance In June 2021, researchers at Kryptos Logic identified a new development to the TrickBot webinject module. The threat actors have now added support for Zeus-style webinject configs. The researchers stated that the development of the webinject module indicates that TrickBot is going to return to bank fraud operations.
Cryptocurrency Researchers at Lookout Threat Lab identified over 170 Android apps, 25 of which were on Google Play, that pretend to be cryptomining apps. The apps simply display fictitious earning activities while generating revenue from users purchasing the app and purchasing fake upgrades. The apps are estimated to have scammed over 93,000 users out of at least $350,000. Some of the apps have Bitcoin and Ethereum payment options in addition to payments via the Google Play in-app billing system. The researchers stated that multiple criminal actors set up the apps. While the apps have been removed from Google Play, dozens more are reportedly still being circulated in third-party app stores.
Government Researchers at Check Point identified an ongoing cyber espionage operation that dates back to 2014. The campaign is believed to be the work of Chinese APT group IndigoZebra. The group’s recent activity has targeted the Afghan National Security Council, while historic activity targeted entities in Kyrgyzstan and Uzbekistan. The recent operation targeting Afghanistan began with a spear phishing email asking the recipient to review a document. The email contains a password-protected RAR archive and features a file which drops and executes the BoxCaon backdoor.
Critical Infrastructure TeamT5 researchers discovered two installers of a new backdoor called MemzipRAT targeting a South Korean company in the aerospace sector. The malware has been linked to the North Korean APT group CloudDragon, which has been known to abuse VPN vulnerabilities in attacks. The researchers believe that the new malware is an extension of earlier campaigns, and is exploiting a new VPN zero-day vulnerability.
Technology On July 2nd, 2021, Huntress researchers discovered that Kaseya VSA servers were used to deploy REvil ransomware in an attack that affected thousands of businesses. The company is currently tracking about 30 impacted managed service providers globally. On its dark web site, the operators of REvil have asked for $70,000,000 to decrypt all victims. All exploited VSA servers are on-premises and the researchers confirmed that a SQLi vulnerability was exploited in the attack. Kaseya was reportedly already working on a fix for these when the attack occurred. 

News and information concerning each mentioned industry over the last week.

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Silobreaker Weekly Cyber Digest

Sign up for weekly news on data breaches, hacker groups, malware and vulnerabilities.

Silobreaker
This website uses cookies.
See our privacy policy at www.silobreaker.com/legal