13 January 2022

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Trending Vulnerable Products

Open Source
Name Heat 7
H2 Database Engine
Tenda
VMware Horizon
Google Docs
KCodes NetUSB
Deep & Dark Web
Name Heat 7
Microsoft Windows
Microsoft Internet Explorer
Google Chrome Browser
Windows 7
Atlassian Confluence

The tables show the products which have been mentioned more than usual during the last week in connection with vulnerabilities.

Data Leaks & Breaches

Leaks & Breaches
Company Information Affected
FlexBooker (US) Attackers compromised the company’s Amazon AWS servers on December 23rd, 2021, and exfiltrated personal data including email addresses, names, credit card data, passwords, and phone numbers. The threat actor Uawrongteam claimed responsibility for the attack, and additionally claimed that the stolen database contains 10 million lines of customer information, including payment forms, charges, and driver’s licence photos. 3,756,974
Indonesian Ministry of Health The ministry is investigating a possible breach of millions of patients’ data that were traded on the dark web forum, RaidForums. One leaked document reportedly contained 720GB of medical data, while another actor uploaded a further six million data samples, including full names, hospitals, patient photos, COVID-19 test results, x-ray scans, laboratory test results, and more. Unknown
Fertility Centers of Illinois (US) Attackers gained access to protected health information of current and former patients of the fertility clinic, including Social Security numbers, passport numbers, financial account and payment card information, medical data, and login credentials. 79,943
Vodafone (UK) One of the telecom’s users was mistakenly sent an email containing the names, addresses, and phone numbers for 18 other users. The customer claims that ‘hundreds’ of other users’ accounts and bills were sent to her. Unknown
The De Montfort School (UK) The school suffered a data breach after students’ results from an asymptomatic COVID-19 test were inadvertently sent to other pupils’ parents. The breach allegedly only affected a small number of students. Unknown
Doxbin[.]com A threat actor posted a leak allegedly sourced from the paste site on XSS forum. Potentially compromised information includes usernames, email addresses, passwords, and more. 41,544
Compton and Broomhead Dental Center (US) Databreaches[.]net discovered a potential data breach after they were contacted by threat actors claiming to have attacked and exfiltrated patient files from the center on October 8th, 2021. Potentially compromised information includes names, addresses, dates of birth, Social Security numbers, health insurance information, driver’s license numbers, and more. Unknown
Jefferson Surgical Clinic (US) An unauthorised third party attempted to infiltrate their computer network on June 5th, 2021. Potentially compromised data includes names, dates of birth, Social Security numbers, and healthcare and treatment information.  174,769
OG Private Limited (Singapore) The company notified its members of a breached database containing information of its OG Basic and Gold members’ names, email addresses, mobile numbers, genders, dates of birth, and cryptographically-hashed NRIC data and passwords. Unknown
Monroe Public Schools (US) A data breach occurred following a ransomware attack on January 7th 2022. Due to information redaction, the exact type of data that was compromised remains partially unknown but includes Social Security numbers for some affected individuals. 1,201
National Association of Community Health Centers (US) Following a ransomware attack in October 2021, an attacker accessed and encrypted several servers that contained information on current and former employees. Potentially exposed data includes names, addresses, dates of birth, salary, income and tax information, Social Security numbers, and more. 936
Grass Valley (US) An unauthorised actor gained access to some of the city’s computer systems between April and July 2021. Files exfiltrated by the attacker contained names, Social Security numbers, driver’s licence numbers, financial information, medical information, and more. 936
Bunnings (Australia) Customers who used the Drive & Collect service may have had their private information exposed following the data breach of FlexBooker on December 23rd, 2021. Potentially compromised information includes full names and email addresses. 936
Siriraj Hospital (Thailand) A user on the hacking forum RaidForums, using the name ‘WraithMax’, offered to sell patient records extracted from the hospital, including names, addresses, ID’s, phone numbers, gender, dates of birth, and more. 38,900,000
Capital Region Medical Center (US) Patient data was exposed following a cyberattack against their systems on December 17th, 2021. Unspecified personal health information was reportedly accessed by an unauthorised third party. Unknown
The Vintage Bar (Denmark) Thousands of invoices and shipping labels belonging to the retailer were discovered exposed on the internet. The document contains personal and financial information belonging to the company’s customers. Unknown
Bay & Bay Transportation (US) The company suffered a Conti ransomware attack that impacted certain systems and computers. After the company refused to pay the requested ransom, Conti operators leaked some of the stolen data, including sensitive employee information. Unknown
Panasonic (Japan) Hackers accessed personal information of job candidates and interns from certain divisions of the company during the cyberattack in November 2021. The data breach began on June 22nd, 2021 and lasted until November 3rd Unknown
BULSTAT (Bulgaria) The personal data of people registered in the BULSTAT register was exposed on January 4th, 2022. The register contains employment information of journalists, lawyers, consultants, and others, including their PESEL numbers, telephone numbers, email addresses, residence addresses, and insurance information. ~ 300,000
Credit Suite (US) Security researcher _boris discovered a public bucket containing bank statements, other personal and financial data, and internal documents belonging to the company. Unknown
Loyola University Medical Center (US) A breach occurred after an unauthorised individual gained access to an employee’s email account between October 29th and October 31st, 2021. Possibly exposed information includes patient names, addresses, phone numbers, dates of birth, email addresses, medical record numbers, conditions, and more. 16,934
Philippine Commission on Elections A data breach occurred on January 8th, 2022, resulting in the theft of 60GB of data, including sensitive voter information. Affected personal information includes a list of overseas absentee voters, details of the board of canvassers, Comelec personnel accounts, and more. Unknown
Aditya Birla Group (India) Threat actor ShinyHunters claimed to have exfiltrated sensitive data on customers and employees, potentially including names, dates of birth, gender, credit card information alongside CVV numbers, and more. Aditya Birla Group is yet to confirm the attack.  Unknown
Ciox Health (US) The company suffered a cyberattack that gave unauthorised access to an employee’s email between June 24th and July 2nd, 2021. Potentially compromised information includes patient names, dates of birth, as well as some Social Security and driver’s licence numbers, medical information, and more. 12,493
TransCredit Researchers discovered a non-password protected database containing 822,789 records seemingly linked to the company. The data concerned trucking and transport companies and individual drivers in the United States and Canada, and featured credit accounts, loans, repayments, banking information, tax ID and Social Security numbers, and more. Internal emails and usernames of TransCredit employees were also found, though the company did not acknowledge the incident. Unknown
Medical Review Institute of America (US) The company suffered a cyberattack which compromised personal information including names, physical addresses, email addresses, phone numbers, Social Security numbers, full clinical information, and more. 134,000
Visalia Unified School District (US) Certain email accounts were accessed by an unauthorised party between January 1st and June 3rd, 2021. The incident compromised the data of employees and students. Potentially compromised data includes driver’s licence numbers, financial account numbers, and health insurance details. 35,000
Durham District School Board (Canada) A data breach exposed the names of staff members who are not vaccinated against COVID-19 or did not disclose their vaccination status. The breach occurred when an email was sent to 400 recipients containing an attached spreadsheet with the names. ~ 800

Attack Type mentions in Government

Time Series

This chart shows the trending attack types related to Government within a curated list of cyber sources over the past week.

Weekly Industry View

Industry View
Industry Information
Cryptocurrency The LCX Exchange confirmed that a wallet compromise led to the loss of several cryptocurrency tokens with an accumulated value of $6.8 million. The hacker transferred eight types of tokens, including Ether, USD Coin, Sandbox, Quant, Chainlink, and more, and LCX Exchange has since suspended all deposits and withdrawals.
Healthcare The United States Department of Health and Human Services warned the healthcare sector of continued PYSA ransomware campaigns against the sector. The campaigns involve various other tools, including ADRecon, Advanced Port Scanner, DNSGo RAT, Mimikatz, PEASS and PowerShell Empire. The US, the UK, Canada, Spain, and Brazil, are PYSA operators’ most frequently targeted countries.
Banking & Finance Cofense researchers discovered a COVID-19 themed phishing campaign attempting to harvest banking credentials from users of New Zealand’s ASB Bank. Whilst the body of the emails initially seems legitimate, they are clearly not sent from an official ASB Bank address. Once users enter their login credentials, they are prompted for a one-time password (OTP), and it is possible the threat actor may have tools to automatically use this information in real time. Victims are redirected to the legitimate ASB Bank home page once they have provided their credentials and OTP.  
Critical Infrastructure The United States Federal Bureau of Investigation released an updated flash alert warning that the financially motivated threat actors, FIN7, are using packages containing malicious USB devices to deploy ransomware. The transportation and insurance sector has been targeted since August 2021, and defence companies since November 2021. Packages containing ‘BadUSB’ or ‘Bad Beetle USB’ devices are sent by FIN7 using the United States Postal Service and United Parcel Service. The attackers impersonate Amazon and the US Department of Health & Human Services to trick targets into opening the packages, and connecting the USB device to their systems. The end goal for the attackers is to deploy ransomware, including BlackMatter and REvil, on the compromised system
Government Malwarebytes researchers examined a recent campaign from Indian threat actor, Patchwork APT, in which malicious RTF files were used to drop a variant of the BADNEWS RAT against Pakistani targets between late November and early December 2021. The new variant of the BADNEWS RAT, dubbed Ragnatela, was distributed via spear phishing emails, which included documents impersonating Pakistani authorities. Confirmed victims so far include the Pakistani Ministry of Defense, the National Defense University of Islamabad, as well as molecular medicine and biological sciences departments at UVAS University, the University of Karachi, and SHU University. 

News and information concerning each mentioned industry over the last week.

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Silobreaker Weekly Cyber Digest

Sign up for weekly news on data breaches, hacker groups, malware and vulnerabilities.

Silobreaker
This website uses cookies.
See our privacy policy at www.silobreaker.com/legal