15 July 2021

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Trending Vulnerable Products

Open Source
Name Heat 7
Siemens JT2Go
Accellion FTA
SolarWinds Serv-U
Snapdragon Mobile
Nextcloud Server
Deep & Dark Web
Name Heat 7
Windows 10
Oracle MySQL
Google Play Gift Card

The tables show the products which have been mentioned more than usual during the last week in connection with vulnerabilities.

Data Leaks & Breaches

Leaks & Breaches
Company Information Affected
Guess (US) An investigation revealed unauthorised access to the systems of the fashion retailer between February 2nd and February 23rd, 2021. Customers’ Social Security numbers, driver’s license numbers, passport numbers, and financial account numbers may have been accessed or stolen. DataBreaches[.]net reported in April 2021 that the operators of DarkSide ransomware listed Guess on their data leak site. 1,300
LinkedIn (US) Threat actors appear to have performed a massive data scraping operation against LinkedIn for the third time in four months. The seller shared a sample of the data which features 632,699 profile entries and 154,204 user email addresses. The exposed information reportedly contains LinkedIn IDs, full names, email addresses, birth dates, locations, and more. 600,000,000
Millennia Companies (US) The Ohio housing management company disclosed that some employee email accounts were accessed by an unauthorised party between October 21st and December 18th, 2019. Compromised accounts contained full names alongside Social Security numbers, passport numbers, debit or credit card information, usernames, passwords, and more. Unknown
Symes de Silva (New Zealand) The dental practice in Wellington disclosed an April 2021 cyberattack that involved the installation of malware on its email server. The server contained patient names, dates of birth, phone numbers, addresses, and some health information. Unknown
HX5 (US) REvil ransomware operators claim to have stolen 23GB of data from the Florida-based defence contractor. Screenshots of some of the stolen material were published on the actors’ blog on July 7th, 2021. The screenshots reveal employee details such a Social Security number and the personal data of an HX5 executive. Unknown
Morgan Stanley (US) Morgan Stanley disclosed being affected by the Accellion FTA server breach of its third-party vendor Guidehouse. The January 2021 breach resulted in the theft of Morgan Stanley’s StockPlan Connect participants’ data, including their names, addresses, dates of birth, Social Security numbers, and corporate company names. Unknown
CNA Financial (US) The company disclosed that Phoenix CryptoLocker attackers accessed various CNA systems on multiple occasions between March 5th and March 21st, 2021, and copied a ‘limited amount’ of data. The exposed data includes names, Social Security numbers, and in some cases, data linked to health benefits, of employees, contract workers and dependents.  75,359
Forefront Dermatology (US) Attackers accessed some patient and employee files between May 28th and June 4th, 2021. This includes names, addresses, dates of birth, patient account numbers, medical record numbers, and more. Databreaches[.]net reported that the attack was conducted with Cuba ransomware and that the threat actors dumped some of the company’s data. Unknown
Practicefirst Medical Management Solutions  (US) The company disclosed that on December 30th, 2020, they discovered that a ransomware attacker had copied files from their system. The stolen data includes names, addresses, Social Security numbers, claims information, employee usernames and passwords, and more. 1,200,000
Northwestern Memorial Healthcare (US) The third-party service provider Elekta informed Northwestern Memorial that an unauthorised actor accessed its systems between April 2nd and April 20th, 2021. The intruder copied a database that stores some oncology patient data, including patient names, dates of birth, Social Security number, health insurance information, and more. Unknown
Dotty’s (US) The Nevada company informed customers of a data breach in which personally identifiable information was stolen. This includes names, birthdays, and driving licence numbers.  300,000
Comparis (Switzerland) The consumer outlet was hit by a ransomware attack that disabled some of their systems. The attack also gave a third party access to customer data from Credaris, their sister company.  Unknown
Mint Mobile (US) The company sent a data breach notification to affected subscribers, stating that between June 8th and June 10th, 2021, a small number of Mint Mobile subscribers had their phone numbers ported to another carrier by a threat actor. The personal information of subscribers was also potentially accessed, including names, addresses, emails, passwords, and call detail information. Unknwon
Bank of Oak Ridge (US) The bank sent a letter to affected customers informing them of a data breach, which occurred between April 26th and April 27th, 2021. Data compromised in the breach includes names, Social Security, and bank account numbers. Unknown
York Animal Hospital (US) The hospital was hit by a ransomware attack over the weekend of July 4th, 2021, and led to the loss of four years of patient records. The owner of the clinic stated that financial records were not accessed and that clients should not be concerned about their personal information being targeted. Unknown
ClearBalance (US) The California-based firm disclosed that a phishing attack on March 8th, 2021, resulted in an unauthorised actor gaining access to employee email accounts. The access was detected on April 26th, 2021. The data contained in the email accounts includes patient names, Social Security numbers, dates of birth, personal banking information, and more.   209,719
The Clover Park School District (US) The school disclosed a previously reported Pay or Grief ransomware attack. The notification revealed that a threat actor may have viewed or extracted data from its systems between May 12th and May 26th, 2021. The attackers have since dumped data they claim to have stolen online, including Social Security numbers, names, dates of birth, addresses, and more. 1,583 
ITxx (Netherlands) The company was targeted in a ransomware attack on July 2nd, 2021. The attackers encrypted all data and emails belonging to the company and its fifty hosted clients. The clients were unable to access their data or backups. Unknown
Spread Group (Germany) Spread Group disclosed a cyberattack which resulted in the attackers accessing addresses and contractual data of customers, partners, employees and external suppliers. The bank account numbers and PayPal addresses of partners receiving commission payments were also affected, as were the payment details of ‘a small number of customers.’ Unknown

Malware mentions in Healthcare

Time Series

This chart shows the trending Malware related to Healthcare within a curated list of cyber sources over the past week.

Weekly Industry View

Industry View
Industry Information
Cryptocurrency In May 2021, researchers at Bitdefender began investigating a cryptojacking campaign focused on Monero mining. They identified a server and associated domain linked to the group which has been used to host a range of malware. Several archives on the server contain toolchains for gaining access to Linux servers with weak SSH credentials. For brute forcing, the group uses the Diicot Brute tool, which the researchers believe was developed by the attackers. The attackers have been active since at least 2020 and Bitdefender believes that the group is likely based in Romania. The group has also been linked to several distributed denial-of-service botnets including a Perl IRC bot and a Demonbot variant tracked as Chernobyl.
Education Proofpoint researchers observed a campaign, dubbed Operation SpoofedScholars, in which the threat actor TA453 impersonated staff at the University of London’s School of Oriental and African Studies (SOAS). Among the targets were senior think tank personnel, journalists focusing on Middle Eastern affairs, and professors. The campaign initially involved lengthy conversations before the target would be sent a registration link for an online conference. The link led to a compromised website of the University of London’s SOAS radio that sought to capture a variety of credentials. Later attacks saw the link being sent earlier on, without any extensive conversations, as well as one instance of personal email accounts being targeted. TA453 has been linked to the government of Iran and the researchers assess with high confidence that the group supports the Islamic Revolutionary Guard Corps in collecting intelligence.
Government Following an investigation into several watering hole attacks, Zerde National Infocommunication Holding JSC reported that Razy malware was detected on parts of the Kazakhstan e-government portal. The attackers likely gained access to the upload function on two of the portal’s sites. They uploaded the malware disguised as two fake office documents referring to the local government, which appear to have been uploaded in 2021.
Critical Infrastructure In June 2021, researchers at Insikt Group reported that Chinese state-sponsored threat actor TAG-22 is actively targeting the Industrial Technology Research Institute (ITRI) in Taiwan, the Department of Information and Communications Technology in the Philippines, and Nepal Telecom. The researchers stated that the attacks against the ITRI are of note due to the organisation’s focus on sustainability and technology projects that are similar to Chinese development interests. The group has also targeted entities operating in the academic, research and development, and government sectors in Nepal, the Philippines, Taiwan, and Hong-Kong. The attackers use backdoor tools and open-source tools such as Cobalt Strike, Winnti and ShadowPad.
Technology  Sonicwall warned of a ransomware campaign targeting Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products that are operating unpatched and end-of-life 8.x firmware. The attacks target known flaws that have been resolved in newer versions of firmware. The company stated that organisations who fail to take mitigation actions are at ‘imminent risk.’

News and information concerning each mentioned industry over the last week.

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Silobreaker Weekly Cyber Digest

Sign up for weekly news on data breaches, hacker groups, malware and vulnerabilities.

This website uses cookies.
See our privacy policy at www.silobreaker.com/legal