16 December 2021

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Trending Vulnerable Products

Open Source
Name Heat 7
Apache Log4J
Minecraft
Apple iCloud
Apache Struts
Apache Solr
Deep & Dark Web
Name Heat 7
Apache Log4J
Minecraft
Apple iCloud
Delphi
ElasticSearch

The tables show the products which have been mentioned more than usual during the last week in connection with vulnerabilities.

Data Leaks & Breaches

Leaks & Breaches
Company Information Affected
Cox Communications (US) An attacker gained access to Cox customers’ personal information by posing as a support agent. Data possibly viewed by the attacker includes names, addresses, telephone numbers, Cox[.]net email addresses, usernames, and more. Unknown
Government of South Australia The government’s external payroll software provider, Frontier Software, was targeted in a ransomware attack. On December 9th, 2021, it was confirmed that the personal information of government employees was stolen from the company’s systems and published on the dark web. Compromised data includes names, dates of birth, tax file numbers, home addresses, bank account details, and more. Unknown
Atalanta (US) A breach of employees’ personal information occurred following a ransomware attack discovered on July 25th, 2021. The data of current and former employees, as well as some visitors, was accessed by the actor. Unknown
Vestas (Denmark) Hackers retrieved files containing personal data during the ransomware attack on November 19th, 2021. Exposed information includes names, addresses, phone numbers, country of residence, and more. In some instances, passports, drivers licences, Social Security numbers, medical certificates, bank account information and more were also exposed.  Unknown
M3Logi (Japan) Security researcher ‘_boris’ discovered a publicly accessible bucket belonging to the shipping solutions firm. Among the exposed files are thousands of sensitive documents, including shipping orders and invoices. Unknown
Volvo Cars (Sweden) A Volvo file repository was illegally accessed by a third party, and a limited amount of research and development property was stolen. Snatch ransomware added the company to their leak site on November 30th, 2021, alongside screenshots of the stolen files as proof. The actors have since leaked 35.9MB of data they claim was exfiltrated during the attack. Unknown
Great Plains Manufacturing (US) Unauthorised individuals gained access to the company’s systems on September 28th, 2021. Files containing personal information on employees and their dependents who were covered by the company’s health plan were accessed. Possibly compromised data includes names, dates of birth, Social Security numbers, health insurance numbers, and health plan selection.  Unknown
Otsuka America Pharmaceutical (US) Security researcher ‘_boris’ discovered a public bucket belonging to the healthcare company that contains 26GB of data, including multiple signatures, internal training content, and other sensitive data. Unknown
Standard Bank of South Africa and Lightstone Property (South Africa) The two companies disclosed that the LookSee online platform was used to access the information of some property owners in South Africa. Potentially compromised data includes names, identity numbers, entity registration numbers, marital status, and physical addresses. Unknown
BioPlus Specialty Pharmacy Services (US) The BioPlus network was accessed by an unauthorised party between October 25th and November 11th, 2021. The intrusion may have compromised the data of current and former patients, including their names, birth dates, addresses, medical information, and some Social Security numbers. Unknown
Ministry of Health (Brazil) Following a ransomware attack on December 10th, 2021, all websites belonging to the department went offline, making the COVID-19 vaccination data of millions of individuals unavailable. The threat actor Lapsus$ Group claimed responsibility for the attack, stating they exfiltrated 50TB of data in the attack. Unknown
Whitehouse Independent School District (US) On December 10th, 2021, the district confirmed that some students’ personal information may have been compromised following a ransomware attack on July 8th, 2021. Potentially compromised information includes names, Social Security numbers, health information, and dates of birth. Unknown
Świętokrzyskie (Poland) The municipality suffered a data breach after an employee at the commune office in Nowiny opened an infected link that launched malware and encrypted the server. The data of several hundred current and former employees and contractors was leaked from four databases. Potentially compromised information includes names, dates and places of birth, bank account numbers, ID numbers, and more.  Unknown
Ultimate Kronos Group (US) A ransomware attack impacting solutions using Kronos Private Cloud was discovered on December 11th, 2021. The private cloud is where UKG Workforce Central, UKG TeleStaff, Healthcare Extensions, and Banking Scheduling Solutions are deployed. The company warned that it may take up to several weeks to restore system availability. Unknown
Virginia’s Division of Legislative Automated Systems (US) On December 10th, 2021, the IT agency was targeted in a ransomware attack that impacted Virginia’s legislature operations. The Virginia General Assembly’s internal servers, budget system, and voicemail system are affected, while the website for the Division of Capitol Police is also down as a result of the attack.  Unknown
Oregon Anethesiology Group (US) On October 21st 2021, the company was informed by the FBI that the bureau had seized an account belonging to the Ukrainian actor HelloKitty that contained patient and employee files. Potentially compromised information on patients includes the names, addresses, medical information, Social Security numbers, and more. 750,522
Northeastern University (US) COVID-19 vaccine registrants’ personal information was comprmised by the third-party vaccine provider for the Boston campus, Pelmeds Revealed data includes names, birth dates, addresses, and health issues, made public on their website. Unknown
Doxy[.]me (US) Security researcher Zach Edwards, in collaboration with CyberScoop, discovered that the telehealth platform was sharing the names of patients’ providers, IP addresses and unique device identification numbers with Facebook, Google, and HubSpot. Unknown
Kiwibank (New Zealand) Security researcher ‘_boris’ discovered a publicly accessible bucket belonging to the  state-owned bank. Among the files are web server logs, the majority of which can be downloaded. Unknown
Superior Plus (Canada) The natural gas supplier was hit by a ransomware attack that began on December 12th, 2021. Some computer systems and applications were disabled to conduct an investigation of the incident. The company did not disclose what systems were affected by the attack. Unknown
Shelley School District (US) A ransomware attack was discovered on December 6th, 2021. Local News 8 was informed that no student information or district financial information was lost, as they were allegedly able to stop the malware before it reached those servers.  Unknown
Bansley and Kiener LLP Attackers had exfiltrated some files from the company’s systems following a ransomware attack in December 2020. The files contained sensitive client information, including names and Social Security numbers. Unknown

Attack Type mentions in Healthcare

Time Series

This chart shows the trending attack types related to Healthcare within a curated list of cyber sources over the past week.

Weekly Industry View

Industry View
Industry Information
Technology The recently discovered Log4Shell vulnerability, tracked as CVE-2021-44228, in Apache Log4j is being exploited by a number of different malware families, including the Muhstik, Mirai, and Elknot botnets, Kinsing, Khonsari ransomware, Orcus, and StealthLoader. Nation-state threat actors like Charming Kitten and Hafnium have also been observed leveraging the vulnerability. The flaw was fixed in version 2.15.0, however Apache later disclosed that the patch was incomplete for certain non-default configurations. Tracked as CVE-2021-45046, the new issue could lead to denial-of-service. Additional fixes were released with Log4j 2.12.2 for Java 7 and Log4j 2.16.0 for Java 8 and up. Cybereason released a public vaccine for the vulnerability that can be applied to systems that cannot be immediately updated.
Government Following a ransomware attack on December 10th, 2021, all websites belonging to Brazil’s Ministry of Health went offline, making the COVID-19 vaccination data of millions of individuals unavailable. The threat actor Lapsus$ Group claimed responsibility for the attack, stating that they exfiltrated 50TB of data. The department was targeted in a second cyberattack on December 13th, 2021, which reporteldy impeded progress of bringing systems back online.
Critical Infrastructure Symantec researchers observed an espionage campaign targeting telecommunications operators, as well as IT services and a utility company, in Israel, Jordan, Kuwait, Saudi Arabia, the United Arab Emirates, Pakistan, Thailand, and Laos. The researchers found some evidence that suggests the attackers may be linked to the Iranian Seedworm group, however this remains unconfirmed. The attacks use a mixture of legitimate tools, living-off-the-land tactics, and publicly available malware. Tools utilised by the attackers include ScreenConnect, RemoteUtilities, Ligolo, Mimikatz, Password Dumper, keyloggers, and more.
Banking & Finance Lookout researchers discovered an Anubis Android malware campaign targeting customers of 394 financial institutions. Targets include French customers of Orange S.A., as well as United States banks, namely Bank of America, U.S. Bank, Capital One, Chase Bank, SunTrust, and Wells Fargo. The attackers impersonate the Orange S.A. Android app, distributing the fake app through malicious websites, direct messages on social media, smishing, and forum posts. The app targets financial institutions, cryptocurrency wallets, and virtual payment platforms, and attempts to steal login credentials.
Retail & Hospitality RiskIQ researchers observed three new Magecart attacks in which the threat actor leveraged potential vulnerabilities in WooCommerce. A Magecart skimmer with obfuscated code, dubbed WooTheme Skimmer and discovered in July 2021, was detected across five domains. A second skimmer, dubbed Slect Skimmer, looks for multiple form fields it does not want to extract data from. This skimmer’s exfil domain was previously associated with other Magecart infrastructure and used by a variant of the Grelos skimmer. A third skimmer, dubbed Gateway Skimmer, uses multiple layers and steps to obfuscate processes. The skimmer exfiltrates personally identifiable information and credit card data.

News and information concerning each mentioned industry over the last week.

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Silobreaker Weekly Cyber Digest

Sign up for weekly news on data breaches, hacker groups, malware and vulnerabilities.

Silobreaker
This website uses cookies.
See our privacy policy at www.silobreaker.com/legal