16 September 2021

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Trending Vulnerable Products

Open Source
Name Heat 7
WebKit Software Component
Apple iOS
macOS Catalina
HP OMEN Gaming Hub
Apple iOS 14
Deep & Dark Web
Name Heat 7
Microsoft Office
TeamViewer
ActiveX
Microsoft Internet Explorer
Cobalt Strike

The tables show the products which have been mentioned more than usual during the last week in connection with vulnerabilities.

Data Leaks & Breaches

Leaks & Breaches
Company Information Affected
United Nations Unknown attackers breached parts of the UN infrastructure in April 2021. Login credentials granting access to the Umoja enterprise resource planning system used by the UN were identified on the dark web. The UN reportedly believes that the attack was a reconnaissance operation and that the hackers only took screenshots of the compromised network. Unknown
South African National Space Agency A third party shared a file containing company information online. The Agency determined the file dump was from a public anonymous FTP server rather than a network breach. Most of the data is already in the public domain, although some student applications from 2016 were exposed. CoomingProject have claimed responsibility. Unknown
Virginia National Guard (US) Email accounts maintained by a contracted third party were impacted in a cyberattack in July 2021. No internal IT infrastructure of data severs were breached. On August 20th, 2021 actors on the Marketo marketplace claimed they had 1GB of stolen data available for purchase. Unknown
Bar Ilan University (Israel) Data was leaked online by a hacker operating under the alias ‘darkrypt’, who demanded $2.5 million in ransom, exposing 20TB of data when the university refused to pay. The exposed data includes lab documents, papers, the personal information of thousands of individuals, and more. Unknown
LifeLong Medical Care (US) A data breach in September 2020 against the company’s vendor Netgain Technology exposed patient data. The exposed data includes full names and various combinations of Social Security numbers, dates of birth, and medical information. 115,448
HAN University of Applied Sciences (Netherlands) A data breach occured against its systems on September 1st, 2021. The attack reportedly resulted in the theft of data, including the names, telephone numbers and passwords of students, alumni, employees, and anyone who has ever filled out an online contact form to reach the university. The attacker published the stolen data after HAN reportedly refused to pay a ransom. 115,448
Desert Wells Family Medicine (US) A targeted ransomware attack on May 21st, 2021, corrupted the clinic’s electronic health record data, including its backups, making the records unrecoverable. The incident exposed the names, Social Security numbers, addresses, dates of birth, billing account numbers, and medical information of individuals. 35,000
Department of Justice (South Africa) All systems were encrypted and rendered unavailable to both employees and the public following a ransomware attack on September 6th, 2021. All electronic services of the department were suspended. Unknown
MyRepublic (Singapore) A data breach against its data storage vendor was discovered on August 29th, 2021. An unauthorised party obtained access to scanned copies of national identity cards, residential addresses of foreign residents, and names and phone numbers of some customers. 79,388
Dorchester County (US) A phishing incident resulted in unauthorised access to information maintained by the county. The exposed data includes residents’ names, addresses, email addresses, dates of birth, Social Security numbers, driver’s license numbers, financial account numbers, credit card numbers, credentials, and medical information.  79,388
Unknown An AvosLocker ransomware affiliate conducted a ransomware attack against an undisclosed company between September 3rd and September 9th, 2021. The target company reportedly paid a ransom of $85,000 in Bitcoin. Unknown
Missouri Delta Medical Center (US) Threat actors Hive targeted the company with a ransomware attack on August 23rd, 2021, allegedly stealing 400GB of data, and dumping 10GB online. Potentially compromised information includes patient names, account numbers, and medical data. Unknown
Barlow Respiratory Hospital (US) The hospital was targeted in a ransomware attack by Vice Society on August 27th, 2021, allegedly accessing and dumping a large number of files from 2001 to 2009 containing personal information. Some current files were also leaked. Unknown
Toray Industries (Japan) The hacker group Marketo claimed to be in possession of 4BG worth of data from Toray, despite initially claiming the stolen data was from Fujitsu. Compromised data includes confidential customer information, company data, budget data, and more. Unknown
Olympus (Japan) A cyebrsecurity incident attributed to BlackMatter ransomware group impacted some of the company’s Europe, Middle East, and Africa IT systems on September 8th, 2021. The affected systems have been disabled. Unknown
HBP Financial Services Group (US) An incident discovered on May 20th, 2021, breached the company’s system, where the attacker reportedly attempted to commit financial fraud against the company. Unknown
Pathology Consultants of New London (US) An attacker may have had access to emails continaing names, addresses, dates of birth, and insurance and clinical information of patients from April 30th, 2021. The breach was part of a cyberattack suffered by their administrator HBP Financial Services Group. Unknown
Talbert House (US) The company confirmed data was stolen from its servers. This may include patient names, addresses, and medical information, as well as employee and partner Social Security numbers, drivers license numbers, and financial account information. Unknown
Rehabilitation Support Services Inc (US) The company confirmed a June 1st, 2021, data breach. Possibly exposed information on current and former employees and clients includes names, addresses, dates of birth, Social Security numbers, health insurance information, and medical data. Unknown
Yonkers, New York (US)  A ransomware attack against the city resulted in all employees being left without access to computers between September 6th and September 10th, 2021. City officials stated that the city is not paying the demanded ransom and instead is relying on backups to restore its systems. Unknown
GetHealth (US) Records from Internet of Things health and fitness tracking devices were exposed online. Potentially compromised information includes names, dates of birth, weight, height, gender, geolocation and more. 61,053,956
Moorfields Eye Hospital (Dubai) On September 1st, 2021, the operators of AvosLocker dumped the remaining files they stole in an August 2021 attack against the hospital. Potentially exposed information includes resumes, credentials, and more. In addition, over 1,100 photocopies of patients’ passports were leaked. Unknown
North East Independent School District (US) A cyberattack in late August 2021 targeted the email account of an employee responsible for wire transfers in the payroll department. The hacker’s attempts to wire funds to a different bank were unsuccessful. Personal information on current and former employees may have been compromised. ~5,000
Indiana Creek Foundation (US) A malware attack took place on February 6th, 2021, resulting in the theft of data. Compromised information may include names, Social Security numbers, driver’s license numbers, financial account information, and medical information. ~5,000
The Ottawa Hospital (Canada) An email was accidentally sent out to unvaccinated members of staff offering vaccine education sessions with each recipient’s names visible to others.  ~400
Unknown (France) Hackers stole the personal information of Parisians who took coronavirus tests in the middle of 2020 in Paris. They also obtained the information of the medical professionals who administered the tests. The data included identities, Social Security numbers and contact details, as well as test results. 1,400,000
Epik (US) The hacktivist group Anonymous claims to have obtained 180GB of data from the domain registrar and web services provider, including various SQL databases with user records from Epik’s clients, employee emails, and more. The stolen data was leaked on Torrent sites, with Ars Technica able to verify a small subset of the data featuring emails from Epik CEO Rob Monster. Unknown
Walgreens (US) Interstitial Technology PBC discovered that poor data management by Walgreens has left millions of users’ personal information easily accessible on the internet. Exposed patient information includes names, dates of birth, addresses, phone numbers, e-mail addresses, gender identities, and test results. The data relates to patients that registered for a COVID-19 test appointment on Walgreens’ platform. Unknown

Attack Type mentions in Government

Time Series

This chart shows the trending Attack Type related to Government within a curated list of cyber sources over the past week.

Weekly Industry View

Industry View
Industry Information
Banking & Finance Researchers at Segurança Informática discovered a new banking trojan, dubbed maxtrilha, that is being used by Brazilian cybercriminals to target customers of European and South American banks. To spread the trojan, the attackers use email phishing templates customised to the target company. Following execution, maxtrilha launches a banking windows overlay to capture banking details. The malware is written in Delphi and currently capable of bypassing antivirus systems. In addition to banking credential theft, it can deploy further payloads via DLL injection. Stolen victim data is encrypted and sent to a C2 server located in Russia. 
Government South Africa’s Department of Justice and Constitutional Development suffered a ransomware attack on September 6th, 2021, encrypting all systems and rendering them unavailable to both employees and the public. All electronic services of the department were suspended. The cyberattack also caused the website of the country’s Information Regulator to crash.
Retail & Tourism Palo Alto Networks Unit 42 researchers observed a massive increase in travel-related phishing URLs being registered in 2021, with the threat actors leveraging the renewed travel following COVID-19 lockdowns. Threat actors make use of both URL shorteners and services like Google’s Firebase to bypass email protections. In addition to targeted phishing attacks and campaigns, the travel lure was also seen being used in two Dridex malspam campaigns. The first involves an Excel spreadsheet attachment, while the second contains a Dropbox link to download an Excel spreadsheet. The newly registered domains used in these campaigns referenced ‘airlines’ or ‘vacation.’
Technology RiskIQ researchers analysed the infrastructure supporting the exploitation of the recently fixed zero-day, tracked as CVE-2021-40444, that impacts Microsoft Word and Microsoft Explorer. The researchers assess with high confidence that the operators are using infrastructure affiliated with WIZARD SPIDER, or other related groups like UNC1878 and Ryuk. However, the researchers noted that it is not clear whether the threat actor behind the zero-day campaign is part of WIZARD SPIDER or one of its affiliates. The researchers assess with moderate confidence that the threat actor’s goal is traditional espionage. Microsoft researchers similarly analysed the campaign, tracking the activity as the unidentified threat actor DEV-0413. The researchers observed overlaps with infrastructure associated with DEV-0365, as well as that of UNC1878.
Critical Infrastructure Symantec researchers attributed the recently reported Sidewalk backdoor to the Chinese-linked Grayfly group, and found that the malware is linked to the older Crosswalk backdoor. Recent Grayfly campaigns have primarily targeted telecommunications enterprises, but have also been observed attacking media, finance, and IT service providers across Taiwan, Vietnam, the United States, and Mexico. The recent campaign saw Grayfly exploiting exposed Microsoft Exchange and MySQL servers, suggesting that the group’s initial vector leverages the flaws in public-facing servers. Grayfly is believed to be the espionage arm of APT41, and, according to the researchers, may be identical to the group known as Wicked Panda. ESET researchers previously attributed the Sidewalk backdoor to a new actor named SparklingGoblin, who has also been linked to Wicked Panda.

News and information concerning each mentioned industry over the last week.

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

 

Silobreaker Weekly Cyber Digest

Sign up for weekly news on data breaches, hacker groups, malware and vulnerabilities.

Silobreaker
This website uses cookies.
See our privacy policy at www.silobreaker.com/legal