22 July 2021

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Trending Vulnerable Products

Open Source
Name Heat 7
Apple iOS 14
Oracle MySQL
Microsoft Exchange Server Enterprise
Oracle Fusion Middleware
Google Chrome Browser
Deep & Dark Web
Name Heat 7
THORchain
CDNJS
Google Chrome Browser
Nmap
Fortinet FortiOS

The tables show the products which have been mentioned more than usual during the last week in connection with vulnerabilities.

Data Leaks & Breaches

Leaks & Breaches
Company Information Affected
Campbell Conroy & O’Neil  (US) The law firm stated that its network was targeted by a ransomware attack on February 27th, 2021. An investigation revealed that the targeted system contained some personal information of individuals, including names, dates of birth, driver’s license numbers, financial account information, Social Security numbers, passport numbers, and more.  Unknown
Comparis (Switzerland) An analysis of the recent ransomware attack against the consumer outlet found that the attackers had access to some internal customer data. On July 12th, 2021, the operators of Grief ransomware added the company to their data leak site and posted 189 files as proof of the attack. Unknown
University Hospital of the West Indies (Jamaica) The Jamaica Gleaner reported that the Hospital Information Management System (HIMS) used by the hospital is exposing the private information of thousands of patients. The HIMS system stores patient names, addresses, telephone numbers, and financial and medical data. The issue is due to HTTP rather than HTTPS being used when accessing HIMS. Unknown
Testcoronanu (Netherlands) The coronavirus testing company experienced a leak that allowed anyone to create their own Covid vaccination or test certificates, in addition to altering the data of others. The personal data of  individuals who had taken a coronavirus test at the company was also leaked. This includes full names, addresses, phone numbers, Social Security numbers, passport numbers, and medical information. 60,000
The Court of Accounts (Moldova) The authority was hit by attackers who hacked its websites and destroyed audit reports and other public data. Unknown
BackNine (US) A storage server misconfiguration exposed 711,000 files that contained insurance files featuring names, addresses, Social Security numbers, medical diagnoses, lab results, some driver’s license numbers, and more. Unknown
Whitehouse Independent School District  (US) On July 8th, 2021, the Texas school disclosed that it was impacted by a cybersecurity incident. DataBreaches[.]net reported that the attack was conducted by the Vice Society ransomware gang. The attackers have dumped more than 18,000 files containing the data of current and former employees, dependents, and students. This includes names, postal addresses, Social Security numbers, and more. Unknown
Corporación Nacional de Telecomunicación (EcuadorS) On July 16th, 2021, CNT disclosed that it had suffered a ransomware attack. RansomEXX ransomware operators claim to have stolen 190GB of data, including contact lists, contracts, and support logs. CNT stated that no corporate or client data has been exposed. Unknown
Seoul National University Hospital (South Korea) Ha Tae-kyung of the People Power Party stated that the June 5th, 2021, cyberattack against the hospital was carried out by the North Korean actor Kimsuky. The attack resulted in the theft of 6,969 files, including patient records containing medical information. Unknown
D-BOX (Canada) The haptic motion technology company was hit with a ransomware attack on July 12th, 2021. The attack encrypted data stored on the corporation’s network, causing it to become inaccessible. Some employee information may have been exposed. Unknown
 Booneville School District (US) Grief Ransomware operators added the Mississippi school to their data leak site on June 30th, 2021, and later dumped files allegedly stolen from the district. The files contain some students’ writings, which reveal limited personal information. Unknown
Lancaster Independent School District (US) Grief Ransomware operators added the Texas school to their leak site, and published data containing demographic information of current and former employees, payroll information, banking information, Social Security numbers, and other human resources-related files. The personal information of some students was also exposed. Unknown
City of Revelstoke (US) On July 15th, 2021, Revelstoke Mountaineer journalists found that the city’s emergency notification system contains flaws allowing users to access any account with just the account’s email address and no password, which enables others to disable users’ notifications. In addition, using simple code could allow an actor to download the telephone numbers of the system’s users and match them with emails. Unknown
 Chicago’s Lake County Health Department  (US) Department officials disclosed two cyberattacks that affected the county. In the first incident, discovered on July 22nd, 2019, an unencrypted email was sent to an employee’s personal email address, affecting unspecified information relating to 24,241 individuals. The second breach, which took place on May 14th, 2021, involved an unencrypted Google Doc used by volunteers and staff. The document contained the names, dates of birth, phone numbers, email addresses and vaccination status of some seniors, with 705 people potentially affected. Unknown
Walter’s Automotive Group (US) The operators of Vice Society ransomware claim to have encrypted and stolen data from the company. The attackers have since dumped all stolen data, including over 21,000 images of driver’s licenses dated between May 2018 and May 2021. The data dump also contains Audi Ontario and Porsche Ontario data, including nearly 5,000 files related to credit applications that expose names, dates of birth, current addresses, Social Security numbers, and more. Unknown
Independent Electoral and Boundaries Commission (Kenya) A university student identified as ‘Kiprop’ reportedly hacked into the IEBC database and stole the personal details of voters. 61,617
Pionet (Israel) A ransomware attack against the IT company has impacted its systems and the sites of over a hundred of the company’s customers. Impacted customers include Assuta Hospital, Rambam Health Care Campus, Hadassah Medical Center, Budget Car Rental, Sonol Israel, and Idigital. Unknown
City of Geneva (US) On July 16th, 2021, the Ohio city identified that its website and online data systems had been breached. On July 18th, 2021, AVOSLocker ransomware operators claimed that the city was attacked by one of its partners and uploaded screenshots of files as proof of the attack. Unknown
Humana (US) CyberNews researchers discovered the sensitive data of customers published on a hacker forum on July 16th, 2021. The leaked SQL database contains full names, email and physical addresses, patient IDs, treatment data, and more.  6,487
PeopleGIS (US) WizCase researchers discovered 86 misconfigured Amazon S3 buckets containing data of United States municipalities. Over 1,000GB of data was exposed across 1.6 million files, including business licenses, residential records and job applications. The compromised data includes email and physical addresses, phone numbers, drivers’ licences, and more.  Unknown
Aruba[.]it (Italy) The Italian web hosting firm recently informed some of its customers of a data breach incident that took place on April 23rd, 2021. The exposed data includes full names, tax codes, physical addresses, encrypted hashes of customer portal passwords, and more.  Unknown
Washoe Tribe (US) The Nevada and California tribe was targeted in a ransomware attack on April 27th, 2021. The attackers stole 100GB of data from their server, and the stolen data was seen leaked on the dark web on May 5th, 2021.  Unknown
Hudson Envelope and JAM Paper & Envelope (US) The company disclosed a cyberattack which impacted customers who have used a credit or debit card to make purchases at jampaper[.]com between June 25th, 2020, and January 11th, 2021. Customers’ card information may have been stolen. Unknown
Unknown (Mexico) DataBreaches[.]net observed a post on a popular hacking forum offering the entire Mexican voter database for 2021, featuring 91 million records. According to the formatting of the data fields posted by the actor, the database contains full names, addresses, and other personal information.  Unknown
Saudi Aramco A threat actor operating under the name ZeroX is selling 1TB of data dating between 1993 and 2020 that they claim to have stolen from Saudi Aramco. The stolen data allegedly includes details on Saudi Aramco’s refineries, client contracts, reports and other documents, and the personal information of 14,254 employees. The exposed employee information includes names, pictures, passports, phone numbers, and more. Unknown
TicketClub (Italy) A RaidsForum user called ‘bl4ckt0r’ is advertising a database belonging to the company that reportedly contains user data. The threat actor also released some of the data as proof of their breach. 340,957

Attack Type mentions in Critical Infrastructure

Time Series

This chart shows the trending Attack Types related to Critical Infrastructure within a curated list of cyber sources over the past week.

Weekly Industry View

Industry View
Industry Information
Banking & Finance Prodaft researchers observed a Toddler Android banking malware campaign primarily targeting Spain since the second half of 2020. The malware also contains some textual content for targeting English, Italian, German, French, and Dutch-speaking users. The Android application containing Toddler is named after shipping services with names like ‘BPOST’, ‘UPS’, and ‘Correos’. Toddler uses a specially crafted login phishing page fetched from its C2 to overlay a targeted application launched by the victim. It targets mobile banking and cryptocurrency applications, and gathers data from apps installed on the victim’s device.
Technology Microsoft researchers linked two Windows zero-day exploits, tracked as CVE-2021-31979 and CVE-2021-33771, to a private-sector offensive tracked as SOURGUM. The group has targeted at least 100 victims in Palestine, Israel, Iran, Lebanon, Yemen, Spain, the United Kingdom, Turkey, Armenia and Singapore with the DevilsTongue spyware. Among the victims are human rights defenders, dissidents, journalists, activists and politicians. The spyware is installed via a chain of browser and Windows exploits, including the two zero-days that were fixed in the July 2021 update. Citizen Lab researchers assess with high confidence that the threat actor is the Israeli company Candiru Ltd, currently called Saito Tech Ltd, which sells spyware exclusively to governments. 
Retail & Tourism Kyodo News reported that on July 21st, 2021, an anonymous Japanese government official informed it of a data breach involving Tokyo Olympic and Paralympic ticket purchasers. The exposed data was said to include login IDs and passwords of ticket buyers, as well as volunteer portal credentials. A spokesman of the Tokyo 2020 International Communications Team later denied that the leak originated from the systems used by the Olympics, but stated that some passwords had been reset for a limited number of IDs. Security researcher ‘pancak3’ told ZDNet that the leak did not result from a breach. Instead individuals were reportedly targeted with RedLine malware and other stealers.
Critical Infrastructure Facebook reported that the Iranian Tortoiseshell group used its platform as part of a campaign targeting military personnel and the aerospace and defence sector in the United States, the United Kingdom, and Europe. The group employs relatively strong operational security and appears well-resourced and persistent. It primarily used Facebook for social engineering and created sophisticated fake online profiles that often appeared as industry recruiter and employees of aerospace and defence companies. The threat actors attempted to move conversations off Facebook to send malware to their targets. To steal credentials, the group created fake defence company recruiting sites.
Cryptocurrency Researchers at Inky identified dozens of credential harvesting campaigns targeting Coinbase users. One example shared by the researchers uses a hijacked email account to send messages to victims. The email instructs the recipient that they need to resolve an account issue by signing into Coinbase. Users who click on a link are redirected to a hijacked site that features a ‘perfect’ reproduction of a Coinbase login page. Any credentials entered into the site are harvested by the attackers. 

News and information concerning each mentioned industry over the last week.

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Silobreaker Weekly Cyber Digest

Sign up for weekly news on data breaches, hacker groups, malware and vulnerabilities.

Silobreaker
This website uses cookies.
See our privacy policy at www.silobreaker.com/legal