23 September 2021

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Trending Vulnerable Products

Open Source
Name Heat 7
Cisco IOS XE
VMware vCenter Server
IBM Tivoli Netcool
Cisco SD-WAN Solution
Deep & Dark Web
Name Heat 7
Microsoft Office
Linux OS
macOS Big Sur
Windows Store

The tables show the products which have been mentioned more than usual during the last week in connection with vulnerabilities.

Data Leaks & Breaches

Leaks & Breaches
Company Information Affected
Lubbock County (US) Certain court records previously unavailable for public review became accessible to the public via the county’s new software system. Some of the records involved non-disclosure orders, criminal cases, civil and family law records. Unknown
Alaska Department of Health and Social Services (US) Data stored on the DHSS IT infrastructure may have been stolen in a data breach in May 2021. This may include full names, dates of birth, Social Security numbers, addresses, driver’s license numbers, health information, financial information, and more. Unknown
Directions for Living (US) Servers containing some personal health information of current and former clients were targeted in a ransomware attack in July 17th, 2021. Unknown
Texoma Community Center (US) The Center suffered a breach affecting the information of current and former clients and employees. The information stolen varies by individual, and may include names, birth dates, emails, medical information, unique biometric data, various legal documents, and more. For some individuals Social Security numbers, driver’s license numbers, financial account information, and credit or debit card numbers were also exposed. Unknown
Austin Cancer Center (US) Unauthorised access the company’s systems on August 4th, 2021 resulted in the delivery of malware. The incident exposed patient names, addresses, dates of birth, and medical information. A small number of individuals may have also had their Social Security and credit card numbers exposed. Unknown
Blick Art (US) A Magecart skimming attack affecting customers who purchased items from their site between March 11th and December 15th, 2020. Affected user data includes full names, credit and debit cards numbers, CVVs, and card expiration dates. Unknown
Metabolic Maintenance (US) An attack occurred between May 2020 and July 2021 compromising patient data, including customers’ names, addresses, and full payment card information. Unknown
Offrea[.]be (Belgium) A RaidForums user posted  user records and login details after the Offrea database was attacked on May 28th, 2021. Exposed information includes email addresses, physical addresses, and IP addresses. 503,000
SushiSwap (Japan) An anonymous contractor, named AristoK3 on GitHub, carried out a supply chain attack against the exchange.  On September 17th, 2021. The actor pushed a malicious code commit to a Sushi code repository to replace the auctionWallet address with their own wallet address, stealing around $3 million worth of Ethereum. Unknown
Simon Eye Management (United States) Unauthorised access to certain employee accounts occurred between May 12th and May 18th, 2021. Potentially compromised information includes names, medical history, treatment and diagnosis information, health insurance information, Social Security numbers, financial account information and more. Unknown
Tamil Nadu Government The public department was targeted in a ransomware attack on September 17th, 2021. The attack reportedly did not impact any security data. The majority of affected files had been backed up. Unknown
Concept Resourcing (England) An email was sent to a number of the company’s candidates and clients on September 14th, 2021 using the company’s email software. The email claimed users could apply for a ‘Digital Coronavirus Passport’ and contained a link to a fake NHS website, which since appears to be deleted. Unknown
Republican Governors Association (US) Hafnium gained access to their Microsoft Exchange email servers between February and March 2021, exposing personally identifiable information. The information includes names and Social Security numbers, but the breach is still being investigated and it remains unclear if other data was exposed or stolen as well. ~500
Amax OEM (US) Conti ransomware group claimed an attack against the server manufacturers. No information about the breach has been revealed. Unknown
Exabytes (Malaysia) An unattributed ransomware attack occurred on September 18th, 2021. A preliminary investigation suggests no customer data was exposed, but that ‘the image file is encrypted.’ Unknown
Ministry of Defence (UK) The email addresses of individuals seeking relocation to the UK from Afghanistan were exposed to all recipients of an email from the MoD. Names and some associated profile pictures were also visible.  250
Epik (US) A data breach by Anonymous Group leaked 180GB including email addresses belonging to both customers and non-customers. Potentially compromised data also includes names, phone numbers, physical addresses, purchases and passwords. Non-customer data was obtained when Epik scraped the WHOIS records of domains and stored the records. The leaked data file relating to WHOIS contains roughly 16GB of data and exposes email addresses, IP addresses, domains, physical addresses, and phone numbers of users. 15,003,961
CMA CGM (France) A cyberattack on September 20th, 2021, resulted in a leak of customer information. The exposed information includes first and last names, employer, position, email address, and phone number. Unknown
NEW Cooperative (US) The company was targeted in a BlackMatter ransomware attack over the weekend of September 18th, 2021. The attackers claim to have stolen a total of 1,000GB of data including sensitive employee information, financial documents and a database for the KeePass password manager. Unknown
Sunway Group (Malaysia) ALTDOS claimed to have hacked and stolen data from the company. Some of the data stolen reportedly relates to a Sunway school with potentially compromised information including the names, email addresses, phone numbers, and more of students and parents. 1,000
National Civil Police of El Salvador FocaLeaks claims to have obtained data on agents as well as access to the ‘Imperium’ platform used by the police force. The platform reportedly contains criminal investigations and civil records, including information on every individual in the country, such as their rank, telephone number, email address, license plate information and identity documents. 37,000
Marketron (US) The copmany were targeted in a BlackMatter ransomware attack, impacting all of its customers. Some of the company’s systems were disabled during the attack, while others were taken down as a precaution. 6,000
EventBuilder (US) An exposed Microsoft Azure blob containing data belonging to the Webinar planner EventBuilder featured potentially ‘hundreds of thousands’ of records with personal information on Microsoft event registrants, including names, email addresses, phone numbers, and more. Unknown
Thailand An exposed Elasticsearch database containing the data of international visitors to Thailand from the past decade. The compromised data includes visitors’ names, passport numbers, arrival dates, and more. 106,000,000
Crystal Valley (US) The cooperative was hit by a ransomware attack on September 19th, 2021. All of the company’s systems have been shut down, which has caused an interruption to daily operations. Unknown
Pottawatomie County (US) The county was targeted in a cyberattack on September 17th, 2021. Multiple servers were breached in the attack, which resulted in a lack of access to certain systems. An investigation is ongoing to determine possibly impacted data. Unknown
Voicenter (Israel) Threat actor Deus claims to have targeted the company in a ransomware attack, threatening to release 15TB of stolen data unless a ransom is paid. The stolen data reportedly also includes information on 8,000 other entities, including Voicenter clients like Mobileye, Partner, Gett and My Heritage. The actor has already leaked some of the data, which includes security camera and webcam footage, ID cards, photos, WhatsApp messages and emails, and phone call recordings.  Unknown
Debt-IN Consultants (South Africa) The company was targeted in a ransomware attack in April 2021, resulting in the ransomware actor obtaining access to the personal information of South African citizens. Some of the data was leaked on the dark web in mid-September 2021, including recordings of calls between employees and customers. 1,400,000
President Emmanuel Macron (France) The health pass of the French President was leaked online exposing his vaccination status, as well as his full name and date of birth. A similar incident a week prior occurred to Prime Minister Jean Castex.  2
Marcus & Millichap Inc (US) BlackMatter ransomware are thought to have stolen 500GB of data from the company’s systems during a cyberattack. The company was able to restore all essential systems. It is unclear what data was stolen.  Uknown

Malware mentions in Healthcare

Time Series

This chart shows the trending Malware related to Healthcare within a curated list of cyber sources over the past week.

Weekly Industry View

Industry View
Industry Information
Banking & Finance Researchers at ESET analysed the Numando banking trojan that is being used by cybercriminals to almost exclusively target Brazil, with occasional campaigns observed in Mexico and Spain. The attackers spread the malware via spam. Following execution, an MSI installer runs a legitimate application that sideloads the injector, which in turn locates and decrypts the payload. The malware is written in Delphi, with a non-Delphi injector. Its backdoor capabilities enable it to simulate mouse and keyboard actions, restart and shutdown the target machine, display overlay windows, take screenshots and kill browser processes.
Government Cyjax researchers observed an ongoing credential harvesting campaign in which threat actors are impersonating government departments in several APAC and EMEA countries by using fake mail server login portals. The targeted government’s real domain is often used in full as a hostname on the attacker’s domain. The initial attack vector is currently unknown, though phishing links are suspected to be the most likely method. The campaign may be part of an intelligence-gathering effort carried out by a state-sponsored advanced persistent threat actor. An analysis of one of the domains revealed a potential link to Operation TrickyMouse, which in turn has links to UNC1151 and Hades.
Technology Bad Packets reported seeing active scanning activity for CVE-2021-22005, which affects VMware vCenter Server 6.7 and 7.0. The critical flaw was recently disclosed by SolidLab LLC researchers and could be remotely exploited by an unauthenticated attacker without any user interaction. BleepingComputer noted that there are currently thousands of potentially vulnerable vCenter servers accessible via the internet. VMware warned that it is only a matter of time before exploits become publicly available and is urging users to patch immediately.
Retail & Tourism Cisco Talos researchers observed an email phishing campaign targeting the aviation industry with commodity malware. The emails contain links to a purported PDF file with aviation industry information, but instead direct users to a VBS script hosted on Google Drive. The script ultimately delivers CyberGate or AsyncRAT, disguised with different crypters. The attackers capture victims’ credentials and cookies, which are subsequently sold on the dark web to more sophisticated actors.The campaign, which has been active for at least three years, may be linked to Nigerian actors.
Cryptocurrency A hacker exploited a flaw in pNetwork’s codebase, targeting the Binance Smart Chain, and stole 277 pBTC, worth $12 million. According to pNetwork, no other bridges were affected and all other funds are safe. Due to extra security measures, slower transaction processing is expected.

News and information concerning each mentioned industry over the last week.

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Silobreaker Weekly Cyber Digest

Sign up for weekly news on data breaches, hacker groups, malware and vulnerabilities.

This website uses cookies.
See our privacy policy at www.silobreaker.com/legal