02 December 2021

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Trending Vulnerable Products

Open Source
Name Heat 7
IBM QRadar
HP LaserJet
Network Security Services
IBM MQ Appliance
Acronis Cyber Protect
Deep & Dark Web
Name Heat 7
Linux OS
Microsoft Windows
Apple iOS
Microsoft Edge
Raspberry Pi

The tables show the products which have been mentioned more than usual during the last week in connection with vulnerabilities.

Data Leaks & Breaches

Leaks & Breaches
Company Information Affected
Swire Pacific Offshore (Scotland) The company suffered a cyberattack that resulted in the loss of some confidential commercial and personal data. Clop ransomware listed the company on their leak site on November 24th, 2021. 1,000
Supernus Pharmaceuticals (US) The company was added to the Hive ransomware operators’ leak site following a ransomware attack in mid-November 2021. Hive claim to have exfiltrated 1.5TB of data from the company, and encrypted their files on November 14th, 2021. Unknown
Alberta Health (Canada) The province’s COVID-19 vaccination record website was taken down following a possible privacy breach revealed on November 25th, 2021. At least 12 users were able to download the names, dates of birth, and vaccine information of other people from the website. Unknown
National Database and Registration Authority (Pakistan) Pakistan’s Federal Investigation Agency discovered the authority’s biometric database was compromised following a hack of the SIM verification process. The compromised verification methods are used in the sale of fake SIM cards and financial fraud cases, mostly aimed at elderly individuals. Unknown
True Health New Mexico (US) On October 5th, 2021, an unauthorised third party gained access files that contained information about current and former members, certain providers, and former members of New Mexico Health Connections. Compromised data possibly includes names, dates of birth, ages, home addresses, email addresses, insurance information, Social Security numbers, and more. Unknown
Panasonic (Japan) The company’s internal network was targeted in a cyberattack, with the attacker gaining access to the network between June 22nd and November 3rd, 2021. Certain data on a file server was accessed. Unknown
One Community Health (US) The organisation reported a data breach on November 22nd, 2021, that occurred on April 20th. Patients’ names, dates of birth, addresses, Social Security numbers, insurance information, and more, may have been exfiltrated. Pysa ransomware operators allegedly added the organisation to their leak site earlier this year. Unknown
Vestas (Denmark) The company was targeted in a ransomware attack on November 19th, 2021. The company’s internal systems were affected and data was compromised. Unknown
Headwaters Health Care Centre (Canada) A data breach occurred on November 26th, 2021, following suspicious email activity the previous day. A number of spam emails were sent from Headwaters servers to recipients in their address book. Unknown
Tasmania’s Department of Police, Fire and Emergency Management (Australia) Threat actors attempted to breach police employee accounts 844 times over the past 12 months. One compromised login was found to be for sale on the dark web, while a section of the Tasmania Fire Service website was taken over by hackers for more than two weeks. Unknown
CS Energy (Australia) The company responded to a ransomware attack on November 30th, 2021. The attack did not impact electricity generation at Callide and Kogan Creek power station. Unknown
Kentucky Energy and Environment Cabinet (US) On September 8th, 2021, the ECC discovered that unredacted mining permit applications were publicly available at the Department of Natural Resources’ field offices and on an EEC-hosted website. These included some mine owners’ and controllers’ personal information, such as Social Security numbers. Unknown
DNA Diagnostics Center (US) An unauthorised party accessed a database containing personal information between May 24th and July 28th, 2021. The attacker may have removed certain files containing information collected between 2004 and 2012. Among the impacted data are full names, Social Security numbers, payment information, and more. 2,102,436
Medsurant Health (US) On September 30th, 2021, an unknown threat actor informed the company that data had been accessed and exfiltrated in an attack against their systems. Exfiltration began on September 23rd, and was ongoing until November 12th, 2021. Potentially compromised information includes names, addresses, dates of birth, Social Security numbers, medical diagnosis, and insurance claims information. ~ 45,000
Conseil des écoles publiques de l’Est de l’Ontario (Canada) In a ransomware attack on October 18th, 2021, attackers stole around 75GB of data dating back to 2000. Possibly stolen information on employees, students, and parents includes Social Insurance numbers, bank account numbers, credit cards numbers, and dates of birth. The school board confirmed that a ransom was paid. Unknown
Broward County Public Schools (US) An unauthorised attacker gained access to their systems between November 12th, 2020, and March 6th, 2021. Possibly compromised data on staff and students includes names, dates of birth, Social Security numbers, and health insurance plan information. Unknown
Planned Parenthood LA (US) An unauthorised actor gained access to the organisation’s network between October 9th and October 17th, 2021, installed ransomware, and exfiltrated files. The compromised files included information such as names, dates of birth, addresses, insurance identification numbers, and more. 400,000

Attack Type mentions in Banking & Finance

Time Series

This chart shows the trending attack types related to the Banking and Finance industry within a curated list of cyber sources over the past week.

Weekly Industry View

Industry View
Industry Information
Banking & Finance ThreatFabric researchers examined the numerous techniques used in recent campaigns to spread Android banking trojans via Google Play. Over the last four months, Anatsa, Alien, Hyrda, and Ermac have been installed over 300,000 times combined. Actors in these campaigns are focusing on loaders with a reduced malicious footprint in Google Play to evade detection. Anatsa has largely targeted users in the UK, the United States, Europe, Australia, and the United Arab Emirates. Alien has targeted users in Portugal and Spain, whilst Hydra and Ermac have targeted users in the US, Europe, Malaysia, Colombia, and Peru.
Technology Germany’s Federal Office for Information Security disclosed that the critical Apache HTTP server server-side request forgery flaw, tracked as CVE-2021-40438, has been exploited in at least one attack. The attacker attempted to obtain hash values of user credentials from the targeted system. Cisco also received information about attempts to exploit the flaw in November 2021. An investigation is ongoing to determine which of its products may be affected by the vulnerability. Several proof-of-concept exploits have been published for the flaw. The issue was patched in Apache HTTP servers versions 2.4.49 and later.
Government Kaspersky researchers detected a phishing campaign from the threat actor WIRTE. Government and diplomatic entities were the most heavily targeted in this campaign, with law firms, financial institutions, military organisations, and technology companies in Armenia, Cyprus, Egypt, Jordan, Lebanon, Palestine, Syria, and Turkey also having been affected. Spear phishing emails are used to lure victims into opening a malicious Microsoft Excel or Word attachment. The first stage implant comprises VBS and PowerShell scripts, and includes the Ferocious dropper. The VBS script adds registry keys for persistence using the COM hijacking technique.
Cryptocurrency Blockchain startup MonoX Finance revealed that a threat actor stole $31 million in cryptocurrency from the service’s users by exploiting a smart contract bug. The contract of the cryptocurrency exchange allowed the sold and bought token to be the same, which in the case of the attack was the MONO token. The attackers were able to sell and buy a single MONO token multiple times, resulting in an inflation of its price. This then allowed them to purchase all other assets in the pool.
Retail & Hospitality Sansec researchers discovered a new remote access trojan, dubbed CronRAT, that hides in the Linux calendar system on the nonexistent date of February 31st. The malware was discovered on multiple online stores, including one country’s largest outlet. CronRAT facilitates persistent control over an e-commerce server and enables data theft via server-side Magecart attacks, which bypass browser-based security solutions.

News and information concerning each mentioned industry over the last week.

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Silobreaker Weekly Cyber Digest

Sign up for weekly news on data breaches, hacker groups, malware and vulnerabilities.

Silobreaker
This website uses cookies.
See our privacy policy at www.silobreaker.com/legal