InForce Cyber

Threat Report July 2021

The month of July was the month of the Breaches. Here are some topics to support this statement:

TicketClub Italy Database Offered in Dark Web

A database belonging to TicketClub Italy, a company providing coupons platform for offline purchases, is available for sale on darkweb hacking forums.

TicketClub is an Italian company providing a mobile-based coupons platform for offline purchases. Their clients include Burger King, McDonald’s, Cinecittà World, Rainbow Magicland, and many other enterprises having coupon and loyalty programs.

The platform lists coupons in multiple categories including health, travel, food, services, events. The end-user can download the coupons of interest on the mobile app and show during the checkout at partner stores.

July 19, 2021 – The actor having the alias “bl4ckt0r” has published TicketClub Italy database with over 340,957 users for sale and released several meaningful data dumps which may confirm the breach. The information has been originally published at RaidForums. Which are known for the illegal selling of any data loss from Internet portals and insecure online services.

Japanese government official says Olympic ticket data leaked

In a statement to ZDNet, a spokesperson from the Tokyo 2020 International Communications Team said that the initial statement from a Japanese government official was incorrect.

„We are aware of the incident and, after checking the facts, we can confirm that this was not a leak from Tokyo 2020’s system,“ the spokesperson said.

„While we have been liaising with the government and other relevant organizations on a regular basis, we have already taken measures in the form of password resets to limit any damage for the very limited number of IDs detected in this case based on the information supplied by the government.“

Previously: A government official told Kyodo News on Wednesday that login IDs and passwords for the Tokyo Olympic ticket portal had been posted to a leak website following a breach.

The official said the leak was „not large“ but admitted that the IDs and passwords would give someone access to a person’s name, address, bank account information and more.

Speaking anonymously, the government source said the body organizing the Games has launched an investigation. The leak also included names, addresses and bank account information of people who bought tickets to the Paralympics as well as another portal for volunteers. They did not say how many accounts had been leaked.

Sensitive medical data of cancer patients at Jefferson Health potentially breached following third-party hack

Another US healthcare provider has announced that patient information may have been exposed as a result of the third-party Elekta breach.

Jefferson Health, which has medical centers across Philadelphia, said that patients’ names, dates of birth, medical record numbers, and clinical information related to treatment – such as physician name and department, treatment plans, and diagnosis and/or prescription information – had potentially been accessed.

For some patients, a Social Security number was also included, the healthcare provider said in a statement. Financial account, insurance, and payment card information was not involved, it added.

Experts found a DB containing sensitive health insurance data belonging to customers of US insurance giant Humana

An SQL database containing what appears to be highly sensitive health insurance data of more than 6,000 patients has been leaked on a popular hacker forum.

The author of the post claims that the data was acquired from US insurance giant Humana and includes detailed medical records of the company’s health plan members dating back to 2019. The leaked information includes patients’ names, IDs, email addresses, password hashes, Medicare Advantage Plan listings, medical treatment data, and more.

The leak comes more than four months after Humana, the third-largest health insurance company in the US, notified 65,000 of its health plan members about a security breach where “a subcontractor’s employee disclosed medical records to unauthorized individuals” between October 12, 2020, and December 16, 2020. In May, one of the patients affected by the breach filed a lawsuit against the company.

Over 80 US Municipalities’ Sensitive Information, Including Resident’s Personal Data, Left Vulnerable in Massive Data Breach

WizCase’s team of ethical hackers, led by Ata Hakçıl, has found a major breach exposing a number of US cities, all of them using the same web service provider aimed at municipalities. This breach compromised citizens’ physical addresses, phone numbers, IDs, tax documents, and more. Due to the large number and various types of unique documents, it is difficult to estimate the number of people exposed in this breach. There was no need for a password or login credentials to access this information, and the data was not encrypted. 

Rail ticket machines in northern England hit by ransomware attack

July 19 (Reuters) – Ticket machines operated by the British government-run Northern Trains have been put out of action by a suspected cyber-attack intended to extort money, the company said on Monday. The servers that operate the ticket machines were the only system affected, it said in an emailed statement.

„This is the subject of an ongoing investigation with our supplier, but indications are that the ticket machine service has been subject to a ransomware cyber-attack,“it said Northern Trains said no customer or payment data had been compromised, and that customers could still buy tickets online. The Northern rail franchise, which runs trains between towns and cities across northern England including Manchester, Leeds and Sheffield, was nationalised in 2020 after years of delays, cancellations and strikes.. 

Emmanuel Macron identified in leaked Pegasus project data

The leaked database at the heart of the Pegasus project includes the mobile phone numbers of the French president, Emmanuel Macron, and 13 other heads of state and heads of government, the Guardian can reveal. The South African president, Cyril Ramaphosa, and the Pakistani prime minister, Imran Khan, are also listed in the data, which includes diplomats, military chiefs and senior politicians from 34 countries. The appearance of a number on the leaked list – which includes numbers selected by governments that are clients of NSO Group. The Israeli spyware firm – does not mean it was subject to an attempted or successful hack. NSO insists the database has “no relevance” to the company. 

The top 10 list of CVEs released by Microsoft for July 2021
Data Breaches
Guess (US)An investigation revealed unauthorised access to the systems of the fashion retailer between February 2nd and February 23rd, 2021. Customers’ Social Security numbers, driver’s license numbers, passport numbers, and financial account numbers may have been accessed or stolen. DataBreaches[.]net reported in April 2021 that the operators of DarkSide ransomware listed Guess on their data leak site.1,300
LinkedIn (US)Threat actors appear to have performed a massive data scraping operation against LinkedIn for the third time in four months. The seller shared a sample of the data which features 632,699 profile entries and 154,204 user email addresses. The exposed information reportedly contains LinkedIn IDs, full names, email addresses, birth dates, locations, and more.600,000,000
Millennia Companies (US)The Ohio housing management company disclosed that some employee email accounts were accessed by an unauthorised party between October 21st and December 18th, 2019. Compromised accounts contained full names alongside Social Security numbers, passport numbers, debit or credit card information, usernames, passwords, and more.Unknown
Symes de Silva (New Zealand)The dental practice in Wellington disclosed an April 2021 cyberattack that involved the installation of malware on its email server. The server contained patient names, dates of birth, phone numbers, addresses, and some health information.Unknown
HX5 (US)REvil ransomware operators claim to have stolen 23GB of data from the Florida-based defence contractor. Screenshots of some of the stolen material were published on the actors’ blog on July 7th, 2021. The screenshots reveal employee details such a Social Security number and the personal data of an HX5 executive.Unknown
Morgan Stanley (US)Morgan Stanley disclosed being affected by the Accellion FTA server breach of its third-party vendor Guidehouse. The January 2021 breach resulted in the theft of Morgan Stanley’s StockPlan Connect participants’ data, including their names, addresses, dates of birth, Social Security numbers, and corporate company names.Unknown
CNA Financial (US)The company disclosed that Phoenix CryptoLocker attackers accessed various CNA systems on multiple occasions between March 5th and March 21st, 2021, and copied a ‘limited amount’ of data. The exposed data includes names, Social Security numbers, and in some cases, data linked to health benefits, of employees, contract workers and dependents. 75,359
Trending Vulnerable Products
Attack Type mentions in Critical Infrastructure