InForce Cyber

Threat Report June 2022

Russian Radio Station Hacked to Broadcast Ukrainian National Anthem
The Kommersant FM’s online bulletin was suddenly interrupted to play Ukraine’s anthem and anti-war songs by anti-war hackers to protest against Vladimir Putin’s invasion of Ukraine.
The online bulletin broadcast of a Russian radio station, Kommersant FM, was interrupted on Wednesday. The content was replaced with the Ukrainian national anthem and antiwar songs. However, the broadcast was quickly taken off the air. The station released the following statement to confirm the hack:
“The radio station has been hacked. The internet stream will soon be reinstated.”
Kommersant FM’s editor-in-chief, Alexey Vorobyov, told the state-owned news agency, Tass, that the online stream was hacked on Wednesday, and their technical specialists were figuring out the attack’s origin.
 
 
New Jersey District Cancels Finals After Ransomware Attack
Tenafly Public Schools last week found ransomware had encrypted data on some computers in the district’s network, leading to the cancellation of exams and classes going back to paper, pencils and overhead projectors.
(TNS) — Tenafly Public Schools went back to the basics this week — using overhead projectors, paper, pencils and hands-on activities in classrooms — when a ransomware attack crippled the district’s computer system.
Final exams were also canceled for all of the district’s high school students as the Bergen County school district tries to get its system back online with the help of cybersecurity consultants, officials said.
 
 
Shoprite Group issues warning on ‘suspected data compromise
The Shoprite Group said on Friday evening it had become aware of a suspected data compromise, including names and ID numbers, which may affect some customers who engaged in money transfers to and within Eswatini and within Namibia and Zambia.   
“Affected customers will receive an SMS to the cell number supplied at the time of the transaction. An investigation was immediately launched with forensic experts and other data security professionals to establish the origin, nature, and scope of this incident,” the group said in a statement.
“Additional security measures to protect against further data loss were implemented by amending authentication processes and fraud prevention and detection strategies to protect customer data. Access to affected areas of the network has also been locked down. The data compromise included names and ID numbers, but no financial information or bank account numbers.”
 
Arizona hospital says SSNs of 700,000 people leaked during April ransomware attack
A major hospital in Yuma, Arizona is sending breach notification letters to more than 700,000 patients after a ransomware attack in April lead to a data breach involving Social Security numbers.
In letters to victims recently made public, Yuma Regional Medical Center (YRMC) said it discovered a ransomware attack on April 25 and immediately took systems offline before contacting cybersecurity experts and law enforcement. 
“The investigation determined that an unauthorized person gained access to our network between April 21, 2022, and April 25, 2022, and removed a subset of files from our systems,” the organization said.  
 
 
 
Kaiser Permanente data breach exposed healthcare records of 70,000 patients
The healthcare and personal information of up to 70,000 Kaiser Permanente patients in Washington state may have been exposed following unauthorized access to the US healthcare giant’s email system.
The data breach incident, which took place in early April, potentially exposed patients’ first and last name, medical record number, dates of service, and laboratory test result information of the health plan provider.
Financially sensitive information (Social Security number and credit card numbers) were not exposed by the breach, according to the healthcare provider.
In a breach notice (PDF) issued earlier this month, Kaiser sought to reassure potentially affected members by stating that the security incident was promptly contained.
 
 
Scoop: Uganda Security Exchange Caught Leaking 32GB of Sensitive Data
Apart from personal and financial records, the data also included plain-text login credentials including usernames and passwords of customers and businesses using the Easy Portal of the Uganda Security Exchange.
The Uganda Securities Exchange (USE) aka principal stock exchange in Uganda has been caught leaking highly sensitive financial and sensitive data of its customers and business entities across the globe.
This was revealed to Hackread.com by Anurag Sen, a prominent IT security researcher who has been known for identifying exposed servers and alerting relevant authorities before it’s too late. Anurag is the same researcher who discovered Australian trading giant ACY Securities to be exposing 60GB worth of data earlier this month.
 
 
Malaysian hacker group targets govt’s IT infra
NEW DELHI : Dragon Force, a Malaysian hacktivist group, has called upon hackers around the world to target the Indian government’s information technology (IT) infrastructure with cyber attacks. On June 10, the group expressed its intent via a post on its Twitter, terming this move as a “special operation”.
The hacktivist group’s move seemingly comes after members of India’s Bharatiya Janata Party (BJP), Nupur Sharma and Naveen Kumar Jindal, made comments against Islam, and the religion’s leader Prophet Muhammad. While Sharma has since been suspended, Jindal has been expelled. 
 
 
Cloudflare mitigates record-breaking HTTPS DDoS attack
Internet infrastructure firm Cloudflare said today that it mitigated a 26 million request per second distributed denial-of-service (DDoS) attack, the largest HTTPS DDoS attack detected to date.
The record-breaking attack occurred last week and targeted one of Cloudflare’s customers using the Free plan.
The threat actor behind it likely used hijacked servers and virtual machines seeing that the attack originated from Cloud Service Providers instead of weaker Internet of Things (IoT) devices from compromised Residential Internet Service Providers.
According to Cloudflare, the attacker also used a rather small yet very powerful botnet of 5,067 devices, each capable of generating roughly 5,200 rps when peaking.
“To contrast the size of this botnet, we’ve been tracking another much larger but less powerful botnet of over 730,000 devices,” revealed Cloudflare Product Manager Omer Yoachimik.
 
 
 
Leaks and Breaches
Leaks & Breaches
CompanyInformationAffected
Multiple Hospitals (US)A third of the top 100 hospitals in the United States were found to use Meta Pixel on their websites. Meta Pixel collects sensitive health information, including patient names, dates and times of appointments, and names of providers, and then sends it to Facebook.Unknown
Glenn County Office of Education (US)On May 10th, 2022, a ransomware attack reportedly caused a system-wide outage for the board, school districts, and schools. This includes the internet, voice-over-internet phones, emails, and the financial software, which are all tied into a single network.Unknown
Robert Half (US)Hackers targeted customer accounts between April 26th and May 16th, 2022, in an incident that appears to involve credential stuffing. Potentially exposed data includes names, addresses, Social Security numbers, and wage and tax information.1,058
TikTokAudio leaked from over 80 internal TikTok meetings demonstrate that engineers in China had access to data on United States users between at least September 2021 and January 2022. The recordings suggest that the company may have misled lawmakers and users by downplaying that data stored in the US could still be accessed by employees in China.Unknown
90 Degree Benefits (US)In February 2022, cybercriminals accessed confidential and personal information of patients. Possibly exposed data includes Social Security numbers, names, dates of birth, medical information, health insurance information, and other personal information.163,483
Quality Temporary Services Inc (US)Cybercriminals gained unauthorised access to certain confidential files between September 28th and October 13th, 2021. Compromised information includes names, Social Security numbers, financial account information, payment card numbers, medical information, and more.81,355
UnknownA new dark web carding site, called BidenCash, was launched in April 2022. On June 16th, the site’s admins published a CSV file containing names, addresses, telephone numbers, email addresses, and credit card numbers. This includes 6,682 credit cards and 3,076,098 unique email addresses.Unknown
Flagstar Bank (US)Files containing personal information of customers were accessed and acquired between December 3rd and December 4th, 2022. This includes full names and Social Security numbers.1,547,169
Naruto Yamakami Hospital (Japan)On June 19th, 2022, a server of the hospital became infected with ransomware. It is unknown what data may have been exposed.Unknown
Brooks County (US)A ransomware attack occurred after an employee opened a phishing email. The county allegedly paid the hacker a ransom.Unknown
 
 
 
Here’s the top 10 list of CVEs released by Microsoft for June 2022:
CVETitleSeverityCVSSPublicExploitedType
CVE-2022-30163Windows Hyper-V Remote Code Execution VulnerabilityCritical8.5NoNoRCE
CVE-2022-30139Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution VulnerabilityCritical7.5NoNoRCE
CVE-2022-30136Windows Network File System Remote Code Execution VulnerabilityCritical9.8NoNoRCE
CVE-2022-30184.NET and Visual Studio Information Disclosure VulnerabilityImportant5.5NoNoInfo
CVE-2022-30167AV1 Video Extension Remote Code Execution VulnerabilityImportant7.8NoNoRCE
CVE-2022-30193AV1 Video Extension Remote Code Execution VulnerabilityImportant7.8NoNoRCE
CVE-2022-29149Azure Open Management Infrastructure (OMI) Elevation of Privilege VulnerabilityImportant7.8NoNoEoP
CVE-2022-30180Azure RTOS GUIX Studio Information Disclosure VulnerabilityImportant7.8NoNoInfo
CVE-2022-30177Azure RTOS GUIX Studio Remote Code Execution VulnerabilityImportant7.8NoNoRCE
CVE-2022-30178Azure RTOS GUIX Studio Remote Code Execution VulnerabilityImportant7.8NoNo

Trending Vulnerable Products

Malware mentions in Banking & Finance