InForce Cyber

Threat Report September 2021

Marketron marketing services hit by Blackmatter ransomware

BlackMatter ransomware gang over the weekend hit Marketron, a business software solutions provider that serves more than 6,000 customers in the media industry.

Marketron provides cloud-based revenue and traffic management tools for broadcast and media organizations. It specializes in revenue management and audience engagement, handling advertising revenue of $5 billion every year.

In talks with BlackMatter ransomware

Marketron customers learned of the incident in an email on Sunday night from the company CEO, Jim Howard, who said that “the Russian criminal organization BlackMatter” was responsible for the attack.

This would be the second ransomware attack over the past weekend claimed by the BlackMatter, as the gang also breached the NEW Cooperative U.S. farmers organization, and demanded a $5.9 million ransom.

US optometry provider Simon Eye hit by data breach impacting 144,000 patients

Simon Eye, a US chain of optometry clinics, has reported a data breach potentially impacting more than 144,000 individuals.

The possible compromise of sensitive personal data arose from unauthorized access to employee email accounts over a seven-day period between May 12-18, 2021, according to a data breach notice on the Simon Eye website.

Simon Eye said the attackers “attempted to engage in wire transfer and invoice manipulation attacks against the company, none of which were successful”. 

Israel: communications company hit by major cyberattack

An unidentified hacker, known only as Deus, has revealed on an internet forum that he has hacked into the systems of the giant Israeli communications firm Voicenter and stolen 15 terabytes of data, local media reported on Monday. The hacker put the information up for sale, posting hundreds of examples of the private data that he has taken.

Ynet News said that the major cyberattack hit Voicenter on Saturday. The attack paralysed the communications systems of a number of firms that receive services from the company. It added that software giant Check Point, mobile network operator Partner, Mobileye, Expon, we4G, SimilarWeb, AllJobs, and Gett are among the companies that work with Voicenter.

Hacker Makes Off With $12 Million in Latest DeFi Breach

In the latest security incident involving a decentralized finance protocol, cross-chain project pNetwork announced Sunday it had been hacked for 277 pBTC, a form of wrapped bitcoin, with losses worth over $12 million at current value.

In a series of tweets announcing the incident, pNetwork said, “We’re sorry to inform the community that an attacker was able to leverage a bug in our codebase and attack pBTC on BSC, stealing 277 BTC (most of its collateral). The other bridges were not affected. All other funds in the pNetwork are safe.”

Web Hoster Epik’s Breach Exposes 15 Million Email Addresses

More than 15 million email addresses and accompanying personal details have been leaked online under the banner of Anonymous.

See Also: Marching Orders: Understanding and Meeting the Biden Administration’s New Cybersecurity Standards

All of the leaked information allegedly comes from Epik, a Bellevue, Washington-based domain name registrar and web hosting service that was targeted by the Anonymous hacktivist collective last week. The leaked information, comprising 180GB of data, includes not just information on Epik’s own customers and systems, but also details for millions of other individuals and organizations who had their information scraped via “Whois” queries from domain name registrars, according to the free breach-notification service Have I Been Pwned, which received a set of the exposed data. 

Russian electronic voting system hit by 19 DDoS attacks in one day

According to local Russian media, these DDoS attacks originated from several different countries including India, China, Brazil, Russia, Germany, Thailand, Lithuania, Bangladesh, and the United States.

Last week, the Russian technology and search engine giant Yandex revealed that it suffered the world’s largest DDoS attacks ever recorded. Now, in what seems to be a continuation of targeted DDoS attacks; Russia’s remote electronic voting system has become the latest victim of the campaign.

Reportedly, the 8th Russian State Duma (lower house) elections were held between 17 Sept and 19 Sept. Voters had to visit the polls to cast ballots for the heads of nine Russian regions and 39 regional parliaments.

Data of 106 Million Visitors to Thailand Breached

A British cybersecurity researcher stumbled across his own personal data online after discovering an unsecured database containing the personal information of millions of visitors to Thailand.

Bob Diachenko, leader of cybersecurity research at Comparitech, found the unprotected Elasticsearch database on August 22, 2021. Inside the 200GB digital index were records dating back ten years containing the personal details of more than 106 million international travelers.

Information exposed in the publicly accessible database consisted of full names, arrival dates, gender, residency status, passport numbers, visa information, and Thai arrival card numbers.

Iowa farm services provider hit with BlackMatter ransomware and $5.9 million ransom

New Cooperative — an Iowa-based farm service provider — has been hit with a ransomware attack, continuing a streak of incidents affecting agricultural companies this year.

The company did not respond to requests for comment but confirmed to Bloomberg News that it was suffering from a “cybersecurity incident” that impacted some of its devices and systems. It told Bloomberg reporters that it took systems offline to “contain the threat.”

Every remote worker should consider a virtual private network to stay safe online.

Ransomware expert Allan Liska shared screenshots of the BlackMatter ransomware leak page with ZDNet, showing the group had troves of financial documents, network information for multiple companies involved with New Cooperative, the social security numbers and personal information for employees, R&D files and the source code for a farmer technology platform called Soil Map.

CompanyInformationAffected
Autodesk (US)The company stated that one of its SolarWinds servers was compromised in December 2020.Unknown
Deerfield, Massachusetts (US)The town revealed that an unauthorised party viewed or acquired the personal information of several residents in a data breach on March 25th, 2021. The possibly stolen information reportedly varies for each resident and has not been disclosed.Unknown
Dallas Independent School District (US)A data breach was discovered on August 8th, 2021. The compromised data may include names, addresses, phone numbers, Social Security numbers, dates of birth, and other current and former employee details. Current and former students may have also had their names, Social Security numbers, dates of birth, medical conditions, and more, exposed.Unknown
Coalinga State Hospital (US)The hospital suffered a data breach  on July 21st, 2013, October 12th, 2016, and August 27th, 2019, when an employee imporoperly disclosed information on 1,800 current and former employees in court. Potential exposed information includes patient names, birthdays, legal commitment information, and admission dates.1,800
Pacific City Bank (US)The operators of AVOS Locker ransomware added the bank to its data leak site on September 4th, 2021, and published files they claim to have stolen in the attack.Unknown
Chinook School Division (US)The Saskatchewan based school district accidentally made student records public on January 28th, 2020. Compromised information includes students’ names, identification number, phone numbers, grades, and parent email addresses.2,841
Vocus NZ (New Zealand)The internet service provider triggered an internet outage on September 3rd, 2021, by responding to a distributed denial-of-service (DDoS) attack against its customer. The outages affected customers in some of New Zealand’s largest cities, including Auckland, Wellington and Christchurch.Unknown
California State University, Chico (US)Chico State campus police are conducting an investigation into a data leak that revealed the personal information of students requesting a religious exemption from the Covid-19 vaccine. The names and contact information of 30 students were published.130
FranceAn aggregation of recent data leaks containing personal information for French citizens has appeared for sale online. Possibly compromised information includes names, postal addresses, email addresses, and telephone numbers. 39 million
Nevada Restaurant Services (US)An unauthorised actor was able to copy personal information of customers from their system following a cyberattack discovered on January 16th, 2021. Potentially compromised information includes names, dates of birth, Social Security numbers, drivers licenses, passport numbers, biometric data, credit card information, and more. Unknown

Here’s the top 10 list of CVEs released by Microsoft for September 2021:

CVETitleSeverityCVSSPublicExploitedType
CVE-2021-40444Microsoft MSHTML Remote Code Execution VulnerabilityImportant8.8YesYesRCE
CVE-2021-36968Windows DNS Elevation of Privilege VulnerabilityImportant7.8YesNoEoP
CVE-2021-38647Open Management Infrastructure Remote Code Execution VulnerabilityCritical9.8NoNoRCE
CVE-2021-26435Windows Scripting Engine Memory Corruption VulnerabilityCritical8.1NoNoRCE
CVE-2021-36965Windows WLAN AutoConfig Service Remote Code Execution VulnerabilityCritical8.8NoNoRCE
CVE-2021-36956Azure Sphere Information Disclosure VulnerabilityImportant4.4NoNoInfo
CVE-2021-38632BitLocker Security Feature Bypass VulnerabilityImportant5.7NoNoSFB
CVE-2021-38661HEVC Video Extensions Remote Code Execution VulnerabilityImportant7.8NoNoRCE
CVE-2021-40448Microsoft Accessibility Insights for Android Information Disclosure VulnerabilityImportant6.3NoNoInfo
CVE-2021-40440Microsoft Dynamics Business Central Cross-site Scripting VulnerabilityImportant5.4NoNoXSS

Trending Vulnerable Products

Threat Actor mentions in Critical Infrastructure