New Threat Research: Analyzing CryptoJS Encrypted Phishing Attempt 

Read Threat Research


Elasticsearch Database Exposes PII and Medical Info of Nearly 137k People

SkyMed is a company that has been providing emergency evacuation services for the past 30 years. It was uncovered on March 27th that an Elasticsearch database which contained customer information had been left open, giving anyone with an internet connection the ability to not only view the data, but edit, download, and delete it as well. Almost 137,000 records were contained and information like full names, addresses, date of birth, email addresses, phone numbers, and some entries including medical information was exposed. On top of all the data being exposed, researchers also discovered that the database may have been infected with ransomware as well. Although the strain is unknown at this time, there appeared to be a ransom note titled “howtogetmydataback.” The database ended up being closed on April 5th even though SkyMed was not responsive when asked to comment about the situation.

Analyst Notes

Although the database has been taken down, it is likely the information included has already ended up in the hands of someone who plans to use it with malicious intent. Since the issue is on the company’s end, users should reach out and ask questions about how their information was left exposed and what the company is going to do to mitigate the issue. Since email addresses were included, it is likely that users will be involved in phishing campaigns amongst other nefarious tactics.