Ticketmaster, Synnovis and the NHS UK, Advance Auto Parts, Los Angeles Unified School District, Cylance, Neiman Marcus, AMD and Ascension Healthcare. These are the names of organisations that have been severely impacted by cybercrime in June 2024. The month has seen some of the cruelest ransomware attacks, to say the least. And these attacks are, sadly, just the tip of the cyber crime iceberg.
We've covered all the data breaches, cyber attacks and ransomware attacks that made it to the headlines in June 2024. The idea as always is merely to educate readers about the consistent and perpetual spike in cyber crime every day. If there was a warning bell for focussing on cyber resilience with a vengeance, consider this month's list of attacks as one.
The wave of sophisticated cyber attacks in June 2024 has underscored a stark reality: every organisation, regardless of size or sector, faces a massive threat from cyber crime. In the past month, cyber criminals have targeted critical infrastructure, healthcare systems and financial systems, literally sparing nobody.
It's more than apparent now, that all it takes is a single vulnerability, in your network or your third-party vendors', to create crippling consequences within moments. Another lesson to be learnt this month? The cost of inadequate preparation extends way beyond financial loss.
Now more than ever, robust cyber security measures are imperative to safeguarding your business, your reputation, sensitive customer data and even human lives in some cases. Having a solid Cyber Incident Response Plan is an absolute essential today. It will help you ensure swift containment and mitigation of cybersecurity incidents, minimising potential damage and downtime.
Rehearsing these plans regularly via scenario-based cyber crisis tabletop exercises is equally critical. These cyber attack simulation exercises will give your key stakeholders the vital practice required for executing response strategies that work and are also in compliance with regulatory requirements. This proactive approach will not just strengthen your cyber resilience but greatly improve your readiness to navigate the complex landscape of current cyber threats.
Ransomware Attacks in June 2024
|
Date |
Victim |
Summary |
Threat Actor |
Business Impact |
Source Link |
|
June 02, 2024 |
Telecom giant Frontier Communication |
Cyber attack on telecom giant Frontier claimed by RansomHub |
RansomHub |
The RansomHub operation posted Frontier Communications to its leak site claiming to have the sensitive information of more than 2 million people as the group claimed it spent more than two months attempting to extort the company but never got a response. The ransomware gang claimed it had access to names, addresses, Social Security numbers, credit scores and more. |
|
|
June 05, 2024 |
PandaBuy |
PandaBuy pays ransom to hacker only to get extorted again |
Sanggiero (BreachForum name) |
Chinese shopping platform PandaBuy said it previously paid a ransom demand to prevent stolen data from being leaked, only for the same threat actor to extort the company again. On March 31, 2024, a threat actor using the alias 'Sanggiero' published 3 million rows of data stolen from PandaBuy on BreachForums, exposing customer names, phone numbers, email addresses, login IP addresses, home addresses, and order details. |
|
|
June 06, 2024 |
Christie's |
Christie's starts notifying clients of RansomHub data breach |
RansomHub |
While analysing the breach, Christie's found that the threat actor who breached its systems accessed and extracted customer files between May 8 and May 9. |
|
|
June 11, 2024 |
Cleveland City |
Cleveland City Hall shuts down after cybersecurity incident |
Unknown |
Cleveland City Hall was forced to close its doors due to a ransomware attack that disrupted the city's computer systems. |
|
|
June 13, 17, 2024 |
Panera Bread |
Panera warns of employee data breach after March ransomware attack |
Unknown |
U.S. food chain giant Panera Bread notified employees of a data breach after unknown threat actors stole their sensitive personal information in a March ransomware attack. In breach notification letters filed with the Office of California's Attorney General, Panera said it detected what it describes as a "security incident," took measures to contain the breach, hired external cybersecurity experts to investigate the incident, and notified law enforcement. |
|
|
June 13, 2024 |
Ascension Healthcare |
Ascension hacked after employee downloaded malicious file |
BlackBasta Ransomware |
Ascension, one of the largest U.S. healthcare systems, revealed that a May 2024 ransomware attack was caused by an employee who downloaded a malicious file onto a company device. Ascension said this was likely an "honest mistake" as the employee thought they were downloading a legitimate file. |
|
|
June 19, 2024 |
CDK Global |
CDK Global cyber attack impacts thousands of US car dealerships |
BlackSuit Ransomware |
The BlackSuit ransomware gang is behind CDK Global's massive IT outage and disruption to car dealerships across North America, according to multiple sources familiar with the matter. |
|
|
June 20, 2024 |
Change Healthcare |
Change Healthcare lists the medical data stolen in ransomware attack |
BlackCat (aka ALPHV) Ransomware |
UnitedHealth has confirmed for the first time what types of medical and patient data were stolen in the massive Change Healthcare ransomware attack, stating that data breach notifications will be mailed in July. |
|
|
June 26, 2024 |
South Africa’s National Health Laboratory Service (NHLS) |
South Africa’s national health lab hit with ransomware attack amid mpox outbreak |
Unknown |
South Africa’s National Health Laboratory Service (NHLS) confirmed that it dealt with a ransomware attack significantly affecting the dissemination of lab results as the country responds to an outbreak of mpox. A spokesperson for the organisation said that hackers deleted sections of their system, including backup servers, meaning they will have to rebuild many of the affected parts. |
South Africa’s National Health Laboratory Service (NHLS) ransomware attack |
|
June 28, 2024 |
Infosys McCamish |
Infosys McCamish says LockBit stole data of 6 million people |
LockBit Ransomware |
Infosys McCamish Systems (IMS) disclosed that the LockBit ransomware attack it suffered earlier this year impacted sensitive information of more than six million individuals. |
|
Date |
Victim |
Summary |
Threat Actor |
Business Impact |
Source Link |
|
June 02, 2024 |
Ticketmaster |
Live Nation confirms Ticketmaster breach after hackers hawk stolen information of 560 million |
ShinyHunters |
Live Nation confirmed ShinyHunters’ claim of having a 1.3 terabyte database of information on about 560 million Ticketmaster users that included names, addresses, emails and phone numbers as well as event details and information on specific orders. The database allegedly included credit card details - names, expiration dates and the last four digits of card numbers; ShinyHunters offered the database for $500,000. |
|
|
June 02, 2024 |
AI platform Hugging Face |
AI platform Hugging Face says hackers stole auth tokens from Spaces |
Unknown |
Hugging Face said that its Spaces platform was breached, allowing hackers to access authentication secrets for its members. |
|
|
June 03, 2024 |
Unknown victim |
361 million stolen accounts leaked on Telegram added to HIBP |
Unknown |
A massive trove of 361 million email addresses from credentials stolen by password-stealing malware, in credential stuffing attacks, and from data breaches was added to the ‘Have I Been Pwned’ data breach notification service, allowing anyone to check if their accounts have been compromised. |
361 million stolen email addresses are added to Have I Been Pwned |
|
June 03, 2024 |
Collection agency FBCS |
Collection agency FBCS ups data breach tally to 3.2 million people |
Unknown |
In late April, the firm reported that roughly 1.9 million people in the U.S. had sensitive personal information compromised in a data breach incident on February 14, 2024. The firm has now submitted a supplemental notice to the Office of the Maine AG, stating that the total number of persons affected is now 3.2 million people, which adds over a million to the original figure. |
|
|
June 03, 2024 |
Pathology services provider Synnovis, and King's College Hospital, Guy's Hospital, St Thomas' Hospital, Royal Brompton Hospital, and Evelina London Children's Hospital |
Major London hospitals disrupted by Synnovis ransomware attack |
The Quilin gang |
The ransomware attack on pathology and diagnostic services provider Synnovis, severely impacted healthcare services at multiple major NHS hospitals in London. Hospitals weren't able to match patients' blood types with as much frequency. Planned operations had to be cancelled including cancer treatments and organ transplants. |
Source: The Guardian
|
|
June 04, 2024 |
Northern Minerals Limited |
Australian mining company discloses breach after BianLian leaks data |
Unknown |
Northern Minerals issued an announcement warning that it suffered a cybersecurity breach resulting in some of its stolen data being published on the dark web. The firm disclosed, without naming the perpetrators, that data had been stolen from its systems in late March 2024 and subsequently published on the dark web. "The exfiltrated data included corporate, operational and financial information and some details relating to current and former personnel and some shareholder information," the announcement said. |
|
|
June 04, 2024 |
Disney Confluence |
Club Penguin fans breached Disney Confluence server, stole 2.5 GB of data |
Club Penguin fans |
Club Penguin fans hacked a Disney Confluence server to steal information about their favourite game but wound up walking away with 2.5 GB of internal corporate data. The data included information about Disney's corporate strategies, advertising plans, Disney+, internal developer tools, business projects, and internal infrastructure. |
|
|
June 05, 2024 |
Advance Auto Parts |
Advance Auto Parts stolen data for sale after Snowflake attack |
Sp1d3r (BreachForum name) |
Threat actors claim to be selling 3 TB of data from Advance Auto Parts, stolen after breaching the company's Snowflake account. |
|
|
June 06, 21, 2024 |
Los Angeles Unified School District |
Los Angeles Unified School District investigates data theft claims |
Sp1d3r (BreachForum name) |
Los Angeles Unified School District (LAUSD) officials investigated a threat actor's claims that they're selling stolen databases containing records belonging to millions of students and thousands of teachers. The threat actor selling the allegedly stolen data for $1,000 said the CSV files put up for sale on a hacking forum contain over 11GB of data, as first spotted by Dark Web Informer. |
|
|
June 07, 2024 |
New York Times |
New York Times source code stolen using exposed GitHub token |
Unknown |
Internal source code and data belonging to The New York Times was leaked on the 4chan message board after being stolen from the company's GitHub repositories in January 2024. As first seen by VX-Underground, the internal data was leaked by an anonymous user who posted a torrent to a 273 GB archive containing the stolen data. |
|
|
June 09, 2024 |
23andMe |
23andMe data breach under investigation in UK and Canada |
A hacker, who called himself “Golem” on BreachForums |
Privacy authorities in Canada and the United Kingdom have launched a joint investigation to assess the scope of sensitive customer information exposed in last year's 23andMe data breach. The Privacy Commissioner of Canada and The Information Commissioner's Office (ICO) will also look into whether the company had adequate safeguards to secure customer data stored on its systems. |
|
|
June 10, 2024 |
Cylance |
Cylance confirms data breach linked to 'third-party' platform |
Sp1d3r |
Cybersecurity company Cylance confirmed the legitimacy of data being sold on a hacking forum, stating that it is old data stolen from a "third-party platform." A threat actor known as Sp1d3r was detected selling this stolen data for $750,000, as first spotted by Dark Web Informer. The data allegedly included a substantial amount of information, such as 34,000,000 customer and employee emails and personally identifiable information belonging to Cylance customers, partners, and employees. |
|
|
June 11, 2024 |
Pure Storage |
Pure Storage confirm it's a victim of mounting Snowflake-related data breaches |
Sp1d3r |
The breached workspace belonging to Pure Storage contained "telemetry information" used to provide customer support services, the vendor said. "That information includes company names, LDAP usernames, email addresses, and the Purity software release version number," it added. |
|
|
June 13, 2024 |
Truist Bank |
Data breach confirmed by Truist Bank following Sp1d3r claims |
Sp1d3r ransomware |
Sources reported that major U.S. commercial bank Truist Bank disclosed having its systems compromised in October following data theft claims by the threat actor "Sp1d3r" purporting data theft from 65,000 employees. In a statement provided to SC Media, Truist Bank admitted to losing some customer data but declined to link the incident to the recent drama surrounding cloud IT provider Snowflake. The bank said the fraud dates back to a 2023 intrusion. |
|
|
June 14, 2024 |
Insurance giant Globe Life |
Attackers accessed consumer information, says Globe Life in SEC filing |
Unknown |
Globe Life reported to the Securities and Exchange Commission (SEC) that a breach of a company web portal resulted in the unauthorised access to consumer and policyholder information. In a filing to the SEC, the company said it made the determination following an inquiry from a state insurance regulator around potential vulnerabilities related to access permissions and user identity management for the web portal. |
|
|
June 19, 2024 |
AMD |
AMD investigates breach claims after hacker offers to sell data |
Unknown |
The hackers announced earlier on the BreachForums cybercrime forum that he was “selling the AMD.com data breach”. The data offered for sale allegedly included information on future AMD products, customer and employee databases, datasheets, source code, property files, firmware, and financial documents. The employee database allegedly includes information such as name, job role, phone number, and email addresses. |
|
|
June 19, 2024 |
T-Mobile |
T-Mobile denies it was hacked, links leaked data to vendor breach |
IntelBroker |
T-Mobile denied it was breached or that source code was stolen after a threat actor claimed to be selling stolen data from the telecommunications company. This statement came after IntelBroker, a well-known threat actor linked to numerous breaches, claimed to have breached T-Mobile in June 2024 and stolen source code. |
|
|
June 19, 2024 |
The Association of Texas Professional Educators |
More than 400,000 have data leaked in cyber attack on Texas education organisation |
Unknown |
The Association of Texas Professional Educators sent out breach notifications over the last week warning of a cyber attack that exposed sensitive information. The Association of Texas Professional Educators (ATPE) submitted filings with regulators on June 14 that said the incident affected 426,280 people - including members of the organisation, employees and their dependents. |
|
|
June 24, 2024 |
Neiman Marcus |
Neiman Marcus confirms data breach after Snowflake account hack |
Sp1d3r |
Luxury retailer Neiman Marcus confirmed it suffered a data breach after hackers attempted to sell the company's database stolen in recent Snowflake data theft attacks. |
|
|
June 24, 2024 |
Los Angeles County |
Los Angeles County says 25 departments affected by February phishing incident |
Unknown |
Multiple departments of Los Angeles County’s government were breached as part of a wide-ranging phishing campaign conducted in February. Overall, 25 of the county’s 38 departments were affected, but only two health-related agencies have released public notices. The personal or health information of more than 500 people was compromised in each incident. |
|
|
June 26, 2024 |
Evolve Bank |
Evolve Bank confirms data breach after brazen LockBit claims |
LockBit ransomware |
Arkansas-based Evolve Bank & Trust confirmed that hackers stole customer information and posted it on the dark web. The bank said the hackers “released illegally obtained data, including Personal Identification Information (PII), on the dark web.” “The data varies by individual but may include your name, Social Security Number, date of birth, account information and/or other personal information,” the bank explained. |
|
|
June 27, 2024 |
Geisinger, healthcare system |
Former IT employee accessed data of over 1 million US patients |
Former IT employee |
Geisinger, a prominent healthcare system in Pennsylvania, announced a data breach involving a former employee of Nuance, an IT services provider contracted by the organisation. An announcement explained that in November 2023, Geisinger detected unauthorised access to its patients’ database by a former Nuance employee. |
|
|
June 28, 2024 |
Software company TeamViewer |
TeamViewer says Russia’s ‘Cozy Bear’ hackers attacked corporate IT system |
APT29, also known as Cozy Bear, BlueBravo and Midnight Blizzard |
Software company TeamViewer confirmed that a prolific Russian hacking group breached its corporate IT environment earlier in the week. TeamViewer explained that the hack was traced back to the “credentials of a standard employee account” within the company’s corporate IT environment. |
|
Date |
Victim |
Summary |
Threat Actor |
Business Impact |
Source Link |
|
June 03, 2024 |
Microsoft India |
Microsoft India’s X account hijacked in Roaring Kitty crypto scam |
Unknown |
The official Microsoft India account on Twitter, with over 211,000 followers, was hijacked by cryptocurrency scammers to impersonate Roaring Kitty, the handle used by notorious meme stock trader Keith Gill. |
|
|
June 03, 2024 |
American Radio Relay League (ARRL) |
ARRL says it was hacked by an "international cyber group" |
An unnamed malicious international cyber group. |
The cyber attack on the American Radio Relay League (ARRL) took its Logbook of the World offline and caused some members to become frustrated over the lack of information. |
|
|
June 03, 2024 |
Verny store in Russia |
Cyber attack disrupts operations of supermarkets across Russia |
Unknown |
A popular Russian discount retail chain with over 1,000 stores nationwide was hit by a cyber attack that disrupted its services for several days. The supermarket chain Verny (“loyal” in Russian) confirmed the hack to several local news websites. The unknown attackers took down the company's website and mobile app. Due to the attack, Verny’s supermarkets couldn’t process bank cards or receive and deliver online orders, according to the reports. |
|
|
June 19, 2024 |
Forklift manufacturer Crown |
Forklift manufacturer shuts down systems to investigate cyber attack |
Unknown |
One of the largest manufacturers of forklifts has been forced to shut down its operating systems following a cyber attack. |
|
New Ransomware |
Summary |
Source Link |
|
New Fog ransomware |
A new ransomware operation named 'Fog' launched in early May 2024, is using compromised VPN credentials to breach the networks of educational organisations in the U.S. Fog was discovered by Artic Wolf Labs, which reported that the ransomware operation has not set up an extortion portal yet and was not observed stealing data. |
New Fog ransomware targets US education sector via breached VPNs |
|
RansomHub's ESXi encryptor |
The RansomHub ransomware operation is using a Linux encryptor designed specifically to encrypt VMware ESXi environments in corporate attacks. |
Linux version of RansomHub ransomware targets VMware ESXi VMs |
|
New Medusa malware |
The Medusa banking trojan for Android has re-emerged after almost a year of keeping a lower profile in campaigns targeting France, Italy, the United States, Canada, Spain, the United Kingdom, and Turkey. |
New Medusa malware variants target Android users in seven countries |
|
Date |
New Malware/Flaws/Fixes |
Summary |
Source Link |
|
June 03, 2024 |
CVE-2024-4358 |
Researchers have published a proof-of-concept (PoC) exploit script demonstrating a chained remote code execution (RCE) vulnerability on Progress Telerik Report Servers. |
Exploit for critical Progress Telerik auth bypass released, patch now |
|
June 04, 2024 |
CVE-2024-29972, CVE-2024-29973, and CVE-2024-29974 |
Zyxel Networks has released an emergency security update to address three critical vulnerabilities impacting older NAS devices that have reached end-of-life. |
Zyxel issues emergency RCE patch for end-of-life NAS devices |
|
June 07, 2024 |
CVE-2024-4577 |
A new PHP for Windows remote code execution (RCE) vulnerability has been disclosed, impacting all releases since version 5.x, potentially impacting a massive number of servers worldwide. |
PHP fixes critical RCE flaw impacting all versions for Windows |
|
June 10, 2024 |
CVE-2024-29849 |
A proof-of-concept (PoC) exploit for a Veeam Backup Enterprise Manager authentication bypass flaw tracked as CVE-2024-29849 is now publicly available, making it urgent that admins apply the latest security updates. |
|
|
June 10, 2024 |
CVE-2024-4610 |
Arm has issued a security bulletin warning of a memory-related vulnerability in Bifrost and Valhall GPU kernel drivers that is being exploited in the wild. |
Arm warns of actively exploited flaw in Mali GPU kernel drivers |
|
June 11, 2024 |
CVE-2024-37051 |
JetBrains warned customers to patch a critical vulnerability that impacts users of its IntelliJ integrated development environment (IDE) apps and exposes GitHub access tokens. |
JetBrains warns of IntelliJ IDE bug exposing GitHub access tokens |
|
June 12, 2024 |
CVE-2024-4577 |
The TellYouThePass ransomware gang has been exploiting the recently patched remote code execution vulnerability in PHP to deliver webshells and execute the encryptor payload on target systems. |
TellYouThePass ransomware exploits recent PHP RCE flaw to breach servers |
|
June 12, 2024 |
CVE-2024-26169 |
The Black Basta ransomware operation is suspected of exploiting a Windows privilege escalation vulnerability as a zero-day before a fix was made available. |
Black Basta ransomware gang linked to Windows zero-day attacks |
|
June 13, 2024 |
CVE-2024-29855 |
A proof-of-concept (PoC) exploit for a critical Veeam Recovery Orchestrator authentication bypass vulnerability tracked as CVE-2024-29855 has been released, elevating the risk of being exploited in attacks. |
Exploit for Veeam Recovery Orchestrator auth bypass available, patch now |
|
June 13, 2024 |
CVE-2024-26169 |
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity Windows vulnerability abused in ransomware attacks as a zero-day to its catalogue of actively exploited security bugs. |
|
|
June 18, 2024 |
CVE-2024-37079, CVE-2024-37080, CVE-2024-37081 |
VMware has issued a security advisory addressing critical vulnerabilities in vCenter Server, including remote code execution and local privilege escalation flaws. |
|
|
June 20, 2024 |
CVE-2024-28995 |
Threat actors are actively exploiting a SolarWinds Serv-U path-traversal vulnerability, leveraging publicly available proof-of-concept (PoC) exploits. |
SolarWinds Serv-U path traversal flaw actively exploited in attacks |
|
June 20, 2024 |
CVE-2024-34102 |
A vulnerability dubbed "CosmicSting" impacting Adobe Commerce and Magento websites remains largely unpatched nine days after the security update has been made available, leaving millions of sites open to catastrophic attacks. |
CosmicSting flaw impacts 75% of Adobe Commerce, Magento sites |
|
June 26, 2024 |
CVE-2024-5806 |
The new security flaw in Progress MOVEit Transfer received the identifier CVE-2024-5806 and allows attackers to bypass the authentication process in the Secure File Transfer Protocol (SFTP) module, which is responsible for file transfer operations over SSH. |
|
News Type |
Summary |
Source Link |
|
Report |
Cybercriminals are promoting a new phishing kit named 'V3B' on Telegram, which currently targets customers of 54 major financial institutes in Ireland, the Netherlands, Finland, Austria, Germany, France, Belgium, Greece, Luxembourg, and Italy. |
|
|
Report |
Attackers have been hijacking high-profile TikTok accounts belonging to multiple companies and celebrities, exploiting a zero-day vulnerability in the social media's direct messages feature. |
TikTok fixes zero-day bug used to hijack high-profile accounts |
|
Report |
Ariane Systems self check-in systems installed at thousands of hotels worldwide are vulnerable to a kiosk mode bypass flaw that could allow access to guests’ personal information and the keys for other rooms. |
Check-in terminals used by thousands of hotels leak guest info |
|
Warning |
The FBI urges past victims of LockBit ransomware attacks to come forward after revealing that it has obtained over 7,000 LockBit decryption keys that they can use to recover encrypted data for free. |
FBI recovers 7,000 LockBit keys, urges ransomware victims to reach out |
|
Report |
The Computer Emergency Response Team of Ukraine (CERT-UA) reports about a new campaign dubbed "SickSync," launched by the UAC-0020 (Vermin) hacking group in attacks on the Ukrainian defence forces. |
|
|
Report |
Hacktivists are conducting DDoS attacks on European political parties. Cloudflare reports that it has mitigated at least three distributed denial of service (DDoS) attack waves on various election-related sites in the Netherlands, as well as several political parties. |
|
|
Report |
A Windows malware named 'Warmcookie' is distributed through fake job offer phishing campaigns to breach corporate networks. |
|
|
Warning |
The Cybersecurity and Infrastructure Security Agency (CISA) warned that criminals are impersonating its employees in phone calls and attempting to deceive potential victims into transferring money. |
CISA warns of criminals impersonating its employees in phone calls |
|
Report |
The Biden administration has announced an upcoming ban of Kaspersky antivirus software and the pushing of software updates to US companies and consumers, giving customers until September 29, 2024, to find alternative security software. |
Biden bans Kaspersky antivirus software in US over security concerns |
|
Warning |
The FBI is warning of cybercriminals posing as law firms and lawyers that offer cryptocurrency recovery services to victims of investment scams and steal funds and personal information. |