Cyber Security Blog

October 2024: Biggest Cyber Attacks, Data Breaches, Ransomware Attacks

Written by Aditi Uberoi | 1 November 2024

MoneyGram, Casio, ADT Alarms, Zendesk, ESET, Radiant Capital, Wayback Machine-Internet Archive, Insurance admin Landmark, Red Barrels and Pokemon’s game freak. Are you wondering what could possibly be common amongst these disparate entities? 

They've all been victims of cyber crime in October 2024 and some of them have been hit the second time in the month gone by. Check out our comprehensive list of the biggest cyber attacks, ransomware attacks and data breaches in the month gone by. 

  1. Ransomware Attacks in October 2024
  2. Data Breaches in October 2024
  3. Cyber Attacks in October 2024
  4. New Malware and Ransomware Discovered
  5. Vulnerabilities Discovered and Patches Released 
  6. Advisories issued, reports, analysis etc. in October 2024

October 2024 saw several high-profile cyber attacks, ransomware incidents, and data breaches, affecting a range of industries from healthcare and finance to retail and government. These events underscore the evolving tactics cybercriminals use to exploit vulnerabilities. Each incident emphasises the relentless reach of cybercrime, and the trail of damage it leaves behind. 

Our comprehensive monthly lists of cybersecurity incidents highlight the widespread impact of these attacks. We also aim to illustrate how no business - be it a watch manufacturer or a video game developer -  is immune to cyber crime. This compilation serves as a stark reminder that attackers can find entry points even in organisations with substantial resources, making it critical for businesses to stay informed about the latest cyber threats and trends affecting their industry.

The objective behind these monthly summaries is to stress the importance of building cyber resilience and preparing for potential cyber incidents. Proactive cybersecurity measures and robust cyber incident response planning are essential for minimising risk and responding effectively when an attack occurs. Scenario-based testing of your incident response capabilities through Cyber Tabletop Exercises is equally critical. They show you where you stand and how prepared you really are for an actual event.

Read through these incidents for quick insights into the current threat landscape. Learn from the experiences of others to build better preparation response capabilities for your own organisation. Remember, that the only way to get ahead of cyber criminals is through robust preparation, awareness and constant vigilance. 

Ransomware Attacks in October 2024

Date

Victim

Summary

Threat Actor

Business Impact

Source Link

October 01, 2024

UMC Health System

UMC Health System Diverts Patients Following Ransomware Attack

Unknown

Texas healthcare provider UMC Health System was forced to divert some patients to other locations after a ransomware attack impacted its operations. In an announcement published on its website, UMC said it is responding to an IT outage impacting its network. While facilities remain open, some emergency and non-emergency cases are being diverted as the cause of the IT outage, according to the healthcare organisation, was a ransomware attack.

Source: BleepingComputer

October 01, 2024

Community Clinic of Maui, Mālama

Community Clinic of Maui says 123,000 affected by May cyber attack

LockBit

The Community Clinic of Maui warned more than 123,000 people that their information was accessed by hackers during a cyber attack in May. Mālama, said the hackers had access to personal data between May 4 and May 7, stealing  information including Social Security numbers, passport numbers, financial account numbers as troves of data on medical treatments. The hackers also stole routing numbers, bank names, financial account numbers and some biometric data. A total of 123,882 were impacted by the attack, which forced the clinic to take servers offline.

Source: The Record 

October 02, 2024

Royal Mail

Hackers pose as British postal carrier to deliver Prince ransomware in destructive campaign

Unknown

Researchers have identified a new campaign in which hackers impersonated the British postal carrier Royal Mail to target victims in the U.S. and the U.K. with Prince ransomware. The attacks, which occurred in mid-September, affected a small number of organisations, according to a report by cybersecurity firm Proofpoint. Unlike most ransomware attacks, where hackers encrypt the victim’s data and demand a ransom, the goal of this campaign appeared to be destructive, as there were no decryption mechanisms or data exfiltration capabilities, researchers said.

Source: The Record

October 10, 2024

Casio

Casio confirms customer data stolen in a ransomware attack

Underground Ransomware 

Casio confirmed it suffered a ransomware attack in October, warning that the personal and confidential data of employees, job candidates, and some customers was also stolen. The attack was disclosed on October 07, 2024 when Casio warned that it was facing system disruption and service outages due to unauthorised access to its networks during the weekend.

Source: BleepingComputer

October 16, 2024

Insurance giant Globe Life

Hackers blackmail Globe Life after stealing customer data

Unknown

Insurance giant Globe Life said an unknown threat actor attempted to extort money in exchange for not publishing data stolen from the company's systems earlier this year.

Source: BleepingComputer

October 16, 2024

Boston Children's Health Physicians

BianLian ransomware claims attack on Boston Children's Health Physicians

BianLian ransomware 

The BianLian ransomware group has claimed the cyber attack on Boston Children's Health Physicians (BCHP) and threatens to leak stolen files unless a ransom is paid.

Source: BleepingComputer

October 18, 2024

Tech giant Nidec

Tech giant Nidec confirms data breach following ransomware attack

8BASE and Everest gangs

Nidec Corporation informed that hackers behind a ransomware attack suffered earlier this year stole data and leaked it on the dark web as the Japanese tech giant said the threat actors tried to extort the company and decided to leak the information after their demands were not met. 

Source: BleepingComputer

October 21, 2024

The Vocational Training Center, or Berufsbildungszentrum (BBZ)

Spate of ransomware attacks on German-speaking schools hits another in Switzerland

Unknown

The Vocational Training Center, or Berufsbildungszentrum (BBZ) became the victim of a ransomware attack. “When attacking the BBZ's IT systems, cybercriminals blocked access to several systems and demanded a ransom. The attack was carried out using encryption malware on the BBZ servers,” stated the department, adding that it did not respond to the ransom demand.

Source: The Record

October 24, 2024

Henry Schein

Henry Schein discloses data breach a year after ransomware attack

BlackCat Ransomware gang

Henry Schein has finally disclosed a data breach following at least two back-to-back cyber attacks in 2023 by the BlackCat Ransomware gang, revealing that over 160,000 people had their personal information stolen.

Source: BleepingComputer

October 24, 2024

UnitedHealth

UnitedHealth says data of 100 million stolen in Change Healthcare breach

BlackCat ransomware gang, aka ALPHV

UnitedHealth has confirmed for the first time that over 100 million people had their personal information and healthcare data stolen in the Change Healthcare ransomware attack, marking this as the largest healthcare data breach in recent years.

Source: BleepingComputer


 
Back to Top 



Data Breaches in October 2024

Date

Victim

Summary

Threat Actor

Business Impact

Source Link

October 01, 2024

Rackspace

Rackspace internal monitoring web servers hit by zero-day

Unknown

Rackspace has told customers that intruders exploited a zero-day bug in a third-party application it was using, and abused that vulnerability to break into its internal performance monitoring environment. That intrusion forced the cloud-hosting outfit to temporarily take its monitoring dashboard offline for customers and the intruders were able to get hold of some monitoring-related customer information before being caught.

Rackspace data breach due to zero-day flaw

October 03, 2024

Dutch Police

Dutch Government Blames a 'State Actor' for Hacking a Police Network

An anonymous state actor

The Dutch government believed that a cyber attack that accessed work-related contact details of all Dutch police officers was almost certainly carried out by hackers working for a foreign government

Dutch Police data breach attack

October 03, 2024

Red Barrels, the studio behind Outlast

Outlast Studio is Victim of Hacking: Red Barrels Suffers Theft of Source Code and 1.8 TB of Information; Their Projects Will Face Delays

Unknown

In a recent statement, the company confirmed that its computer systems were compromised, resulting in data theft as the attacker stole the source code of their games and 1.8 TB of data.

Data breach attack on Outlast Studio’s Red Barrels

October 04 and 07, 2024

MoneyGram

MoneyGram: No evidence ransomware is behind recent cyber attack

MoneyGram has not publicly attributed the attack to any particular threat actor, but the strategies are reminiscent of attacks previously conducted by a loose-knit hacker collective known as Scattered Spider (aka UNC3944, the Com, and 0ktapus)

MoneyGram confirmed they had suffered a cyber attack and took systems offline to contain the breach on September 20, three days after customers started reporting experiencing issues. The disruption to IT systems prevented customers from being able to access and transfer their money and perform other online activities.  MoneyGram confirmed that hackers stole customers' personal information and transaction data in a September cyber attack that caused a five-day outage.

Source: BleepingComputer

October 05, 2024

Comcast and Truist Bank

Comcast and Truist Bank customers caught up in FBCS data breach

Unknown

Comcast Cable Communications and Truist Bank disclosed that they were impacted by a data breach at FBCS, and have started informing their respective customers that their data has been compromised as the internal investigation into the incident appeared to be ongoing. FBCS recently informed additional entities that they had been impacted, including Comcast and Truist.

Source: BleepingComputer

October 07, 2024

ADT

ADT discloses second breach in 2 months, hacked via stolen credentials

Unknown

ADT disclosed that it suffered a breach after threat actors gained access to its systems using stolen credentials and exfiltrated employee account data. As part of its investigations, it was determined that encrypted account data for employees was stolen in the attack.

Source: BleepingComputer

October 10, 2024

Fidelity Investments

Fidelity Investments says data breach affects over 77,000 people

Unknown

Fidelity Investments said that the personal information of over 77,000 customers was exposed after its systems were breached in August. The company said that an unknown attacker stole data between August 17 and 19 using two customer accounts that they had recently established.

Source: BleepingComputer

October 14, 2024

Pokémon maker Game Freak

Pokémon maker confirms it was victim of hack

Unknown

Pokémon maker Game Freak has confirmed it was the victim of a data leak after information appeared online over the weekend. A statement said 2,606 items containing the names and email addresses of current, former and contract employees were accessed.

Data breach attack on Pokemon and Nintendo maker, Game Freak

October 18, 2024

Cisco’s DevHub portal

Cisco takes DevHub portal offline after hacker publishes stolen data

IntelBroker, a breach forums community name

Cisco confirmed that it took its public DevHub portal offline after a threat actor leaked "non-public" data, but it continues to state that there is no evidence that its systems were breached. 

Source: BleepingComputer

October 18, 2024

Boston Children’s Health Physicians

Boston Children’s Health Physicians confirms September data breach

BrianLian Ransomware Group

A prominent organisation that helps connect people with doctors in New York and Connecticut warned patients that a breach in September exposed troves of sensitive information. By September 10, company officials discovered further activity and shut down their systems, and an investigation revealed that the hackers took files off of their network that contained patient information like Social Security numbers, addresses, medical record numbers, health insurance information, billing data and treatment information.

Source: The Record

October 24, 2024

Insurance admin Landmark

Insurance admin Landmark says data breach impacts 800,000 people

Unknown

Insurance administrative services company Landmark Admin warns that a data breach impacted over 800,000 people from a May cyber attack.

Source: BleepingComputer


Back to Top 

Cyber Attacks in October 2024

Date

Victim

Summary

Threat Actor

Business Impact

Source Link 

October 04, 2024

U.S. Wiretap Systems like AT&T, Verizon, and Lumen Technologies

U.S. Wiretap Systems Targeted in China-Linked Hack

Suspected chinese hackers

A cyber attack tied to the Chinese government penetrated the networks of a swath of U.S. broadband providers, potentially accessing information from systems the federal government uses for court-authorised network wiretapping requests. For months or longer, the hackers might have held access to network infrastructure used to cooperate with lawful U.S. requests for communications data, according to people familiar with the matter, which amounts to a major national security risk. The attackers also had access to other tranches of more generic internet traffic, they said.

Cyber attack on U.S. Wiretap Systems; AT&T, Verizon, Lumen Technologies 

October 06, 2024

Lego

Lego Website Compromised in 'Lego Coin' Crypto Scam

Unknown

Lego’s website was temporarily compromised by crypto scammers who attempted to dupe Lego fans into buying a fake “LEGO Coin" cryptocurrency. The website promised “secret rewards” to buyers of the fake coin and it redirected them to a website that was taking payments in Ethereum, one of the most popular cryptocurrencies.

Lego cyber attack

October 07, 2024

American Water

American Water shuts down online services after cyber attack

Unknown

American Water, the largest publicly traded U.S. water and wastewater utility company, was forced to shut down some of its systems after a cyber attack.

American Water cyber attack

October 17, 2024

Japan's ruling Liberal Democratic Party (LDP)

Japan's ruling political party hit by cyber attack from alleged pro-Russian hackers

Several pro-Russian threat actors, including NoName057(16) and the Cyber Army of Russia

Japan's ruling Liberal Democratic Party (LDP) reported that a cyber attack temporarily disrupted its website, coinciding with the start of the country’s general election campaign.

Japan's ruling Liberal Democratic Party (LDP) cyber attack

October 18, 2024

ESET’s Israeli partner, Comsecure

ESET partner breached to send data wipers to Israeli orgs

Unknown

Hackers breached ESET's exclusive partner in Israel to send phishing emails to Israeli businesses that pushed data wipers disguised as antivirus software for destructive attacks. 

Source: BleepingComputer

October 18, 2024

Crypto platform Radiant Capital

Crypto platform Radiant Capital says $50 million in digital coins stolen following account compromises

Unknown

More than $50 million worth of cryptocurrency was stolen from decentralised finance platform Radiant Capital as in a post-mortem report Radiant said the attack compromised three developers, all of whom are long-standing, trusted contributors to the platform.

Source: The Record

October 21, 2024

Wayback Machine, Archive-It

Internet Archive hacker claims to still have access, responds to Zendesk support tickets

Unknown

A hacker allegedly behind the recent breach of the Internet Archive is making several new claims about their continued access to the platform. The digital nonprofit said the Wayback Machine, Archive-It and other tools are available again, while several other services are still in the process of being restored. But, someone sent antagonistic messages to hundreds of people who have contacted the Internet Archive, including Recorded Future News.

Source: The Record


Back to Top 

Back to Top 

New Ransomware/Malware Discovered in September 2024

New Ransomware

Summary

A new version of the WarmCookie backdoor

A new 'FakeUpdate' campaign targeting users in France leverages compromised websites to show fake browser and application updates that spread a new version of the WarmCookie backdoor.

New version of the Qilin ransomware, 'Qilin.B

A new Rust-based version of the Qilin (Agenda) ransomware strain, dubbed 'Qilin.B,' has been spotted in attacks, featuring stronger encryption, better evasion from security tools, and the ability to disrupt data recovery mechanisms.

Sources for the above table: BleepingComputer & The Record

 Back to Top 

Vulnerabilities/Patches Discovered in October 2024

Date

New Malware/Flaws/Fixes

Summary

October 01, 2024

CVE-2024-45489

The Browser Company has introduced an Arc Bug Bounty Program to encourage security researchers to report vulnerabilities to the project and receive rewards. This development comes in response to a critical remote code execution flaw, tracked as CVE-2024-45489

October 02, 2024

FSCT-2024-0006, FSCT-2024-0007, FSCT-2024-0014, FSCT-2024-0001, FSCT-2024-0002

DrayTek has released security updates for multiple router models to address 14 vulnerabilities of varying severity, including a remote code execution flaw that received the maximum CVSS score of 10. The researchers warned that their scans revealed that approximately 785,000 DrayTek routers might be vulnerable to the newly discovered set of flaws, with over 704,500 having their web interface exposed to the internet.

October 02, 2024

CVE-2024-41925, CVE-2024-45367

U.S. cybersecurity agency CISA is warning about two critical vulnerabilities that allow authentication bypass and remote code execution in Optigo Networks ONS-S8 Aggregation Switch products used in critical infrastructure. The first flaw is tracked as CVE-2024-41925 and the second issue, tracked as CVE-2024-45367.

October 02, 2024

CVE-2024-29824

CISA warned today that a critical Ivanti vulnerability that can let threat actors gain remote code execution on vulnerable Endpoint Manager (EPM) appliances is now actively exploited in attacks.

October 02, 2024

CVE-2024-45519

Multiple cybersecurity agencies in Europe warned about a vulnerability affecting Zimbra’s email product that researchers have confirmed is being exploited to spread malware. 

October 03, 2024

CVE-2024-47176, CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177

A set of bugs that has caused alarm among cybersecurity experts may enable threat actors to launch powerful attacks designed to knock systems offline.

October 03, 2024

CVE-2024-32102, CVE-2024-2961

Adobe Commerce and Magento online stores are being targeted in "CosmicSting" attacks at an alarming rate, with threat actors hacking approximately 5% of all stores. The CosmicSting vulnerability (CVE-2024-32102) is a critical severity information disclosure flaw; when chained with CVE-2024-2961, a security issue in glibc's iconv function

October 03, 2024

CVE-2024-47176

A recently disclosed vulnerability in the Common Unix Printing System (CUPS) open-source printing system can be exploited by threat actors to launch distributed denial-of-service (DDoS) attacks with a 600x amplification factor. 

October 07, 2024

CVE-2024-43047

Qualcomm has released security patches for a zero-day vulnerability in the Digital Signal Processor (DSP) service that impacts dozens of chipsets. The security flaw was reported by Google Project Zero's Seth Jenkins, security researcher Conghui Wang, and Amnesty International's Security Lab.

October 08, 2024

CVE-2024-9379, CVE-2024-9380 or CVE-2024-9381 are chained with CVE-2024-8963

American IT software company Ivanti has released security updates to fix three new Cloud Services Appliance (CSA) zero-days tagged as actively exploited in attacks. 

October 10, 2024

CVE-2024-9164

GitLab has released security updates to address multiple flaws in Community Edition (CE) and Enterprise Edition (EE), including a critical arbitrary branch pipeline execution flaw. 

October 10, 2024

CVE-2024-40711

Ransomware gangs now exploit a critical security vulnerability that lets attackers gain remote code execution (RCE) on vulnerable Veeam Backup & Replication (VBR) servers. 

October 16, 2024

CVE-2024-38178

The North Korean hacking group ScarCruft launched a large-scale attack in May that leveraged an Internet Explorer zero-day flaw to infect targets with the RokRAT malware and exfiltrate data. 

October 16, 2024

CVE-2024-9486

A critical vulnerability in Kubernetes could allow unauthorised SSH access to a virtual machine running an image created with the Kubernetes Image Builder project. 

October 16, 2024

CVE-2024-28987

CISA has added three flaws to its 'Known Exploited Vulnerabilities' (KEV) catalogue, among which is a critical hardcoded credentials flaw in SolarWinds Web Help Desk (WHD) that the vendor fixed in late August 2024. 

Sources: BleepingComputer and The Record

 Back to Top

Warnings/Advisories/Reports/Analysis

News Type

Summary

Report

The UK National Crime Agency (NCA) has sanctioned 16 members of Russian hacker group Evil Corp and has identified its links to prolific ransomware group, LockBit.

Report

The notorious APT hacking group known as FIN7 has launched a network of fake AI-powered deepnude generator sites to infect visitors with information-stealing malware.

Report

A Cambodian freelance journalist known for investigating the cyber scam industry was arrested on charges of “incitement to disturb social security as Mech Dara, 36, whose reporting has appeared in several international news outlets was apprehended by military police who intercepted his car while he was driving with his family to the Cambodian capital.

Report

The Police Service of Northern Ireland (PSNI) has been fined £750,000 ($1 million) by the United Kingdom’s data protection regulator after accidentally revealing the identities of all of its officers and staff, potentially exposing them to terrorist and criminal groups and “leaving many fearing for their safety.”

Report

During a distributed denial-of-service campaign targeting organisations in the financial services, internet, and telecommunications sectors, volumetric attacks peaked at 3.8 terabits per second, the largest publicly recorded to date. The assault consisted of a “month-long” barrage of more than 100 hyper-volumetric DDoS attacks flooding the network infrastructure with garbage data.

Report

Cybersecurity researchers have reported finding multiple mobile applications used in so-called ‘pig butchering’ schemes, lurking on the official Google and Apple repositories.

Report

Nuclear waste processing facility Sellafield has been fined £332,500 ($440k) by the Office for Nuclear Regulation (ONR) for failing to adhere to cybersecurity standards and putting sensitive nuclear information at risk over four years, from 2019 to 2023.

Report

According to an ESET report, an APT hacking group known as GoldenJackal has successfully breached air-gapped government systems in Europe using two custom toolsets to steal sensitive data, like emails, encryption keys, images, archives, and documents.

Warning

U.S. and U.K. cyber agencies warned that APT29 hackers linked to Russia's Foreign Intelligence Service (SVR) target vulnerable Zimbra and JetBrains TeamCity servers "at a mass scale."

Report

Marriott International and its subsidiary Starwood Hotels will pay $52 million and create a comprehensive information security program as part of settlements for data breaches that impacted over 344 million customers.

Report

OpenAI has disrupted over 20 malicious cyber operations abusing its AI-powered chatbot, ChatGPT, for debugging and developing malware, spreading misinformation, evading detection, and conducting spear-phishing attacks.

Report

The United States Department of Justice unsealed an indictment against two Sudanese brothers suspected of being the operators of Anonymous Sudan, a notorious and dangerous hacktivist group known for conducting over 35,000 DDoS attacks in a year.

Report

Iranian hackers are breaching critical infrastructure organisations to collect credentials and network data that can be sold on cybercriminal forums to enable cyber attacks from other threat actors.

Report

North Korean IT professionals who trick Western companies into hiring them are stealing data from the organisation's network and asking for a ransom to not leak it.

Report

An Alabama man was arrested today by the FBI for his suspected role in hacking the SEC's X account to make a fake announcement that Bitcoin ETFs were approved.

Report

A new ClickFix campaign is luring users to fraudulent Google Meet conference pages showing fake connectivity errors that deliver info-stealing malware for Windows and macOS operating systems.

Warning

Microsoft is warning enterprise customers that, for almost a month, a bug caused critical logs to be partially lost, putting at risk companies that rely on this data to detect unauthorised activity.

Report

The latest generations of Intel processors, including Xeon chips, and AMD's older microarchitectures on Linux are vulnerable to new speculative execution attacks that bypass existing ‘Spectre’ mitigations.

Report

The scale of the ransomware problem has grown significantly over the last year, with hundreds of healthcare institutions attacked in the last 12 months, Microsoft reported.

Report

Microsoft is using deceptive tactics against phishing actors by spawning realistic-looking honeypot tenants with access to Azure and lure cybercriminals in to collect intelligence about them.

Report

Cyprus’ critical infrastructure and government websites were targeted in a series of coordinated cyber attacks claimed by several pro-Palestine hacker groups.

Report

The British government is “considering all options” to strengthen its response to cyberthreats, according to a speech by the country’s security minister, Dan Jarvis. The speech is one of the first indicating the Labour Party’s approach to the issue following this summer’s general election.

Report

LinkedIn received a €310 million fine from the Irish Data Protection Commission for violating European Union's law related to the processing of personal data for behavioural analysis and targeted advertising.

Report

The United Kingdom’s High Court greenlit a prominent dissident’s legal challenge against the Saudi Arabian government for allegedly deploying powerful zero-click spyware against him.

 

Back to Top