MoneyGram, Casio, ADT Alarms, Zendesk, ESET, Radiant Capital, Wayback Machine-Internet Archive, Insurance admin Landmark, Red Barrels and Pokemon’s game freak. Are you wondering what could possibly be common amongst these disparate entities?
They've all been victims of cyber crime in October 2024 and some of them have been hit the second time in the month gone by. Check out our comprehensive list of the biggest cyber attacks, ransomware attacks and data breaches in the month gone by.
October 2024 saw several high-profile cyber attacks, ransomware incidents, and data breaches, affecting a range of industries from healthcare and finance to retail and government. These events underscore the evolving tactics cybercriminals use to exploit vulnerabilities. Each incident emphasises the relentless reach of cybercrime, and the trail of damage it leaves behind.
Our comprehensive monthly lists of cybersecurity incidents highlight the widespread impact of these attacks. We also aim to illustrate how no business - be it a watch manufacturer or a video game developer - is immune to cyber crime. This compilation serves as a stark reminder that attackers can find entry points even in organisations with substantial resources, making it critical for businesses to stay informed about the latest cyber threats and trends affecting their industry.
The objective behind these monthly summaries is to stress the importance of building cyber resilience and preparing for potential cyber incidents. Proactive cybersecurity measures and robust cyber incident response planning are essential for minimising risk and responding effectively when an attack occurs. Scenario-based testing of your incident response capabilities through Cyber Tabletop Exercises is equally critical. They show you where you stand and how prepared you really are for an actual event.
Read through these incidents for quick insights into the current threat landscape. Learn from the experiences of others to build better preparation response capabilities for your own organisation. Remember, that the only way to get ahead of cyber criminals is through robust preparation, awareness and constant vigilance.
|
Date |
Victim |
Summary |
Threat Actor |
Business Impact |
Source Link |
|
October 01, 2024 |
UMC Health System |
UMC Health System Diverts Patients Following Ransomware Attack |
Unknown |
Texas healthcare provider UMC Health System was forced to divert some patients to other locations after a ransomware attack impacted its operations. In an announcement published on its website, UMC said it is responding to an IT outage impacting its network. While facilities remain open, some emergency and non-emergency cases are being diverted as the cause of the IT outage, according to the healthcare organisation, was a ransomware attack. |
Source: BleepingComputer |
|
October 01, 2024 |
Community Clinic of Maui, Mālama |
Community Clinic of Maui says 123,000 affected by May cyber attack |
LockBit |
The Community Clinic of Maui warned more than 123,000 people that their information was accessed by hackers during a cyber attack in May. Mālama, said the hackers had access to personal data between May 4 and May 7, stealing information including Social Security numbers, passport numbers, financial account numbers as troves of data on medical treatments. The hackers also stole routing numbers, bank names, financial account numbers and some biometric data. A total of 123,882 were impacted by the attack, which forced the clinic to take servers offline. |
Source: The Record |
|
October 02, 2024 |
Royal Mail |
Hackers pose as British postal carrier to deliver Prince ransomware in destructive campaign |
Unknown |
Researchers have identified a new campaign in which hackers impersonated the British postal carrier Royal Mail to target victims in the U.S. and the U.K. with Prince ransomware. The attacks, which occurred in mid-September, affected a small number of organisations, according to a report by cybersecurity firm Proofpoint. Unlike most ransomware attacks, where hackers encrypt the victim’s data and demand a ransom, the goal of this campaign appeared to be destructive, as there were no decryption mechanisms or data exfiltration capabilities, researchers said. |
Source: The Record |
|
October 10, 2024 |
Casio |
Casio confirms customer data stolen in a ransomware attack |
Underground Ransomware |
Casio confirmed it suffered a ransomware attack in October, warning that the personal and confidential data of employees, job candidates, and some customers was also stolen. The attack was disclosed on October 07, 2024 when Casio warned that it was facing system disruption and service outages due to unauthorised access to its networks during the weekend. |
Source: BleepingComputer |
|
October 16, 2024 |
Insurance giant Globe Life |
Hackers blackmail Globe Life after stealing customer data |
Unknown |
Insurance giant Globe Life said an unknown threat actor attempted to extort money in exchange for not publishing data stolen from the company's systems earlier this year. |
Source: BleepingComputer |
|
October 16, 2024 |
Boston Children's Health Physicians |
BianLian ransomware claims attack on Boston Children's Health Physicians |
BianLian ransomware |
The BianLian ransomware group has claimed the cyber attack on Boston Children's Health Physicians (BCHP) and threatens to leak stolen files unless a ransom is paid. |
Source: BleepingComputer |
|
October 18, 2024 |
Tech giant Nidec |
Tech giant Nidec confirms data breach following ransomware attack |
8BASE and Everest gangs |
Nidec Corporation informed that hackers behind a ransomware attack suffered earlier this year stole data and leaked it on the dark web as the Japanese tech giant said the threat actors tried to extort the company and decided to leak the information after their demands were not met. |
Source: BleepingComputer |
|
October 21, 2024 |
The Vocational Training Center, or Berufsbildungszentrum (BBZ) |
Spate of ransomware attacks on German-speaking schools hits another in Switzerland |
Unknown |
The Vocational Training Center, or Berufsbildungszentrum (BBZ) became the victim of a ransomware attack. “When attacking the BBZ's IT systems, cybercriminals blocked access to several systems and demanded a ransom. The attack was carried out using encryption malware on the BBZ servers,” stated the department, adding that it did not respond to the ransom demand. |
Source: The Record |
|
October 24, 2024 |
Henry Schein |
Henry Schein discloses data breach a year after ransomware attack |
BlackCat Ransomware gang |
Henry Schein has finally disclosed a data breach following at least two back-to-back cyber attacks in 2023 by the BlackCat Ransomware gang, revealing that over 160,000 people had their personal information stolen. |
Source: BleepingComputer |
|
October 24, 2024 |
UnitedHealth |
UnitedHealth says data of 100 million stolen in Change Healthcare breach |
BlackCat ransomware gang, aka ALPHV |
UnitedHealth has confirmed for the first time that over 100 million people had their personal information and healthcare data stolen in the Change Healthcare ransomware attack, marking this as the largest healthcare data breach in recent years. |
Source: BleepingComputer |
|
Date |
Victim |
Summary |
Threat Actor |
Business Impact |
Source Link |
|
October 01, 2024 |
Rackspace |
Rackspace internal monitoring web servers hit by zero-day |
Unknown |
Rackspace has told customers that intruders exploited a zero-day bug in a third-party application it was using, and abused that vulnerability to break into its internal performance monitoring environment. That intrusion forced the cloud-hosting outfit to temporarily take its monitoring dashboard offline for customers and the intruders were able to get hold of some monitoring-related customer information before being caught. |
|
|
October 03, 2024 |
Dutch Police |
Dutch Government Blames a 'State Actor' for Hacking a Police Network |
An anonymous state actor |
The Dutch government believed that a cyber attack that accessed work-related contact details of all Dutch police officers was almost certainly carried out by hackers working for a foreign government |
|
|
October 03, 2024 |
Red Barrels, the studio behind Outlast |
Outlast Studio is Victim of Hacking: Red Barrels Suffers Theft of Source Code and 1.8 TB of Information; Their Projects Will Face Delays |
Unknown |
In a recent statement, the company confirmed that its computer systems were compromised, resulting in data theft as the attacker stole the source code of their games and 1.8 TB of data. |
|
|
October 04 and 07, 2024 |
MoneyGram |
MoneyGram: No evidence ransomware is behind recent cyber attack |
MoneyGram has not publicly attributed the attack to any particular threat actor, but the strategies are reminiscent of attacks previously conducted by a loose-knit hacker collective known as Scattered Spider (aka UNC3944, the Com, and 0ktapus) |
MoneyGram confirmed they had suffered a cyber attack and took systems offline to contain the breach on September 20, three days after customers started reporting experiencing issues. The disruption to IT systems prevented customers from being able to access and transfer their money and perform other online activities. MoneyGram confirmed that hackers stole customers' personal information and transaction data in a September cyber attack that caused a five-day outage. |
Source: BleepingComputer |
|
October 05, 2024 |
Comcast and Truist Bank |
Comcast and Truist Bank customers caught up in FBCS data breach |
Unknown |
Comcast Cable Communications and Truist Bank disclosed that they were impacted by a data breach at FBCS, and have started informing their respective customers that their data has been compromised as the internal investigation into the incident appeared to be ongoing. FBCS recently informed additional entities that they had been impacted, including Comcast and Truist. |
Source: BleepingComputer |
|
October 07, 2024 |
ADT |
ADT discloses second breach in 2 months, hacked via stolen credentials |
Unknown |
ADT disclosed that it suffered a breach after threat actors gained access to its systems using stolen credentials and exfiltrated employee account data. As part of its investigations, it was determined that encrypted account data for employees was stolen in the attack. |
Source: BleepingComputer |
|
October 10, 2024 |
Fidelity Investments |
Fidelity Investments says data breach affects over 77,000 people |
Unknown |
Fidelity Investments said that the personal information of over 77,000 customers was exposed after its systems were breached in August. The company said that an unknown attacker stole data between August 17 and 19 using two customer accounts that they had recently established. |
Source: BleepingComputer |
|
October 14, 2024 |
Pokémon maker Game Freak |
Pokémon maker confirms it was victim of hack |
Unknown |
Pokémon maker Game Freak has confirmed it was the victim of a data leak after information appeared online over the weekend. A statement said 2,606 items containing the names and email addresses of current, former and contract employees were accessed. |
Data breach attack on Pokemon and Nintendo maker, Game Freak |
|
October 18, 2024 |
Cisco’s DevHub portal |
Cisco takes DevHub portal offline after hacker publishes stolen data |
IntelBroker, a breach forums community name |
Cisco confirmed that it took its public DevHub portal offline after a threat actor leaked "non-public" data, but it continues to state that there is no evidence that its systems were breached. |
Source: BleepingComputer |
|
October 18, 2024 |
Boston Children’s Health Physicians |
Boston Children’s Health Physicians confirms September data breach |
BrianLian Ransomware Group |
A prominent organisation that helps connect people with doctors in New York and Connecticut warned patients that a breach in September exposed troves of sensitive information. By September 10, company officials discovered further activity and shut down their systems, and an investigation revealed that the hackers took files off of their network that contained patient information like Social Security numbers, addresses, medical record numbers, health insurance information, billing data and treatment information. |
Source: The Record |
|
October 24, 2024 |
Insurance admin Landmark |
Insurance admin Landmark says data breach impacts 800,000 people |
Unknown |
Insurance administrative services company Landmark Admin warns that a data breach impacted over 800,000 people from a May cyber attack. |
Source: BleepingComputer |
|
Date |
Victim |
Summary |
Threat Actor |
Business Impact |
Source Link |
|
October 04, 2024 |
U.S. Wiretap Systems like AT&T, Verizon, and Lumen Technologies |
U.S. Wiretap Systems Targeted in China-Linked Hack |
Suspected chinese hackers |
A cyber attack tied to the Chinese government penetrated the networks of a swath of U.S. broadband providers, potentially accessing information from systems the federal government uses for court-authorised network wiretapping requests. For months or longer, the hackers might have held access to network infrastructure used to cooperate with lawful U.S. requests for communications data, according to people familiar with the matter, which amounts to a major national security risk. The attackers also had access to other tranches of more generic internet traffic, they said. |
Source: WSJ |
|
October 06, 2024 |
Lego |
Lego Website Compromised in 'Lego Coin' Crypto Scam |
Unknown |
Lego’s website was temporarily compromised by crypto scammers who attempted to dupe Lego fans into buying a fake “LEGO Coin" cryptocurrency. The website promised “secret rewards” to buyers of the fake coin and it redirected them to a website that was taking payments in Ethereum, one of the most popular cryptocurrencies. |
|
|
October 07, 2024 |
American Water |
American Water shuts down online services after cyber attack |
Unknown |
American Water, the largest publicly traded U.S. water and wastewater utility company, was forced to shut down some of its systems after a cyber attack. |
|
|
October 17, 2024 |
Japan's ruling Liberal Democratic Party (LDP) |
Japan's ruling political party hit by cyber attack from alleged pro-Russian hackers |
Several pro-Russian threat actors, including NoName057(16) and the Cyber Army of Russia |
Japan's ruling Liberal Democratic Party (LDP) reported that a cyber attack temporarily disrupted its website, coinciding with the start of the country’s general election campaign. |
|
|
October 18, 2024 |
ESET’s Israeli partner, Comsecure |
ESET partner breached to send data wipers to Israeli orgs |
Unknown |
Hackers breached ESET's exclusive partner in Israel to send phishing emails to Israeli businesses that pushed data wipers disguised as antivirus software for destructive attacks. |
Source: BleepingComputer |
|
October 18, 2024 |
Crypto platform Radiant Capital |
Crypto platform Radiant Capital says $50 million in digital coins stolen following account compromises |
Unknown |
More than $50 million worth of cryptocurrency was stolen from decentralised finance platform Radiant Capital as in a post-mortem report Radiant said the attack compromised three developers, all of whom are long-standing, trusted contributors to the platform. |
Source: The Record |
|
October 21, 2024 |
Wayback Machine, Archive-It |
Internet Archive hacker claims to still have access, responds to Zendesk support tickets |
Unknown |
A hacker allegedly behind the recent breach of the Internet Archive is making several new claims about their continued access to the platform. The digital nonprofit said the Wayback Machine, Archive-It and other tools are available again, while several other services are still in the process of being restored. But, someone sent antagonistic messages to hundreds of people who have contacted the Internet Archive, including Recorded Future News. |
Source: The Record |
|
New Ransomware |
Summary |
|
A new version of the WarmCookie backdoor |
A new 'FakeUpdate' campaign targeting users in France leverages compromised websites to show fake browser and application updates that spread a new version of the WarmCookie backdoor. |
|
New version of the Qilin ransomware, 'Qilin.B |
A new Rust-based version of the Qilin (Agenda) ransomware strain, dubbed 'Qilin.B,' has been spotted in attacks, featuring stronger encryption, better evasion from security tools, and the ability to disrupt data recovery mechanisms. |
Sources for the above table: BleepingComputer & The Record
|
Date |
New Malware/Flaws/Fixes |
Summary |
|
October 01, 2024 |
CVE-2024-45489 |
The Browser Company has introduced an Arc Bug Bounty Program to encourage security researchers to report vulnerabilities to the project and receive rewards. This development comes in response to a critical remote code execution flaw, tracked as CVE-2024-45489 |
|
October 02, 2024 |
FSCT-2024-0006, FSCT-2024-0007, FSCT-2024-0014, FSCT-2024-0001, FSCT-2024-0002 |
DrayTek has released security updates for multiple router models to address 14 vulnerabilities of varying severity, including a remote code execution flaw that received the maximum CVSS score of 10. The researchers warned that their scans revealed that approximately 785,000 DrayTek routers might be vulnerable to the newly discovered set of flaws, with over 704,500 having their web interface exposed to the internet. |
|
October 02, 2024 |
CVE-2024-41925, CVE-2024-45367 |
U.S. cybersecurity agency CISA is warning about two critical vulnerabilities that allow authentication bypass and remote code execution in Optigo Networks ONS-S8 Aggregation Switch products used in critical infrastructure. The first flaw is tracked as CVE-2024-41925 and the second issue, tracked as CVE-2024-45367. |
|
October 02, 2024 |
CVE-2024-29824 |
CISA warned today that a critical Ivanti vulnerability that can let threat actors gain remote code execution on vulnerable Endpoint Manager (EPM) appliances is now actively exploited in attacks. |
|
October 02, 2024 |
CVE-2024-45519 |
Multiple cybersecurity agencies in Europe warned about a vulnerability affecting Zimbra’s email product that researchers have confirmed is being exploited to spread malware. |
|
October 03, 2024 |
CVE-2024-47176, CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177 |
A set of bugs that has caused alarm among cybersecurity experts may enable threat actors to launch powerful attacks designed to knock systems offline. |
|
October 03, 2024 |
CVE-2024-32102, CVE-2024-2961 |
Adobe Commerce and Magento online stores are being targeted in "CosmicSting" attacks at an alarming rate, with threat actors hacking approximately 5% of all stores. The CosmicSting vulnerability (CVE-2024-32102) is a critical severity information disclosure flaw; when chained with CVE-2024-2961, a security issue in glibc's iconv function |
|
October 03, 2024 |
CVE-2024-47176 |
A recently disclosed vulnerability in the Common Unix Printing System (CUPS) open-source printing system can be exploited by threat actors to launch distributed denial-of-service (DDoS) attacks with a 600x amplification factor. |
|
October 07, 2024 |
CVE-2024-43047 |
Qualcomm has released security patches for a zero-day vulnerability in the Digital Signal Processor (DSP) service that impacts dozens of chipsets. The security flaw was reported by Google Project Zero's Seth Jenkins, security researcher Conghui Wang, and Amnesty International's Security Lab. |
|
October 08, 2024 |
CVE-2024-9379, CVE-2024-9380 or CVE-2024-9381 are chained with CVE-2024-8963 |
American IT software company Ivanti has released security updates to fix three new Cloud Services Appliance (CSA) zero-days tagged as actively exploited in attacks. |
|
October 10, 2024 |
CVE-2024-9164 |
GitLab has released security updates to address multiple flaws in Community Edition (CE) and Enterprise Edition (EE), including a critical arbitrary branch pipeline execution flaw. |
|
October 10, 2024 |
CVE-2024-40711 |
Ransomware gangs now exploit a critical security vulnerability that lets attackers gain remote code execution (RCE) on vulnerable Veeam Backup & Replication (VBR) servers. |
|
October 16, 2024 |
CVE-2024-38178 |
The North Korean hacking group ScarCruft launched a large-scale attack in May that leveraged an Internet Explorer zero-day flaw to infect targets with the RokRAT malware and exfiltrate data. |
|
October 16, 2024 |
CVE-2024-9486 |
A critical vulnerability in Kubernetes could allow unauthorised SSH access to a virtual machine running an image created with the Kubernetes Image Builder project. |
|
October 16, 2024 |
CVE-2024-28987 |
CISA has added three flaws to its 'Known Exploited Vulnerabilities' (KEV) catalogue, among which is a critical hardcoded credentials flaw in SolarWinds Web Help Desk (WHD) that the vendor fixed in late August 2024. |
Sources: BleepingComputer and The Record
|
News Type |
Summary |
|
Report |
The UK National Crime Agency (NCA) has sanctioned 16 members of Russian hacker group Evil Corp and has identified its links to prolific ransomware group, LockBit. |
|
Report |
The notorious APT hacking group known as FIN7 has launched a network of fake AI-powered deepnude generator sites to infect visitors with information-stealing malware. |
|
Report |
A Cambodian freelance journalist known for investigating the cyber scam industry was arrested on charges of “incitement to disturb social security as Mech Dara, 36, whose reporting has appeared in several international news outlets was apprehended by military police who intercepted his car while he was driving with his family to the Cambodian capital. |
|
Report |
The Police Service of Northern Ireland (PSNI) has been fined £750,000 ($1 million) by the United Kingdom’s data protection regulator after accidentally revealing the identities of all of its officers and staff, potentially exposing them to terrorist and criminal groups and “leaving many fearing for their safety.” |
|
Report |
During a distributed denial-of-service campaign targeting organisations in the financial services, internet, and telecommunications sectors, volumetric attacks peaked at 3.8 terabits per second, the largest publicly recorded to date. The assault consisted of a “month-long” barrage of more than 100 hyper-volumetric DDoS attacks flooding the network infrastructure with garbage data. |
|
Report |
Cybersecurity researchers have reported finding multiple mobile applications used in so-called ‘pig butchering’ schemes, lurking on the official Google and Apple repositories. |
|
Report |
Nuclear waste processing facility Sellafield has been fined £332,500 ($440k) by the Office for Nuclear Regulation (ONR) for failing to adhere to cybersecurity standards and putting sensitive nuclear information at risk over four years, from 2019 to 2023. |
|
Report |
According to an ESET report, an APT hacking group known as GoldenJackal has successfully breached air-gapped government systems in Europe using two custom toolsets to steal sensitive data, like emails, encryption keys, images, archives, and documents. |
|
Warning |
U.S. and U.K. cyber agencies warned that APT29 hackers linked to Russia's Foreign Intelligence Service (SVR) target vulnerable Zimbra and JetBrains TeamCity servers "at a mass scale." |
|
Report |
Marriott International and its subsidiary Starwood Hotels will pay $52 million and create a comprehensive information security program as part of settlements for data breaches that impacted over 344 million customers. |
|
Report |
OpenAI has disrupted over 20 malicious cyber operations abusing its AI-powered chatbot, ChatGPT, for debugging and developing malware, spreading misinformation, evading detection, and conducting spear-phishing attacks. |
|
Report |
The United States Department of Justice unsealed an indictment against two Sudanese brothers suspected of being the operators of Anonymous Sudan, a notorious and dangerous hacktivist group known for conducting over 35,000 DDoS attacks in a year. |
|
Report |
Iranian hackers are breaching critical infrastructure organisations to collect credentials and network data that can be sold on cybercriminal forums to enable cyber attacks from other threat actors. |
|
Report |
North Korean IT professionals who trick Western companies into hiring them are stealing data from the organisation's network and asking for a ransom to not leak it. |
|
Report |
An Alabama man was arrested today by the FBI for his suspected role in hacking the SEC's X account to make a fake announcement that Bitcoin ETFs were approved. |
|
Report |
A new ClickFix campaign is luring users to fraudulent Google Meet conference pages showing fake connectivity errors that deliver info-stealing malware for Windows and macOS operating systems. |
|
Warning |
Microsoft is warning enterprise customers that, for almost a month, a bug caused critical logs to be partially lost, putting at risk companies that rely on this data to detect unauthorised activity. |
|
Report |
The latest generations of Intel processors, including Xeon chips, and AMD's older microarchitectures on Linux are vulnerable to new speculative execution attacks that bypass existing ‘Spectre’ mitigations. |
|
Report |
The scale of the ransomware problem has grown significantly over the last year, with hundreds of healthcare institutions attacked in the last 12 months, Microsoft reported. |
|
Report |
Microsoft is using deceptive tactics against phishing actors by spawning realistic-looking honeypot tenants with access to Azure and lure cybercriminals in to collect intelligence about them. |
|
Report |
Cyprus’ critical infrastructure and government websites were targeted in a series of coordinated cyber attacks claimed by several pro-Palestine hacker groups. |
|
Report |
The British government is “considering all options” to strengthen its response to cyberthreats, according to a speech by the country’s security minister, Dan Jarvis. The speech is one of the first indicating the Labour Party’s approach to the issue following this summer’s general election. |
|
Report |
LinkedIn received a €310 million fine from the Irish Data Protection Commission for violating European Union's law related to the processing of personal data for behavioural analysis and targeted advertising. |
|
Report |
The United Kingdom’s High Court greenlit a prominent dissident’s legal challenge against the Saudi Arabian government for allegedly deploying powerful zero-click spyware against him. |