Recent Cyber Attacks, Data Breaches & Ransomware Attacks: August 2022

Here’s a list of some of the cyber-attacks, data breaches and ransomware attacks that occurred across the world in August 2022.

With this list, our attempt has been to capture all those cyber incidents that have been in the public eye or media in the past month. 

The idea as always, isn’t fear mongering. It is merely to build educational resources for the cybersecurity community and drive home the point that we’re never truly safe. The smartest and only thing to do is to bolster our cyber defences, undertake ransomware mitigation steps and have a sound cyber incident response plan and strategy in place.   

We have loosely segregated the attacks (and shared prevention & response strategies) into the following categories: 

1. Cyber-Attacks in August 2022

2. Data Breaches in August 2022

3. Ransomware Attacks in August 2022

4. Insider Threat

5. Vulnerabilities Discovered in 2022

6. Advisories issued etc. in August 2022 

Cyber Attacks in August 2022

• A large-scale phishing campaign targets credentials for Microsoft email services with the help of adversary-in-the-middle (AiTM) techniques 
  
  
• Phishers exploit open redirects on unprotected Snapchat and Amex sites to steal Microsoft 365 credentials 
  
• The Bulgarian Food Safety Agency (BFSA) remains unable to provide electronic services due to a cyber attack
  
  
• Hackers leak personal information of the Peruvian Congress workers and parliamentarians
  
  
• Hackers attack the IT systems of the Simon-Marius-Gymnasium in Gunzenhausen 
  
  
• Hackers take Teresina City Council website down with a cyber attack 
  
  
• Hackers compromise the e-mail server of the Presidency of Moldova
  
  
• Finland’s parliament website suffers a cyberattack
   
• The Waterloo Public School Board declares that hackers accessed the student database during a cyber attack that occurred in July 2022
  
  
• Workforce Safety & Insurance data discloses a cyber attack which occurred in June 2022
  
  
• Fremont County in Southern Colorado suffers a cyber attack that impacts government services
  
  

• Estonia repulses the most extensive cyber-attacks after removing Soviet monuments
  
  

• Cyber criminals post porn data on UCP leadership candidate Leela Aheer's social media pages
  
  

• Hackers hijack Python’s PyPI packages as the developers receive phishing emails
  
  

• New Hampshire Lottery suffers a cyber attack 
  
  

• Twilio becomes a victim of an SMS phishing attack

• Twilio hackers hit a food delivery firm DoorDash 

• Montenegro suffers sophisticated & persistent cyberattacks impacting essential infrastructure including transport services

Data Breaches in August 2022

• Hackers steal nearly $6m (£4.9m) by targeting 8,000 wallets of Solana crypto network 
  
  
• Hackers expose personal information of over 1 million current and former students and staff members of the University of Kashmir
  
  
• An anonymous hacker claims to have obtained the personal information of 48.5 million users of a Chinese COVID health code mobile app
  
  

• Cyber criminals hit a gifting site, ShitExpress, and expose its customers
  
  
• A U.S. healthcare provider Novant Health discloses a data breach in which about 1.3 million patients’ data was mistakenly collected by Facebook’s ad tracking script 
  

• Hackers attack Clark Patterson Lee and steal sensitive information of certain individuals 
  
  

• Community Loan Servicing, LLC, discloses a data breach in which attackers steal user data including personal and bank account/cards information 
  
  

• Hackers attack eCapital Corp; steal personal information of customers like Social Security number, driver’s licence number etc. 
  
  
• Hackers steal and expose donor records of Liberty Counsel and Pro-trump election messaging
  
  

• CiCi Enterprises LP confirms a data breach; says attackers stole sensitive customer information by compromising the company's servers 
  
  

• Plex urges users to change their passwords as it suffers a cyber attack 
  
  

• Hackers attack a password management firm, LastPass, and steal its source code 
  
  

• Hackers expose phone numbers of 1,900 users of encrypted instant messaging service Signal 

• Newly launched Indian air carrier, Akasa Air, suffers a data breach

• Hacker exposes data of over 2.5 million individuals after attacking Nelnet Servicing
  

• ‘START’, a Russian media streaming platform confirms rumours of a data breach impacting around 7.5 million of users
  

As is apparent from this list, organisations across regions and industries are susceptible to cyber attacks and data breaches. 

One of the easiest ways to protect yourself from the impact of any such attack is to have a good cyber crisis incident response plan in place.  Investing in high-quality cyber incident planning and response training is also a good idea. It can equip your IT staff and the executive with the necessary knowledge and skills to be prepared for a cyber incident. 

Additionally, you could also invest in a data breach readiness assessment to evaluate how susceptible to data breaches your business really is. You can then patch your vulnerabilities and fill in the gaps in your organisation accordingly. 

Ransomware Attacks in August 2022

• Two Luxembourg based companies, Creos and Enovos, attacked by BlackCat ransomware attack; lose 150 GB of sensitive data
  
  
• Yanluowang ransomware group breaches Cisco’s corporate network and allegedly steals and publishes 2.8 GB of data on the dark web
  
  
• A ransomware attack disrupts United Kingdom's National Health Service (NHS) 111 emergency services
  
  
• Linn-Mar School District deals with a ransomware attack
  
  
• A Dutch dental practice company, Colosseum Dental Benelux, suffers a ransomware attack
  
  
• Clop ransomware group targets UK’s water supply company South Staffordshire PLC and exfiltrates 5 TB of data  

• Cyber criminals exploit a zero-day vulnerability in General Bytes Bitcoin ATM servers and steal cryptocurrency from the victims ATMs
  
  
• Ragnar Locker ransomware gang attacks Greece's largest natural gas distributor DESFA and accesses a number of files and data
  
  
• 'Play' ransomware hits Argentina's Judiciary of Córdoba and impacts its IT systems
  
  
• Hackers target Mansfield Independent School District with a ransomware attack that impacts district communications systems
  
  
• French hospital, CHSF, suffers a ransomware attack; hackers demand $10 million
  
  
• RansomEXX takes responsibility for the cyberattack against Bombardier Recreational Products (BRP)
  
  
• World's largest distributor of books to libraries, Baker & Taylor suffers a ransomware attack
  
  
• Quantum ransomware attacks The Dominican Republic's Instituto Agrario Dominicano and demands a $650,000
  
  
• Ragnar Locker ransomware hits Portuguese flag air carrier, TAP Air Portugal

Ransomware attacks are amongst the top growing threats in the cybersecurity industry. The damage they can cause to a business is immense in every sense of the word - financial, reputational and operational. 

We, at Cyber Management Alliance, take the ransomware preparedness of our clients and community very seriously. We advise businesses to regularly undertake Ransomware Readiness Assessments and create Incident Response Plans around the results of these assessments. 

It is also advisable to regularly conduct Ransomware Tabletop Exercises which can enable the key decision-makers to rehearse the plans and act on their muscle memory when crisis does hit the organisation. 

Here's also a list of handy resources our experts have created that have helped organisations build ransomware readiness and enhance their ability to respond to ransomware attacks:

1. Ransomware Mitigation Checklist

2. Ransomware Response Checklist

3. Ransomware Response Workflow Guide  

Insider Threats

• A former owner of T-Mobile store made $25 million by unlocking cell phones with hacked credentials

Vulnerabilities Discovered 

• Microsoft patches 121 vulnerabilities and exploits Zero-days in its software products and components like Microsoft Support Diagnostic Tool
  
  
• Trellix researchers trace a critical unauthenticated RCE vulnerability that impacts 29 models of the DrayTek Vigor series of business routers 

• BitDefender researchers trace critical vulnerabilities in the Device42 Asset Management Appliance 

• Hackers exploit Zimbra security vulnerability to compromise Zimbra Collaboration Suite (ZCS) email servers 
  
• Cybersecurity experts discover over 80,000 Hikvision cameras vulnerable to a critical command injection flaw attracting cyber ghosts 

• Iranian cyber criminals still busy in exploiting Log4j 2 flaws in unpatched systems of Israel 

• Atlassian’s Git-based code hosting tool Bitbucket Server is discovered to be vulnerable to critical RCE vulnerability 

• An ongoing outage caused by a faulty system update takes the Ubuntu virtual machines of Microsoft Azure customers offline
  

Warnings/Advisories/Reports/Malware Detection 

• According to VirusTotal, attackers are spreading malware by mimicking legitimate Apps and by using stolen security certificates 

• Hackers distribute fake DDoS alerts on WordPress sites to distribute NetSupport RAT and the RaccoonStealer password-stealing Trojan 

• Zscaler observes that Grandoreiro, a banking malware, targets spanish and Mexican organisations 

• The FBI warns of hackers using residential proxies to launch credential stuffing attacks without being tracked, flagged, or blocked 

• Proofpoint details the phishing campaign activities of a hacker (TA5558) that targets hotels & other businesses in the travel & hospitality sectors

• Microsoft disrupts Russian threat actor "Seaborgium" involved in multiyear phishing and data theft campaigns 

• ‘SecureWorks’ researchers warn of an evasive crypter used by cyber criminals to distribute information stealers and remote-access Trojans (RATs) 

• Computer giant Microsoft discovers a malware used by a Russia-based cybercriminal gang APT29 (a.k.a. NOBELIUM, Cozy Bear) 

• Security researchers urge Apple users to update their devices as hackers exploit two Zero-days flaws (CVE-2022-32893 & CVE-2022-32894) 

• FBI warns of security vulnerabilities in Decentralized Finance (DeFi) platforms as hackers are exploiting them to steal cryptocurrency 

This list has been created with the aim to best capture the recent cybersecurity events that have plagued organisations across the world. This is an educational endeavour and a part of the ongoing initiatives at Cyber Management Alliance to build cybersecurity awareness.