-2@2x.png?width=408&height=98&name=Final%20Logo%20White%20(1)-2@2x.png)
Date: 1 December 2022
The year may be ending but the cyber attacks certainly aren't. November 2022 was full of high-profile data breaches, attacks on cryptocurrency exchanges, government bodies and more. Here is your monthly roundup of all the cyber-attacks, data breaches and ransomware attacks that made it to the headlines in November 2022.
This list has been created for purely educational purposes. The idea, as always, is not to create panic. The list is meant to highlight the urgency with which organisations across the globe must evaluate their cybersecurity maturity and practices.
Below are the other cyber-attacks, ransomware attacks and data breaches that made the news in the month gone by.
- Cyber-Attacks in November 2022
- Data Breaches in November 2022
- Ransomware Attacks in November 2022
- New Ransomware/Malware Detected in November 2022
- Vulnerabilities/Patches
- Advisories issued, reports, analysis etc. in November 2022
Cyber Attacks in November 2022
|
Date
|
Victim
|
Summary
|
Threat Actor
|
Business Impact
|
Source Link
|
|
Nov 1, 2022
|
U.S. Treasury counters an attack launched by Russian hacker group
|
Killnet, the Russian hacker group
|
Unknown
|
||
|
Nov 3, 2022
|
ALMA Observatory
|
ALMA Observatory suffers a cyberattack
|
Unknown
|
The observatory suspended all astronomical observation operations and took its public website offline
|
|
|
Nov 3, 2022
|
Denmark train network’s subcontractor Supeo suffers cyber attack
|
Unknown
|
Denmark's rail network remained at a standstill on the weekend
|
||
|
Nov 3, 2022
|
Cyber attack hits Boeing subsidiary, Jeppesen
|
Unknown
|
The attack caused flight disruptions
|
||
|
Nov 4, 2022
|
Maple Leaf Foods suffers outage following a cyberattack
|
Unknown
|
System outage and business disruption
|
||
|
Nov 8, 2022
|
Orange in Spain suffers a cyber attack
|
Unknown
|
Hackers exposed sensitive data saved by a debt collection service provider for Orange Spain
|
||
|
Nov 9, 2022
|
The Bishop of Hereford's Bluecoat School
|
Pupils' data breached in Hereford school cyber attack
|
Unknown
|
Hackers leak stolen data online
|
|
|
Nov 14, 2022
|
Several FBI Websites
|
Radis, associated with Killnet, claims to have targeted several FBI websites
|
Radis (Associated with Killnet)
|
Several FBI websites hacked
|
|
|
Nov 14, 2022
|
Cyber attack targets 800 services of Greece’s Gov.gr, including Tax and Medical prescriptions systems
|
Unknown
|
The operations of 800 State websites related to the information systems of the Ministry of Digital Governance, centred on TAXISnet, remained suspended for over 48 hours
|
||
|
Nov 14, 2022
|
FBI Website
|
Russian Hackers Claim Cyber Attack On FBI Website
|
Killnet
|
The hackers infiltrated the FBI website
|
|
|
Nov 18, 2022
|
India’s largest depository, CDSL, suffers malware attack; settlements delayed
|
Unknown
|
The official website of the securities depository remained non-functional and showed error
|
||
|
Nov 18, 2022
|
An electronic patient record system “ESO”
|
An electronic patient record system “ESO” used by Dufferin County Paramedic Service and other paramedic services across Ontario suffers a attack
|
Unknown
|
Attack disrupted the electronic patient record system “ESO” used by Dufferin County Paramedic Service
|
|
|
Nov 19, 2022
|
Eesti Energia
|
Estonia’s Eesti Energia website suffers a pro-Kremlin cyber attack
|
Pro-Kremlin hackers
|
The attack has affected Eesti Energia's site and mobile app, and also grid maintenance firm Elektrilevi's website, and its MARU mobile app
|
|
|
Nov 19, 2022
|
Royal Family of the UK
|
Prince William targeted by Russian hackers as Killnet launch multiple attacks
|
Pro-Russian hackers
|
Hackers claimed to have taken down the website of the Prince of Wales over the UK's continued support for Ukraine `
|
|
|
Nov 23, 2022
|
European Parliament website hit by cyberattack after Russian terrorism vote
|
Killnet
|
The hacking group disrupted website services
|
||
|
Nov 25, 2022
|
Fars News Agency
|
Iran’s Fars news agency hit by cyber attack
|
Unknown
|
Hackers disrupted the work flow of Iran’s Fars news agency
|
This massive list of cyber-attacks in November 2022 illustrates how critical it is for businesses to ramp up their security defences. More than that it shows us that you could be anyone - from the U.S. Treasury to the Royal Family of UK and you could still be attacked.
It is imperative, therefore, to plan for the inevitable. Having an effective cybersecurity response plan is the need of the hour. If you don't know how to build one or want a professional review to refresh your existing plans, policies and procedures, our Virtual Cyber Assistant service may be just what you're looking for. You can also download our Cyber Incident Response Plan template to get started.
.webp?width=720&height=160&name=c8f651d1-f75a-41c0-b0a2-651fceb87690%20(1).webp)
Data Breaches in November 2022
|
Date |
Victim |
Summary |
Threat Actor |
Business Impact |
Source Link |
|
Nov 1, 2022 |
Hackers target U.S. Bank; data of 11K customers impacted. |
A third party vendor of the US bank (inadvertently) |
A third party vendor accidently shared the names, addresses, Social Security numbers, birthdays, closed account numbers and outstanding balances of about 11,000 customers. |
||
|
Nov 1, 2022 |
Bed Bath & Beyond investigates data breach. |
Unknown |
Hackers improperly accessed data on the hard drive and certain shared drives to which one of its employees had access. |
||
|
Nov 1, 2022 |
Dropbox discloses a breach incident in which hackers stole GitHub data. |
Russian hacker (SUSPECTED as per previous data breach ) |
The repositories stolen by the attacker contained some credentials—primarily, API keys used by Dropbox developers as the code and the data around it also included a few thousand names and email addresses belonging to Dropbox employees, current and past customers, sales leads, and vendors. |
||
|
Nov 1 2022 |
Louisiana DPS |
Louisiana DPS suffers data breach - third-party administrator exposes health info of 80,000 inmates. |
Unknown |
Louisiana-DPS third-party health administrator leads to the exposure of health information of about 80,000 inmates over a nine-year period. |
|
|
Nov 1, 2022 |
Pinnacle Claims Management |
Pinnacle Claims Management reports a data breach. |
Unknown |
Sensitive consumer information compromised. |
|
|
Nov1, 2022 |
Flambeau, Inc |
Flambeau, Inc. suffers a data breach. |
Unknown |
Data containing the names, dates of birth, addresses and Social Security numbers of affected parties allegedly stolen. |
|
|
Nov 1, 2022 |
|
Label Printing Giant Multi-Color Corporation Discloses Data Breach |
Unknown |
Sensitive HR data that includes personnel files and enrollment in benefits programs hacked. |
|
|
Nov 1, 2022 |
Royal Mail suffers data breach; customers' information leaked to other users. |
Unknown |
After the data breach impacted its Click & Drop service, Royal Mail stopped access to its online postage and parcel tracking service. |
||
|
Nov 2, 2022 |
Vodafone Italy announces data breach after reseller hacked. |
KelvinSecurity |
310 GB stolen including subscription details, identity documents with sensitive data, and contact details. |
||
|
Nov 2, 2022 |
Harcourts |
Melbourne real estate agency Harcourts becomes the latest victim of a data breach incident. |
Unknown |
An unknown third-party accessed the rental property database and exposed tenant’s names, addresses, phone numbers and photo identification. |
|
|
Nov 2, 2022 |
OakBend Medical Center |
OakBend Medical Center discloses information breach to the Attorney General of Texas |
Unknown |
The names, contact information, Social Security numbers and birth dates of current and former patients, employees, and others compromised |
|
|
Nov 2, 2022 |
Somnia Pain Management of Kentucky |
Somnia Pain Management of Kentucky reports a data breach with the Maine Attorney General’s Office |
Unknown |
497,000 Patients' personal and financial information was compromised |
|
|
Nov 2, 2022 |
MODE Global, LLC |
MODE Global, LLC (“MODE Transport”) filed notice of a data breach with the Attorney General of Maine |
Unknown |
11,347 consumers’ names, addresses, Social Security numbers and driver’s licence numbers compromised |
|
|
Nov 2, 2022 |
CorrectCare Integrated Health |
CorrectCare Integrated Health discloses a data breach to the Office of the California Attorney General |
Unknown |
Two file directories were accidentally posted on the internet and they were publicly available for a period of about nine hours |
|
|
Nov 4, 2022 |
BWX |
Hackers expose credit card details of a skincare brand BWX’s customers |
Unknown |
Credit card details of around 2500 shoppers likely to have been exposed |
|
|
Nov 5, 2022 |
PNORS Technology Services |
Data breach at IT firm serving Victorian government may include health records of Victorian school students |
Unknown |
In this attack, personal data including medical information of thousands of Victorian students and their families may have had stolen |
|
|
Nov 7, 2022 |
GTA5 Mod |
GTA 5 RP mod FiveM suffers a data breach |
Unknown |
Hacker stole forum account information like Username, Email addressIP address, Server license keys |
|
|
Nov 14, 2022 |
Whoosh confirms data breach after hackers sell 7.2M user records |
Undisclosed |
An alleged hacking forum leaked 7.2 million users’ records of Whoosh |
||
|
Nov 16, 2022 |
An unknown hacking group allegedly sells up-to-date mobile phone numbers of nearly 500 million WhatsApp users |
Unknown |
Hackers claim they were selling a 2022 database of 487 million WhatsApp user mobile numbers. WhatsApp denies the claim based on “unsubstantiated screenshots”. |
||
|
Nov 18, 2022 |
Kannur University |
Personal data of over 33,000 Kannur varsity students in hackers’ forum |
Unknown |
Threat actors leak name, application number, email, password, Aadhar number, phone number, admission details and pass year of the university students |
|
|
Nov 21, 2022 |
Hackers steal $300,000 in DraftKings credential stuffing attack |
Unknown |
Hackers stole customers’ funds worth about $300,000 |
||
|
Nov 21, 2022 |
The Smith Family |
The Smith Family warns supporters of stolen personal data amid hack on Australian charity |
Unknown |
Hackers accessed around 80,000 donors’ personal details |
|
|
Nov 23, 2022 |
Hospitality company Sonder discloses a data breach that has potentially compromised guest records |
Unknown |
Guest records impacted |
||
|
Nov 27, 2022 |
Major Canadian crypto exchange Coinsquare reports client data breach |
Unknown |
Hackers tried to breach personal information of Coinsquare users |
.webp?width=720&height=144&name=0ee735f1-47a2-42f5-8054-85ca3c780cf0%20(1).webp)
Ransomware Attacks in November 2022
|
Date
|
Victim
|
Summary |
Threat Actor
|
Business Impact
|
Source Link
|
|
Nov 1, 2022 |
Osaka General Medical Center |
Osaka hospital suspends services after ransomware cyberattack. |
Unknown ransomware group |
Ransomware attack forced Osaka hospital to suspend routine medical services. It stopped providing outpatient services and postponed other surgeries that made it nearly impossible to calculate medical treatment fees or check details of the patients’ medical histories. |
|
|
Nov 1, 2022 |
LockBit 3.0 claims to have taken data from French firm Thales |
LockBit 3.0 |
Hackers claim that they have stolen some data but the company denied this statement |
||
|
Nov 3, 2022 |
LockBit ransomware claims attack on Continental automotive giant |
LockBit |
Hackers stole some data and threatened to publish it on their data leak site and sell 40 TB of data for $50 Million |
Ransomware Gang Offers to Sell Files Stolen from Continental for $50 Million |
|
|
Nov 4, 2022 |
Norman Public Schools |
Norman school district faces a ransomware attack |
Unknown |
Services disruption |
|
|
Nov 5, 2022 |
A major Canadian grocery retailer Sobeys suffers a ransomware attack |
Black Basta |
Black Basta group hit Sobeys’ IT systems and demanded ransom with a data leakage warning |
|
|
|
Nov 9, 2022 |
Personal bloggers, government agencies, and large corporations |
New extortion scam threatens to damage sites’ reputation, leak data |
Team Montesano |
Hacker demanded $2500 not to leak data as the threat actor has hacked personal bloggers, government agencies, and large corporations |
|
|
Nov 10, 2022 |
Popular UK motor racing circuit British Racing Drivers’ Club investigating ransomware attack |
Royal Ransomware |
Unknown |
||
|
Nov 11, 2022 |
Medibank hackers sell Deutsche Bank data through their Telegram channel |
0x_dump |
Hacker put Deutsche Bank access credentials on sale for 7.5BTC |
||
|
Nov 11, 2022 |
Jackson County Intermediate School District |
Ransomware attack responsible for shutdown affecting Jackson, Hillsdale schools |
Unknown |
The school network systems went offline and the school districts in both counties cancelled classes on Nov. 14, with the system outage impacting a wide range of building operations including but not limited to heating, telephones and classroom technology |
Jackson County Intermediate School District suffers ransomware attack |
|
Nov 21, 2022 |
The City of Westmount |
The City of Westmount confirms a cyberattack |
LockBit |
The cyberattack caused a computer outage and disabled the city's email servers as hackers gained access to 14 terabytes of data and demanded a ransom |
|
|
Nov 23, 2022 |
A ransomware attack halts patient services at AIIMS Delhi |
Unknown |
The attack affected the hospital server due to which day to day activities including OPD registrations and blood sample reports remained halted at AIIMS Delhi |
||
|
Nov 23, 2022 |
Belgian municipality of Zwijndrecht |
Ransomware gang targets Belgian municipality, hits police instead |
Ragnar Locker |
Hackers reportedly exposed thousands of car number plates, fines, crime report files, personnel details, investigation reports, and more |
|
|
Nov 24, 2022 |
Cincinnati State College |
Vice Society ransomware claims attack on Cincinnati State college |
Vice Society |
The attack disrupted all online and Internet services like email services, others VPN access, printing and intranet of the college |
Ransomware attacks continue to make headlines every day. They are not just nefarious, they're also costly to a business in every way imaginable.
We've created some free resources that are worth downloading for any business that seriously wants to improve their ransomware preparedness and resilience:
- Ransomware Mitigation Checklist
- Ransomware Response Checklist
- Ransomware Response Workflow Guide
.webp?width=720&height=113&name=00926d89-733b-4088-a816-350ef541bd6d%20(1).webp)
New Ransomware/Malware Discovered in November 2022
|
Ransomware/Malware |
Summary |
Link |
|
Stop/Djvu Ransomware (v0597) |
The extension of Stop/Djvu Ransomware (v0597) is: .bozq; Ransom note: _readme.txt |
|
|
Anon_by Ransomware |
Extension: .anon_by; Ransom note: anon_by.txt; Changes the desktop wallpaper |
|
|
bDAT ransomware; Dharma/CrySis family |
Extension: .bDAT (also appends filenames with victim's unique ID and developers' email); Ransom notes: info.txt and pop-up window (Info.hta) |
|
|
Stop/Djvu Ransomware (v0600) |
Extension: .zate; Ransom note: _readme.txt |
|
|
CrySpheRe Ransomware |
Extension: .CrySpheRe; Ransom notes: pop-up window and КАК РАСШИФРОВАТЬ ФАЙЛЫ.txt |
|
|
Somnia ransomware |
Russian hacktivists infect multiple organisations in Ukraine with a new ransomware strain called 'Somnia' |
|
|
Faust ransomware |
Extension: .faust (also appends filenames with victim's unique ID and developers' email address); Ransom notes: info.txt and info.hta |
|
|
Stop/Djvu Ransomware (v0603) |
Extension: .fate; Ransom note: _readme.txt |
|
|
ZeRy Ransomware |
Extension: .ZeRy; Ransom notes: pop-up window and HOW TO DECRYPT FILES.txt |
|
|
DRCRM Ransomware |
Extension: .DRCRM (also appends filenames with victim's ID and developers' email address); Ransom note: Read.txt |
|
|
Anthraxbulletproof Ransomware |
Extension: .Anthraxbulletproof; Ransom note: read_it.txt |
|
|
SEX3 Ransomware |
Extension: .SEX3; Ransom notes: !satana!.txt and desktop wallpaper |
|
|
'AXLocker' ransomware family |
New ransomware encrypts files, then steals your Discord account |
Vulnerabilities/Patches Discovered in November 2022
| Date | Flaws |
Summary
|
Source Link
|
|
Nov 1, 2022 |
CVE-2022-3602 and CVE-2022-3786 |
OpenSSL fixes two high severity vulnerabilities |
|
|
Nov 1, 2022 |
CosMiss, an RCE flaw in Azure Cosmos DB |
Microsoft fixes a critical RCE flaw in Azure Cosmos DB |
|
|
Nov 8, 2022 |
CVE-2022-27510 CVE-2022-27513 CVE-2022-27516 |
Citrix urges admins to patch critical ADC, Gateway auth bypass |
|
|
Nov 8, 2022 |
27 Elevation of Privilege Vulnerabilities 4 Security Feature Bypass Vulnerabilities 16 Remote Code Execution Vulnerabilities 11 Information Disclosure Vulnerabilities 6 Denial of Service Vulnerabilities 3 Spoofing Vulnerabilities And 6 zero-day flaws |
Microsoft fixes 6 exploited zero-days, 68 flaws |
|
|
Nov 8, 2022 |
ProxyNotShell flaws CVE-2022-41082 and CVE-2022-41040 |
Microsoft fixes ProxyNotShell Exchange zero-days exploited in attacks |
|
|
Nov 10, 2022 |
CVE-2022-41091 |
Microsoft fixes Windows zero-day bug exploited to push malware |
|
|
Nov 17, 2022 |
Microsoft O365 Federation SSO issue |
Okta shares fix for issue impacting Microsoft 365 SSO logins |
Microsoft 365 SSO login issues
|
|
Nov 17, 2022 |
An issue creates errors and temporarily causes the taskbar and desktop to disappear on Windows 10 systems |
Microsoft fixes bug behind Windows 10 freezes, desktop issues |
|
|
Nov 17, 2022 |
Windows Kerberos auth issues in emergency updates |
Microsoft fixes a known issue triggering Kerberos sign-in failures and other authentication problems on enterprise Windows domain controller |
|
|
Nov 17, 2022 |
CVE-2022-41622 (CVSS v3 – 8.8) CVE-2022-41800 (CVSS v3 – 8.7) |
F5 fixes two remote code execution flaws in BIG-IP, BIG-IQ |
|
|
Nov 18, 2022 |
Proof-of-concept exploit code has been released online for two actively exploited and high-severity vulnerabilities CVE-2022-41082 and CVE-2022-41040 in Microsoft Exchange |
Exploit released for actively abused ProxyNotShell Exchange bug |
|
|
Nov 18, 2022 |
CVE-2022-43782 |
Atlassian has released updates to address critical-severity updates in its centralized identity management platform, Crowd Server and Data Center, and in Bitbucket Server and Data Center |
Atlassian critical command injection bug in Bitbucket Server |
.webp?width=720&height=160&name=3a6f33d6-8d71-4dad-a82c-aa4aa5fa83fe%20(1).webp)
Warnings/Advisories/Reports/Analysis
|
News |
Summary |
Source Link |
|
Report |
FTC is taking action against Ed Tech Provider Chegg for careless security that led to compromised personal data of millions of customers |
|
|
Report |
British spies found to be playing a key role in defending Kyiv from Russian cyber attacks |
|
|
Report |
Aurubis plant sacks employees after recent cyber attack hit IT systems |
|
|
Report |
Taxpayers become aware of massive cyber attack on Wyandotte County 6 months after the incident |
|
|
Report |
Roughly $1.2 billion were transacted through U.S banks as ransomware payments in 2021 |
U.S. banks process roughly $1.2 billion in ransom payments in 2021 |
|
Report |
Russian Hacker, Behind Massive Data Breach, Released From U.S. Prison |
|
|
Report |
Ritz cracker giant settles bust-up with insurer over $100m+ NotPetya cleanup |
|
|
Warning |
New SandStrike spyware infects Android devices via malicious VPN app |
|
|
Warning |
Malicious Android apps with 1M+ instals found on Google Play |
|
|
Report |
New Windows 'LockSmith' PowerToy lets you free locked files |
|
|
Report |
Hackers target compromised infrastructure of a media company to deploy malware on hundreds of U.S. news websites |
Threat actors hit media company to deploy malware on U.S news agencies |
|
Report |
Emotet botnet begins malware blasting after 5 months of break |
|
|
Report |
PyPI packages traced dropping 'W4SP' info-stealing malware |
|
|
Report |
Attacks on the outdated Android, iOS expose U.S. govt employees |
|
|
Report |
WakeMed faces class action lawsuit for alleged Meta Pixel data breach |
|
|
Report |
New clipboard hijacker replaces crypto wallet addresses with lookalikes |
Laplas Clipper replaces crypto wallet information with fake addresses |
|
Report |
Cyber-attacks on small firms: The US economy's 'Achilles heel'? |
|
|
Analysis |
Black Basta ransomware gang linked to the FIN7 hacking group |
|
|
Warning |
RomCom RAT malware campaign impersonates KeePass, SolarWinds NPM, Veeam |
|
|
Report |
OPERA1ER hackers steal over $11 million from banks and telcos |
|
|
Report |
‘Woeful’ DfE blamed as betting firms gain access to around 28 million children’s data |
|
|
Warning |
Ransomware gang threatens to release stolen Medibank data |
|
|
Report |
Mexican cyber-attack threatens to cripple road freight movements |
|
|
Report |
SolarWinds agrees to $26M settlement over widespread data breach |
|
|
Warning |
US Health Dept warns of Venus ransomware targeting healthcare orgs |
|
|
Report |
Medibank hackers are Russian cybercriminals, AFP claims |
|
|
Report |
LockBit affiliate uses Amadey Bot malware to deploy ransomware |
|
|
Report |
15,000 sites hacked for massive Google SEO poisoning campaign |
Hackers conduct a black hat search engine optimization (SEO) campaign |
|
Report |
New hacking group Earth Longzhi uses custom 'Symatic' Cobalt Strike loaders to target organisations in East Asia, Southeast Asia, and Ukraine |
|
|
Report |
Worok group hides malware within PNG images to infect victims' machines with information-stealing malware |
|
|
Report |
Suspected Zeus cybercrime ring leader ‘Tank’ arrested by Swiss police |
|
|
Report |
FBI and CISA: Iranian hackers breached federal agency using Log4Shell exploit |
|
|
Report |
An Android user accidentally found a way to bypass the lock screen on Google Pixel 6 and Pixel 5 smartphones |
|
|
Report |
Updated RapperBot malware targets game servers in DDoS attacks |
|
|
Report |
Australia to consider banning paying of ransoms to cyber criminals |
|
|
Report |
FBI report says Hive ransomware extorted $100M from over 1,300 victims |
|
|
Report |
Researchers find vulnerabilities in the encryption mechanism of the Zeppelin ransomware and exploit them to create a working decryptor |
|
|
Report |
Chinese threat actors use Google Drive to drop malware on government, research, and academic organisations worldwide |
|
|
Report |
Nearly 533 million of Facebook users' personal data leaked online |
|
|
Report |
India’s healthcare industry targeted by more than 2,78,000 cyber attacks every month |
|
|
Report |
The Personal Data Protection Commission (PDPC) of Singapore fines Farrer Park Hospital $58,000 over data breach affecting medical information of 2,000 people |
|
|
Report |
Five victims lose $10m in a 'pig butchering' scheme |
|
|
Report
|
Slovak software company ESET traces RansomBoggs ransomware on the networks of multiple Ukrainian organisations
|
|
|
Report |
Interpol seizes $130 million from cybercriminals worldwide |
|
|
Report |
Cyber black market selling hacked ATO and MyGov logins shows Medibank and Optus only tip of iceberg |
The above data does more than a good job of highlighting how the scourge of criminal cyber activity is growing more complex with every passing day.
Cyber-attacks and ransomware attacks are increasingly bringing businesses to their knees every day. They can impact your operations, lock you out of your systems, and leak your data leading to immense financial and reputational damages. Businesses without a plan can take years to recover from such damages.
This is why we recommend all our clients to assess their breach readiness, ransomware preparedness and overall cyber incident response capabilities on a regular basis.
If you're unsure of how to start or have an immediate need to demonstrate your commitment to good cyber hygiene, our Virtual Cyber Consultant service may be ideal for you. You get access t services of a cybersecurity expert at a fraction of the cost of hiring one. The service allows you to use as many services hour/days in one go as needed to fulfill your current requirements.
Some of the areas in which our Virtual Cyber Consultants can help include:
- Creating new or refreshing existing Business Continuity and Disaster Recovery Plans
- Testing the effectiveness of your Incident Management Policies and Procedures
- Becoming Cyber Essentials ready or ISO 27001 certified
