October saw some of the biggest industries worldwide being targeted by malicious actors. Cyberattacks were carried out against companies in DeFI, manufacturing, and energy suppliers.
A recent Surfshark report found that there was a 70% increase in data breaches in Q3 in comparison with Q2, with 108.9 million accounts were breached. The five most affected countries by data breaches were Russia (most breached users - 22.3 million), France (the highest breach density of an AVG of 212 leaked accounts per 1,000 people), Indonesia, The U.S., and Spain.
Phishing is also on the rise - a SlashNext report found that more than 255 million phishing campaigns were carried out over six months in 2022. That's a 61% rise in comparison with 2021.
AMATAS's October report will also look at:
- Cyber security chief fired as he was believed to have had "ties" with Russia
- Netherlands police trick hackers to obtain the decryption key for 155 accounts
- Germany's federal cybersecurity office warns that threats are "higher than ever": the world's second-largest copper producer and one of the country's largest municipal energy suppliers are targeted by attacks
- Hackers access $575 million from the world's largest cryptocurrency exchange platform, Binance.
In the words of the platform's CEO, Changpeng Zhao: “In a blockchain world, one bug can result in very large losses.”
October is the month dedicated to CISA's Cyber Security Awareness Campaign, reminding everyone how important the role of the individual is in maintaining a more secure digital environment.
Cybercrime Breaking News
The New York Post's Twitter feed and website were hacked with offensive content about politicians being shared with their audience. Officials said that "The New York Post’s investigation indicates that the unauthorized conduct was committed by an employee, and we are taking appropriate action."
One of Australia's largest health insurance providers, Medibank, fell victim to a cyberattack and confirmed that criminals gained access to customers' personal data. The company released an official statement, noting that, "...the criminal has removed some of this data, and it is now likely that the criminal has stolen further personal and health claims data." In the words of David Koczkar, Medibank chief executive, this "terrible crime" was "designed to cause maximum harm to the most vulnerable members" of the community.
Six new vulnerabilities are added to CISA's catalog that includes Google Chromium V8 Type Confusion Vulnerability, Apple iOS and iPadOS Out-of-Bounds Write Vulnerability, Cisco, and GIGABYTE vulnerabilities.
Microsoft provides further guidance for the Exchange Server's two zero-day vulnerabilities' "ProxyNotShell" bugs.
Cyberwar between Russia and Ukraine: Updates
Arne Schönbohm, cybersecurity chief leading Germany's Federal Cyber Security Authority (BSI), is fired due to allegations of potential links with Russia intelligence services. In the last decade, Schönbohm set up and supported the Cyber Security Council Germany, a private cybersecurity association. A member of the Council is Protelion, a subsidiary of a Russia company, supposedly established by an ex-KGB member, honored by Vladimir Putin.
Jonas Gahr Støre, Norway's prime minister, releases a statement, following the arrest of seven Russians in relation to the threat posed by drones they are believed to have flown over major energy installations. Støre highlights the further precautions the Norway government has taken, by having counterintelligence and cybersecurity agencies work to defend the country against the "serious threat" posed by Russia to Norway's energy sector.
Netherlands Police trick Deadbolt ransomware actors to obtain decryption keys for 155 victims. The ransomware group targeted QNAP's network-attached storage devices, affecting 3,600 devices at just the beginning of January. During October’s targeted operation, the police force pretended to pay the ransom (Deadbolt’s demand was for $600), received the key, and then quickly withdrew the payment before it was processed.
A California jury finds Joey Sullivan, Uber's former chief security officer, "guilty of obstruction of justice and concealing a felony" during the 2016 company database hack.
Hackers tried stealing digital tokens worth about $575 million from the world's-largest cryptocurrency exchange, Binance, at the beginning of October. Binance immediately took precautions and was able to minimize the losses to less than $100 million. In an interview, Binance CEO, Changpeng Zhao, noted that "the BNB blockchain has never been hacked". But, rather, malicious actors exploited a vulnerability in the BSC Token Hub (a bridge used to facilitate fund transfers between blockchains). In an effort to make their systems more secure, the Binance team is set to implement on-chain governance mechanisms against possible attacks on the BNB Chain. They will also share with the community actionable lessons to enhance security measures.
“In a blockchain world, one bug can result in very large losses,” Zhao highlighted.
Various other cyberattacks were carried out, pertaining to the DeFi sector. During these, malicious actors:
- used a flash loan attack (or price manipulation) to steal more than $100 million from the cryptocurrency trading platform, Mango Markets;
- exploited a vulnerability in DeFi platform, Team Finance, to steal $14.5 million of cryptocurrency.
In other news, hacker returns over 65% of stolen funds ($18.9 million from a total amount of $28.9 million) to the cryptocurrency platform, Transit Swap.
Other Industry News
The FBI warns against ongoing hack-and-leak attacks by the Iranian cyber group, Emennet Pasargad. Emennet targets Israeli companies by intruding and leaking data; deploying destructive encryption malware; and false-flag campaigns. Also, back in 2020, Emennett targeted the US Presidential elections. The FBI's warning is to "undermine public confidence in the security of the victim’s network and data, as well as embarrass victim companies and targeted countries".
German company Aurubis, the world's second-largest copper producer, had to shut down some of its systems due to a cyberattack that happened at the end of October. They were able to maintain production. An official statement notes that the "impact of the attack" is currently being assessed.
Also, at the end of October, a large German municipal energy supplier, Enercity, was targeted by a cyberattack.
Microsoft believes that ransomware and extortion campaigns targeting the global education sector are deployed by DEV-0832 or Vice Society.
AMATAS will continue to monitor this space and deliver salient information regularly.
Stay tuned for our next report and if you are interested in any of our privacy and cybersecurity services, please do reach out through our website www.amatas.com or by e-mailing firstname.lastname@example.org.
As always – be vigilant, stay alert, and think twice.