September Report Ransomware by the Check Point Research team points out that ransomware remains the most widespread cyber threat and that financially motivated criminal groups are using increasingly sophisticated tactics, including in the form of double extortion. Researchers point to the rapid rise of RansomHub, which took care of 19 percent of victims this month.
They also noted a shift by groups like Meow toward extorting data instead of encrypting it. The report also mentions a decrease in Lockbit activity following the actions of law enforcement authorities.
Education was the key target of ransomware attacks in September. It has extensive networks, limited cybersecurity resources, and valuable personal data of students and staff, making it vulnerable to data theft and extortion.
ATTACKS AND DATA LEAKS
Free, the second largest a telecommunications company in France, was hit by a cyber attack that led to unauthorized access to personal data associated with some participant accounts. The incident was discovered after an attempt to sell stolen customer data on a crime forum, which may have affected up to 19 million customers. Passwords and bank details were not compromised, the company is notifying affected users and has filed a complaint with local authorities.
AEP, German drug wholesalersuffered a ransomware attack that led to partial encryption of IT systems and affected drug supplies to more than 6,000 pharmacies. The company has disconnected the affected systems and is working with external cybersecurity experts to resolve the incident.
Housing office of the City of Los Angeles (HACLA) was the target of a ransomware attack claimed by the Cactus gang, which allegedly stole 861 GB of data, including personal, financial and backup information. The incident is the second cyber attack the office has faced. The first was an attack by the LockBit gang in 2023.
Pro-Ukrainian hacktivists, the Ukrainian Cyber Alliance, allegedly launched a cyber attack on payment system for parking in the Russian city of Tver. The attack disrupted the city’s payment infrastructure, allowing residents to park for free for nearly two days.
French ministry Work and Employment has reported a cyber attack on a service provider for a local mission network that supports 16-25 year olds in employment and training. The breach, which occurred in October 2024, potentially exposed personal information, including the names, dates of birth, nationality and contact information of people enrolled in the program.
Interbank, Peru financial institutionsuffered a data breach in which sensitive client data including financial information was leaked. The breach resulted in the unauthorized disclosure of personal and account information. An investigation is underway to determine the extent of compromised information and potentially exploited vulnerabilities.
VULNERABILITIES AND PATCHES
Synology patched two critical 0-day vulnerabilities (collectively CVE-2024-10443) discovered during the Pwn2Own Ireland 2024 competition. Dubbed RISK:STATION, the flaws affected Synology Photos and BeePhotos software and could allow remote code execution on exposed NAS devices . They released the patches due to the high risk of exploitation within 48 hours, urging users to update and secure their systems.
QNAP has fixed a critical 0-day vulnerability (CVE-2024-50387) in its SMB Service discovered during Pwn2Own Ireland 2024. The vulnerability has been patched within a week, with updates available in SMB Service version 4.15.002 or later.
AI Power Complete has a critical vulnerability in the AI Pack WordPress plugin (CVE-2024-10392) that affects approximately ten thousand WordPress websites. The bug allows arbitrary file uploads.
Regular weekly review THREAT INTELLIGENCE REPORT you can watch via the LinkedIn network
Research team Check Point Research has been tracking security trends, evaluating anomalies, and bringing up-to-date warnings and news about cyber threats to the community for more than three decades. Experts continuously collect and analyze data on global cyber attacks from monitoring the networks they manage, open source platforms, the ThreatCloud network and intelligence from the dark web.
Source: www.nextech.sk
