The Check Point Research team reports that in the third quarter of 2024 grew up the number of global cyber attacks by 75 percent compared to the same period in 2023, with an average of 1,876 attacks per organization.
The education/research sector was the most attacked, with 3828 attacks per week. From a regional perspective, Africa faced the highest rate of attacks. The biggest threat remains ransomware, which mainly affects the manufacturing and healthcare sectors.
Colleagues also analyzed trends in phishing and revealed that the most imitated brand in the third quarter of this year was Microsoft, which was responsible for 61 percent of phishing attempts. It was followed by Apple (12%) and Google (7%). Alibaba entered the top ten for the first time in seventh place, and Adobe reappeared in the ranking. The most common targets were the technology, social networking and banking industries.
ATTACKS AND DATA LEAKS
Insurance giant Globe Life is facing extortion attempts after hackers stole data on more than five thousand people from its subsidiary American Income Life Insurance Company. Stolen information includes social security numbers, names, addresses, and health information.
Japanese ruling party (LDP) suffered a cyber attack on the website. The incident disrupted its operations at the start of the campaign ahead of the country’s parliamentary elections. Pro-Russian hacking groups including NoName057(16) and the Cyber Army of Russia have claimed responsibility. They cited Japan’s upcoming joint military exercise with the US as motivation. Other government and local websites were also affected.
Game Freak, game developer Pokemon, confirmed a cyberattack that occurred in August resulted in the leak of source code and game designs for unpublished titles, as well as personal information of employees, suppliers and former business partners. The company assured that the players’ data was not affected.
Nidec Corporation, Japan tech giant, hit by a ransomware attack, with stolen data leaking onto the dark web after the company refused to meet the attackers’ extortion demands. The breach targeted Nidec’s Precision division in Vietnam, where attackers accessed servers using stolen VPN credentials and stole more than fifty thousand files, including internal documents, contracts and communications with business partners. The 8BASE ransomware gang first claimed responsibility, followed by the Everest group.
Radiant Capital, financial platformreported the theft of more than $50 million in cryptocurrency after a sophisticated attack. Hackers gained access to multiple private keys, allowing them to siphon off users’ funds by making malicious transactions without any obvious warning signs.
V hospital Boston Children’s Health Physicians, part of the Boston Children’s Hospital network, had a data breach that exposed sensitive patient information, including social security numbers, medical records and health insurance information. The BianLian ransomware group claimed responsibility for the breach.
VULNERABILITIES AND PATCHES
Google has published a security update for Chrome that addresses 17 security vulnerabilities. One of them is a highly serious vulnerability (CVE-2024-9954) of use-after-free type.
Oracle the October update contained a total of 334 security updates with fixes for 35 critical vulnerabilities. Most of the fixes are for Oracle Commerce and Oracle Hyperion.
macOS has a vulnerability known as HM Surf (CVE-2024-44133) that allows attackers to bypass the Transparency, Consent and Control (TCC) technology in the system. Successful exploitation of the flaw can lead to unauthorized access to user data, including browsing history, camera, microphone, and location. Apple released a fix for this vulnerability in the Sequoia update.
WordPress has released a critical security update that addresses a vulnerability in the Contact Form feature. The vulnerability allowed any logged-in user on the site to read contact forms submitted by other users.
Regular weekly review THREAT INTELLIGENCE REPORT you can watch via the LinkedIn network
Research team Check Point Research has been tracking security trends, evaluating anomalies, and bringing up-to-date warnings and news about cyber threats to the community for more than three decades. Experts continuously collect and analyze data on global cyber attacks from monitoring the networks they manage, open source platforms, the ThreatCloud network and intelligence from the dark web.
Source: www.nextech.sk
