821
In September 2024, major organizations like TFL, Planned Parenthood, Florida-based Slim CD, Fortinet, and the e-commerce platform Temu were hit hard by cyberattacks, data breaches, and ransomware. These incidents are just a glimpse of the cyber crime wave that swept through the month.
Check out our detailed report on all the cyber crime instances from September 2024. Remember, knowledge is your greatest defense, and staying informed about past attacks is essential for strengthening your cybersecurity posture.
- Ransomware Attacks in September 2024
- Data Breaches in September 2024
- Cyber Attacks in September 2024
- New Malware and Ransomware Discovered
- Vulnerabilities Identified and Patches Released
- Advisories, Reports, and Analysis for September 2024
Some organizations not only faced cyberattacks but also incurred heavy financial penalties due to security lapses. For example, Lehigh Valley Health Network agreed to a $65 million settlement after hackers leaked sensitive photos of cancer patients. DNA testing giant 23andMe settled for $30 million following a massive data breach. AT&T faced a $13 million fine after a Federal Communications Commission (FCC) investigation.
These figures highlight the devastating financial and reputational impact of a cybersecurity incident. The best way to protect your organization is through preparation.
To stay ahead, you must continuously evaluate your cybersecurity defenses, study the latest attack methods, and enhance your organization’s cyber resilience. It’s no longer a question of “if” you’ll be attacked, but “when.”
Take these proactive steps:
- Implement a strong Cyber Incident Response Plan.
- Test its effectiveness through Cyber Tabletop Exercises and attack simulations.
- Provide comprehensive cybersecurity training to your team so that every employee understands their role during a crisis.
- Equip staff with the skills to make informed decisions, practice incident response, and integrate these processes into their routine.
By prioritizing these strategies and learning from past incidents, you can significantly reduce the risks and impacts of cyber threats, ensuring your organization’s future security and resilience.
Ransomware Attacks in September 2024
| Date | Victim | Summary | Threat Actor | Business Impact | Source Link |
|---|---|---|---|---|---|
| September 04, 2024 | Microchip Technology | Microchip Technology confirms personal information stolen in ransomware attack | Play Ransomware | US-based semiconductor supplier Microchip Technology confirmed that personal information and other data were stolen during a ransomware attack. The attack caused business disruptions, but systems were isolated to contain it. | Source |
| September 04, 2024 | Planned Parenthood | Ransomware gang claims cyber attack on Planned Parenthood | RansomHub Ransomware | RansomHub ransomware group threatened to leak 93 GB of exfiltrated data from Planned Parenthood, listing them on their leak site. | Source |
| September 06, 2024 | Charles Darwin School | Charles Darwin School Bromley closes due to cyber attack | Unknown | IT issues turned out to be a cyber attack. The school is investigating to determine what data was accessed. | Source |
| September 10, 2024 | Japanese media giant Kadokawa | Japanese media giant investigating another reported data leak by BlackSuit hackers | BlackSuit Ransomware | Kadokawa, a major media company, was hit by a ransomware attack. Reports showed BlackSuit ransomware uploaded stolen data from Kadokawa to the dark web. | Source |
| September 12, 2024 | Kawasaki’s European arm | Kawasaki’s European arm restores operations after a cyber attack claimed by Ransomhub | RansomHub Group | Kawasaki Motors Europe confirmed a cyber attack that resulted in 487 GB of data being stolen. The company isolated affected servers as part of the recovery plan. | Source |
| September 12, 2024 | 23andMe | 23andMe to pay $30 million in genetics data breach settlement | Hacker known as Golem | DNA testing company 23andMe agreed to a $30M settlement for a data breach that exposed information of 6.4 million customers. Data was leaked in 2023. | Source |
| September 12, 2024 | Lehigh Valley Health Network | Hospital system to pay $65 million for dark web data leak, including images of nude cancer patients | BlackCat Ransomware | Lehigh Valley Health Network settled for $65M after hackers posted nude images of 600 cancer patients and other personal data. | Source |
| September 14, 2024 | Port of Seattle | Port of Seattle confirmed that Rhysida ransomware gang was behind the August attack | Rhysida Ransomware | Rhysida ransomware gang disrupted key services, including baggage handling and check-in kiosks at the Port of Seattle. The Port refused to pay the ransom. | Source |
| September 16, 2024 | NHS London | Data on nearly 1 million NHS patients leaked online following ransomware attack on London hospitals | Qilin Ransomware | Almost 1 million NHS patients’ sensitive data, including medical conditions, were leaked online after a ransomware attack. | Source |
| September 16, 2024 | Stillwater Mining Company | Owner of only US platinum mine confirms data breach after ransomware claims | RansomHub Ransomware | Stillwater Mining Company confirmed a breach affecting thousands of employees’ sensitive information after a ransomware attack. | Source |
| September 17, 2024 | AT&T | AT&T to pay $13 million FCC settlement for 2023 data breach | ShinyHunters | AT&T agreed to pay $13 million to settle a Federal Communications Commission (FCC) investigation related to a 2023 data breach. | Source |
| September 20, 2024 | Blackpool Trust Schools | Schools threatened by hackers in cyber attack | Unknown | Schools across Lancashire, UK, were affected by a ransomware attack, causing disruption to IT systems. | Source |
| September 22, 2024 | Kansas’ Franklin County | Ransomware attack on Kansas county exposed sensitive information of nearly 30,000 residents | Unknown | Hackers leaked personal data of 29,690 residents following a ransomware attack on Franklin County’s Clerk Office. | Source |
Data Breaches in September 2024
| Date | Victim | Summary | Threat Actor | Business Impact | Source Link |
|---|---|---|---|---|---|
| September 02, 2024 | Management consulting firm, CBIZ | CBIZ Benefits & Insurance Services discloses data breach affecting client information | Unknown | Benefits & Insurance Services (CBIZ) reported a significant data breach involving the unauthorized access of sensitive client information stored in its databases. The breach that occurred between June 2 and June 21, 2024, was caused by a vulnerability in one of CBIZ’s web pages, exploited by a threat actor to steal the data of nearly 36,000 individuals. | Source: teiss.co.uk |
| September 09, 2024 | Florida-based Slim CD | Massive credit card breach hits 1.7 million people after hackers access payment processing service | Unknown | Almost 1.7 million consumers in the US and Canada may have had their data exposed in a massive credit card database breach. Florida-based Slim CD, a payment processor, sent emails to customers that their information may have been accessed anytime from August 2023 to June 2024. | Data breach attack on a payment processing service Slim CD |
| September 09, 2024 | Fortinet | Fortinet says hackers accessed ‘limited’ number of customer files on third-party drive | Unknown | Fortinet said that someone gained unauthorized access to a limited number of files stored on Fortinet’s instance of a third-party cloud-based shared file drive. The file drive “included limited data related to a small number of Fortinet customers”. | Fortinet data breach |
| September 09, 2024 | Avis Car Rental | Avis Car Rental suffers a data breach impacting nearly 300,000 customers | Unknown | Car rental company Avis has suffered a data breach impacting nearly 300,000 customers after an unauthorized third party accessed a business application. Avis said the attacker breached the company’s business application between August 3 and August 6, 2024, and was detected on August 5, 2024. | Source: CPO Magazine |
| September 11, 2024 | Boulanger, Cultura, Truffaut | Popular French retailers confirm hackers stole customer data | A threat actor using the nickname “horrormar44” on BreachForums | Several well-known French retail brands reported having data stolen by a cyber attack as hackers targeted Boulanger, which specializes in electronics and home appliances, and the retailer Cultura, gardening supplier Truffaut. Several French media outlets reported the list of victims could be even longer. | Source: The Record |
| September 17, 2024 | E-commerce platform, Temu | Temu denies breach after hacker claims theft of 87 million data records | A threat actor using the moniker ‘smokinthashit’ | Temu denied it was hacked or suffered a data breach after a threat actor claimed to be selling a stolen database containing 87 million records of customer information. The threat actor put the alleged data up for sale on the BreachForums hacking forum, along with a small sample to serve as proof of the stolen data. | Temu data breach |
| September 20, 2024 | Dell | Dell investigates data breach claims after hacker leaks employee information | BreachForums hacker “grep” | Dell has confirmed that they were investigating recent claims that it suffered a data breach after a threat actor leaked data for over 10,000 employees. The allegations were published by a threat actor named “grep,” who alleges that the computing vendor suffered a “minor data breach” in September 2024, exposing internal employee and partner information. | Source: BleepingComputer |
Cyber Attacks in September 2024
| Date | Victim | Summary | Threat Actor | Business Impact | Source Link |
|---|---|---|---|---|---|
| September 02, 2024 | German air traffic control | Cyber attack paralyses office communications at German air traffic control | APT28-(Fancy Bear) | Deutsche Flugsicherung (DFS), the state-owned agency responsible for air traffic control in Germany confirmed that it was the target of a cyber attack that has disrupted its office communications. | Cyber attack on German air traffic control, DFS |
| September 02, 2024 | Transport for London (TfL) | TfL faces sophisticated cyber security incident | Unknown | Transport for London’s (TfL) computer systems were hit with an ongoing cyber attack as the transport company said there was no evidence customer data had been compromised and there was no impact on TfL services. | Transport for London (TfL) cyber attack |
| September 02, 2024 | Canvey Infant School | Canvey Infant School in Essex deals with a significant cyber incident | Unknown | Canvey Infant School, an Essex-based primary school, experienced a significant cyber attack that disrupted access to IT systems and forced school authorities to delay school reopening. | Source: teiss.co.uk |
| September 04, 2024 | Latvian government and critical infrastructure websites | Hackers linked to Russia and Belarus increasingly target Latvian websites, officials say | Russia-linked hacktivist groups such as NoName057(16) and Anonymous Guys | Politically motivated hackers linked to Russia and Belarus are targeting Latvian government and critical infrastructure websites in a new wave of cyber attacks. | Cyber attack on Latvian government and critical infrastructure websites |
| September 04, 2024 | Tewkesbury Borough Council in Gloucestershire, England | Services disrupted as local council near GCHQ’s headquarters hit by cyberattack | Unknown | Tewkesbury Borough Council in Gloucestershire, England, warned residents that it had discovered it was being targeted by a cyber attack. | Source: The Record |
| September 04, 2024 | Penpie DeFi | Penpie DeFi platform files reports with FBI, Singapore police after $27 million crypto theft | Unknown | Hackers stole about $27 million worth of cryptocurrency from the Penpie decentralised finance (DeFi) protocol. | Source: The Record |
| September 09, 2024 | Highline Public Schools | Highline Public Schools closed in WA after possible cyber threat | Unknown | The attack hit the technology systems of the schools and forced the educational bodies to remain closed. | Source: Fox 13 Seattle |
| September 09, 2024 | Highline Public Schools in Washington | Washington state school district closed for second day after cyber attack | Unknown | A Seattle-area school system serving more than 17,000 students remained closed on September 10 for a second day after a cyber attack caused network outages. | Source: The Record |
| September 12, 2024 | Jakarta-based crypto exchange Indodax | Largest crypto exchange in Indonesia pledges to reimburse users after $22 million theft | Unknown | A major cryptocurrency exchange in Southeast Asia has paused operations after $22 million in coins was stolen. | Source: The Record |
| September 13, 2024 | Tennessee school district, Johnson County Board of Education | Tennessee school district loses $3.4 million to a fake curriculum vendor | Unknown | A school district in the northeast corner of Tennessee lost more than $3 million earlier this year after an employee was tricked into sending funds intended for online curriculum materials to a fraudster. | Source: The Record |
| September 16, 2024 | Germany’s Radio Geretsried | German radio station forced to broadcast ’emergency tape’ following cyber attack | Unknown | Radio Geretsried, a local station in Germany, has blamed “unknown attackers from Russia” after an apparent ransomware incident. | Source: The Record |
| September 17, 2024 | Russian organisation Osnovanie | Pro-Ukraine hackers claim attack on agency that certifies digital signatures in Russia | Osnovanie (“Foundation” in Russian) | The Russian federal organisation that certifies digital signatures used by local businesses and individuals is still recovering from a cyber attack. | Source: The Record |
| September 17, 2024 | Russian anti-virus company Dr.Web | Russian cyber firm Dr.Web says services are restored after ‘targeted cyber attack’ | Unknown | Popular Russian antivirus developer Dr.Web said it has resumed operations after suffering a security breach. | Source: The Record |
| September 21, 2024 | Asian crypto platform BingX | Hackers stole over $44 million from Asian crypto platform BingX | Unknown | Singaporean crypto platform BingX reported a cyber attack as threat actors stole over $44 million worth of cryptocurrency. | Source: Security Affairs |
| September 24, 2024 | MoneyGram | MoneyGram says cyber incident causing network outages | Unknown | Digital payment giant MoneyGram said a recent cybersecurity incident has caused network outages and other issues for those trying to send money. | Source: The Record |
New Ransomware/Malware Discovered in September 2024
| New Ransomware | Summary |
|---|---|
| New Ransomware-as-a-Service (RaaS) | A new ransomware-as-a-service (RaaS) operation impersonates the legitimate Cicada 3301 organization and has already listed 19 victims on its extortion portal, as it quickly attacked companies worldwide. |
| WhisperGate malware | Federal agencies continued to confront Russian cyber-operations, unsealing an indictment against members of a Russian military intelligence unit involved with the destructive WhisperGate malware and other hacking campaigns. |
| New PIXHELL acoustic attack | A novel acoustic attack named ‘PIXHELL’ can leak secrets from air-gapped and audio-gapped systems, and without requiring speakers, through the LCD monitors they connect to. |
| Ajina Banker malware | A new Android malware is being used to steal information from bank customers in Central Asia, researchers have found. |
| CosmicBeetle’s new malware, ScRansom | A group that researchers are calling CosmicBeetle has developed new ransomware and deployed it against small and medium-sized businesses, mostly in Europe and Asia, according to a new report. |
| Android malware ‘Necro’ | A new version of the Necro malware loader for Android was installed on 11 million devices through Google Play in malicious SDK supply chain attacks. |
Vulnerabilities/Patches Discovered in September 2024
| Date | New Malware, Flaws & Fixes | Summary |
|---|---|---|
| September 03, 2024 | CVE-2024-7261 | Zyxel has released security updates to address a critical vulnerability impacting multiple models of its business routers, potentially allowing unauthenticated attackers to perform OS command injection. |
| September 09, 2024 | CVE-2024-40766 | Ransomware affiliates exploit a critical security vulnerability in SonicWall SonicOS firewall devices to breach victims’ networks. |
| September 10, 2024 | CVE-2024-38217 | Microsoft has fixed a Windows Smart App Control and SmartScreen flaw that has been exploited in attacks as a zero-day since at least 2018. |
| September 16, 2024 | CVE-2024-29847 | A proof-of-concept (PoC) exploit for CVE-2024-29847, a critical remote code execution (RCE) vulnerability in Ivanti Endpoint Manager, is now publicly released, making it crucial to update devices. |
| September 16, 2024 | CVE-2024-43461 | CISA has ordered U.S. federal agencies to secure their systems against a recently patched Windows MSHTML spoofing zero-day bug exploited by the Void Banshee APT hacking group. |
| September 17, 2024 | CVE-2024-38812 | Broadcom has fixed a critical VMware vCenter Server vulnerability that attackers can exploit to gain remote code execution on unpatched servers via a network packet. |
| September 19, 2024 | CVE-2024-27348 | The U.S. Cybersecurity and Infrastructure Agency (CISA) has added five flaws to its Known Exploited Vulnerabilities (KEV) catalogue, among which is a remote code execution (RCE) flaw impacting Apache HugeGraph-Server. |
| September 19, 2024 | CVE-2024-8963 | Ivanti warned that threat actors are exploiting another Cloud Services Appliance (CSA) security flaw in attacks targeting a limited number of customers. |
Warnings/Advisories/Reports/Analysis
| News Type | Summary | Source Link |
|---|---|---|
| Report | The U.S. Federal Trade Commission (FTC) has reported a massive increase in losses to Bitcoin ATM scams, nearly ten times the amount from 2020 and reaching over $110 million in 2023. | Source: Bleeping Computer |
| Warning | The FBI warned of North Korean hacking groups aggressively targeting cryptocurrency companies and their employees in sophisticated social engineering attacks to deploy malware designed to steal their crypto assets. | Source: Bleeping Computer |
| Report | The Dutch Data Protection Authority (Dutch DPA) has imposed a fine of €30.5m ($33.7m) on Clearview AI over illegal data collection for facial recognition. | Clearview AI Fined €30.5m by Dutch Watchdog Over Illegal Data Collection |
| Report | Nykaa Fashion, a leading Indian beauty and fashion retailer, has taken legal action against its former Chief Business Officer (CBO), accusing him of breaching confidentiality agreements and misappropriating proprietary data. | Nykaa Fashion initiates legal proceedings against former CBO |
| Report | A privacy flaw in WhatsApp is being exploited by attackers to bypass the app’s “View once” feature and view messages again. WhatsApp is working on a fix. | Source: Bleeping Computer |
| Report | The National Crime Agency (NCA), once heralded as British law enforcement’s elite answer to cybercrime, is facing significant challenges according to a new report. | Source: The Record |
| Report | Wix.com has announced it will stop providing services to Russian users on September 12, 2024, with all accounts from Russia to be blocked. | Source: Bleeping Computer |
| Report | The RansomHub ransomware gang has been using TDSSKiller, a legitimate tool from Kaspersky, to disable endpoint detection and response (EDR) services on target systems. | Source: Bleeping Computer |
| Report | A high-stakes cyber battle continues between defenders and Chinese cyberespionage groups targeting Southeast Asia government organizations. | Source: The Record |
| Analysis | An Iranian state-sponsored threat actor, APT34 (OilRig), has targeted Iraqi government organisations in a new espionage campaign, according to researchers. | Source: The Record |
