MoneyGram, Casio, ADT Alarms, Zendesk, ESET, Radiant Capital, Wayback Machine, Landmark Insurance, Red Barrels, and Game Freak—what do these companies have in common?
In October 2024, all of them faced cybercrime incidents, and for some, it wasn’t even the first attack that month. Our latest report covers the major cybersecurity breaches, ransomware attacks, and data leaks from the past month, shedding light on the latest wave of cyber threats affecting organizations worldwide.
October 2024 Cybersecurity Highlights:
- Ransomware Attacks: An analysis of the most notable ransomware incidents.
- Data Breaches: A look at significant data leaks compromising sensitive information.
- Cyber Attacks: A recap of widespread attacks across industries.
- Emerging Malware and Ransomware: New strains discovered and their implications.
- New Vulnerabilities: Updates on vulnerabilities found and patches issued.
- Advisories and Reports: Expert analysis and recommended precautions.
October’s incidents spanned industries from finance to healthcare, retail, and government, revealing just how adaptive cybercriminals have become. Every organization—whether a watch manufacturer, a video game developer, or a global fintech leader—faces the possibility of cyber threats, and these incidents highlight the importance of preparedness.
Our monthly roundup underscores the pressing need for cyber resilience. Strengthening your organization’s defenses and having a well-rehearsed incident response plan are critical steps to minimize risks. Conducting scenario-based Cyber Tabletop Exercises can help organizations evaluate their response capabilities and improve their readiness for potential cyber events.
Browse this month’s incident insights to stay informed on the latest threats. Learning from these cases can help bolster your own organization’s defenses—because when it comes to cybercrime, proactive preparation, awareness, and constant vigilance are the best strategies to stay secure.
Ransomware Attacks in October 2024
Date | Victim | Summary | Threat Actor | Business Impact | Source Link |
---|---|---|---|---|---|
October 01, 2024 | UMC Health System | UMC Health System diverted patients following a ransomware attack that impacted its network. | Unknown | Texas-based UMC Health System had to redirect emergency and non-emergency patients as it managed an IT outage resulting from a ransomware attack. | BleepingComputer |
October 01, 2024 | Community Clinic of Maui, Mālama | Community Clinic of Maui notified 123,000 individuals about a data breach from a May cyberattack. | LockBit | Hackers accessed sensitive data, including Social Security and bank account numbers, and forced the clinic to take servers offline. | The Record |
October 02, 2024 | Royal Mail | Hackers impersonated Royal Mail to spread Prince ransomware with a destructive campaign. | Unknown | Targeted a small number of organizations with no decryption or data exfiltration capabilities. | The Record |
October 10, 2024 | Casio | Casio confirmed a ransomware attack leading to the theft of personal and confidential data. | Underground Ransomware | Disruption of Casio’s services, affecting data of employees, customers, and job candidates. | BleepingComputer |
October 16, 2024 | Globe Life | Globe Life faced blackmail after customer data was stolen by cybercriminals. | Unknown | Hackers attempted to extort the insurance giant to avoid releasing sensitive data. | BleepingComputer |
October 16, 2024 | Boston Children’s Health Physicians | BianLian ransomware group claimed an attack on Boston Children’s Health Physicians. | BianLian ransomware | Attackers threatened to leak sensitive patient data unless a ransom was paid. | BleepingComputer |
October 18, 2024 | Nidec | Tech giant Nidec confirmed a data breach following a ransomware attack. | 8BASE and Everest gangs | Data stolen and leaked on the dark web, with failed extortion attempts. | BleepingComputer |
October 21, 2024 | Berufsbildungszentrum (BBZ) | BBZ, a vocational training center, became a ransomware victim, disrupting its IT systems. | Unknown | Attackers encrypted BBZ’s servers, blocking access and demanding ransom, which was refused. | The Record |
October 24, 2024 | Henry Schein | Henry Schein disclosed a data breach impacting over 160,000 people after a 2023 ransomware attack. | BlackCat Ransomware gang | Revealed personal data exposure due to back-to-back attacks in 2023. | BleepingComputer |
October 24, 2024 | UnitedHealth | UnitedHealth confirmed a major data breach impacting 100 million individuals in the Change Healthcare ransomware incident. | BlackCat ransomware (ALPHV) | Marked as one of the largest healthcare breaches in recent years, affecting personal and healthcare data of millions. | BleepingComputer |
Data Breaches in October 2024
Date | Victim | Summary | Threat Actor | Business Impact | Source Link |
---|---|---|---|---|---|
October 01, 2024 | Rackspace | Rackspace servers hit by zero-day vulnerability, resulting in data breach and temporary outage. | Unknown | Rackspace took monitoring dashboard offline, and customer data related to monitoring was accessed. | Rackspace data breach due to zero-day flaw |
October 03, 2024 | Dutch Police | Dutch government attributes police network hack to a foreign state actor. | An anonymous state actor | Hackers accessed contact information of all Dutch police officers. | Dutch Police data breach attack |
October 03, 2024 | Red Barrels | Red Barrels’ Outlast Studio suffered source code theft and 1.8 TB of data was compromised. | Unknown | The attack is expected to delay the development of the studio’s projects. | Data breach attack on Outlast Studio’s Red Barrels |
October 04 and 07, 2024 | MoneyGram | MoneyGram experienced a cyber attack disrupting customer access, with personal data compromised. | Likely Scattered Spider collective | Systems were offline for five days, affecting customer transactions and data security. | BleepingComputer |
October 05, 2024 | Comcast and Truist Bank | Comcast and Truist Bank were impacted by data breach at FBCS, compromising customer information. | Unknown | Investigation ongoing; customer notifications about compromised data sent by Comcast and Truist. | BleepingComputer |
October 07, 2024 | ADT | ADT faced second data breach in two months due to compromised credentials. | Unknown | Stolen credentials led to exfiltration of encrypted employee account data. | BleepingComputer |
October 10, 2024 | Fidelity Investments | Data breach affected over 77,000 Fidelity Investments customers. | Unknown | Sensitive customer information was accessed through two recently established customer accounts. | BleepingComputer |
October 14, 2024 | Game Freak | Pokémon developer Game Freak confirmed data leak exposing names and emails of employees. | Unknown | Approximately 2,606 records with employee data were accessed and shared online. | Data breach attack on Pokemon and Nintendo maker, Game Freak |
October 18, 2024 | Cisco’s DevHub portal | Cisco took its DevHub portal offline after IntelBroker leaked sensitive “non-public” data. | IntelBroker | No evidence of system breach, but Cisco took the portal offline to prevent further leaks. | BleepingComputer |
October 18, 2024 | Boston Children’s Health Physicians | Boston Children’s Health Physicians experienced data breach exposing patient information. | BianLian Ransomware Group | Sensitive patient data, including Social Security numbers, medical records, and billing information, were compromised. | The Record |
October 24, 2024 | Insurance admin Landmark | Landmark disclosed a data breach impacting over 800,000 people from a May cyber attack. | Unknown | Affected personal data of customers and employees, with notifications sent to impacted individuals. | BleepingComputer |
Cyber Attacks in October 2024
Date | Victim | Summary | Threat Actor | Business Impact | Source Link |
---|---|---|---|---|---|
October 04, 2024 | U.S. Wiretap Systems (AT&T, Verizon, Lumen Technologies) | China-linked hackers targeted U.S. broadband providers’ networks used for wiretapping. | Suspected Chinese hackers | Hackers potentially accessed sensitive information from federal wiretapping systems, posing a significant national security risk by gaining access to generic internet traffic and court-authorised communications data. | Cyber attack on U.S. Wiretap Systems; AT&T, Verizon, Lumen Technologies |
October 06, 2024 | Lego | Lego website compromised in a crypto scam promoting a fake “LEGO Coin” cryptocurrency. | Unknown | The scam attempted to lure Lego fans into buying a fake cryptocurrency, redirecting them to a site accepting payments in Ethereum. | Lego cyber attack |
October 07, 2024 | American Water | American Water shut down online services following a cyber attack. | Unknown | The cyber attack led to system shutdowns for the largest publicly traded water utility company in the U.S. | American Water cyber attack |
October 17, 2024 | Japan’s Liberal Democratic Party (LDP) | Japan’s ruling party suffered a website disruption caused by pro-Russian hackers. | Pro-Russian hackers, including NoName057(16) | The website disruption coincided with the start of Japan’s general election campaign, temporarily affecting access to the LDP’s site. | Japan’s ruling Liberal Democratic Party (LDP) cyber attack |
October 18, 2024 | ESET’s Israeli partner, Comsecure | Hackers breached ESET’s partner in Israel to deploy data-wiping malware. | Unknown | Israeli businesses received phishing emails containing disguised data-wiper malware posing as antivirus software. | BleepingComputer |
October 18, 2024 | Radiant Capital | $50 million in cryptocurrency stolen from Radiant Capital following account compromise. | Unknown | Hackers accessed trusted developers’ accounts to carry out the attack, compromising substantial digital assets on the decentralized finance platform. | The Record |
October 21, 2024 | Wayback Machine, Archive-It | Hacker responsible for Internet Archive breach claims continued access, sending messages to support contacts. | Unknown | Internet Archive services, including the Wayback Machine, were temporarily down and remain partially restored. Some users received messages from the hacker. | The Record |
New Ransomware/Malware Discovered in September 2024
New Ransomware | Summary |
---|---|
WarmCookie Backdoor (New Version) | A new ‘FakeUpdate’ campaign in France uses compromised websites to display fake browser and application update prompts, spreading an updated version of the WarmCookie backdoor. |
Qilin Ransomware ‘Qilin.B’ | A new Rust-based variant of Qilin (also known as Agenda) ransomware, dubbed ‘Qilin.B,’ has been observed in attacks. This version incorporates enhanced encryption, improved evasion tactics against security tools, and capabilities to interfere with data recovery mechanisms. |
Vulnerabilities/Patches Discovered in October 2024
Date | New Malware/Flaws/Fixes | Summary |
---|---|---|
October 01, 2024 | CVE-2024-45489 | The Browser Company launched an Arc Bug Bounty Program in response to a critical remote code execution vulnerability, CVE-2024-45489, encouraging researchers to report issues. |
October 02, 2024 | FSCT-2024-0006, FSCT-2024-0007, FSCT-2024-0014, FSCT-2024-0001, FSCT-2024-0002 | DrayTek issued updates to patch 14 vulnerabilities in its routers, including a CVSS 10-rated remote code execution flaw. An estimated 785,000 routers are at risk. |
October 02, 2024 | CVE-2024-41925, CVE-2024-45367 | CISA warned of two critical vulnerabilities allowing authentication bypass and RCE in Optigo Networks ONS-S8 Aggregation Switches used in critical infrastructure. |
October 02, 2024 | CVE-2024-29824 | CISA alerts of an Ivanti EPM appliance vulnerability that allows RCE and is currently exploited in attacks. |
October 02, 2024 | CVE-2024-45519 | European agencies reported an exploited vulnerability in Zimbra email products that spreads malware. |
October 03, 2024 | CVE-2024-47176, CVE-2024-47076, CVE-2024-47175, CVE-2024-47177 | A series of vulnerabilities could enable significant DDoS attacks, raising alarms among cybersecurity experts. |
October 03, 2024 | CVE-2024-32102, CVE-2024-2961 | Adobe Commerce and Magento stores face “CosmicSting” attacks, exploiting CVE-2024-32102 and CVE-2024-2961, impacting approximately 5% of online stores. |
October 03, 2024 | CVE-2024-47176 | A Common Unix Printing System (CUPS) vulnerability enables DDoS attacks with up to 600x amplification. |
October 07, 2024 | CVE-2024-43047 | Qualcomm released patches for a DSP zero-day affecting multiple chipsets, identified by researchers from Google Project Zero, Amnesty International, and others. |
October 08, 2024 | CVE-2024-9379, CVE-2024-9380, CVE-2024-9381, CVE-2024-8963 | Ivanti addressed three new Cloud Services Appliance (CSA) zero-days, reported as being actively exploited. |
October 10, 2024 | CVE-2024-9164 | GitLab released updates for Community and Enterprise Editions, including a fix for a critical arbitrary branch pipeline execution flaw. |
October 10, 2024 | CVE-2024-40711 | A critical RCE vulnerability in Veeam Backup & Replication servers is now being exploited by ransomware groups. |
October 16, 2024 | CVE-2024-38178 | North Korean ScarCruft hackers exploited an Internet Explorer zero-day to deliver RokRAT malware and exfiltrate sensitive data. |
October 16, 2024 | CVE-2024-9486 | A Kubernetes vulnerability could allow unauthorized SSH access to virtual machines created with Kubernetes Image Builder. |
October 16, 2024 | CVE-2024-28987 | CISA added a critical hardcoded credentials flaw in SolarWinds Web Help Desk to its Known Exploited Vulnerabilities list, with fixes issued in August 2024. |
Warnings/Advisories/Reports/Analysis
News Type | Summary |
---|---|
Report | The UK National Crime Agency (NCA) sanctioned 16 members of the Russian hacker group Evil Corp, linking them to the prolific ransomware group LockBit. |
Report | APT hacking group FIN7 launched fake AI-powered deepnude generator sites to infect visitors with information-stealing malware. |
Report | Cambodian journalist Mech Dara was arrested on charges of “incitement to disturb social security” amid his investigation into the cyber scam industry. |
Report | The Police Service of Northern Ireland (PSNI) was fined £750,000 ($1 million) after accidentally disclosing the identities of all officers and staff, exposing them to potential danger. |
Report | A distributed denial-of-service campaign targeted the financial, internet, and telecom sectors, peaking at a record 3.8 terabits per second with over 100 hyper-volumetric DDoS attacks. |
Report | Cybersecurity researchers identified mobile applications used in ‘pig butchering’ scams on official Google and Apple repositories. |
Report | Sellafield nuclear facility was fined £332,500 for cybersecurity failures that risked sensitive nuclear data between 2019 and 2023. |
Report | ESET reported the GoldenJackal APT group’s breach of air-gapped European government systems using custom tools to exfiltrate sensitive data. |
Warning | U.S. and U.K. cyber agencies warned that Russian-linked APT29 hackers are targeting Zimbra and JetBrains TeamCity servers at scale. |
Report | Marriott and Starwood Hotels will pay $52 million and enhance information security after data breaches impacting 344 million customers. |
Report | OpenAI disrupted over 20 cyber operations abusing ChatGPT for malware development, misinformation, evasion tactics, and spear-phishing. |
Report | The U.S. Department of Justice unsealed an indictment against two Sudanese brothers accused of operating the hacktivist group Anonymous Sudan, known for over 35,000 DDoS attacks. |
Report | Iranian hackers are targeting critical infrastructure to gather credentials and network data for resale to other threat actors. |
Report | North Korean IT professionals are reportedly tricking Western companies into hiring them, then stealing data and demanding ransoms. |
Report | The FBI arrested an Alabama man suspected of hacking the SEC’s X account to make a fake announcement about Bitcoin ETFs. |
Report | A new ClickFix campaign uses fake Google Meet pages to deliver info-stealing malware for Windows and macOS. |
Warning | Microsoft warned enterprise clients of a bug that caused critical logs to be partially lost, potentially affecting unauthorized activity monitoring. |
Report | New speculative execution vulnerabilities bypass Spectre mitigations in Intel and AMD processors on Linux. |
Report | Microsoft reported an increase in ransomware attacks, with hundreds of healthcare institutions targeted over the last year. |
Report | Microsoft is using realistic-looking honeypot tenants to gather intelligence on phishing actors. |
Report | Several pro-Palestine hacker groups claimed coordinated cyber attacks on Cyprus’ critical infrastructure and government websites. |
Report | The British government is exploring stronger responses to cyberthreats, according to a recent speech by Security Minister Dan Jarvis. |
Report | LinkedIn was fined €310 million by the Irish Data Protection Commission for violating EU data protection laws with behavioral analysis and targeted ads. |
Report | The UK High Court approved a legal challenge by a dissident against Saudi Arabia for allegedly deploying zero-click spyware against him. |
For Emergency Contact :
Synergy IT solutions Group
439 University Avenue, 5th Floor
Toronto, ON M5G 1Y8
+1(866) 966-8311
+1(905) 502-5955
Email :
Website : https://www.synergyit.ca/