Major Cyber Attacks, Data Breaches, Ransomware Attacks in October 2023

  • Home
  • Major Cyber Attacks, Data Breaches, Ransomware Attacks in October 2023
Major Cyber Attacks, Data Breaches, Ransomware Attacks in October 2023

Major Cyber Attacks, Data Breaches, Ransomware Attacks

In contemporary times characterized by digital advancements, the proliferation of cyber attacks, data breaches, and ransomware has arisen as significant and difficult challenges that affect individuals, businesses, and governments alike. These malevolent behaviors not only jeopardize confidential information but also hinder operations, resulting in substantial financial ramifications and reputational harm. This article explores many significant cyber attacks, emphasizing the gravity of these risks and the imperative for strong cybersecurity protocols.

Ransomware Attacks in October 2023

Based on the findings of our investigation, it has been determined that during the month of October 2023, a total of 114 security events were publicly published. These incidents resulted in the compromise of approximately 867,072,315 records. Consequently, the cumulative number of compromised records for the year has surpassed the significant milestone of 5 billion.

Data Breaches in October 2023

October’s three biggest breaches were:

  1. i) ICMR Indian Council of Medical Research: 815,000,000 breached records
Date of breach 9 October 2023
Breached organization The ICMR (Indian Council of Medical Research)
Incident details The personal data of around 815 million individuals residing in India, which was allegedly obtained from the Covid-testing database of the Indian Council of Medical Research (ICMR), was reportedly made available for purchase on the dark web at the beginning of this month. The security firm Resecurity, responsible for the discovery of the listing, reported that the compromised data encompassed various personal details of the victims, such as their names, ages, genders, addresses, passport numbers, and Aadhaar numbers (a unique 12-digit government identity number).
Records breached 815,000,000

 

  1. ii) 23andMe: 20,000,000 breached records
Date of breach 2 October 2023
Breached organization 23andMe is a consumer genetics and research company headquartered in California, US.
Incident details The occurrence of credential stuffing attacks led to the unauthorized disclosure of 1 million data packs including information pertaining to Ashkenazi Jews on a hacking site. Subsequently, an additional 4.1 million genetic data profiles of citizens from the United Kingdom and Germany were also included in this breach. Given the assertion made by the threat actor regarding their possession of 20 million 23andMe data records, it is probable that other data breaches will occur.
Records breached 20,000,000

 

iii) Redcliffe Labs: 12,347,297 breached records (7TB)

Date of breach A database that was discovered on or shortly before October 25, 2023, for an unspecified duration remained unprotected.
Breached organization Medical diagnostic company Redcliffe Labs, based in India.
Incident details Notifying the organization of the discovery of a password-protected database by a security researcher, access to the database was immediately restricted to the public. It is unknown whether the data was exfiltrated criminally.
Records breached 12,347,297 medical records (7 TB).

Cyber-Attacks in October 2023

According to our sources, the Top 10 Cyber Attacks in October 2023 are mentioned below:

# Organization Name The Potential Quantity of Records Breached
1 ICMR (Indian Council of Medical Research) 81,50,00,000
2 23andMe 2,00,00,000
3 Redcliffe Labs 1,23,47,297
4 McLaren Health Care 60,00,000
5 MCH (Morrison Community Hospital) 50,00,000
6 MNGI Digestive Health 20,00,001
7 Motel One 10,00,000
8 Flagstar Bank 8,37,390
9 District of Columbia Board of Elections 6,00,001
10 Shadow PC 5,33,624

New Ransomware/ Malware Detected in October 2023

  1. BlackSuit Ransomware

The most recent alleged incident, occurring in October 2023, targeted a United States-based HPH business. The computers and systems of this organization were compromised through the use of malware, preliminarily referred to as BlackSuit. A cybersecurity firm has recorded a minimum of three instances in which the BlackSuit encryptor was employed in assaults, resulting in ransom demands that were less than $1 million.

  1. Conti Ransomware

Conti, a Russian-speaking Ransomware-as-a-Service (RaaS) gang, was initially documented in 2019. This group has been linked to over 400 intrusions spanning several sectors, with around 75% of these incidents occurring within the United States. Renowned for their assertive strategies and extensive assaults, they were recognized for their insistence on exorbitant ransoms reaching up to $25 million. Frequently engaging in the practice of double extortion, the perpetrators relied on their network of affiliates to specifically target firms that have an annual income above $100 million. Nevertheless, leaked conversations have revealed that certain members of the Conti group started to express doubts regarding the selection of the healthcare industry as a target, particularly around the peak of the COVID-19 outbreak. This phenomenon gave rise to conjecture over the potential occurrence of internal divisions within the group. Consequently, subsequent to a collaborative operation involving many governmental entities in February 2022, the aforementioned group dissolved, fragmented into smaller factions, and underwent a process of rebranding in order to elude legal authorities. Despite the cessation of activities by the aforementioned danger organization, Conti operators continue to engage in active and cooperative endeavors within newly formed factions, such as Royal.

  1. Royal Ransomware

The Royal ransomware gang emerged as an observable phenomenon in the year 2022, exhibiting significant growth subsequent to the dissolution of the Conti group. During its initial campaigns, Royal utilized the encryptor developed by BlackCat. Subsequently, the focus of the investigation transitioned to a distinct entity known as Zeon, which exhibited a comparable modus operandi by disseminating ransom notes akin to those attributed to Conti. Subsequently, Royal underwent a rebranding process and commenced employing the name “Royal” in the ransom notes produced by its recently developed encryptor. The collective employs a combination of traditional and contemporary methodologies, indicating a comprehensive understanding of the malware landscape. The utilization of callback phishing as a deceptive technique to induce victims into installing remote desktop malware enables the perpetrators to enter the victims’ PCs with less exertion. In addition, the ransomware gang employs intermittent encryption strategies to expedite the process of encrypting the information of their victims.

In preceding instances of aggression, the collective has demanded monetary compensations ranging from $250,000 to in excess of $2 million.

Vulnerabilities/ Patches

Flaws/Fixes Summary Source Link
CVE-2023-40044 A proof-of-concept (PoC) exploit for a remote code execution vulnerability of the highest severity in Progress Software’s WS_FTP Server file sharing platform was recently disclosed by security experts. Exploit available for critical WS_FTP bug exploited in attacks
CVE-2023-4211 Arm has issued a warning regarding a vulnerability that is currently being extensively exploited. This vulnerability specifically impacts the widely utilized Mali GPU drivers. Arm warns of Mali GPU flaws likely exploited in targeted attacks
CVE-2023-4863 and CVE-2023-4211 The October 2023 security updates for the Android operating system have been released by Google. These updates aim to address a total of 54 distinct vulnerabilities, with two of them being identified as being exploited. Ransomware gangs now exploiting critical TeamCity RCE flaw
CVE-2023-43654 and CVE-2022-1471 The open-source TorchServe AI model-serving application is currently affected by a series of significant vulnerabilities known as ‘ShellTorch’. These vulnerabilities have the potential to infect a substantial number of internet-exposed servers, including those owned by prominent organizations. ShellTorch flaws expose AI servers to code execution attacks
CVE-2023-33106, CVE-2023-33107, CVE-2022-22071, and CVE-2023-33063 Qualcomm has issued a cautionary notice regarding the existence of three zero-day vulnerabilities inside its GPU and Compute DSP drivers, which are now being exploited by malicious actors in various cyber assaults. Qualcomm says hackers exploit 3 zero-days in its GPU, DSP drivers
CVE-2023-20101 Cisco has recently issued security updates in order to address a vulnerability present in the Cisco Emergency Responder (CER). This vulnerability allowed unauthorized individuals to gain access to unpatched systems by exploiting hard-coded credentials. Cisco fixes hard-coded root credentials in Emergency Responder
CVE-2023-42824 and CVE-2023-5217 Apple has issued emergency security fixes to address two zero-day vulnerabilities that have been actively exploited in various ways. Apple emergency update fixes new zero-day used to hack iPhones
CVE-2023-22515 The Confluence Data Center and Server software, developed by the Australian software company Atlassian, recently underwent emergency security patches in response to a zero-day vulnerability of utmost severity. This vulnerability has been actively exploited in various attacks. Atlassian patches critical Confluence zero-day exploited in attacks
CVE-2023-3519 A significant effort is being carried out by unauthorized individuals with the intention of exploiting the recently discovered vulnerability, CVE-2023-3519, in Citrix NetScaler Gateways. The objective of this campaign is to illicitly get user credentials. Hackers hijack Citrix NetScaler login pages to steal credentials
CVE-2023-22515 According to Microsoft, a threat group known as ‘Storm-0062’ (also referred to as DarkShadow or Oro0lxy), which is supported by Chinese entities, has been actively exploiting a zero-day vulnerability involving critical privilege escalation in the Atlassian Confluence Data Center and Server since September 14, 2023. Microsoft: State hackers exploiting Confluence zero-day since September

Advisories issued, reports, analysis, etc. in October 2023

News Type Summary Source Link
Warning The Federal Bureau of Investigation (FBI) has just released a public service announcement alerting the general public to a notable surge in fraudulent activities known as ‘phantom hacker’ schemes, specifically targeting elderly individuals around the United States. FBI warns of surge in ‘phantom hacker’ scams impacting the elderly
Report The Windows Defender software no longer identifies the tor.exe file as a trojan. According to Microsoft, an assessment of the uploaded files has been conducted, leading to the determination that they do not align with the company’s established criteria for classifying malware or undesirable apps. Consequently, the detection has been eliminated. Microsoft Defender no longer flags Tor Browser as malware
Report A phishing attempt has just been discovered, which specifically targets the Microsoft 365 accounts of important executives within organizations situated in the United States. This campaign exploits open redirects originating from the Indeed employment website, which is commonly used for job ads. EvilProxy uses indeed.com open redirect for Microsoft 365 phishing
Report There have been instances where hackers have been detected attempting to compromise cloud settings by exploiting vulnerabilities in Microsoft SQL Servers susceptible to SQL injection attacks. Microsoft: Hackers target Azure cloud VMs via breached SQL servers
Warning Approximately 100,000 industrial control systems (ICS) were discovered to be accessible on the public web, rendering them susceptible to potential attackers who may exploit vulnerabilities and gain unauthorized entry. These systems encompass a wide range of critical infrastructure, including electricity grids, traffic light systems, security systems, and water systems. Researchers warn of 100,000 industrial control systems exposed online
Report Chinese-speaking semiconductor businesses have been targeted by hackers involved in cyber espionage through the use of TSMC-themed lures, which are designed to infect them with Cobalt Strike beacons. China-linked cyberspies backdoor semiconductor firms with Cobalt Strike
Warning According to the Federal Trade Commission, there has been a reported loss of at least $2.7 billion by Americans as a result of social media scams since the year 2021. However, it is important to note that the true magnitude of these losses is likely significantly higher due to substantial under-reporting. FTC warns of ‘staggering’ losses to social media scams since 2021
Report Blackbaud, a cloud computing service, has entered into a settlement deal for $49.5 million with attorneys general from 49 states in the United States. This settlement resolves a multi-state investigation pertaining to a ransomware assault that occurred in May 2020, as well as the subsequent data breach that ensued.  Numerous instances of Balada Injector campaigns have resulted in the compromise and subsequent infection of more than 17,000 WordPress sites. These campaigns exploit well-documented vulnerabilities (CVE-2023-3169) present in premium theme plugins. Blackbaud agrees to $49.5 million settlement for ransomware data breach
Report Numerous instances of Balada Injector campaigns have resulted in the compromise and subsequent infection of more than 17,000 WordPress sites by exploiting well-documented vulnerabilities (CVE-2023-3169) included in premium theme plugins. Over 17,000 WordPress sites were hacked in Balada Injector attacks last month
Report A recently discovered Magecart card skimming scam involves the exploitation of 404 error pages on e-commerce websites, wherein malicious code is surreptitiously embedded to illicitly obtain customers’ credit card details. Hackers modify online stores’ 404 pages to steal credit cards

Enhance Your Knowledge With Craw Security

If you want to read more such articles and blogs that will enhance your knowledge regarding the latest cyber security attacks and other relevant stuff, you can go to the Official Website of Craw Security, the Best Cybersecurity Training Institute in Singapore.

About The Author:

Yogesh Naager is a content marketer who specializes in the cybersecurity and B2B space.  Besides writing for the Craw Security blogs, he’s also written for brands including CollegeDunia, Utsav Fashion, and NASSCOM.  Naager entered the field of content in an unusual way. He began his career as an insurance sales executive, where he developed an interest in simplifying difficult concepts.  He also combines this interest with a love of narrative, which makes him a good writer in the cybersecurity field.  In the bottom line, he frequently writes for News4Hackers.

Leave a Reply

Your email address will not be published. Required fields are marked *

Enquire Now

Cyber Security services
Open chat
Hello
Greetings From Craw Cyber Security !!
Can we help you?

Fatal error: Uncaught TypeError: preg_match() expects parameter 2 to be string, null given in /home/crawsg/domains/craw.sg/public_html/wp-content/plugins/WP-Rocket-v3.10/inc/Engine/Optimization/DelayJS/HTML.php:221 Stack trace: #0 /home/crawsg/domains/craw.sg/public_html/wp-content/plugins/WP-Rocket-v3.10/inc/Engine/Optimization/DelayJS/HTML.php(221): preg_match() #1 /home/crawsg/domains/craw.sg/public_html/wp-content/plugins/WP-Rocket-v3.10/inc/Engine/Optimization/DelayJS/Subscriber.php(114): WP_Rocket\Engine\Optimization\DelayJS\HTML->move_meta_charset_to_head() #2 /home/crawsg/domains/craw.sg/public_html/wp-includes/class-wp-hook.php(324): WP_Rocket\Engine\Optimization\DelayJS\Subscriber->add_delay_js_script() #3 /home/crawsg/domains/craw.sg/public_html/wp-includes/plugin.php(205): WP_Hook->apply_filters() #4 /home/crawsg/domains/craw.sg/public_html/wp-content/plugins/WP-Rocket-v3.10/inc/classes/Buffer/class-optimization.php(104): apply_filters() #5 [internal function]: WP_Rocket\Buffer\Optimization->maybe_process_buff in /home/crawsg/domains/craw.sg/public_html/wp-content/plugins/WP-Rocket-v3.10/inc/Engine/Optimization/DelayJS/HTML.php on line 221