Top Cyber Attacks of September 2022
Our 24x7x365 security operations team closely monitors all cyber news and related cyber attacks through our own insider sources to ensure our customers Get There First™- every time. Here are our SOC's top cyber attack picks from September 2022:
Second Largest School District in the U.S. Suffers Ransomware Attack
The Los Angeles Unified School District (LAUSD) has confirmed it had been a victim of a ransomware attack. The attack appears to have interfered with the LAUSD’s 75,000 employees access to many systems including email. The LAUSD is working with the FBI and the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency, along with local law enforcement agencies to provide incident response support. The LAUSD has said that it will not capitulate to the hacker’s demands for ransom, and in response the hackers are threatening to release confidential information on students and employees.
Key takeaway: Ransomware attacks have become a serious threat to local governments. To mitigate your risk, you should backup data, system images, and configurations. Make sure that this data is offline and not connected to your business networks, as many ransomwares will try and delete and encrypt this back up data.
Suffolk County Services Crippled by Cyberattack
The Suffolk County Government suffered a devastating cyberattack early in September. The ransomware team ALPHV or “Black Cat” claims to be responsible for the attack. The attack appears to have originated from a phishing email but has now spread through the entire system. The attack has left residents unable to pay tickets, purchase real estate, or even call the Suffolk County Police Department. Because of the attack, almost all operations are being done on pen and paper causing slow progress and disorganization. The county executive's office says they are coordinating with the state Division of Homeland Security and Emergency Services Cyber Incident Response Team and other law enforcement to fix the breach.
Key takeaway: Because local governments have outdated systems, small IT budgets, and pressing responsibilities they are becoming prime targets for ransomware attacks. It is imperative for local governments to see what is happening in Suffolk and make changes to strengthen their cybersecurity before it is too late. This can do through employee awareness training at minimum and an email security solution with machine learning to prevent phishing emails from ever hitting the inbox in the first place.
Former Conti Cybercrime Gang Members Now Targeting Ukraine
According to Google, former Conti ransomware gang members are targeting Ukrainian organizations and European NGO’s. The ex-gang members, now part of a threat group called UAC-0098, are known for using IcedID banking trojan to provide access to compromised systems within enterprise networks. The group has been observed targeting Ukrainian businesses and impersonating representatives of Starlink and the National Cyber Police of Ukraine. UAC-0098 also frequently changes its tactics, techniques, and procedures making it hard to implement security. They also are most likely aligned with Russian government-backed attackers making them especially dangerous. The news is not all bad, because of Conti’s open support of Russia an anonymous actor leaked over a year’s worth of the group's internal chats.
Industry: Non-governmental organizations
Key takeaway: The best way to mitigate phishing attacks is awareness and education. Never open attachments or links from unsolicited emails. Another way to prevent phishing is through email security, for example, Digital Hand's Cloud collaboration and email security solution has a 99.2% catch rate. Combining these two practices assures that you and your business will remain secure.
Lorenz Ransomware Breaches Corporate Network via Phone Systems
The Lorenz ransomware gang is exploiting a vulnerability in Mitel Mivoice VOIP appliances. The gang uses the vulnerability in Mitel phone systems for initial access to the company's corporate networks to obtain a reverse shell. The gang members then downloaded an open-source TCP tunneling tool (Chisel) to pivot into the environment. After waiting a month, Lorenz used CrackMapExec to dump credentials on the system, giving them two privileged administrator accounts. With these accounts, they were easily able to move laterally through the environment to a domain controller. Finally, the gang was able to exfil the targeted data and encrypt the chosen files.
CVE ID: CVE-2022-29499
CVSS score: 9.8/10 💥
Key takeaway: Always be vigilant for critical vulnerability announcements of your business systems. As soon as you are notified so are all the hackers. If the simple software update was downloaded the breach would have been prevented and the vulnerability would have been mitigated.
North Korean Hackers are using Trojanized Versions of the PuTTY SSH Client to Deploy Backdoors on Targets
While running proactive threat hunting Mandiant Managed Defense found a new spear phishing methodology employed by North Korean hackers. The method uses a trojanized version of PuTTY SSH to deploy backdoors through fake Amazon job assessments and Crypto.com job offers. This is thought to be a continuation of Operation Dream Job, a North Korean hacking campaign focused on hacking people through emails offering them their dream job. These attacks have been primarily in the defense industry but as of now seem to be targeting people in the media industry.
Key takeaway: The future of war is cyber warfare. A modern-day company must not only protect itself from malicious people looking to exploit cyber vulnerabilities but also malicious governments looking to cripple infrastructure and economies. Many companies do not realize how at risk they are from highly sophisticated entities looking to create trouble.
About Digital Hands
As a new kind of MSSP, Digital Hands is how organizations are getting ahead of the bad guys in a world where compliance alone is no guarantee of protection. Too many companies invest in cybersecurity solutions, follow the recommendations, achieve compliance … and then still get breached. You’ve got to get to your exposures before the bad guys do.
To help you do just that, we've outlined the most common types of threat actors, how they impact you, and controls you can implement to ensure you get ahead of every threat in our latest guide!