Recent Cyberattacks, Data Breaches, Ransomware Attacks in October 2022
Date: 1 November 2022
We've reached the tail end of the year but the cyber-attacks aren't ending. Here's a list of the cyber attacks, data breaches and ransomware attacks that made the headlines in October 2022.
This list is purely educational and is only intended to showcase the rampant rise in cyber incidents across the world.
- Cyber-Attacks in October 2022
- Data Breaches in October2022
- Ransomware Attacks in October 2022
- New Ransomware/Malware Detected in October 2022
- Advisories issued etc. in October 2022
Australia is probably one word that has appeared in most stories about cyber-attacks this month. While last month its number two telco, Optus, revealed a data breach compromising data of 10 million customers, this month continued the mired saga with the country's top health insurer, Medibank, confirming that medical information of ALL its customers was lost to a ransomware attack.
That's not all. Online shopping store, MyDeal.com, owned by one of the country's largest retail businesses, Woolworths, suffered a data breach in which personal information of 2.2 million of its customers was affected.
Then there is the curious case of Australian Clinical Labs that disclosed a data breach almost 8 months after it discovered that medical records and other sensitive information of 223,000 people was impacted.
And these are just some of the many other attacks that have affected Australian businesses and government organisations recently. So what is the message here? Quite clearly that beefing up cybersecurity defences is the need of the hour, no matter your size or industry.
No business should be complacent about their cyber posture anymore - given that UK's Interserve was just fined £4.4 million for failing to prevent a cyber-attack and for its poor infosec hygiene.
Even if you feel your cybersecurity requirements aren't as pressing or urgent at the moment, get professional help through a cost-effective and ticket-based service like our Virtual Cyber Assistant. This can help you evaluate your cybersecurity posture and see if you're ready at all to deal with a real attack.
But before that, download this FREE Cyber Incident Response Plan template and start building your own response strategy today. Because remember - chances of you being attacked are as high as any of the businesses and victims mentioned below. So all you can really do is put the best preventive measures in place and be prepared.
Below is a comprehensive and continually updated list of cyber-attacks, ransomware attacks and data breaches that made the news in October 2022.
Cyber Attacks in October 2022
Pro-Russian hackers temporarily take MI5 website offline with cyber attack
Public-facing website went down intermittently
College shuts down internal servers after noticing suspicious activity which later turns out to be a ransomware attack.
Internal servers down
'Mass DDoS' attack prevents fans from playing Overwatch 2.
Game servers down on the day of launch
Comm100 Live Chat App
Live support app trojanized as part of a new supply-chain attack
Suspected Chinese Threat Actors
Live chat app's infected variant allowed for a stealthy supply-chain attack
Pinnacle Group Regional Offices & Primary Health Care
Cyber attack targets a North Island GP network
Patient Details Compromised
Chase UK's app-only banking offering hit by a mysterious outage
Customers unable to access banking services in the absence of physical centres
|Llyod's of London
|Llyod's of London investigates possible cyber-attack
|Unusual activity detected & all external connectivity turned off
|Llyod's of London Cyber Attack
|Virginia Mason Franciscan Health
|VMFH, parent company, CommonSpirit targetted in a cyber-attack
|Facilities impacted nationwide, healthcare appointments rescheduled & some health records taken offline
|VMFH Parent Co Attacked
|Fast Company shuts website after racist and obscene comments appeared on its stories & Apple News notification.
|Allegedly a hacker name "Thrax" on Breached hacking forum
|Shutdown of FastCompany.com
|Fast Company Attack
|One of Australia's largest horticulture cos experiences a malicious IT phishing attack.
|10% of data on one server (which holds data for their berry category) compromised
|Costa Group Phishing Attack
|U.S. Airport websites
|Pro-Russian hackers target more than a dozen U.S. Airport websites
|Killnet pro-Russian hacking group
|Parts of websites become inaccessible; no operational disruptions
|Attack on major U.S. airport sites
|All Medibank customers' personal data compromised after cyber-attack
|200 GB of files & personal and medicare data of 3.9 million customers compromised
|COVID-19 themed phishing emails abuse Google Forms to steal personal data.
|COVID-19 themed phishing scam
|UK's NHS confirms that client data was exfiltrated in August cyber incident
|Hackers obtained data of 16 customers
|NHS Attack Updates
|Bulgaria Govt Institutions
|Govt institutions hit by DDoS attack
|Allegedly Russian threat actors
|Website of the presidency & numerous
|Australian Taxation Office
|3 million cyber-attacks attempted on Australian Taxation Office in a month
|Wholesale giant METRO experiences service outages after being hit by a cyber-attack.
|IT Infrastructure outage
|Australian Clinical Labs
|Pathology company Australian Clinical Labs reveals it was hit by cyber attack eight months ago
|Hackers accessed data of 223,000 patients & staff & posted some of it on the web.
|New York Post
|New York Post hacked with offensive headlines targeting U.S. politicians
|Allegedly an internal employee
|Offensive headlines & tweets posted through the Twitter account & website.
|New York Post hack
|Largest copper producer in the EU suffers a cyber-attack
|Aurubis to shut down IT systems to prevent the attack's spread. Victim now maintaining operations manually.
|Aurubis Cyber Attack
Slovak Parliament Senate, upper house of the Polish parliament
|Slovak Parliament suspends voting due to a suspected cyberattack.
|Slovak Parliament Attack
|Airtel Mobile Commerce Uganda Limited struck by a cyber-attack; apparently billions stolen
|Allegedly billions stolen.
|Airtel Uganda Attack
Data Breaches in October 2022
|Shangri-La Hotels in Asia
|Database containing personal data of customers at 8 properties in Asia hacked.
|Databases containing guests' contact information such as email addresses, phone numbers, postal addresses, Shangri-La Circle membership numbers, reservation dates and company names compromised.
|Shangri-La Data Breach
|City Of Tucson
|City of Tucson discloses data breach affecting over 125,000 people
|Threat actors obtained access to the network and stole essential documents containing the personal information of approx. 125,000 people
|Tucson Data Breach
|Intrusion of a third-party organisation exposed employee data dating back to 2017.
|Employee data dating back to 2017 affected.
|Telstra Third-Party Breach
|VisionWeb data breach impacts the confidential information of 35,900 individuals.
|Unauthorised party gained access to consumers’ names, Social Security numbers, government-issued identification numbers, medical information and health insurance information.
|VisionWeb Data Breach
|Los Angeles Unified School District
|Los Angeles Unified School District suffers ransomware attack; student data leaked.
|Student Data Leaked
|LA School Data Leaked
|Russian Retail Chain DNS
|Russian Retail Chain, Digital Network System (DNS) suffers data breach.
|Full names, usernames, email addresses, and phone numbers of DNS 16 million customers and employees leaked online.
|DNS Data Breach
|Konnech CEO arrested for storing data on Chinese servers.
|Konnech allegedly violated its contract by storing critical information that the workers provided on servers in China.
|Konnech Data Breach
|Sydney-based teenager arrested for an Optus data breach-based SMS scam.
|19-year old arrested.
|Optus data breach-based SMS scam
Former Uber CISO, Joe Sullivan, convicted for covering up a 2016 data breach in which personal information of 57 million Uber users was stolen.
Read more about this major cybersecurity moment here:
|Brandon Glover, a 26-year-old Florida resident & Vasile Mereacre, a 23-year-old Canadian national
|Former CISO convicted in a first-of-its kind moment in modern cybersecurity history.
|Uber CISO Convicted
|Hackers steal 2 million Binance Coins (BNB) from Binance Bridge.
|$566 million stolen
|Binance Bridge Breached
|Eventus WholeHealth discloses data breach involving protected health information.
|Unauthorised individual gains access to an Eventus WholeHealth employee’s email account containing sensitive consumer information.
|Eventus Data Breach
|Hackers compromise support system of American video game publisher 2K & send support tickets to gamers containing RedLine password-stealing malware.
|2K support system hack
|Meta sues several Chinese companies HeyMods, Highlight Mobi, and HeyWhatsApp for developing and allegedly using "unofficial" WhatsApp Android apps to steal over one million WhatsApp accounts starting May 2022.
|Companies operating under the names HeyMods, Highlight Mobi, and HeyWhatsApp
|Over 1 million WhatsApp Accounts Stolen
|WhatsApp Accounts Stolen
|2K confirms customer data stolen & up for sale online from September breach.
|2K Games Data Breach
|GEE Group confirms consumer data leaked in recent security incident.
|GEE Group Data Breach
|Intel confirms leaked Alder Lake BIOS Source Code is authentic
|Hackers stole and leaked the source code of UEFI BIOS of Alder Lake CPUs as the leaked information contains 5.97 GB of files, source code, private keys, change logs, and compilation tools.
|Alder Lake leaked source code
|The Scoular Company
|The Scoular Company files notice of a data breach with the Montana
Unauthorized party gained access to consumers’ names, dates of birth, Social Security numbers, driver’s license numbers, passport numbers, other government ID numbers, credit card numbers, financial account numbers.
|Scoular Company Data Breach
|Singtel confirms 2020 data breach after Optus attack
|Personal information of 129,000 customers and 23 businesses exposed in the breach including National Registration Identity care information, name, date of birth, mobile numbers and addresses.
|Singtel Data Breach
Celsius customer emails leaked by an employee at one of the company’s vendors “customer.io”. Celsius reveals thousands of users' transaction histories in Court Filing.
|Celsius users could be exposed to a wave of phishing attacks.
|Celsius Data Breach
|Fresh investigation into Optus over its handling of the cyber-attack.
|Optus could be fined millions of dollars for its data breach
|Optus Data Breach
|Toyota Accidentally Exposes A Secret Key Publicly On GitHub; leads to data breach
|E-mail addresses and customer management numbers of some customers who subscribe to "T-Connect" were leaked.
|Toyota Data Breach
|Genealogy site, FamilySearch, operated by The Church of Jesus Christ of Latter-day Saints, revealed that it experienced a data breach.
|Personal details of thousands of users compromised.
|FamilySearch data breach.
|The Church of Jesus Christ of Latter-day Saints
|Mormon Church attacked and data stolen by 'state-sponsored' cyber-thieves
|Anonymous 'state-sponsored' cyber criminals
|Username, membership record number, full name, gender, email address(es), birthdate, mailing address, phone numbers of members.
|Mormon Church Data Breach
|Breach at document co, Elevate, leaves Snap employee data compromised.
|Personal information of some of Snap’s current and former team members.
|Snap Data Breach
|Shein owner fined $1.9M for failing to notify 39M users of data breach.
|$1.9 million fine
|Shein Data Breach
Australian Federal Police
|Identities of Australian secret agents, details of 35 Australian Federal Police operations, some ongoing, as well as surveillance reports from undercover agents, phone taps and payroll records for Colombian law enforcement officers compromised after hackers leak documents from Colombian Government.
|Identities of secret agents exposed.
|AFP data breach
Woolworths Group's MyDeal hit by breach exposing data of 2.2 million customers.
|Data of 2.2 million customers exposed.
|MyDeal Data Breach
|Data of 500,000 customers affected as Vinomofo breached.
|Vinomofo Data Breach
|Verizon confirms data breach.
Names, telephone numbers, billing addresses, price plans, and other service-related information on compromised accounts.
|Verizon Data Breach
|Fine wine retailer iDealwine suffers a data breach.
|Customers’ name, postal address, telephone number and email address may have been disclosed to attackers.
|iDealwine Data Breach
|Misconfigured Microsoft Server causes sensitive customer information to be exposed.
The exposed information includes names, email addresses, email content, company name, and phone numbers, as well as files linked to business between affected customers and Microsoft or an authorised Microsoft partner.
|Microsoft Blue Breed Data Breach
|Advocate Aura Health
|Advocate Aura Health suffers data breach due to improper use of Meta Pixel.
|3 million patients' data compromised.
|Advocate Aura Health Data Breach
|EnergyAustralia added to the list of Australian cos to get hacked in October, 2022.
|Data of 323 residential & small business customers compromised.
|Ticketing service provider discloses a data breach that lasted 2.5 years.
|Customer data possibly including Full names, Physical address, ZIP code, Payment card number, Card expiration date, CVV number.
|See Tickets Data Breach
|Twilio confirms a new data breach stemming from a June 2022 security incident with the same attackers.
209 customers out of approximately 75 million total users had accounts that were impacted by the incident.
|Twilio Data Breach
|South Australian Liberal Party
South Australian Liberal Party members impacted by unauthorised access to personal information.
Personal information of about 2,000 members accessed by threat actors.
|SA Liberal Party Attack
Ransomware Attacks in October 2022
College shuts down internal servers after noticing suspicious activity which later turns out to be a ransomware attack.
Internal servers down
Italian luxury sports car manufacturer Ferrari confirms the availability of internal documents online, but denies ransomware attack.
|Ransomware gang posts 7 GB data on leak site claiming it's stolen from Ferrari. Information allegedly includes contracts, invoices, internal company information, repair manuals and more.
|Ferrai Ransomware Attack
|CommonSpirit US nonprofit health system discloses security incident.
|Some IT systems down due to the attack; appoints disrupted.
|Pinnacle Midlands Health Network
|Malicious actors accessed a third-party IT server that Pinnacle Midlands Health Network (Pinnacle) uses.
|Health information ranging from approximately 2016 to 2022 and some of Pinnacle’s corporate information compromised. Services affected at various centres.
|ADATA denies RansomHouse cyberattack; says leaked data from 2021 breach.
|RansomHouse gang added ADATA files to their data leak site claiming they stole 1TB worth of documents from the company.The threat actors also leaked samples of allegedly stolen files, which appear to belong to the company.
|ADATA Ransomware Attack
Mars Area School District
|Mars Area School District continues investigation into a recent cyber-attack.
|Allegedly Vice Society
|Unspecified data stolen
|Mars Area School District Attack
Pate’s Grammar School
|Vice Society, apparently, continues its extortion of schools and educational institutions.
|Allegedly Vice Society
|Vice Society Attacks Schools
|Hive Ransomware gang starts posting data stolen from Tata Power online.
|The data supposedly contains information like client contracts, agreement documents, as well as other sensitive information such as emails, addresses, phone numbers, passport numbers, taxpayer data, among others.
|Tata Power Ransomware Attack
Ransomware attack halts circulation of some German newspapers.
Attack impacted the entire Stimme Mediengruppe media group, which includes the companies ‘Pressedruck’, ‘Echo’, and ‘RegioMail.
|German Newspaper Group Attack
|Whitworth University confirms it was victim of ransomware attack; warns thousands of students, staff of data breach
|Personal information of student, alumni, employees and donors was allegedly compromised.
|Sensitive employee information impacted in an attack on a Washington state healthcare organisation.
Names, addresses and Social Security numbers for a number of current and former MultiCare employees were included in the data compromised.
|Ukrainian Government Agencies
|Cuba ransomware targets Ukrainian govt agencies.
|Ukrainian Govt Attacked
Ransomware attacks are becoming more complex and dangerous with every passing month. That's why our experts at Cyber Management Alliance have created these FREE downloadable resources for ransomware mitigation and response.
New Ransomware/Malware Discovered in October 2022
|RedKrypt Ransomware; Extension: .p.redkrypt; Ransom note: RedKrypt-Notes-README.txt
Stop/Djvu Ransomware (v0574); Extension: .tohj; Ransom note: _readme.txt
Stop/Djvu Ransomware (v0570); Extension: .adlg; Ransom note: _readme.txt
|New "Prestige" ransomware
|New “Prestige” ransomware impacts organizations in Ukraine and Poland
|Venus Ransomware targets publicly exposed Remote Desktop services
|Two variants of same ransomware created using leaked LockBit 3.0 Builder
|TommyLeaks and SchoolBoys are two sides of the same ransomware gang
Vulnerabilities/Patches Discovered in October 2022
|Hackers are actively exploiting an unpatched remote code execution (RCE) vulnerability in Zimbra Collaboration Suite (ZCS).
|Fortinet warns admins to patch critical auth bypass bug immediately.
|vCenter Server 8.0 still awaiting a patch to address a high-severity vulnerability disclosed in November 2021.
|VMware vCenter Server bug
|Windows 11 22H2 KB5018427
Windows 11 KB5018427 update released with 30 bug fixes, improvements.
|Windows 11 KB518427 update
39 Elevation of Privilege Vulnerabilities
2 Security Feature Bypass Vulnerabilities
20 Remote Code Execution Vulnerabilities
11 Information Disclosure Vulnerabilities
8 Denial of Service Vulnerabilities
4 Spoofing Vulnerabilities
|Microsoft October 2022 Patch Tuesday fixes zero-day used in attacks, 84 flaws.
|Zero-day vulnerability patches
|CVE-2022-37913 CVE-2022-37914 CVE-2022-37915
|Aruba fixes critical RCE and flaws in EdgeConnect
|900 servers hacked using Zimbra zero-day flaw
|Zimbra Zero-Day Flaws
|Windows TLS handshake failures
|Microsoft fixes Windows TLS handshake failures in out-of-band updates
|Windows TLS handshake update
|Zero-day flaw in Windows Mark of the Web
|Free unofficial patch launched for Windows Mark of the Web Zero-Day flaw
|Windows Mark of the Web patch
|Critical vulnerability in VMware Workspace One Access exploited to drop ransomware
|Issue blocking Windows 11 22H2 upgrades.
|Microsoft fixes printing issue blocking Windows 11 22H2 upgrades.
|Windows 11 22H2 known issues
|Apple fixes new zero-day used in attacks against iPhones, iPads
|VMware fixes critical Cloud Foundation remote code execution bug
Cisco warns admins to patch AnyConnect flaws exploited in attacks.
KB5018482 Preview cumulative update for Windows 10 20H2, Windows 10 21H1, and Windows 10 21H2
Windows 10 KB5018482 update released with nineteen improvements
|Windows 10 KB5018482 update
|Windows kernel vulnerable driver blocklist
|Microsoft fixes Windows vulnerable driver blocklist sync issue
|Windows vulnerable driver fix
|Google fixes seventh Chrome zero-day exploited in attacks this year
|CISA adds critical flaw impacting Atlassian's Bitbucket Server and Data Center to the Known Exploited Vulnerabilities (KEV) catalogue.
|Atlassian's Bitbucket flaw
US ports and terminals suffer increased cyber-attacks.
|US-based ports & terminals cyber-attacks
|Azerbaijan successfully prevents cyber-attacks during Patriotic War,
|Android spyware 'RatMilad' targets mobile devices in the Middle East to record audio & and steal data.
|New Android Malware Ratmilad
|The FBI warns of "Pig-Butchering" crypto scams.
|FBI & CISA say cyber-attacks targetting election systems unlikely to affect results or disrupt voting.
|Cyber-attacks on US Election Systems
|Killnet posts list of target American government sites for cyber-attacks.
|Killnet America Target List
|Meta to notify 1 million Facebook users about potentially compromised account credentials.
|Facebook Data Breach
|Report unravels Emotet's Delivery and Evasion Techniques Used in Recent Attacks.
|Emotet malware techniques
|Windows systems can now automatically block admin brute force attacks.
|Windows admin brute-force attacks
|Android leaks traffic despite "always-on" VPN.
|Android Traffic Leak
|Hacking group POLONIUM uses ‘Creepy’ malware against Israel.
|Phishing-as-a-service platform "Caffeine" makes i easy for anyone to launch an attack.
|Caffeine Phishing Platform
|IcedID malware hackers tinker with different delivery techniques.
|IcedID Malware Delivery Tactics
|5,000 phishing emails sent from Singapore Case officers' mailboxes.
|Singapore Phishing emails
|Signal to remove SMS support on Android App to prioritise privacy and security.
|Signal SMS Support
|Npm timing attack: Private packages names revealed enabling threat actors to release malicious clones publicly to trick developers into using them instead.
|Npm Timing Attack
|Wynncraft, one of the largest Minecraft servers, hit by a 2.5 Tbps DDoS attack.
|Minecraft server DDoS attack
|New attack and C2 framework, 'Alchimist,' targets Windows, Linux, and macOS systems.
|Alchimist Attack Framework
|Russia's Federal Financial Monitoring Service labels Meta, owner of Facebook, Instagram, and WhatsApp, as a terrorist and extremist organisation.
|Russia labels Meta an extremist organisation
|New zero-day bug apparently abused to hack Microsoft Exchange servers to launch Lockbit ransomware attacks.
|Microsoft Exchange Servers hacked
|Microsoft enables security update notifications through RSS Feed.
|Microsoft Security Update Notifications
|Urgent warning to Australians against Optus-breach related scams.
|Aussies warned against Optus-related scams
|41% consumers in India had data stolen by cybercriminals: ISACA Study
|41% Indians suffered data breach
|Ducktail phishing campaign targets Facebook accounts through PHP information-stealing malware.
|Facebook Ducktail Phishing Campaign
|Dutch National Police trick the DeadBolt ransomware gang into handing over 155 decryption keys by faking ransom payments.
|Dutch Police tricks DeadBolt
|Former University of Puerto Rico (UPR) student sentenced to 13 months in prison for hacking over a dozen email and Snapchat accounts of female colleagues.
|Puerto Rico cyberstalking case
|WithSecure discovers that weak block cipher mode of operation in Microsoft 365 may expose message content.
|Microsoft 365 message content exposure
|Intricate details of Israel Defence Forces' (IDF) first-ever cyber-attack revealed by Israeli officer.
|IDF's first-ever cyber-attack
|Japan's Law Enforcement & Financial Regulator issue warning to crypto firms against North Korean crime syndicate Lazarus Group.
|Japan's crypto firms warned against Lazarus
|A new UEFI bootkit named BlackLotus is being sold on hacking forums by malicious actors.
|New UEFI bootkit BlackLotus
|Authorities in Europe arrest members of car theft ring hacking keyless cars.
|Keyless car hacking
|Germany's criminal police raids homes of 3 individuals suspected of running phishing campaigns in which they stole €4,000,000 from internet users.
|Germany phishing attacks
|Research reveals 633% increase in cyber-attacks against Open Source Software Repositories.
|Open Source Software Repository Attacks
|Hackers threaten to release health data of 1,000 famous Australians.
|Aussie health data breach
|Security concerns of TikTok users continue.
|TikTok security concerns
|New world under "relentless" cyber-attacks after MediBank breach says Aussie Minister.
|MediBank cyber-attack aftermath
|The Australian Bureau of Statistics reveals that it has fended off close to a billion cyber-attacks against the census.
|Australia fended against a billion cyber-attacks
|Scammers targeting those trying to enroll in the Federal Student Aid program to steal their personal information, payment details, and money: FBI
|Student Loan Debt Relief
|Almost half of Irish SMEs have been hit by multiple cyber-attacks in the last three years, finds new study.
|Irish SMEs attacked
|CISA warns of Daixin Team hackers targetting healthcare institutions
|Australian companies to face fines of $50 million for data breaches.
|Aussie Cos fines
Interserve fined £4.4 million for failing to take adequate measures to prevent cyber-attacks.
|New study shows 50% of staff likely to quit after cyber-attack.
|Cyber-attack impact on staff
|Researchers find thousands of GitHub repositories offering fake proof-of-concept (PoC) exploits for various vulnerabilities, some of them including malware.
|Fake PoC exploits on GitHub
|New campaign pushes Google Chrome extensions that hijack searches and insert affiliate links into webpages.
|Google Chrome malvertizing campaign
|Dutch Police arrest 19-year old suspected of breaching healthcare software vendor and stealing thousands of documents potentially containing sensitive personal and medical patient information.
|19-year old hacker arrested in Netherlands
|Microsoft warns of new issue that can lead to data loss when resetting virtual disks using the Server Manager management console.
|Microsoft server manager disk reset issue
|New version of Fodcha DDoS botnet features ransom demands injected into packets and new features to evade detection.
|New Fodcha DDoS variant
|German Police arrest a 22-year-old student in Bavaria suspected of being the administrator of 'Deutschland im Deep Web' (DiDW), one of the largest darknet markets in Germany.
|Student arrested for running darknet market
|Microsoft OneDrive and OneDrive for Business crashes on Windows 10 systems for which customers have installed updates released earlier in the month.
|Microsoft OneDrive crashes
|ConnectWise releases security updates to patch critical vulnerability in the ConnectWise Recover and R1Soft Server Backup Manager (SBM) secure backup solutions.
|ConnectWise RCE bug