Cyber Attacks, Data Breaches, Ransomware Attacks : September 2024


 In September 2024, major organizations like TFL, Planned Parenthood, Florida-based Slim CD, Fortinet, and the e-commerce platform Temu were hit hard by cyberattacks, data breaches, and ransomware. These incidents are just a glimpse of the cyber crime wave that swept through the month.

Check out our detailed report on all the cyber crime instances from September 2024. Remember, knowledge is your greatest defense, and staying informed about past attacks is essential for strengthening your cybersecurity posture.

  • Ransomware Attacks in September 2024
  • Data Breaches in September 2024
  • Cyber Attacks in September 2024
  • New Malware and Ransomware Discovered
  • Vulnerabilities Identified and Patches Released
  • Advisories, Reports, and Analysis for September 2024

Some organizations not only faced cyberattacks but also incurred heavy financial penalties due to security lapses. For example, Lehigh Valley Health Network agreed to a $65 million settlement after hackers leaked sensitive photos of cancer patients. DNA testing giant 23andMe settled for $30 million following a massive data breach. AT&T faced a $13 million fine after a Federal Communications Commission (FCC) investigation.

These figures highlight the devastating financial and reputational impact of a cybersecurity incident. The best way to protect your organization is through preparation.

To stay ahead, you must continuously evaluate your cybersecurity defenses, study the latest attack methods, and enhance your organization’s cyber resilience. It’s no longer a question of “if” you’ll be attacked, but “when.”

Take these proactive steps:

  • Implement a strong Cyber Incident Response Plan.
  • Test its effectiveness through Cyber Tabletop Exercises and attack simulations.
  • Provide comprehensive cybersecurity training to your team so that every employee understands their role during a crisis.
  • Equip staff with the skills to make informed decisions, practice incident response, and integrate these processes into their routine.

By prioritizing these strategies and learning from past incidents, you can significantly reduce the risks and impacts of cyber threats, ensuring your organization’s future security and resilience.

Ransomware Attacks in September 2024

DateVictimSummaryThreat ActorBusiness ImpactSource Link
September 04, 2024Microchip TechnologyMicrochip Technology confirms personal information stolen in ransomware attackPlay RansomwareUS-based semiconductor supplier Microchip Technology confirmed that personal information and other data were stolen during a ransomware attack. The attack caused business disruptions, but systems were isolated to contain it.Source
September 04, 2024Planned ParenthoodRansomware gang claims cyber attack on Planned ParenthoodRansomHub RansomwareRansomHub ransomware group threatened to leak 93 GB of exfiltrated data from Planned Parenthood, listing them on their leak site.Source
September 06, 2024Charles Darwin SchoolCharles Darwin School Bromley closes due to cyber attackUnknownIT issues turned out to be a cyber attack. The school is investigating to determine what data was accessed.Source
September 10, 2024Japanese media giant KadokawaJapanese media giant investigating another reported data leak by BlackSuit hackersBlackSuit RansomwareKadokawa, a major media company, was hit by a ransomware attack. Reports showed BlackSuit ransomware uploaded stolen data from Kadokawa to the dark web.Source
September 12, 2024Kawasaki’s European armKawasaki’s European arm restores operations after a cyber attack claimed by RansomhubRansomHub GroupKawasaki Motors Europe confirmed a cyber attack that resulted in 487 GB of data being stolen. The company isolated affected servers as part of the recovery plan.Source
September 12, 202423andMe23andMe to pay $30 million in genetics data breach settlementHacker known as GolemDNA testing company 23andMe agreed to a $30M settlement for a data breach that exposed information of 6.4 million customers. Data was leaked in 2023.Source
September 12, 2024Lehigh Valley Health NetworkHospital system to pay $65 million for dark web data leak, including images of nude cancer patientsBlackCat RansomwareLehigh Valley Health Network settled for $65M after hackers posted nude images of 600 cancer patients and other personal data.Source
September 14, 2024Port of SeattlePort of Seattle confirmed that Rhysida ransomware gang was behind the August attackRhysida RansomwareRhysida ransomware gang disrupted key services, including baggage handling and check-in kiosks at the Port of Seattle. The Port refused to pay the ransom.Source
September 16, 2024NHS LondonData on nearly 1 million NHS patients leaked online following ransomware attack on London hospitalsQilin RansomwareAlmost 1 million NHS patients’ sensitive data, including medical conditions, were leaked online after a ransomware attack.Source
September 16, 2024Stillwater Mining CompanyOwner of only US platinum mine confirms data breach after ransomware claimsRansomHub RansomwareStillwater Mining Company confirmed a breach affecting thousands of employees’ sensitive information after a ransomware attack.Source
September 17, 2024AT&TAT&T to pay $13 million FCC settlement for 2023 data breachShinyHuntersAT&T agreed to pay $13 million to settle a Federal Communications Commission (FCC) investigation related to a 2023 data breach.Source
September 20, 2024Blackpool Trust SchoolsSchools threatened by hackers in cyber attackUnknownSchools across Lancashire, UK, were affected by a ransomware attack, causing disruption to IT systems.Source
September 22, 2024Kansas’ Franklin CountyRansomware attack on Kansas county exposed sensitive information of nearly 30,000 residentsUnknownHackers leaked personal data of 29,690 residents following a ransomware attack on Franklin County’s Clerk Office.Source

Data Breaches in September 2024

DateVictimSummaryThreat ActorBusiness ImpactSource Link
September 02, 2024Management consulting firm, CBIZCBIZ Benefits & Insurance Services discloses data breach affecting client informationUnknownBenefits & Insurance Services (CBIZ) reported a significant data breach involving the unauthorized access of sensitive client information stored in its databases. The breach that occurred between June 2 and June 21, 2024, was caused by a vulnerability in one of CBIZ’s web pages, exploited by a threat actor to steal the data of nearly 36,000 individuals.Source: teiss.co.uk
September 09, 2024Florida-based Slim CDMassive credit card breach hits 1.7 million people after hackers access payment processing serviceUnknownAlmost 1.7 million consumers in the US and Canada may have had their data exposed in a massive credit card database breach. Florida-based Slim CD, a payment processor, sent emails to customers that their information may have been accessed anytime from August 2023 to June 2024.Data breach attack on a payment processing service Slim CD
September 09, 2024FortinetFortinet says hackers accessed ‘limited’ number of customer files on third-party driveUnknownFortinet said that someone gained unauthorized access to a limited number of files stored on Fortinet’s instance of a third-party cloud-based shared file drive. The file drive “included limited data related to a small number of Fortinet customers”.Fortinet data breach
September 09, 2024Avis Car RentalAvis Car Rental suffers a data breach impacting nearly 300,000 customersUnknownCar rental company Avis has suffered a data breach impacting nearly 300,000 customers after an unauthorized third party accessed a business application. Avis said the attacker breached the company’s business application between August 3 and August 6, 2024, and was detected on August 5, 2024.Source: CPO Magazine
September 11, 2024Boulanger, Cultura, TruffautPopular French retailers confirm hackers stole customer dataA threat actor using the nickname “horrormar44” on BreachForumsSeveral well-known French retail brands reported having data stolen by a cyber attack as hackers targeted Boulanger, which specializes in electronics and home appliances, and the retailer Cultura, gardening supplier Truffaut. Several French media outlets reported the list of victims could be even longer.Source: The Record
September 17, 2024E-commerce platform, TemuTemu denies breach after hacker claims theft of 87 million data recordsA threat actor using the moniker ‘smokinthashit’Temu denied it was hacked or suffered a data breach after a threat actor claimed to be selling a stolen database containing 87 million records of customer information. The threat actor put the alleged data up for sale on the BreachForums hacking forum, along with a small sample to serve as proof of the stolen data.Temu data breach
September 20, 2024DellDell investigates data breach claims after hacker leaks employee informationBreachForums hacker “grep”Dell has confirmed that they were investigating recent claims that it suffered a data breach after a threat actor leaked data for over 10,000 employees. The allegations were published by a threat actor named “grep,” who alleges that the computing vendor suffered a “minor data breach” in September 2024, exposing internal employee and partner information.Source: BleepingComputer

Cyber Attacks in September 2024

DateVictimSummaryThreat ActorBusiness ImpactSource Link
September 02, 2024German air traffic controlCyber attack paralyses office communications at German air traffic controlAPT28-(Fancy Bear)Deutsche Flugsicherung (DFS), the state-owned agency responsible for air traffic control in Germany confirmed that it was the target of a cyber attack that has disrupted its office communications.Cyber attack on German air traffic control, DFS
September 02, 2024Transport for London (TfL)TfL faces sophisticated cyber security incidentUnknownTransport for London’s (TfL) computer systems were hit with an ongoing cyber attack as the transport company said there was no evidence customer data had been compromised and there was no impact on TfL services.Transport for London (TfL) cyber attack
September 02, 2024Canvey Infant SchoolCanvey Infant School in Essex deals with a significant cyber incidentUnknownCanvey Infant School, an Essex-based primary school, experienced a significant cyber attack that disrupted access to IT systems and forced school authorities to delay school reopening.Source: teiss.co.uk
September 04, 2024Latvian government and critical infrastructure websitesHackers linked to Russia and Belarus increasingly target Latvian websites, officials sayRussia-linked hacktivist groups such as NoName057(16) and Anonymous GuysPolitically motivated hackers linked to Russia and Belarus are targeting Latvian government and critical infrastructure websites in a new wave of cyber attacks.Cyber attack on Latvian government and critical infrastructure websites
September 04, 2024Tewkesbury Borough Council in Gloucestershire, EnglandServices disrupted as local council near GCHQ’s headquarters hit by cyberattackUnknownTewkesbury Borough Council in Gloucestershire, England, warned residents that it had discovered it was being targeted by a cyber attack.Source: The Record
September 04, 2024Penpie DeFiPenpie DeFi platform files reports with FBI, Singapore police after $27 million crypto theftUnknownHackers stole about $27 million worth of cryptocurrency from the Penpie decentralised finance (DeFi) protocol.Source: The Record
September 09, 2024Highline Public SchoolsHighline Public Schools closed in WA after possible cyber threatUnknownThe attack hit the technology systems of the schools and forced the educational bodies to remain closed.Source: Fox 13 Seattle
September 09, 2024Highline Public Schools in WashingtonWashington state school district closed for second day after cyber attackUnknownA Seattle-area school system serving more than 17,000 students remained closed on September 10 for a second day after a cyber attack caused network outages.Source: The Record
September 12, 2024Jakarta-based crypto exchange IndodaxLargest crypto exchange in Indonesia pledges to reimburse users after $22 million theftUnknownA major cryptocurrency exchange in Southeast Asia has paused operations after $22 million in coins was stolen.Source: The Record
September 13, 2024Tennessee school district, Johnson County Board of EducationTennessee school district loses $3.4 million to a fake curriculum vendorUnknownA school district in the northeast corner of Tennessee lost more than $3 million earlier this year after an employee was tricked into sending funds intended for online curriculum materials to a fraudster.Source: The Record
September 16, 2024Germany’s Radio GeretsriedGerman radio station forced to broadcast ’emergency tape’ following cyber attackUnknownRadio Geretsried, a local station in Germany, has blamed “unknown attackers from Russia” after an apparent ransomware incident.Source: The Record
September 17, 2024Russian organisation OsnovaniePro-Ukraine hackers claim attack on agency that certifies digital signatures in RussiaOsnovanie (“Foundation” in Russian)The Russian federal organisation that certifies digital signatures used by local businesses and individuals is still recovering from a cyber attack.Source: The Record
September 17, 2024Russian anti-virus company Dr.WebRussian cyber firm Dr.Web says services are restored after ‘targeted cyber attack’UnknownPopular Russian antivirus developer Dr.Web said it has resumed operations after suffering a security breach.Source: The Record
September 21, 2024Asian crypto platform BingXHackers stole over $44 million from Asian crypto platform BingXUnknownSingaporean crypto platform BingX reported a cyber attack as threat actors stole over $44 million worth of cryptocurrency.Source: Security Affairs
September 24, 2024MoneyGramMoneyGram says cyber incident causing network outagesUnknownDigital payment giant MoneyGram said a recent cybersecurity incident has caused network outages and other issues for those trying to send money.Source: The Record

New Ransomware/Malware Discovered in September 2024

New RansomwareSummary
New Ransomware-as-a-Service (RaaS)A new ransomware-as-a-service (RaaS) operation impersonates the legitimate Cicada 3301 organization and has already listed 19 victims on its extortion portal, as it quickly attacked companies worldwide.
WhisperGate malwareFederal agencies continued to confront Russian cyber-operations, unsealing an indictment against members of a Russian military intelligence unit involved with the destructive WhisperGate malware and other hacking campaigns.
New PIXHELL acoustic attackA novel acoustic attack named ‘PIXHELL’ can leak secrets from air-gapped and audio-gapped systems, and without requiring speakers, through the LCD monitors they connect to.
Ajina Banker malwareA new Android malware is being used to steal information from bank customers in Central Asia, researchers have found.
CosmicBeetle’s new malware, ScRansomA group that researchers are calling CosmicBeetle has developed new ransomware and deployed it against small and medium-sized businesses, mostly in Europe and Asia, according to a new report.
Android malware ‘Necro’A new version of the Necro malware loader for Android was installed on 11 million devices through Google Play in malicious SDK supply chain attacks.

Vulnerabilities/Patches Discovered in September 2024

DateNew Malware, Flaws & FixesSummary
September 03, 2024CVE-2024-7261Zyxel has released security updates to address a critical vulnerability impacting multiple models of its business routers, potentially allowing unauthenticated attackers to perform OS command injection.
September 09, 2024CVE-2024-40766Ransomware affiliates exploit a critical security vulnerability in SonicWall SonicOS firewall devices to breach victims’ networks.
September 10, 2024CVE-2024-38217Microsoft has fixed a Windows Smart App Control and SmartScreen flaw that has been exploited in attacks as a zero-day since at least 2018.
September 16, 2024CVE-2024-29847A proof-of-concept (PoC) exploit for CVE-2024-29847, a critical remote code execution (RCE) vulnerability in Ivanti Endpoint Manager, is now publicly released, making it crucial to update devices.
September 16, 2024CVE-2024-43461CISA has ordered U.S. federal agencies to secure their systems against a recently patched Windows MSHTML spoofing zero-day bug exploited by the Void Banshee APT hacking group.
September 17, 2024CVE-2024-38812Broadcom has fixed a critical VMware vCenter Server vulnerability that attackers can exploit to gain remote code execution on unpatched servers via a network packet.
September 19, 2024CVE-2024-27348The U.S. Cybersecurity and Infrastructure Agency (CISA) has added five flaws to its Known Exploited Vulnerabilities (KEV) catalogue, among which is a remote code execution (RCE) flaw impacting Apache HugeGraph-Server.
September 19, 2024CVE-2024-8963Ivanti warned that threat actors are exploiting another Cloud Services Appliance (CSA) security flaw in attacks targeting a limited number of customers.

Warnings/Advisories/Reports/Analysis

News TypeSummarySource Link
ReportThe U.S. Federal Trade Commission (FTC) has reported a massive increase in losses to Bitcoin ATM scams, nearly ten times the amount from 2020 and reaching over $110 million in 2023.Source: Bleeping Computer
WarningThe FBI warned of North Korean hacking groups aggressively targeting cryptocurrency companies and their employees in sophisticated social engineering attacks to deploy malware designed to steal their crypto assets.Source: Bleeping Computer
ReportThe Dutch Data Protection Authority (Dutch DPA) has imposed a fine of €30.5m ($33.7m) on Clearview AI over illegal data collection for facial recognition.Clearview AI Fined €30.5m by Dutch Watchdog Over Illegal Data Collection
ReportNykaa Fashion, a leading Indian beauty and fashion retailer, has taken legal action against its former Chief Business Officer (CBO), accusing him of breaching confidentiality agreements and misappropriating proprietary data.Nykaa Fashion initiates legal proceedings against former CBO
ReportA privacy flaw in WhatsApp is being exploited by attackers to bypass the app’s “View once” feature and view messages again. WhatsApp is working on a fix.Source: Bleeping Computer
ReportThe National Crime Agency (NCA), once heralded as British law enforcement’s elite answer to cybercrime, is facing significant challenges according to a new report.Source: The Record
ReportWix.com has announced it will stop providing services to Russian users on September 12, 2024, with all accounts from Russia to be blocked.Source: Bleeping Computer
ReportThe RansomHub ransomware gang has been using TDSSKiller, a legitimate tool from Kaspersky, to disable endpoint detection and response (EDR) services on target systems.Source: Bleeping Computer
ReportA high-stakes cyber battle continues between defenders and Chinese cyberespionage groups targeting Southeast Asia government organizations.Source: The Record
Analysis

 An Iranian state-sponsored threat actor, APT34 (OilRig), has targeted Iraqi government organisations in a new espionage campaign, according to researchers.

Contact :
Synergy IT solutions Group
439 University Avenue, 5th Floor
Toronto, ON M5G 1Y8
+1(866) 966-8311
+1(905) 502-5955
Email  :
info@synergyit.ca
sales@synergyit.ca
Website :
https://www.synergyit.ca/

Source: The Record

Comments

Popular posts from this blog

Major Cyber Attacks, Ransomware Attacks and Data Breaches of June 2025

January 2025: Recent Cyber Attacks, Data Breaches, Ransomware Attacks

Major Cyber Attacks, Data Breaches, Ransomware Attacks in December 2024