Cybersecurity Threats on the Rise: New Malware, Breaches, and Ransomware Attacks – September 16, 2024

Day

–:–

Post Activated

Scroll down to press Like

New Ransomware Threats:
- RansomHub, previously known as Cyclops and Knight, has continued its rise, targeting large organizations across various sectors. This ransomware group has exfiltrated and encrypted data from at least 210 victims in sectors such as water, wastewater, and government services. RansomHub’s focus has shifted toward demanding higher payouts by causing major operational disruptions.
- BlackSuit ransomware has targeted several entities, including educational institutions, resulting in significant data theft. The group is responsible for the attack on Charles Darwin School, which led to the theft of sensitive student data.
New Malware:
- FakeUpdates malware continues to be one of the most prevalent threats globally, impacting around 8% of organizations. Alongside it, the Androxgh0st malware has been rising in usage, often targeting enterprise systems.
- A Chinese state-sponsored cyberespionage campaign named Operation Crimson Palace has been using a newly developed keylogger called “TattleTale” to target government organizations in Southeast Asia, showing the continuous evolution of state-sponsored malware.
Major Breaches:
- Fortinet recently suffered a significant data breach, where a threat actor managed to exfiltrate 440GB of data from its Microsoft SharePoint server. The breach is still under investigation, but it does not appear that data encryption occurred.
- Cencora, a healthcare-related firm, has been targeted in a breach, although details regarding whether it involved ransomware remain undisclosed.
Vulnerabilities and Patches:
- Microsoft’s latest updates, part of the September 2024 Patch Tuesday, addressed 79 vulnerabilities, including critical zero-day flaws. Notably, a remote code execution vulnerability in Windows Update and a privilege escalation flaw in Windows Installer were prioritized for patching due to active exploitation.
- Ivanti has patched a severe vulnerability (CVE-2024-8190) affecting its Cloud Services Appliance, which allows remote code execution and is actively being exploited.
Other Key Trends:
- Ransomware Payments: So far in 2024, ransomware payments have reached approximately $450 million, setting a potential record year. Despite this, fewer organizations are paying ransoms, as the rate of ransom payments has dropped.
- New Breach on Healthcare: The healthcare sector continues to be a primary target for cybercriminals, with multiple actors attempting to exploit weaknesses in healthcare providers’ networks.

These are just a few of the key cybersecurity events happening in the U.S. and globally as of September 16, 2024. Staying vigilant with system updates and security measures is crucial in light of these ongoing threats.