August 2024 saw a wave of high-profile cyberattacks across multiple sectors led by the RansomHub group, exposing personal data and disrupting operations. The incidents affected organizations such as Park’N Fly, Patelco Credit Union, Halliburton, Toyota-related breaches, and MOVEit transfers, underscoring widespread vulnerabilities across industries. #RansomHub #ParkN Fly #Patelco #Halliburton #BlackSuit #Toyota #MOVEitTransfer #ProgressSoftware #ZeroSevenGroup #Clop #NPD #Keytronic #BlackBasta
Keypoints
- August 2024 featured major cyberattacks across multiple sectors, with RansomHub behind several high-profile breaches.
- Park’N Fly breach exposed contact details for about 1 million customers; no payment data accessed.
- Young Consulting’s breach involved the BlackSuit ransomware group compromising the personal data of nearly 1 million customers.
- Patelco Credit Union breach affected around 726,000 individuals, with sensitive data exposed and data listed for auction by attackers.
- Halliburton cyberattack disrupted operations and services; RansomHub claimed responsibility; over 200 entities affected since February 2024.
- Toyota breach involved data from a third party, with 240GB reportedly leaked; Toyota stated its own systems were not breached.
- MOVEit Transfer incident led to SEC conclusions on investigations; CVE-2023-34362 cited; 95 million individuals and 2,770 companies affected; Clop ransom demanded but SEC took no enforcement action.
MITRE Techniques
- [T1566.001] Phishing – To gain unauthorized access to systems. ‘Phishing: Attackers may use phishing emails to gain unauthorized access to systems.’
- [T1059] Command and Scripting Interpreter – Execute scripts to facilitate further attacks. ‘Command and Scripting Interpreter: Attackers may execute scripts to facilitate further attacks.’
- [T1098] Account Manipulation – Manipulate accounts to maintain access. ‘Account Manipulation: Attackers may manipulate accounts to maintain access.’
- [T1203] Exploitation for Client Execution – Exploit vulnerabilities to gain higher privileges. ‘Exploitation for Client Execution: Attackers may exploit vulnerabilities to gain higher privileges.’
- [T1027] Obfuscated/Compressed Files and Information – Obfuscate files to evade detection. ‘Obfuscated Files or Information: Attackers may obfuscate files to evade detection.’
- [T1110] Brute Force – Use brute force techniques to gain access to accounts. ‘Brute Force: Attackers may use brute force techniques to gain access to accounts.’
- [T1046] Network Service Scanning – Scan networks to identify services and vulnerabilities. ‘Network Service Scanning: Attackers may scan networks to identify services and vulnerabilities.’
- [T1074] Data Staged – Stage data for exfiltration to external locations. ‘Data Staged: Attackers may stage data for exfiltration to external locations.’
- [T1486] Data Encrypted for Impact – Encrypt data to disrupt operations. ‘Data Encrypted for Impact: Attackers may encrypt data to disrupt operations.’
Indicators of Compromise
- [CVE] MOVEit Transfer vulnerability – CVE-2023-34362; MOVEit breach context referenced in SEC reporting.
Read more: https://socradar.io/major-cyber-attacks-in-review-august-2024/