No items found.
No items found.
No items found.

Hacker Tracker: November 2022

Written By
Husnain Bajwa
Published On
Nov 14, 2022

The third quarter of 2022 saw a sharp, 28% increase in global cyberattacks compared to the same period in 2021.

Unfortunately, the wave of cybercrime hasn’t shown any sign of relenting. American Airlines, Medibank, and Los Angeles Unified School District (LAUSD) are among the big names targeted recently. 

Many of these were suspected or confirmed incidents of hackers using phishing tactics to bypass traditional multi-factor authentication systems. The consequences often include severe financial costs, loss of consumer trust, and millions of people left at risk of identity fraud.   

Read on to learn more about some of the high-profile cyberattacks of the past month. 

American Airlines

When it happened 

Unconfirmed. The data breach was discovered in July 2022 and a consumer notification letter was sent out on September 16. 

What happened 

According to American Airlines, they suffered a phishing attack that led to the sensitive personal data of a small number of customers and employees being stolen. 

Method of attack 

American Airlines’ internal investigation determined that the attacker successfully targeted employee email addresses with a phishing campaign. This allowed the attacker to gain access to personal data of customers and employees contained within those email accounts. 

The fallout so far

Passport details and driver’s license numbers were among the data stolen. So although American Airlines is providing the individuals whose data was accessed with 24 months of credit monitoring through Experian, victims may be at risk of identity theft for life. 

Thomson Reuters

When it happened 

October 21 - October 26, 2022 (according to limited analysis

What happened

A database leak led to 3TB of media conglomerate Thomson Reuter’s customer and corporate data being exposed, including sensitive information like unencrypted third-party passwords. 

Method of attack

Thomson Reuters left the three databases in question unsecured and accessible to everyone for several days, before realizing their mistake. But malicious bots can detect open databases of this kind very rapidly, so this data will likely have been obtained by cybercriminals. 

The fallout so far

As confidential information about internal network elements was exposed, there is now a significant risk of a supply-chain attack against one of Thomson Reuters’ business customers. Leaked login data has also opened up the risk of social engineering attacks. 

Medibank

When it happened

“Unusual activity” on Medibank’s network was first reported on October 12, 2022. 

What happened

In an absolutely devastating attack, cybercriminals gained access to all of the customer data, and a large proportion of the health claims data, of Australian medical insurer Medibank. As many as 3.9 million people are affected.

Method of attack

According to a Financial Review report, it is believed that the login credentials of an individual with high-level access to Medibank’s IT systems were stolen using either malware or phishing tactics. This was possible because the company did not have phishing-resistant MFA systems in place. These details were later sold to a hacker on a Russian forum, who then breached their systems and encrypted data. 

The fallout so far

Medibank’s stock price has fallen significantly and the company has estimated that the financial hit of the attack will be $25 to 35 million (AUD), not including potential compensation, fines, and legal costs. The reputational cost is harder to put a price tag on, but will be steep and long-lasting. 

Toyota

When it happened

December 2017 - September 15, 2022

What happened

Toyota has admitted in a data breach notice that it accidentally left an access key publicly available on GitHub, meaning the email addresses and customer control numbers of almost 300,000 customers may have been leaked. Upon discovery, Toyota immediately made the source code private. 

Method of attack

Despite this data having been publicly accessible for years, Toyota says it has found no evidence that a third party abused the exposed information. However, as the company itself acknowledges, there’s still a strong possibility it has been.

The fallout so far

The exposed data was less sensitive than many other high-profile cyberattacks, but almost 300,000 affected customers will have to remain vigilant against email phishing. 

MyDeal

When it happened

October 10, 2022

What happened 

A cybercriminal stole personal data belonging to 2.2 million customers of MyDeal, an Australian ecommerce company, and then sold this data on a dark web marketplace. 

Method of attack

The attacker used compromised employee credentials to gain access to MyDeal’s Customer Relationship System and steal the data in question. How these credentials were obtained has not been disclosed, and we don’t know if the attacker gained access to the company’s wider network. 

The fallout so far

Although sensitive data like payment details and ID numbers were not obtained, MyDeal has had to apologize to its customers and warned them to watch out for phishing attacks. MyDeal was recently acquired by Woolworths, but the IT systems of the two companies have not yet been integrated. Had they been, the fallout would have been much worse. 

LAUSD data leak

When it happened

October 1, 2022

What happened 

Over Labor Day weekend in September, the Los Angeles Unified School District (LAUSD)—which contains over 1,000 schools—suffered an attack carried out by Vice Society, a Russian hacking group that targets educational institutions. The LAUSD refused to pay a ransom the cybercriminals demanded, so the hackers released 500GB of data, including sensitive financial information, Social Security numbers, and health and legal records. 

Method of attack

The Vice Society, in this attack and others, have used ransomware methods to target their victims. However, experts have noted that their tactics are not innovative or remarkable

The fallout so far

The LAUSD has sought to downplay the significance of the attack, but it’s clear the data released was sensitive enough to lead to consequences like identity theft for those individuals affected.

Michigan Medicine 

When it happened

August 15 - 23, 2022

What happened

Michigan Medicine notified 33,850 patients of a data breach that may have led to their health data being stolen. 

Method of attack

Michigan Medicine was inadequately protected by legacy MFA. This allowed the attacker to successfully trick four employees into entering their login details on a phishing webpage and then into accepting MFA alerts, giving the cybercriminal access to their accounts. 

The fallout so far

According to Michigan Medicine, they’ve found no specific evidence of data theft, but it’s still a strong possibility this is exactly what’s happened. Michigan Medicine has apologized and pledged to put better safeguards in place, but it’s not clear if this includes phishing-resistant MFA. 

Bed Bath & Beyond

When it happened

October 2022

What happened

In a recent SEC filing, home retailer Bed Bath & Beyond provided limited details of a cyberattack it suffered in October.

Method of attack

Phishing tactics were used to target an employee, allowing the attacker to gain access to the individual’s hard drive and shared drives. 

Fallout so far

Bed Bath & Beyond have said that they are reviewing whether the drives contained sensitive or personal data, adding that they have no reason to believe such information was accessed. But until all of the evidence is gathered and released, we can’t be sure of this.

Other news 

Nvidia RTX 4090

A security expert revealed that the new Nvidia RTX 4090 is twice as fast at cracking passwords as the previous best model, the RTX 3090. This technology is useful for system administrators who need to crack passwords—which means it’s also useful for cybercriminals. 

Microsoft investigation into misconfigured endpoint

Microsoft has provided an update on its investigation into one of its endpoints being misconfigured, potentially allowing unauthorized access to business transaction data. The company says it has fixed the issue and has found no evidence of its data or systems being compromised.

New CISA guidance on MFA

CISA has issued new guidance urging organizations to move away from older forms of MFA, highlighting the risks these antiquated protections face and saying that phishing-resistant MFA is now essential.

Preventing attacks with phishing-resistant MFA

To prevent damaging cybersecurity breaches like these, organizations need up-to-date solutions that remove weak links from the chain. 

Beyond Identity’s phishing-resistant MFA replaces insecure passwords and push notifications with three phishing-resistant factors:

  1. Local biometrics like fingerprint and facial recognition.
  2. Cryptographic security keys that are only stored on trusted devices. 
  3. Device-level security checks at the time of login.

Book a demo today to learn how Beyond Identity’s Zero Trust Authentication solution can eliminate the risk of phishing attacks on your organization. 

Get started with Device360 today
Weekly newsletter
No spam. Just the latest releases and tips, interesting articles, and exclusive interviews in your inbox every week.

Hacker Tracker: November 2022

Download

The third quarter of 2022 saw a sharp, 28% increase in global cyberattacks compared to the same period in 2021.

Unfortunately, the wave of cybercrime hasn’t shown any sign of relenting. American Airlines, Medibank, and Los Angeles Unified School District (LAUSD) are among the big names targeted recently. 

Many of these were suspected or confirmed incidents of hackers using phishing tactics to bypass traditional multi-factor authentication systems. The consequences often include severe financial costs, loss of consumer trust, and millions of people left at risk of identity fraud.   

Read on to learn more about some of the high-profile cyberattacks of the past month. 

American Airlines

When it happened 

Unconfirmed. The data breach was discovered in July 2022 and a consumer notification letter was sent out on September 16. 

What happened 

According to American Airlines, they suffered a phishing attack that led to the sensitive personal data of a small number of customers and employees being stolen. 

Method of attack 

American Airlines’ internal investigation determined that the attacker successfully targeted employee email addresses with a phishing campaign. This allowed the attacker to gain access to personal data of customers and employees contained within those email accounts. 

The fallout so far

Passport details and driver’s license numbers were among the data stolen. So although American Airlines is providing the individuals whose data was accessed with 24 months of credit monitoring through Experian, victims may be at risk of identity theft for life. 

Thomson Reuters

When it happened 

October 21 - October 26, 2022 (according to limited analysis

What happened

A database leak led to 3TB of media conglomerate Thomson Reuter’s customer and corporate data being exposed, including sensitive information like unencrypted third-party passwords. 

Method of attack

Thomson Reuters left the three databases in question unsecured and accessible to everyone for several days, before realizing their mistake. But malicious bots can detect open databases of this kind very rapidly, so this data will likely have been obtained by cybercriminals. 

The fallout so far

As confidential information about internal network elements was exposed, there is now a significant risk of a supply-chain attack against one of Thomson Reuters’ business customers. Leaked login data has also opened up the risk of social engineering attacks. 

Medibank

When it happened

“Unusual activity” on Medibank’s network was first reported on October 12, 2022. 

What happened

In an absolutely devastating attack, cybercriminals gained access to all of the customer data, and a large proportion of the health claims data, of Australian medical insurer Medibank. As many as 3.9 million people are affected.

Method of attack

According to a Financial Review report, it is believed that the login credentials of an individual with high-level access to Medibank’s IT systems were stolen using either malware or phishing tactics. This was possible because the company did not have phishing-resistant MFA systems in place. These details were later sold to a hacker on a Russian forum, who then breached their systems and encrypted data. 

The fallout so far

Medibank’s stock price has fallen significantly and the company has estimated that the financial hit of the attack will be $25 to 35 million (AUD), not including potential compensation, fines, and legal costs. The reputational cost is harder to put a price tag on, but will be steep and long-lasting. 

Toyota

When it happened

December 2017 - September 15, 2022

What happened

Toyota has admitted in a data breach notice that it accidentally left an access key publicly available on GitHub, meaning the email addresses and customer control numbers of almost 300,000 customers may have been leaked. Upon discovery, Toyota immediately made the source code private. 

Method of attack

Despite this data having been publicly accessible for years, Toyota says it has found no evidence that a third party abused the exposed information. However, as the company itself acknowledges, there’s still a strong possibility it has been.

The fallout so far

The exposed data was less sensitive than many other high-profile cyberattacks, but almost 300,000 affected customers will have to remain vigilant against email phishing. 

MyDeal

When it happened

October 10, 2022

What happened 

A cybercriminal stole personal data belonging to 2.2 million customers of MyDeal, an Australian ecommerce company, and then sold this data on a dark web marketplace. 

Method of attack

The attacker used compromised employee credentials to gain access to MyDeal’s Customer Relationship System and steal the data in question. How these credentials were obtained has not been disclosed, and we don’t know if the attacker gained access to the company’s wider network. 

The fallout so far

Although sensitive data like payment details and ID numbers were not obtained, MyDeal has had to apologize to its customers and warned them to watch out for phishing attacks. MyDeal was recently acquired by Woolworths, but the IT systems of the two companies have not yet been integrated. Had they been, the fallout would have been much worse. 

LAUSD data leak

When it happened

October 1, 2022

What happened 

Over Labor Day weekend in September, the Los Angeles Unified School District (LAUSD)—which contains over 1,000 schools—suffered an attack carried out by Vice Society, a Russian hacking group that targets educational institutions. The LAUSD refused to pay a ransom the cybercriminals demanded, so the hackers released 500GB of data, including sensitive financial information, Social Security numbers, and health and legal records. 

Method of attack

The Vice Society, in this attack and others, have used ransomware methods to target their victims. However, experts have noted that their tactics are not innovative or remarkable

The fallout so far

The LAUSD has sought to downplay the significance of the attack, but it’s clear the data released was sensitive enough to lead to consequences like identity theft for those individuals affected.

Michigan Medicine 

When it happened

August 15 - 23, 2022

What happened

Michigan Medicine notified 33,850 patients of a data breach that may have led to their health data being stolen. 

Method of attack

Michigan Medicine was inadequately protected by legacy MFA. This allowed the attacker to successfully trick four employees into entering their login details on a phishing webpage and then into accepting MFA alerts, giving the cybercriminal access to their accounts. 

The fallout so far

According to Michigan Medicine, they’ve found no specific evidence of data theft, but it’s still a strong possibility this is exactly what’s happened. Michigan Medicine has apologized and pledged to put better safeguards in place, but it’s not clear if this includes phishing-resistant MFA. 

Bed Bath & Beyond

When it happened

October 2022

What happened

In a recent SEC filing, home retailer Bed Bath & Beyond provided limited details of a cyberattack it suffered in October.

Method of attack

Phishing tactics were used to target an employee, allowing the attacker to gain access to the individual’s hard drive and shared drives. 

Fallout so far

Bed Bath & Beyond have said that they are reviewing whether the drives contained sensitive or personal data, adding that they have no reason to believe such information was accessed. But until all of the evidence is gathered and released, we can’t be sure of this.

Other news 

Nvidia RTX 4090

A security expert revealed that the new Nvidia RTX 4090 is twice as fast at cracking passwords as the previous best model, the RTX 3090. This technology is useful for system administrators who need to crack passwords—which means it’s also useful for cybercriminals. 

Microsoft investigation into misconfigured endpoint

Microsoft has provided an update on its investigation into one of its endpoints being misconfigured, potentially allowing unauthorized access to business transaction data. The company says it has fixed the issue and has found no evidence of its data or systems being compromised.

New CISA guidance on MFA

CISA has issued new guidance urging organizations to move away from older forms of MFA, highlighting the risks these antiquated protections face and saying that phishing-resistant MFA is now essential.

Preventing attacks with phishing-resistant MFA

To prevent damaging cybersecurity breaches like these, organizations need up-to-date solutions that remove weak links from the chain. 

Beyond Identity’s phishing-resistant MFA replaces insecure passwords and push notifications with three phishing-resistant factors:

  1. Local biometrics like fingerprint and facial recognition.
  2. Cryptographic security keys that are only stored on trusted devices. 
  3. Device-level security checks at the time of login.

Book a demo today to learn how Beyond Identity’s Zero Trust Authentication solution can eliminate the risk of phishing attacks on your organization. 

Hacker Tracker: November 2022

Phishing resistance in security solutions has become a necessity. Learn the differences between the solutions and what you need to be phishing resistant.

The third quarter of 2022 saw a sharp, 28% increase in global cyberattacks compared to the same period in 2021.

Unfortunately, the wave of cybercrime hasn’t shown any sign of relenting. American Airlines, Medibank, and Los Angeles Unified School District (LAUSD) are among the big names targeted recently. 

Many of these were suspected or confirmed incidents of hackers using phishing tactics to bypass traditional multi-factor authentication systems. The consequences often include severe financial costs, loss of consumer trust, and millions of people left at risk of identity fraud.   

Read on to learn more about some of the high-profile cyberattacks of the past month. 

American Airlines

When it happened 

Unconfirmed. The data breach was discovered in July 2022 and a consumer notification letter was sent out on September 16. 

What happened 

According to American Airlines, they suffered a phishing attack that led to the sensitive personal data of a small number of customers and employees being stolen. 

Method of attack 

American Airlines’ internal investigation determined that the attacker successfully targeted employee email addresses with a phishing campaign. This allowed the attacker to gain access to personal data of customers and employees contained within those email accounts. 

The fallout so far

Passport details and driver’s license numbers were among the data stolen. So although American Airlines is providing the individuals whose data was accessed with 24 months of credit monitoring through Experian, victims may be at risk of identity theft for life. 

Thomson Reuters

When it happened 

October 21 - October 26, 2022 (according to limited analysis

What happened

A database leak led to 3TB of media conglomerate Thomson Reuter’s customer and corporate data being exposed, including sensitive information like unencrypted third-party passwords. 

Method of attack

Thomson Reuters left the three databases in question unsecured and accessible to everyone for several days, before realizing their mistake. But malicious bots can detect open databases of this kind very rapidly, so this data will likely have been obtained by cybercriminals. 

The fallout so far

As confidential information about internal network elements was exposed, there is now a significant risk of a supply-chain attack against one of Thomson Reuters’ business customers. Leaked login data has also opened up the risk of social engineering attacks. 

Medibank

When it happened

“Unusual activity” on Medibank’s network was first reported on October 12, 2022. 

What happened

In an absolutely devastating attack, cybercriminals gained access to all of the customer data, and a large proportion of the health claims data, of Australian medical insurer Medibank. As many as 3.9 million people are affected.

Method of attack

According to a Financial Review report, it is believed that the login credentials of an individual with high-level access to Medibank’s IT systems were stolen using either malware or phishing tactics. This was possible because the company did not have phishing-resistant MFA systems in place. These details were later sold to a hacker on a Russian forum, who then breached their systems and encrypted data. 

The fallout so far

Medibank’s stock price has fallen significantly and the company has estimated that the financial hit of the attack will be $25 to 35 million (AUD), not including potential compensation, fines, and legal costs. The reputational cost is harder to put a price tag on, but will be steep and long-lasting. 

Toyota

When it happened

December 2017 - September 15, 2022

What happened

Toyota has admitted in a data breach notice that it accidentally left an access key publicly available on GitHub, meaning the email addresses and customer control numbers of almost 300,000 customers may have been leaked. Upon discovery, Toyota immediately made the source code private. 

Method of attack

Despite this data having been publicly accessible for years, Toyota says it has found no evidence that a third party abused the exposed information. However, as the company itself acknowledges, there’s still a strong possibility it has been.

The fallout so far

The exposed data was less sensitive than many other high-profile cyberattacks, but almost 300,000 affected customers will have to remain vigilant against email phishing. 

MyDeal

When it happened

October 10, 2022

What happened 

A cybercriminal stole personal data belonging to 2.2 million customers of MyDeal, an Australian ecommerce company, and then sold this data on a dark web marketplace. 

Method of attack

The attacker used compromised employee credentials to gain access to MyDeal’s Customer Relationship System and steal the data in question. How these credentials were obtained has not been disclosed, and we don’t know if the attacker gained access to the company’s wider network. 

The fallout so far

Although sensitive data like payment details and ID numbers were not obtained, MyDeal has had to apologize to its customers and warned them to watch out for phishing attacks. MyDeal was recently acquired by Woolworths, but the IT systems of the two companies have not yet been integrated. Had they been, the fallout would have been much worse. 

LAUSD data leak

When it happened

October 1, 2022

What happened 

Over Labor Day weekend in September, the Los Angeles Unified School District (LAUSD)—which contains over 1,000 schools—suffered an attack carried out by Vice Society, a Russian hacking group that targets educational institutions. The LAUSD refused to pay a ransom the cybercriminals demanded, so the hackers released 500GB of data, including sensitive financial information, Social Security numbers, and health and legal records. 

Method of attack

The Vice Society, in this attack and others, have used ransomware methods to target their victims. However, experts have noted that their tactics are not innovative or remarkable

The fallout so far

The LAUSD has sought to downplay the significance of the attack, but it’s clear the data released was sensitive enough to lead to consequences like identity theft for those individuals affected.

Michigan Medicine 

When it happened

August 15 - 23, 2022

What happened

Michigan Medicine notified 33,850 patients of a data breach that may have led to their health data being stolen. 

Method of attack

Michigan Medicine was inadequately protected by legacy MFA. This allowed the attacker to successfully trick four employees into entering their login details on a phishing webpage and then into accepting MFA alerts, giving the cybercriminal access to their accounts. 

The fallout so far

According to Michigan Medicine, they’ve found no specific evidence of data theft, but it’s still a strong possibility this is exactly what’s happened. Michigan Medicine has apologized and pledged to put better safeguards in place, but it’s not clear if this includes phishing-resistant MFA. 

Bed Bath & Beyond

When it happened

October 2022

What happened

In a recent SEC filing, home retailer Bed Bath & Beyond provided limited details of a cyberattack it suffered in October.

Method of attack

Phishing tactics were used to target an employee, allowing the attacker to gain access to the individual’s hard drive and shared drives. 

Fallout so far

Bed Bath & Beyond have said that they are reviewing whether the drives contained sensitive or personal data, adding that they have no reason to believe such information was accessed. But until all of the evidence is gathered and released, we can’t be sure of this.

Other news 

Nvidia RTX 4090

A security expert revealed that the new Nvidia RTX 4090 is twice as fast at cracking passwords as the previous best model, the RTX 3090. This technology is useful for system administrators who need to crack passwords—which means it’s also useful for cybercriminals. 

Microsoft investigation into misconfigured endpoint

Microsoft has provided an update on its investigation into one of its endpoints being misconfigured, potentially allowing unauthorized access to business transaction data. The company says it has fixed the issue and has found no evidence of its data or systems being compromised.

New CISA guidance on MFA

CISA has issued new guidance urging organizations to move away from older forms of MFA, highlighting the risks these antiquated protections face and saying that phishing-resistant MFA is now essential.

Preventing attacks with phishing-resistant MFA

To prevent damaging cybersecurity breaches like these, organizations need up-to-date solutions that remove weak links from the chain. 

Beyond Identity’s phishing-resistant MFA replaces insecure passwords and push notifications with three phishing-resistant factors:

  1. Local biometrics like fingerprint and facial recognition.
  2. Cryptographic security keys that are only stored on trusted devices. 
  3. Device-level security checks at the time of login.

Book a demo today to learn how Beyond Identity’s Zero Trust Authentication solution can eliminate the risk of phishing attacks on your organization. 

Hacker Tracker: November 2022

Phishing resistance in security solutions has become a necessity. Learn the differences between the solutions and what you need to be phishing resistant.

The third quarter of 2022 saw a sharp, 28% increase in global cyberattacks compared to the same period in 2021.

Unfortunately, the wave of cybercrime hasn’t shown any sign of relenting. American Airlines, Medibank, and Los Angeles Unified School District (LAUSD) are among the big names targeted recently. 

Many of these were suspected or confirmed incidents of hackers using phishing tactics to bypass traditional multi-factor authentication systems. The consequences often include severe financial costs, loss of consumer trust, and millions of people left at risk of identity fraud.   

Read on to learn more about some of the high-profile cyberattacks of the past month. 

American Airlines

When it happened 

Unconfirmed. The data breach was discovered in July 2022 and a consumer notification letter was sent out on September 16. 

What happened 

According to American Airlines, they suffered a phishing attack that led to the sensitive personal data of a small number of customers and employees being stolen. 

Method of attack 

American Airlines’ internal investigation determined that the attacker successfully targeted employee email addresses with a phishing campaign. This allowed the attacker to gain access to personal data of customers and employees contained within those email accounts. 

The fallout so far

Passport details and driver’s license numbers were among the data stolen. So although American Airlines is providing the individuals whose data was accessed with 24 months of credit monitoring through Experian, victims may be at risk of identity theft for life. 

Thomson Reuters

When it happened 

October 21 - October 26, 2022 (according to limited analysis

What happened

A database leak led to 3TB of media conglomerate Thomson Reuter’s customer and corporate data being exposed, including sensitive information like unencrypted third-party passwords. 

Method of attack

Thomson Reuters left the three databases in question unsecured and accessible to everyone for several days, before realizing their mistake. But malicious bots can detect open databases of this kind very rapidly, so this data will likely have been obtained by cybercriminals. 

The fallout so far

As confidential information about internal network elements was exposed, there is now a significant risk of a supply-chain attack against one of Thomson Reuters’ business customers. Leaked login data has also opened up the risk of social engineering attacks. 

Medibank

When it happened

“Unusual activity” on Medibank’s network was first reported on October 12, 2022. 

What happened

In an absolutely devastating attack, cybercriminals gained access to all of the customer data, and a large proportion of the health claims data, of Australian medical insurer Medibank. As many as 3.9 million people are affected.

Method of attack

According to a Financial Review report, it is believed that the login credentials of an individual with high-level access to Medibank’s IT systems were stolen using either malware or phishing tactics. This was possible because the company did not have phishing-resistant MFA systems in place. These details were later sold to a hacker on a Russian forum, who then breached their systems and encrypted data. 

The fallout so far

Medibank’s stock price has fallen significantly and the company has estimated that the financial hit of the attack will be $25 to 35 million (AUD), not including potential compensation, fines, and legal costs. The reputational cost is harder to put a price tag on, but will be steep and long-lasting. 

Toyota

When it happened

December 2017 - September 15, 2022

What happened

Toyota has admitted in a data breach notice that it accidentally left an access key publicly available on GitHub, meaning the email addresses and customer control numbers of almost 300,000 customers may have been leaked. Upon discovery, Toyota immediately made the source code private. 

Method of attack

Despite this data having been publicly accessible for years, Toyota says it has found no evidence that a third party abused the exposed information. However, as the company itself acknowledges, there’s still a strong possibility it has been.

The fallout so far

The exposed data was less sensitive than many other high-profile cyberattacks, but almost 300,000 affected customers will have to remain vigilant against email phishing. 

MyDeal

When it happened

October 10, 2022

What happened 

A cybercriminal stole personal data belonging to 2.2 million customers of MyDeal, an Australian ecommerce company, and then sold this data on a dark web marketplace. 

Method of attack

The attacker used compromised employee credentials to gain access to MyDeal’s Customer Relationship System and steal the data in question. How these credentials were obtained has not been disclosed, and we don’t know if the attacker gained access to the company’s wider network. 

The fallout so far

Although sensitive data like payment details and ID numbers were not obtained, MyDeal has had to apologize to its customers and warned them to watch out for phishing attacks. MyDeal was recently acquired by Woolworths, but the IT systems of the two companies have not yet been integrated. Had they been, the fallout would have been much worse. 

LAUSD data leak

When it happened

October 1, 2022

What happened 

Over Labor Day weekend in September, the Los Angeles Unified School District (LAUSD)—which contains over 1,000 schools—suffered an attack carried out by Vice Society, a Russian hacking group that targets educational institutions. The LAUSD refused to pay a ransom the cybercriminals demanded, so the hackers released 500GB of data, including sensitive financial information, Social Security numbers, and health and legal records. 

Method of attack

The Vice Society, in this attack and others, have used ransomware methods to target their victims. However, experts have noted that their tactics are not innovative or remarkable

The fallout so far

The LAUSD has sought to downplay the significance of the attack, but it’s clear the data released was sensitive enough to lead to consequences like identity theft for those individuals affected.

Michigan Medicine 

When it happened

August 15 - 23, 2022

What happened

Michigan Medicine notified 33,850 patients of a data breach that may have led to their health data being stolen. 

Method of attack

Michigan Medicine was inadequately protected by legacy MFA. This allowed the attacker to successfully trick four employees into entering their login details on a phishing webpage and then into accepting MFA alerts, giving the cybercriminal access to their accounts. 

The fallout so far

According to Michigan Medicine, they’ve found no specific evidence of data theft, but it’s still a strong possibility this is exactly what’s happened. Michigan Medicine has apologized and pledged to put better safeguards in place, but it’s not clear if this includes phishing-resistant MFA. 

Bed Bath & Beyond

When it happened

October 2022

What happened

In a recent SEC filing, home retailer Bed Bath & Beyond provided limited details of a cyberattack it suffered in October.

Method of attack

Phishing tactics were used to target an employee, allowing the attacker to gain access to the individual’s hard drive and shared drives. 

Fallout so far

Bed Bath & Beyond have said that they are reviewing whether the drives contained sensitive or personal data, adding that they have no reason to believe such information was accessed. But until all of the evidence is gathered and released, we can’t be sure of this.

Other news 

Nvidia RTX 4090

A security expert revealed that the new Nvidia RTX 4090 is twice as fast at cracking passwords as the previous best model, the RTX 3090. This technology is useful for system administrators who need to crack passwords—which means it’s also useful for cybercriminals. 

Microsoft investigation into misconfigured endpoint

Microsoft has provided an update on its investigation into one of its endpoints being misconfigured, potentially allowing unauthorized access to business transaction data. The company says it has fixed the issue and has found no evidence of its data or systems being compromised.

New CISA guidance on MFA

CISA has issued new guidance urging organizations to move away from older forms of MFA, highlighting the risks these antiquated protections face and saying that phishing-resistant MFA is now essential.

Preventing attacks with phishing-resistant MFA

To prevent damaging cybersecurity breaches like these, organizations need up-to-date solutions that remove weak links from the chain. 

Beyond Identity’s phishing-resistant MFA replaces insecure passwords and push notifications with three phishing-resistant factors:

  1. Local biometrics like fingerprint and facial recognition.
  2. Cryptographic security keys that are only stored on trusted devices. 
  3. Device-level security checks at the time of login.

Book a demo today to learn how Beyond Identity’s Zero Trust Authentication solution can eliminate the risk of phishing attacks on your organization. 

Book

Hacker Tracker: November 2022

Phishing resistance in security solutions has become a necessity. Learn the differences between the solutions and what you need to be phishing resistant.

Download the book

By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.