July 1, 2022: Drone Cyberattack at US Financial Firm
Modified off-the-shelf drones carried wireless network-intrusion kit to the rooftop of a US East Coast financial firm and hacked into the network. The financial firm spotted unusual activity on its internal Atlassian Confluence page that originated from within the company's network. The incident, that occurred during the summer in '22, was not widely reported.
The story was recently recounted by security researcher, Greg Linares. The Register corresponded with an individual affiliated with the affected company who corroborated the incident.
(The individual asked not to be identified owing to a non-disclosure agreement and employment concerns.)
August 15, 2022: Hive Ransomware Group Attacks International French Clothing Stores
Damart, a French clothing company is being extorted for $2 million after a cyberattack from the Hive ransomware gang. Damart operates over 130 stores across the world.
The threat actors haven't posted the victim on their extortion site, opting to keep negotiations private. Damart has not engaged in negotiations with the cybercriminals. The company informed the national police of the incident, which makes it unlikely that Hive would receive a payment.
June 30, 2022: Hive Ransomware Group Leaks NY Racing Assoc. Data
The Hive ransomware operation claimed responsibility for an attack on the New York Racing Association (NYRA), which previously disclosed that a cyber attack on June 30, 2022, impacted IT operations and website availability and compromised member data, including Social security numbers (SSNs), Driver's license identification numbers, Health records, Health insurance information.
October 14, 2022: Aussie Woolworths Online Unit, MyDeal, Suffers Data Breach
Australia’s Woolworths Group Ltd’s majority-owned online retailer MyDeal said a “compromised user credential” ended up exploited Friday to access its systems that left 2.2 million users exposed.
MyDeal’s exposed customer data includes names, email addresses, phone numbers, delivery addresses, and in some instances date of birth of the customers, the Sydney-based retailer said in an advisory.
It further clarified that MyDeal’s website and application were not impacted, and none of the other platforms of Woolworths group were compromised.
“Malicious actors” carried out a cyberattack on Regis University in August 2019 — crippling the Denver campus’s IT network and downing phones, email and Wi-Fi — university officials paid the hackers a ransom in hopes of restoring their incapacitated systems. “The attack hit us the morning students were moving back to campus,” said Salvador Aceves, Regis’ senior vice president and chief financial officer. Aceves declined to say how much the university paid the hackers. University officials also have not revealed how much they’ve spent on recovery from the attack, which led them to distribute paper course schedules to students last fall and post signs on campus that read, “Enjoy a break from the connected life.”
Ransomware thieves are demanding £500,000 after an attack against Wooton Upper School in Bedfordshire, said press reports this week. The attack, said to be the work of the Hive ransomware group, also affected the Kimberley college for 16-19-year-olds. Both of these organizations are part of the Wootton Academy Trust.
The cyber-criminal group reportedly messaged students and parents, informing them that they had compromised the Trust’s networks several weeks ago. It stole home addresses, bank details, medical records and even students’ psychological reviews. The Hive group believes that Wooton has £500,000 in cyber insurance, according to local newspaper Bedford Today. It has threatened to release all of the data unless the Trust pays up.
December 15, 2021: Ransomware Attack Ultimately Causes Closure of Lincoln College in Illinois.
A cyber-attack proves to be the final nail in the coffin for a US college battling financial crisis. Lincoln University, founded in 1865 and home to a Black student body, shut its doors on May 13. The rural institution in Illinois has been experiencing economic difficulties as a result of Covid-19’s effect on recruitment and funding.
According to the Chicago Tribune, an assault by a cyber group in December dealt the last blow to the institution. The group’s hack encrypted vital information, rendering it harder for officials to conduct “enrollment, retention, as well as fund-raising initiatives,” according to a notice lately posted on the school’s website. Lincoln College reportedly paid a $100,000 ransom to the hackers, but they were ultimately unable to fully recover from the attack.
July 2, 2022: Staff Members Personal Data Potentially Compromised in Cedar Rapids School District Cyberattack.
In the wake of a cybersecurity breach, an Iowa school district put programs on hold while investigators ascertain whether the incident was a ransomware attack or a data breach. The district suspended its summer programs because of the cybersecurity breach.
Data theft may have included staff members' names, Social Security numbers, driver's license numbers, bank account and routing numbers and medical information.
June 25, 2022: IT & OT Attack forces Macmillan Publishers to Take Operations Offline and Close Physical Offices
Book publisher Macmillan has been hit with what it describes as a “digital security incident”, with experts believing it could be ransomware. According to emails seen by Publishers Weekly, the publisher initially said that a portion of the company’s files had become encrypted and that it had taken all of its systems offline to prevent further compromise. The company’s US sales team confirmed that it was unable to process, receive, place, or ship orders as a result of the company-wide shut down of digital systems and physical offices. The attack also impacted its U.K. branch, known as Pan Macmillan.
The company declined to answer further questions on the nature of the incident or how its systems were compromised, the use of encryption by the hackers indicates that it was ransomware. The attack has not yet been claimed by any major ransomware groups, and it remains unclear whether any sensitive data was stolen.
WSJ reported on July 6 "Macmillan Says Retailers Can Again Order Its Books After Recent Cyberattack" and doesn't anticipate having to change the publishing date of any of its books.
September 25, 2021: HVAC and IT System Down at Lufkin Independent School District
Several internet systems of Lufkin ISD down due to a ransomware attack. The district realized it had been attacked Saturday morning, according to Sheila Adams, executive director of communications and public relations. School operations that were affected include HVAC at some campuses and Skyward, a school management software. The school announced the HVAC systems were operational again by 2:45 p.m. Tuesday afternoon, 3 days after the attack.
"While its cybersecurity program appears to have worked, leadership does not know for sure if any data was compromised. The district also does not currently know how or why the attack happened as it is still under investigation." Adams said.