The biggest cyber attacks and vulnerabilities from September 2024
Insights and trends from recent cyber threats and vulnerabilities from September.
Arjun Pednekar
1st October 2024
In September, we witnessed vulnerabilities in Microsoft macOS apps that exposed users to security risks, BEC email compromise scams causing $55.5 billion in losses, and the arrest of a British teen for a cyber attack on Transport for London, among other developments.
1. Vulnerabilities in Microsoft macOS apps exposes users to security risks
One such challenge comes from vulnerabilities within Microsoft’s macOS applications. Eight newly discovered flaws, targeting popular applications like Outlook, Teams, Word, and Excel, pose significant risks. These vulnerabilities allow attackers to bypass Apple’s Transparency, Consent, and Control (TCC) framework, potentially leading to unauthorised access to sensitive data. By injecting malicious libraries into these apps, attackers can gain elevated privileges, enabling them to send emails, record audio, or even capture video without the user’s knowledge. The scope of damage is determined by the permissions granted to each app, and the potential for misuse is significant. This discovery underscores the ongoing need for comprehensive security testing and timely patching in widely-used applications.
2. New supply chain attack targets Python package index
Meanwhile, the open-source community is grappling with a pressing issue-a new supply chain attack dubbed the ‘Revival Hijack.’ Discovered by JFrog, this method exploits the re-registration feature within the Python Package Index (PyPI) to target thousands of existing packages. The attack leverages the availability of names from deleted PyPI projects, allowing malicious actors to re-register these packages and potentially distribute harmful code. With over 100,000 downloads at risk, this vulnerability raises severe concerns about the security of the Python ecosystem and the risk of widespread compromise across downstream organisations. This incident underscores the urgent need for improved oversight and verification processes in open-source software development.
3. Typosquatting attack exploits GitHub actions vulnerabilities
In the continuous integration and delivery (CI/CD) world, GitHub Actions, a platform used by countless developers, has revealed its security gaps. Orca Security identified a typosquatting attack that exploits minor errors developers make when setting up GitHub Actions. Malicious actors can create repositories and organisations with names that resemble legitimate GitHub Actions, tricking users into running harmful code. Given the access GitHub Actions have to sensitive information and the ability to modify source code, such an attack vector can lead to data exfiltration, the introduction of bugs or backdoors, and the spread of malicious changes across an organisation’s projects. This finding is a reminder that even trusted development platforms require scrutiny.
4. Business email compromise scams result in $55.5 Billion in global losses
Business Email Compromise (BEC) scams continue to be a significant and costly threat. According to the FBI, BEC attacks have caused nearly $55.5 billion in losses globally since 2013, with over 305,000 incidents reported. These scams typically involve fraudsters impersonating executives or business partners to trick employees into making large financial transfers. The evolving nature of BEC, including the use of third-party payment processors and cryptocurrency exchanges, complicates the recovery of stolen funds. With UK and Hong Kong banks frequently serving as intermediaries in these transactions, the FBI urges organisations to heighten their vigilance against this ever-evolving threat.
5. British teen arrested for cyber attack on Transport for London
On the home front, British authorities recently arrested a 17-year-old concerning a cyber attack on Transport for London (TfL). The attack, which compromised customer data, including names and bank details, is a stark reminder of the vulnerabilities in public infrastructure. The incident is part of a disturbing trend of teenagers engaging in high-profile cyber attacks, echoing the notorious Lapsus$ extortion group and similar cases in recent years.
6. Fortinet data breach highlights cloud security vulnerabilities and ransom demands
Major cyber security firm Fortinet has also faced its challenges, disclosing a data breach that affected a small percentage of its cloud-hosted customer information. While the company insists that its products and services were not compromised, the breach involving a third-party cloud-based file storage system has raised concerns. A dark web user, claiming to have stolen 440GB of Fortinet data, alleges that the company refused to pay a ransom. Though Fortinet continues to cooperate with law enforcement, this incident has placed a spotlight on cloud security vulnerabilities and the handling of sensitive customer data.
7. UK Government report exposes widening cyber security skills gap among businesses
8. Ransomware attacks surge in the UK as majority of victims pay ransoms despite policies
Finally, ransomware attacks continue to be a significant threat to UK organisations, with 53% of firms reporting incidents in the past year, up from 38% in 2023. Despite having policies against ransom payments, a startling 59% of UK victims still paid the ransom, and many more indicated they would do so if attacked again. Globally, the trend is even more alarming, with 67% of organisations falling victim to ransomware. These figures highlight a critical challenge: the willingness to pay ransoms may encourage more attacks, revealing a pressing need for stronger resilience and more effective cyber security strategies.
There is no denying that organisations must stay agile, proactive, and vigilant as cyber threats evolve. Whether managing software vulnerabilities, supply chain attacks, or skills shortages, maintaining a strong cyber security posture is more critical than ever. By staying informed, having plans in place, and rigorously testing defences, businesses can better safeguard themselves against emerging digital threats.
Stay secure, stay informed, and most importantly, stay engaged. Your active participation in the cyber security community is crucial for our collective safety. Why not talk to us about your cyber security requirements?
