The biggest cyber attacks and vulnerabilities from September 2024

Insights and trends from recent cyber threats and vulnerabilities from September.

Arjun Pednekar, Technical Director, Cognisys

Arjun Pednekar

1st October 2024

In September, we witnessed vulnerabilities in Microsoft macOS apps that exposed users to security risks, BEC email compromise scams causing $55.5 billion in losses, and the arrest of a British teen for a cyber attack on Transport for London, among other developments.

1. Vulnerabilities in Microsoft macOS apps exposes users to security risks

One such challenge comes from vulnerabilities within Microsoft’s macOS applications. Eight newly discovered flaws, targeting popular applications like Outlook, Teams, Word, and Excel, pose significant risks. These vulnerabilities allow attackers to bypass Apple’s Transparency, Consent, and Control (TCC) framework, potentially leading to unauthorised access to sensitive data. By injecting malicious libraries into these apps, attackers can gain elevated privileges, enabling them to send emails, record audio, or even capture video without the user’s knowledge. The scope of damage is determined by the permissions granted to each app, and the potential for misuse is significant. This discovery underscores the ongoing need for comprehensive security testing and timely patching in widely-used applications.

2. New supply chain attack targets Python package index

Meanwhile, the open-source community is grappling with a pressing issue-a new supply chain attack dubbed the ‘Revival Hijack.’ Discovered by JFrog, this method exploits the re-registration feature within the Python Package Index (PyPI) to target thousands of existing packages. The attack leverages the availability of names from deleted PyPI projects, allowing malicious actors to re-register these packages and potentially distribute harmful code. With over 100,000 downloads at risk, this vulnerability raises severe concerns about the security of the Python ecosystem and the risk of widespread compromise across downstream organisations. This incident underscores the urgent need for improved oversight and verification processes in open-source software development.

3. Typosquatting attack exploits GitHub actions vulnerabilities

In the continuous integration and delivery (CI/CD) world, GitHub Actions, a platform used by countless developers, has revealed its security gaps. Orca Security identified a typosquatting attack that exploits minor errors developers make when setting up GitHub Actions. Malicious actors can create repositories and organisations with names that resemble legitimate GitHub Actions, tricking users into running harmful code. Given the access GitHub Actions have to sensitive information and the ability to modify source code, such an attack vector can lead to data exfiltration, the introduction of bugs or backdoors, and the spread of malicious changes across an organisation’s projects. This finding is a reminder that even trusted development platforms require scrutiny.

4. Business email compromise scams result in $55.5 Billion in global losses

Business Email Compromise (BEC) scams continue to be a significant and costly threat. According to the FBI, BEC attacks have caused nearly $55.5 billion in losses globally since 2013, with over 305,000 incidents reported. These scams typically involve fraudsters impersonating executives or business partners to trick employees into making large financial transfers. The evolving nature of BEC, including the use of third-party payment processors and cryptocurrency exchanges, complicates the recovery of stolen funds. With UK and Hong Kong banks frequently serving as intermediaries in these transactions, the FBI urges organisations to heighten their vigilance against this ever-evolving threat.

Senior penetration tester conducting a detailed security assessment during a penetration test, identifying vulnerabilities to help safeguard against recent cyber attacks in September

5. British teen arrested for cyber attack on Transport for London

On the home front, British authorities recently arrested a 17-year-old concerning a cyber attack on Transport for London (TfL). The attack, which compromised customer data, including names and bank details, is a stark reminder of the vulnerabilities in public infrastructure. The incident is part of a disturbing trend of teenagers engaging in high-profile cyber attacks, echoing the notorious Lapsus$ extortion group and similar cases in recent years.

6. Fortinet data breach highlights cloud security vulnerabilities and ransom demands

Major cyber security firm Fortinet has also faced its challenges, disclosing a data breach that affected a small percentage of its cloud-hosted customer information. While the company insists that its products and services were not compromised, the breach involving a third-party cloud-based file storage system has raised concerns. A dark web user, claiming to have stolen 440GB of Fortinet data, alleges that the company refused to pay a ransom. Though Fortinet continues to cooperate with law enforcement, this incident has placed a spotlight on cloud security vulnerabilities and the handling of sensitive customer data.

7. UK Government report exposes widening cyber security skills gap among businesses

A new government report in the UK has highlighted significant cyber security skills gaps. According to the Department for Science, Innovation & Technology’s 2024 study, nearly half of UK businesses lack basic technical cyber security skills, while advanced capabilities, such as penetration testing, are also in short supply. The report reveals that incident management skills have deteriorated, with gaps rising from 27% in 2020 to 48% in 2024. While there has been growth in the supply of cyber skills, macroeconomic pressures and tech sector layoffs have cooled demand, leaving many firms underprepared to deal with cyber threats.

8. Ransomware attacks surge in the UK as majority of victims pay ransoms despite policies

Finally, ransomware attacks continue to be a significant threat to UK organisations, with 53% of firms reporting incidents in the past year, up from 38% in 2023. Despite having policies against ransom payments, a startling 59% of UK victims still paid the ransom, and many more indicated they would do so if attacked again. Globally, the trend is even more alarming, with 67% of organisations falling victim to ransomware. These figures highlight a critical challenge: the willingness to pay ransoms may encourage more attacks, revealing a pressing need for stronger resilience and more effective cyber security strategies.

There is no denying that organisations must stay agile, proactive, and vigilant as cyber threats evolve. Whether managing software vulnerabilities, supply chain attacks, or skills shortages, maintaining a strong cyber security posture is more critical than ever. By staying informed, having plans in place, and rigorously testing defences, businesses can better safeguard themselves against emerging digital threats.

Stay secure, stay informed, and most importantly, stay engaged. Your active participation in the cyber security community is crucial for our collective safety. Why not talk to us about your cyber security requirements?

Subscribe to receive the latest cyber insights

RECENT UPDATES

Understanding internal vs. external penetration testing: which is best for your business?

TIPS

Understanding internal vs. external penetration testing: which is best for your business?

In this blog, we will help you understand the differences between internal and external penetration testing and how to choose the best approach for your industry.

Overview of Pulsar Group's platform

CASE STUDY

Friendly people, unfriendly projects: Pulsar Group’s pen testing journey

Learn how Cognisys’ penetration testing services and SmartView portal helped Pulsar Group manage their security assessments more efficiently.

EarthID team celebrating with an award for their cyber security achievements

CASE STUDY

Enabling EarthID to achieve highest standard of cyber security

Learn how EarthID’s identity platform became secure with our penetration testing services.