A Look Back: The Cyber Attack Landscape of August and September 2024

Breached Company

Breached Company

16 min read
A Look Back: The Cyber Attack Landscape of August and September 2024

August and September 2024 proved to be tumultuous months in the realm of cybersecurity, with a surge in high-profile attacks targeting various sectors globally. The impact of these incidents transcended mere data breaches, causing significant operational disruptions, financial losses, and raising concerns about the vulnerability of critical infrastructure. This article provides an in-depth analysis of the cyber attack landscape during these months, examining the most affected sectors, prevalent ransomware groups, their tactics, and the evolving nature of cyber threats.

August 2024 Ransomware Update
Introduction Ransomware attacks continue to be a significant threat to organizations worldwide. During the week of August 21-27, 2024, ransomware activity showed alarming trends, with 97 victims across various industries and countries. The latest data highlights not only the most targeted sectors but also the geographic distribution and the key
Breached CompanyBreached Company

August 2024: A Month of Escalating Cyber Threats

August 2024 witnessed a 14.4% increase in ransomware incidents compared to July 2024, marking an alarming escalation in cyberattacks. The evolving tactics of cybercriminals, coupled with the vulnerabilities of digital systems, created a perfect storm for disruption.

Ransomware groups aggressively targeted a wide range of sectors, impacting businesses, government institutions, and essential services. Key events included:

  • Halliburton, a global energy giant, crippled by RansomHub: In a brazen attack, the RansomHub ransomware gang claimed responsibility for crippling Halliburton's key systems, including invoice generation and purchase order processing. This attack demonstrated the group's growing capabilities and its willingness to target high-profile organizations.
  • Patelco Credit Union, another victim of RansomHub's onslaught: The RansomHub group further solidified its position as a top threat actor by targeting Patelco Credit Union, impacting over 726,000 individuals and compromising sensitive personal and financial data.
  • Young Consulting (Connexure) suffers a delayed data breach revelation: In a concerning turn of events, the BlackSuit ransomware group's attack on Young Consulting, which occurred in April 2024, came to light in August. This delay highlights the challenges organizations face in detecting and disclosing breaches promptly.
  • Kootenai Health patient data leaked by 3AM ransomware: The 3AM ransomware operation stole and leaked data belonging to 464,000 Kootenai Health patients, emphasizing the devastating consequences of healthcare sector attacks.

These attacks, coupled with the emergence of new ransomware players like Helldown, who published data from 17 victims on their leak site, painted a bleak picture of the escalating ransomware threat in August 2024.

August 2024 Cyber Attack Landscape
August 2024 was a tumultuous month in the realm of cybersecurity, marked by a series of high-profile cyber attacks that underscored the vulnerabilities of critical infrastructure and diverse sectors across the globe. These incidents highlighted the persistent threat posed by cybercriminals and the importance of robust cybersecurity measures. Below is
Breached CompanyBreached Company

The Rise of RansomHub:

RansomHub, a relatively new entrant in the cybercrime landscape, quickly rose to prominence, claiming the top spot among ransomware threats in August 2024. This group distinguished itself through:

  • Aggressive targeting: They attacked at least 210 victims across various sectors, demonstrating an indiscriminate approach to choosing targets.
  • Sophisticated tactics: RansomHub employed advanced tools like EDRKillShifter and TDSSKiller to disable endpoint detection and response software, making their attacks more difficult to detect and mitigate.
  • Multi-platform expertise: Their ability to target systems running Windows, macOS, Linux, and especially VMware ESXi environments underscored their technical prowess and reach.

Alongside RansomHub, Meow ransomware also experienced a significant surge in activity, becoming the second most prevalent ransomware group in August 2024. This surge, evidenced by the 34 victims they listed on their leak site, demonstrated the group's growing capabilities and its intent to inflict significant damage.

While LockBit3 remained active, it saw a relative decline in attacks compared to previous months.

September 2024 Cyber Attack Update
In September 2024, several notable organizations fell victim to cyber attacks, data breaches, and ransomware incidents. Here’s an in-depth look at some of the most significant cases: Highline Public Schools Cyber Attack On September 8, 2024, Highline Public Schools in Burien, Washington, USA, experienced a cyber attack that disrupted their
Breached CompanyBreached Company

September 2024: Expanding Targets and Persistent Threats

The cyber threat landscape in September 2024 reflected a continuation of the concerning trends observed in August, with attackers continuing to target essential services and critical infrastructure.

  • Education sector under fire: Despite the start of a new school year, educational institutions continued to be targeted, with attacks reported at Highline Public Schools in Washington, USA, and Charles Darwin School in London, UK. These attacks highlighted the vulnerability of the education sector and the potential disruption to learning and data security.
  • Retail sector data breach: Boulanger, a major French electronics retailer, suffered a massive data breach, compromising the personal information of hundreds of thousands of customers.
  • Local governments face disruptions: Cybercriminals also set their sights on local government bodies, with incidents reported at Tewkesbury Borough Council in England and Communauté urbaine du Grand Reims in France. These attacks demonstrated the potential for service disruptions and data theft at the municipal level.

Key Takeaways from September 2024 Cyberattacks:

  • The persistence of ransomware: Ransomware remained a significant threat, affecting organizations across sectors, particularly schools, highlighting the need for robust preventative measures and incident response plans.
  • The expanding target landscape: Cybercriminals cast a wider net, targeting diverse industries, including education, retail, and local government, emphasizing the need for heightened cybersecurity awareness and preparedness across all sectors.
  • Data protection challenges: The Boulanger breach exemplified the ongoing challenges organizations face in safeguarding customer data, raising concerns about data privacy and security in an increasingly digital world.

The Three Most Prevalent Ransomware Groups in August 2024 and Their Tactics

The sources reveal that August 2024 saw a surge in ransomware attacks, with several groups significantly impacting various sectors. The three most prevalent ransomware groups during this period were:

  1. RansomHub: This group emerged as the top ransomware threat in August 2024.
    • They targeted at least 210 victims across various sectors, demonstrating an indiscriminate approach.
    • Known for using multiple tools to disable endpoint detection and response software (EDR), including EDRKillShifter and TDSSKiller.
    • They claimed responsibility for attacks on prominent organizations such as Halliburton and Planned Parenthood.
    • RansomHub targeted systems running various operating systems, including Windows, macOS, Linux, and notably, VMware ESXi environments.
  2. Meow Ransomware: This group experienced a significant surge in activity during August, making it the second most prevalent ransomware threat.
    • They publicly disclosed 34 victims on their data leak site, exceeding the total number of victims they had claimed in the preceding twelve months.
  3. LockBit3: Although it remained active in August 2024, LockBit3 experienced a decline in attacks compared to previous months.

The sources don't elaborate on specific tactics used by Meow and LockBit3 during August 2024 beyond their general ransomware operations. However, the information about RansomHub's use of sophisticated tools and their targeting of a wide range of systems and organizations distinguishes them as a highly active and evolving threat during that period.

Targeted Sectors in September 2024

While the sources don't provide a definitive ranking of the most frequently targeted sectors specifically for September 2024, they offer insights into prominent attacks and trends during that month:

  • Education:
    • Highline Public Schools in Washington, USA, experienced a disruptive cyberattack.
    • Charles Darwin School in London, UK, was hit by a ransomware attack.
  • Retail:
    • Boulanger, a French electronics retail chain, suffered a data breach affecting hundreds of thousands of customers.
  • Local Government:
    • Tewkesbury Borough Council in England experienced a cyber incident that disrupted its services.
    • Communauté urbaine du Grand Reims in France was targeted with a DDoS attack, potentially affecting services for residents.

The sources also highlight several other sectors that were significantly affected by cyberattacks throughout 2024, suggesting they may have continued to be targeted in September:

  • Education and Research: This sector experienced a 53% surge in attacks in Q2 2024 compared to the previous year, averaging 3,341 attacks per organization weekly.
  • Government/Military: This was the second most attacked sector in Q2 2024, with an average of 2,084 attacks weekly per organization.
  • Healthcare: Healthcare organizations experienced a 15% rise in attacks in Q2 2024 compared to the previous year, averaging 1,999 attacks per week per organization.
  • Hardware Vendors: This industry saw a significant 183% increase in attacks in Q2 2024.

While the specific frequency of attacks on these sectors during September 2024 isn't stated, their prominence earlier in the year and the ongoing trends in cyberattacks suggest they likely remained targets.

Most Targeted Sectors in August and September 2024 and Types of Data Compromised

The sources provide a detailed picture of the cyber threat landscape for August and September 2024, highlighting the sectors most impacted and the types of data compromised.

Most Affected Sectors

  • Education and Research: This sector saw a significant surge in attacks, with a 53% increase in Q2 2024 compared to the same period in 2023. On average, organizations in this sector faced 3,341 attacks every week. Several schools and universities experienced attacks in August and September, including:
    • Highline Public Schools in Washington, USA, suffered a disruptive cyberattack.
    • Charles Darwin School in London, UK, was hit by a ransomware attack that potentially impacted students' education and data security.
    • Mobile Guardian, a mobile device management provider used by schools globally, suffered an attack leading to data wiping from over 13,000 student devices.
  • Government/Military: This sector was the second most targeted, experiencing 2,084 attacks per week. Notable attacks included:
    • City of North Miami, Florida: Unauthorized access led to the closure of City Hall for almost a week, impacting various services and potentially targeting the mayor's personal information.
    • Tewkesbury Borough Council in England reported a cyber incident affecting its services.
    • Communauté urbaine du Grand Reims in France was targeted by a DDoS attack.
    • Seattle-Tacoma International Airport and Port of Seattle experienced significant system outages due to a cyberattack.
  • Healthcare: Healthcare organizations faced an average of 1,999 attacks per week, a 15% increase from the previous year. Attacks on this sector included:
    • OneBlood, a non-profit blood supplier in the Southeast U.S., suffered a ransomware attack that disrupted its blood product delivery, impacting hospitals and patient care.
    • Kootenai Health had data from 464,000 patients stolen and leaked by the 3AM ransomware group.
    • Elitecare Emergency Hospital notified 24,754 individuals about a data breach involving health insurance and medical information.
  • Hardware Vendors: This industry experienced a substantial 183% rise in attacks.
  • Retail: The sources highlighted a major data breach at Boulanger, a French electronics retail chain, compromising personal information of hundreds of thousands of customers.
  • Financial Services: Attacks on financial institutions targeted critical financial systems and customer data, leading to data breaches and financial losses. While the sources don't provide specific examples from August or September, they do mention:
    • A ransomware attack on nearly 300 small Indian banks in July, impacting payment systems.
    • Patelco Credit Union in California was hit by a ransomware attack from the Ransomhub group, impacting over 726,000 individuals.

Types of Data Compromised

  • Personal Information: This included names, addresses, phone numbers, birthdates, and email addresses. The Boulanger data breach exemplifies this.
  • Financial Data: This included credit card details, banking information, and insurance claim details.
  • Health Information: The breaches at Kootenai Health and Elitecare Emergency Hospital exposed sensitive health insurance details and medical records.
  • Educational Data: Attacks on schools potentially compromised student and faculty data and disrupted educational operations.

The diverse range of sectors targeted and the types of data compromised highlight the evolving nature of cyber threats and the importance of strong cybersecurity measures across all industries.

Here's a breakdown of key trends observed in cyberattacks and data breaches during August and September 2024, based on the provided sources:

Ransomware Surge and Evolution:

  • Ransomware attacks increased in August 2024 compared to July 2024, with a 14.4% rise in incidents.
  • RansomHub emerged as a dominant ransomware threat in August, targeting a wide range of sectors and systems, particularly VMware ESXi environments.
  • Meow ransomware also saw a significant surge in August, becoming the second most prevalent ransomware group.
  • The ransomware landscape continued to fragment, with smaller, aggressive groups like Helldown emerging in September.
  • Ransomware operators increasingly used advanced tools, such as EDRKillShifter, to disable endpoint detection and response software.

Targeting of High-Value Organizations:

  • Ransomware groups increasingly targeted larger organizations with deeper pockets, leading to higher ransom demands.
  • A record-breaking $75 million ransom was paid to the Dark Angels ransomware group in early 2024, believed to be the largest single payment in history.
  • This trend indicates a shift towards more lucrative targets and potentially more sophisticated attack methods.

Specific Industries Under Siege:

  • Education and research institutions were heavily targeted in 2024, experiencing a 53% increase in attacks in Q2 2024 compared to Q2 2023.
  • Government and military remained a primary target, with an average of 2,084 attacks per week in Q2 2024.
  • Healthcare organizations continued to face a significant number of attacks, averaging 1,999 attacks per week per organization in Q2 2024.

Persistent Data Breaches and Unauthorized Access:

  • Data breaches remained a significant concern across various sectors, including retail, healthcare, and technology.
  • Supply chain attacks, where attackers target organizations through their vendors or partners, continued to pose a threat.
  • Hackers increasingly exploited misconfigured cloud services and vulnerabilities in popular software to gain unauthorized access.

Evolving Cybercriminal Tactics:

  • Collaboration between cybercriminal groups became more prevalent, with some ransomware operators working with initial access brokers and other threat actors.
  • Data exfiltration and extortion remained common tactics, with attackers threatening to leak stolen data if a ransom wasn't paid.
  • The use of sophisticated phishing and social engineering techniques continued to be a primary method for gaining initial access to systems.

Overall, the trends in August and September 2024 underscore the constantly evolving nature of cyber threats. The sources highlight the need for organizations to adopt a proactive and multi-layered approach to cybersecurity, including robust prevention, detection, and response mechanisms.

Timeline of Events:

July 2024

  • Late July: Massive global IT outage caused by a faulty CrowdStrike software update disrupts businesses and governments worldwide, affecting airlines, hospitals, news outlets, and banks.
  • July 31: OneBlood, a non-profit blood supplier in the Southeast US, suffers a ransomware attack, disrupting blood product delivery to over 350 hospitals.

August 2024

  • Early August: A ransomware attack hits nearly 300 small Indian banks using C-Edge Technologies, a joint venture between SBI and TCS, disrupting payment systems.
  • August 1: Germany accuses China of a cyber attack, heightening geopolitical tensions.
  • August 4:Grand Palais and other French museums in the Réunion des Musées Nationaux network experience a ransomware attack.
  • Mobile Guardian, a UK mobile device management provider, is targeted in a cyber attack, resulting in data wiping from over 13,000 devices, primarily affecting schools in Singapore.
  • A DDoS attack disrupts emergency call systems in Central Texas.
  • Throughout August:Ransomware attacks exploiting a vulnerability in VMware ESXi virtual machines (CVE-2024-37085) increase.
  • The RansomHub ransomware group rises to prominence.
  • The Eldorado ransomware group conducts attacks on 16 companies, primarily in the US real estate and healthcare sectors.
  • August (Date Unspecified):Park'N Fly suffers a data breach, affecting 1 million customers.
  • Toyota confirms a data breach, potentially exposing data of 240GB.
  • A Fortune 50 company reportedly pays a record $75 million ransom to the Dark Angels ransomware group.
  • Halliburton experiences a major cyber attack, claimed by the RansomHub group.
  • Patelco Credit Union is hit by a ransomware attack from the RansomHub group, affecting over 726,000 individuals.
  • BlackSuit ransomware attack on Young Consulting (now Connexure) impacts 950,000 customers, although the attack occurred in April.
  • The healthcare sector faces multiple cyber attacks.
  • Several real estate companies experience data breaches.
  • Financial institutions are targeted in cyber attacks.
  • Ransomware attacks cause disruption in the manufacturing sector.
  • Schools and universities are hit by cyber attacks.
  • The 3AM ransomware operation attacks Kootenai Health.
  • CannonDesign suffers an AvosLocker ransomware attack.
  • The American Radio Relay League pays $1 million ransom after an Embargo ransomware attack.

September 2024

  • Early September: Charles Darwin School in London experiences a ransomware attack.
  • September 3: A DDoS attack targets the Communauté urbaine du Grand Reims website in France.
  • September 4: Tewkesbury Borough Council in England reports a cyber incident disrupting services.
  • September 7: French electronics retailer Boulanger suffers a major data breach.
  • September 8: Highline Public Schools in Burien, Washington, USA, experience a cyber attack.
  • September (Date Unspecified):Fortinet confirms a data breach affecting a small number of its customers.
  • DeltaPrime, a decentralized finance platform, suffers a security breach resulting in a $6 million loss.
  • Payment gateway platform SLIM CD reports a data breach affecting 1.7 million customers between August 2023 and June 2024.
  • Elitecare Emergency Hospital notifies 24,754 individuals of a data breach.
  • Dell faces two separate data breach claims.
  • A hacker claims to have stolen 20GB of data from Capgemini.
  • The RansomHub group lists Planned Parenthood on its leak site.
  • A hacker claims to have leaked data from Temu, despite the company's denial of a breach.
  • Keytronic reveals losses exceeding $17 million from a ransomware attack in May.

Cast of Characters:

Companies & Organizations:

  • 3AM Ransomware Operation: A ransomware group known for stealing and leaking victim data.
  • AABB Interorganizational Disaster Taskforce: A group that coordinates support from US blood centers during emergencies.
  • American Radio Relay League: A non-profit organization that suffered a ransomware attack from the Embargo group.
  • Anonymous Guys: A Russia-linked hacktivist group targeting Latvian websites.
  • APT41: A Chinese state-sponsored hacking group known for targeting sensitive information and intellectual property.
  • Arcadian Ambulance Service: A company that experienced a cyberattack in August 2024.
  • AvosLocker: A ransomware group that targeted CannonDesign.
  • Black Basta Ransomware: A ransomware group that attacked Keytronic.
  • BlackSuit Ransomware: A ransomware group that compromised data from Young Consulting.
  • Boulanger: A French electronics retail chain that experienced a significant data breach.
  • CannonDesign: A global architectural and engineering firm that suffered a ransomware attack.
  • Capgemini: A French technology and consulting company targeted in a data theft claim.
  • Capital Area Council of Governments (Texas): A regional government organization that responded to DDoS attacks on emergency call systems.
  • C-Edge Technologies: An Indian joint venture between SBI and TCS targeted by a ransomware attack impacting banks.
  • Charles Darwin School: A school in London that suffered a ransomware attack.
  • City of North Miami, Florida: Experienced unauthorized access to its systems, impacting city services.
  • Communauté urbaine du Grand Reims: A French municipal association that experienced a DDoS attack on its website.
  • Connexure (formerly Young Consulting): A US software provider specializing in employer stop-loss insurance, hit by the BlackSuit ransomware group.
  • CrowdStrike: A cybersecurity company whose faulty software update caused a global IT outage.
  • Dark Angels Ransomware Group: A ransomware group that received a record-breaking $75 million ransom payment.
  • Dell: A technology company that faced two separate data breach claims.
  • DeltaPrime: A decentralized finance platform that suffered a security breach and financial loss.
  • Disney: A global entertainment company that experienced a cyber attack in July 2024.
  • Eldorado Ransomware Group: A ransomware group known for targeting companies in the US real estate and healthcare sectors.
  • Elitecare Emergency Hospital: A hospital that experienced a data breach.
  • Embargo Ransomware Group: A ransomware group that attacked the American Radio Relay League.
  • Ethereum: A cryptocurrency platform that suffered a mailing list breach.
  • Financial Institutions: Various financial institutions targeted by cyber attacks throughout 2024.
  • Fortinet: A security vendor that experienced a data breach.
  • Frankfurt University of Applied Sciences: A university that shut down its IT systems after a cyber attack.
  • Grand Palais: A museum in France, part of the Réunion des Musées Nationaux network, that was hit by a ransomware attack.
  • Halliburton: A global energy and oil services company that suffered a significant cyber attack from the RansomHub group.
  • Healthcare Sector: Healthcare providers and hospitals continued to be targets for ransomware and data breaches throughout 2024.
  • Helldown: A new ransomware gang that emerged in 2024.
  • Highline Public Schools: A school district in Washington, USA, that suffered a cyber attack.
  • Iranian Hacking Group (Pioneer Kitten/Fox Kitten): A hacking group collaborating with ransomware affiliates and targeting US organizations.
  • Keytronic: An electronic manufacturing services provider that suffered a major ransomware attack.
  • Kootenai Health: A healthcare provider that was attacked by the 3AM ransomware operation.
  • Lynx Ransomware Group: A new ransomware group that gained traction in August 2024.
  • Macau Government: Experienced a DDoS attack on its websites, including those of security services and police.
  • Manufacturing Sector: Companies in this sector were increasingly targeted by ransomware attacks, causing disruptions.
  • Meow Ransomware: A ransomware group that saw a significant surge in activity in August 2024.
  • Microchip Technology: A US semiconductor manufacturer that experienced a cyber attack disrupting its operations.
  • Microsoft: Faced a major outage and a separate DDoS attack on its Azure cloud platform.
  • Mobile Guardian: A UK-based mobile device management provider hit by a cyber attack that affected schools globally.
  • National Crime Agency (NCA): Collaborated with US and Australian authorities to expose members of the Evil Corp cybercrime group.
  • National Payments Corporation of India (NPCI): India's payment system operator, which isolated C-Edge Technologies after a ransomware attack.
  • NoName057(16): A Russia-linked hacktivist group that targeted Latvian websites.
  • OneBlood: A non-profit blood supplier in the southeastern US that suffered a ransomware attack.
  • Park'N Fly: An airport parking service provider that experienced a data breach.
  • Patelco Credit Union: A credit union serving Northern California that was hit by a RansomHub ransomware attack.
  • Planned Parenthood: Listed on the RansomHub leak site as a victim.
  • Port of Seattle: Experienced a cyber attack that caused system outages, later confirmed to be caused by the Rhysida ransomware group.
  • RansomEXX v2.0: The ransomware group responsible for the attack on C-Edge Technologies.
  • RansomHub: A ransomware group that rose to prominence in 2024, known for using multiple EDR killers and targeting high-value companies.
  • Real Estate Companies: Several companies in this industry experienced data breaches in 2024.
  • Réunion des Musées Nationaux: A French museum network that experienced a ransomware attack.
  • Rhysida Ransomware: The group responsible for the cyber attack on the Port of Seattle.
  • Schools and Universities: Educational institutions faced an increasing number of cyber attacks in 2024.
  • Security Service of Ukraine: Experienced a cyber attack in August 2024.
  • Seattle-Tacoma International Airport: Experienced a cyber attack that led to system outages and flight disruptions.
  • SLIM CD: A payment gateway platform that suffered a data breach.
  • State Bank of India (SBI): A partner in the C-Edge Technologies joint venture affected by a ransomware attack.
  • Tata Consultancy Services (TCS): A partner in the C-Edge Technologies joint venture affected by a ransomware attack.
  • Temu: An e-commerce platform at the center of a data breach claim.
  • Tewkesbury Borough Council: A local government body in England that experienced a cyber incident.
  • Toyota: A multinational automotive manufacturer that suffered a data breach.
  • VTB: A Russian bank that faced a cyber attack.
  • Virgin Media: A telecommunications company that experienced a cyber attack in July 2024.
  • VMware: A technology company whose ESXi virtual machines were targeted by ransomware exploiting a vulnerability (CVE-2024-37085).
  • WazirX: An Indian cryptocurrency platform that suffered a $230 million theft in a cyber attack attributed to North Korean hackers.
  • Young Consulting (see Connexure): A US software provider specializing in employer stop-loss insurance that suffered a data breach.

Hacking Groups:

  • BlackCat/ALPHV/Noberus: A ransomware-as-a-service (RaaS) operation considered a significant threat.
  • Evil Corp: A notorious cybercrime group with links to LockBit ransomware.
  • LockBit: A prominent RaaS group known for data encryption and extortion.
  • LockBit3: The third iteration of the LockBit ransomware group.
  • North Korean Hacking Groups: Known for aggressively targeting cryptocurrency companies.

Other:

  • AT&T: Worked with the Capital Area Council of Governments to mitigate a DDoS attack on Texas emergency call systems.

This information can be used to create a more detailed timeline and a comprehensive report on the major cyber attacks of 2024.

Conclusion: A Collective Effort Towards a More Secure Digital Future

The cyberattacks of August and September 2024 served as a stark reminder of the ever-evolving threat landscape and the importance of proactive cybersecurity measures. The rise of new ransomware groups like RansomHub, coupled with the evolving tactics of existing players, emphasized the need for individuals and organizations to remain vigilant and prioritize cybersecurity.

While the increasing frequency and sophistication of attacks are concerning, a collective effort involving robust cybersecurity practices, increased awareness, and collaboration between governments, organizations, and individuals can help mitigate these threats and pave the way for a more secure digital future.

Read more