Once again, in August, ransomware dominated the cybersecurity world. Victims included affluent European countries, modest libraries, and one of the most prominent American sports clubs. Additionally, part of the business of those who make offensive mail-based jokes was exposed on the streets. It was a strange month, is all we can say. The breaches, hacks, and assaults that caught our attention in August 2022 are listed here.
Biggest Cyber Attacks of August
§ Hackers Check Out a Major Library Supplier
The community library is a shining example of accomplishing good work with few resources. Still, even its steadfast reputation couldn’t save one of the country’s first suppliers of libraries from hackers’ grasp. The almost 200-year-old company Baker & Taylor, which supplies books, films, music, and technology services to public libraries across the U.S., had a ransomware assault on August 19 that shut down critical communications services and apps.
Given that the event affected several of Baker & Taylor’s business-critical services, the library community will probably feel the effects of this ransomware assault for a considerable amount of time.
In typical librarian fashion, the corporation has kept quiet about who could have been responsible for the hack or how the system was breached. Still, many crucial features remained unavailable for weeks after that.
Records Exposed: Communication systems and applications.
Type of Attack: Ransomware.
Industry: Library supplies.
Date of Attack: August 19, 2022
Location: Charlotte, NC
We’ve repeatedly seen that a company doesn’t have to be glitzy or wealthy to be a tempting target for cybercriminals. Due to the impression that older companies are less likely to have cutting-edge cybersecurity measures, even one as obviously stodgy as a centuries-old provider of library books is just as vulnerable as any hot-shot digital company. This type of organisation is a more desired target.
§ Luxembourg’s Cybersecurity Loses Energy
The tiny country of Luxembourg became the latest casualty in a global wave of ransomware attacks that have shown the weakness of the infrastructure and security of the energy sector.
BlackCat ransomware was used in a breach in late July to steal around 150 GB of data and documents from the subsidiaries of Enevco. The Luxembourgian government partially controls this sizable energy firm. Even while it doesn’t seem that consumer energy services were affected, the intrusion highlights how vulnerable a crucial national organisation is.
Authorities suspect that the Alphav gang, a cybercrime organisation suspected in the infamous 2021 Colonial Pipeline assault in the United States, is responsible for the attack in Luxembourg. This is the most recent in a string of attacks on wind power companies and other oil ports that have plagued Western Europe for the past year.
Even if the gang’s efforts have not yet brought down a power system, they have succeeded in leaving many cybersecurity and energy sector analysts extremely concerned about where and when the next attack will occur.
Records Exposed: Internal documents and data.
Type of Attack: Ransomware.
Industry: Energy
Date of Attack: July 22, 2022
Location: Luxembourg
The focus on energy producers by the cybercrime community is frightening, but it also makes a lot of sense. Businesses in industries where people depend on them to maintain everyday life, like energy, make for unstoppable targets. Assaults of this kind will probably continue to worsen soon because very few places in the globe can afford to gamble with their power sources.
§ Prank Customers Get Pranked
It’s reasonable to say that most individuals who read this have little sympathy for those who commit cybercrimes. But occasionally, a tale will come where you find yourself rooting a little bit for the “bad guy.” Consider the August cyberattack on a joke website, the name of which cannot be published in this family-friendly cybersecurity forum. This website enables users to deliver genuine animal faeces in discreet parcels to their opponents. It provides a living.
On August 9, notorious hacker pompompurin (whose FBI hacking operations we’ve previously chronicled here) accessed the site to mail a box of excrement to a cybersecurity expert with whom they quarrelled.
When Pompompurin discovered that the website was susceptible to a SQL injection attack, she immediately stole and leaked a sample of user email addresses. Customers who anticipated receiving their unwanted presents anonymously will not be happy with this development. Everyone who read about this peculiar glimpse of where we are today as an internet culture learnt a few things they probably wish they could forget. At the same time, the website swiftly closed the vulnerability after learning its lesson.
Records Exposed: Customer email addresses.
Type of Attack: SQL injection.
Industry: Home delivery.
Date of Attack: August 9, 2022.
Location: Unclear
You’d better make sure you’re keeping those customers anonymous if you’re going to run a website where they can pay you to carry out nasty retribution “pranks.”
Even though this situation is unusual, it has implications for more respectable businesses whose clients cherish their privacy. Even a routine client transaction might become humiliating if the wrong individual becomes interested in your system’s inner workings in today’s age of tech-savvy consumers.
August shows that no company is immune to the reach of unscrupulous actors online, not even the most austere European nation or a company that delivers unwanted cowpies. As the adage goes, prevention is always preferable to treatment. It’s time for your business to invest in Arctic Wolf cybersecurity to stay one step ahead of the bad guys.
About Author
