A lot happened in September 2022 for cybersecurity, so SWK’s news recap for this month will again cover the top stories from the cycle. There were almost dozens of high-profile data breaches uncovered from Uber to Morgan Stanley, with ongoing investigations, lawsuits and law enforcement advisories also dominating headlines for weeks. In addition, the Biden administration along with several agencies both domestic and overseas are continuing the momentum of the government push on national network security initiatives, though quite a few proposals remain under debate.
Top Data Breach News for September 2022
September 2022 was rather inundated with high-profile reports of cyber incidents throughout the world. Here are some of the top stories on data breaches so far:
Uber
The latest Uber hack has been a top headline for weeks at the time of this writing, with some observers noting the potential scope of the damage eclipsed the company’s previous 2016 breach. A hacker thought to be an affiliate of the notorious LAPSUS$ gang claims to have pulled off a social engineering scam that granted enough access to escalate their intrusion to the point where they executed exploit for administrator permissions.
U-Haul
In early September, moving company U-Haul began notifying customers that their personally identifiable information (PII) may have been compromised from past rental contracts during a breach that occurred between November 5, 2021, and April 5, 2022. An investigation conducted from July to August uncovered the intrusion and found that up to 2.2 million customers were affected (some of whom are now suing).
Morgan Stanley
On September 20, 2022, the SEC announced that wealth management firm Morgan Stanley had agreed to pay a $35 million fine for failure to properly dispose of hardware devices (including servers) that contained customer PII since at least 2015. The records of about 15 million customers were found being sold at an online auction by an IT professional, where they had been bought by a third-party from the very moving and storage company the financial services firm had hired to remove the devices.
American Airlines
American Airlines released a notice alerting the public that the data of “a very small number” of their customers and employees had been exposed during a July breach of multiple internal email accounts that had been targeted by a phishing campaign. The airline said that those accounts had been quarantined and that “[a]dditional technical safeguards” were implemented to prevent further compromises.
2K & Rockstar Games
The same LAPSUS$ hacker who claimed to be behind the Uber breach also claims to be responsible for a leak of test footage for the upcoming Grand Theft Auto VI title from Rockstar Games, though independent research found other affiliates from the gang also taking credit. The hack is particularly noteworthy not only for the Uber connection, but also because another publisher owned by Rockstar’s parent company, Take Two Interactive, called 2K Games had to notify customers that an attacker had gained access to their support email account and was using the trusted address to deliver malware on support requests.
Los Angeles Unified School District
The Los Angeles Unified School District (LAUSD) became the victim of a ransomware infection over the 2022 Labor Day weekend, and although the district’s IT team promptly shut down systems once they uncovered suspicious activity, the group that took credit for the attack still claims to have 500 GB of data stolen from LAUSD. The attackers have yet to prove their claims as of this writing, and the LAPD, FBI and even CISA have gotten involved at one point or another to provide advice and/or support for managing the situation.
LockBit Ransomware
In a less depressing example of a potential breach than others on this list, a notorious ransomware gang (LockBit) was itself the victim of compromise when either an external interloper or disgruntled affiliated developer leaked their strain’s latest encryptor code. The downside of this, however, is that it potentially grants less sophisticated bad actors access to a brand new toolkit.
Other Cybersecurity News from September 2022
Besides the many data breaches that occurred throughout the month, here are some of the other top cybersecurity news updates from September 2022:
From the White House & Federal Government
Between multiple Executive Orders and noteworthy inclusions in substantial legislative bills, the Biden administration continues to demonstrate that cybersecurity at the national level will remain a priority for the foreseeable future. Not to be outdone by the White House, quite a few members of Congress along with several committees are pursuing their own proposals, while agencies from the federal level down become increasingly involved in intelligence gathering and information sharing.
$1 Billion Grant for State & Local Cybersecurity
The Department of Homeland Security (DHS) announced the Biden-Harris administration’s creation of the State and Local Cybersecurity Grant Program, a $1 billion grant for state, local, and territorial (SLT) governments across the US. Part of the Bipartisan Infrastructure Law, this grant allocates funding to SLT governments who apply within 60 days of this announcement ( September 16, 2022).
Third-Party Software in Government
The Office of Management and Budget released a memorandum containing guidance on enforcing cybersecurity during the selection and implementation of third-party software for federal agencies. This decision was made in direct response to the SolarWinds debacle uncovered in 2020 and is considered a first step in ensuring that government systems are not compromised by software supply chain vulnerabilities.
Operational Technology (OT) Concerns
Vulnerabilities present in operational technology (OT) have become a more frequent topic within the context of addressing national cybersecurity shortfalls, with officials from the federal to legislative levels highlighting particular concerns for utility grids, industrial control systems (ICS), water infrastructure, medical technology and more.
Iranian Hackers
Hackers located in – or working for – Iran have come under increased scrutiny recently, as security agencies from the Five Eyes alliance issued a joint warning on state-sponsored Iranian bad actors just a week before the US Department of Justice indicted three Iranian cybercriminals. Both acts occurred shortly after Albania accused Iran of a July cyber attack that severely disrupted government systems and officially severed diplomatic ties with the country over it.
Contact Us for More Cybersecurity News
There were many more cybersecurity developments buried under these top headlines over the past month – let SWK Technologies help you sift through the noise to uncover the threats that could impact your business the most. Reach out to our experts today and we’ll help you catch up on the latest news from discovered exploits to emerging data regulations and ensure that your organization is prepared to face them.
Contact SWK here to discover more critical cybersecurity news updates from September and the rest of 2022.
Get in Touch with Our Cybersecurity Experts