It’s the end of November 2022, and the numbers are in– below is a list of the most malicious cyber-attacks over the past month.
As reported by Kon Briefing, cyber-attacks have affected more than 19 countries worldwide this month, with an estimated 56 breaches reported this past month. We’ve detailed 7 of the most malicious cyber-attacks globally from November 2022.
500M WhatsApp Users’ Mobile Numbers Stolen
On November 16th, an unknown threat actor posted on a hacking community forum claiming to have gained access to 487 million WhatsApp users’ mobile phone numbers and listed them for sale. The threat actor is selling the collections of numbers to others who will likely use the numbers in smishing attacks. The stolen data includes the number of users globally. Approximately 32 million are from the US, 45 million from Egypt, 35 million from Italy, 20 million from France, 29 million from Saudi Arabia, 20 million from Turkey, 10 million from Russia, 11 million from the UK, and the list goes on.
9.7M Customers’ Data Stolen From Australia’s Largest Health Insurer
An unknown actor attacked Medibank, Australia’s leading health insurer, and threatened to leak the information of over 9.7 million current and former customers’ sensitive data if the ransom amount is not paid. Despite threats, Medibank has decided not to pay the ransom, angering many Australians whose information may be on the line. Medibank is now facing a class action lawsuit by two law firms that stated Medibank neglected its duty to keep this kind of information confidential. After the attack, the unknown threat actor recommended the public sell off their Medibank stocks, raising speculation that the attack’s purpose was to short-sell Medibank shares for a profit. Shorting is selling shares you don’t own because you back them at a lower price and make a profit. It is estimated that the breach could cost Medibank upwards of $700 million if customers decide to sue for damages.
Via: ABC News and Insurance Journal
Deribit Crypto Exchange Loses $28M in Hack
In early November, an unknown hacker gained access to Deribit’s wallet server, allowing them to withdraw an estimated $28 million from their hot wallets. However, things could have been much worse. Much to Deribit’s credit, they keep 99% of their assets in cold storage and only 1% in hot wallets, leaving 99% of their assets untouched. Luke Strijers, Deribit’s chief commercial officer, also stated that client assets had not been affected and that the entirety of the loss would be covered by Deribit’s balance sheets, which are separate from the organization’s $40 million insurance fund. Deribit is still investigating how access was gained.
Canadian Food Giant Hit with “Black Basta” Ransomware
Sobeys– a Canadian food retail giant that owns and operates several popular food retail chains, allegedly faced a Black Basta ransomware attack. Despite the organization’s claims of only suffering an IT systems issue, based on ransom notes and negotiation chats seen by BleepingComputer, the attackers deployed Black Basta ransomware payloads to encrypt systems on Sobeys’ network. Details on the Black Basta ransomware gang are scarce, although it is known that the ransomware gang has demanded past victims upwards of $2 million.
Vanuatu Suffers Attack that Cripples Government Systems
The country of Vanuatu, a Pacific island landing just east of Australia near Fiji, suffered a devastating cyber-attack that crippled its entire IT infrastructure. The attack was so crippling to their IT systems that the Australian government had to get involved in helping them rebuild their entire IT network. The attack took place on November 14th, and Vanuatu’s government still has not had access to internal systems, as they are rebuilding the entire system from scratch. The hackers have demanded a ransom from the government, but the country’s officials have refused.
Via: The Sydney Morning Herald
Several US States Attacked During Midterm Election Voting
During the 2022 midterm U.S. elections in November, several states suffered a denial of service (DDoS) attack that impacted election websites, as reported by CISA. The agency cannot divulge the exact number of states affected, but it is known that Mississippi and Illinois were attacked. A CISA official stated that while it is difficult to attribute the attacks to specific groups, they did not find evidence that this was a widespread campaign coming from a single source. Thankfully, there have been no reports that the attacks affected voters’ ability to cast their votes during the election.
Via: The Hill
Greece Hit with Major DDoS Attack
In an attack allegedly from a threat actor in the Netherlands, more than 800 services of Greece’s government websites were frozen due to a devastating DDoS attack. According to IT technicians, a series of bots flooded the websites with HTTP requests, blocking the website’s use. These websites were critical to Greece’s essential operations and notably caused an inability to get electronic prescriptions for citizens, keeping many from access to their needed medications.
Via: Greek City Times
Major Malaysian Airline Suffers Breach of 5M Passenger Records
On November 11th, AirAsia, one of Malaysia’s largest airlines, suffered a significant ransomware attack by the self-named Daixin Team gang. The group stole more than five million sensitive employee and customer records. The cybercriminals shared with the public two sample spreadsheets containing the information of some of the airline’s passengers and employees. The group has locked access to staff and passengers to these records until the ransom is paid.
Via: Cybernews and Tech Monitor
For the complete list of cyber-attacks from November 2022, read more here.