It’s the end of October 2022, and the numbers are in– below is a list of the most malicious cyber-attacks over the past month. As reported by Kon Briefing, cyber-attacks have affected more than 27 countries worldwide this month, with an estimated 88 breaches reported this past month. We’ve detailed 8 of the most malicious cyber-attacks globally from October 2022.
Several US Airports Suffer DDoS Attacks
A pro-Russian hacktivist group, self-named “KillNet,” has taken responsibility for a slew of denial-of-service (DDoS) attacks against the websites of several airports in major US cities. Some of the targeted airports included Atlanta, Los Angeles, Chicago, Orlando, Denver, Phoenix, and the states of Kentucky, Mississippi, and Hawaii. The attacks essentially shut down airport websites, making it impossible for travelers to get updates about their flight schedules or book plane rides. The attacks had no adverse effects on flights already booked but did affect the bookings and operations of planning future flights for flyers.
Via: Bleeping Computer
DEX Quickswap Hacked for $220K
Quickswap, a permissionless Ethereum-based decentralized exchange (DEX) that runs on Polygon Network’s layer two infrastructure, was hit with a flash loan exploit which Quickswap’s team has stated will result in the termination of the lending platform. Quickswaps team notified the public of the attack via Twitter shortly after the incident. Quickswap also added in the tweet that the flash loans attack was caused by a vulnerability within the Curve Oracle, which Market XYZ was using, and that no contracts were affected. Shortly after, Quickswap announced that the lending platform would be sunsetted and therefore recommended that any users with funds on Market XYZ’z open market withdraw immediately.
Iran’s Atomic Energy Organization Hacked Via Email
Iranian hacker group, Black Reward, has claimed ownership of a cyber-attack in which Iran’s atomic energy organization was hacked via email, gaining them access to the country’s nuclear activities which they published online. The group’s motive behind the hack was in support of Iranian protests against Iran’s state-mandated hijab and the death of 22-year-old protestor Mahsa Amini who was killed during a violent arrest for not complying with the country’s new women’s dress regulations. After the hacker group stole the logged nuclear activities, they threatened to leak the information if protesters were not released from custody.
DDoS Attack Cripples 911 Emergency System
A denial-of-service (DDoS) attack on Erie County Pennsylvania’s emergency 911 line made it difficult for emergency dispatchers to receive calls for over five hours. A deactivated wireless device placed a 911 call every 7 seconds to the county’s emergency dispatch, totaling over 750 calls over 5 hours. The issue was resolved after a third-party vendor isolated the calls made by this device to a single line and expanded the number of calls their systems could receive. When dispatchers could not receive cellular phone calls, thankfully, they could receive text messages and landline calls, as 18 emergency phone calls were made via landlines during this time.
Via: GoErie News
UK Leading Car Dealer–Pendragon Held to $60M Ransom
A hacker group, connected to the hacker group LockBit 3.0, hacked Pendragon, one of the UK’s largest car dealer’s IT system and stole five percent of all its data. The hackers have threatened to release the data on the dark web unless $60 million worth of bitcoin is deposited into their bitcoin wallet. Pendragon refused to discuss paying the ransom and has decided to instead focus on securing the remainder of their data. Following the attack, Pendragon notified its manufacturers and all 4,000 employees.
Via: Car Dealer Magazine
Cyber-Attack on Canadian Government
Members of the Canadian Parliament were notified in mid-October of an incident that may have compromised their information. Upon discovering the breach, members and other staff were urged to change their passwords, and certain internet-based services on Parliament Hill were restricted. A Canadian technology analyst commenting on the suggested severity of the attack stated that the warning received by members of Parliament was “far from a routine communication and suggested very strongly that parliamentary IT has been made aware of a significant cybersecurity risk.” The analyst added, “the keys to the front door have been stolen, and no one knows where they are.” Further updates on this attack and its consequences have not yet been released.
Via: Toronto Star
Binance Loses $570M in Hack
On October 6th, hackers stole a shocking $570 million from a blockchain linked with Binance, one of the largest crypto brands. Binance’s co-founder and CEO, Changpeng Zhao, commented on the incident stating that the exploit was on a cross-chain bridge, BSC Token Hub. Since the attack, Binance has resumed operations after implementing software that froze the hacker’s accounts. Zhao also emphasized in the following days that no user’s lost money in the attack. This attack comes after a long history of cross-chain bridge attacks in recent years.
Via Investopedia and The NY Times
DeFi Trading Platform ‘Mango” Loses $117M in Hack
Decentralized finance (DeFi) trading platforms use no third-parties, only smart contracts to execute transactions, allowing hackers to exploit a platform’s network and drain its funds. Two weeks after the Binance Hack, DeFi trading platform ‘Mango’ on the Solana blockchain was a victim of a cyber-attack that cost them a whopping $117 million. According to Mango, the hack was “caused by a price manipulation on the native MNGO token.” In response to the attack, Mango released an email address for attackers to contact them to collect a bug bounty in exchange for their money back. Since the hack, Mango Markets have been frozen to prevent more losses.
For the complete list of cyber-attacks from October 2022 read more here.