This Month in Cyber Security: October 2022

October has brought some interesting changes to cyber industry - including Toyota's data breach, Microsoft's data leak, Cyber Security Awareness Month, and a spooky Hackerween release from TryHackMe!

Banner with 'Cyber Security in October' text

Another month has passed! As we look back on the month in cyber security, we highlight some of the in-depth research, spooky releases, trending threats and attacks, and the vulnerabilities that have dominated the industry in October.

This month, we deep-dived straight into Cyber Security Awareness Month, Hackerween, an all-new blue team pathway coming next week (woohoo!), the latest data breaches from Toyota, and much more.

Cyber Security Awareness Month

Cyber Security Awareness Month shines a light on raising awareness of world cyber crime and how we can take necessary steps to mitigate these risks. (Of course, cyber awareness shouldn’t just be limited to one day and should continue to be acknowledged throughout the year!)

In honour of Cyber Security Awareness Month, we took the time to explore how cyber security differs around the world.

Common challenges faced around the world by governments, authorities, and business includes:

  • Tackling the cyber skills shortage
  • Integrating new technologies
  • Keeping up with recent sophisticated attacks
  • Building cyber awareness in workplaces

Though it may come as a surprise to some, Denmark tops the leaderboard as the most secure country in the world, closely followed by Germany, the United States, Norway, the UK, Canada, Sweden, and Australia.

Want to discover the countries most at risk from cyber attacks and the areas with the highest rate of cyber security job openings? Check out our Cyber Security Around the World blog!

Toyota’s Data Breach

On the 7th of October 2022, Japanese-based automotive manufacturer Toyota, revealed at least 296,019 pieces of customer information could have been leaked in September. As a result of the leak, customers’ email addresses in their T-Connect telematics database were exposed, affecting customers from July 2017 onwards.

In a public statement, Toyota stated they could not confirm if a third party gained access to the data server, although third-party access "could not be completely ruled out."

Toyota admitted the possibility of affected customers receiving spam, phishing scams and unsolicited email messages. They stated though, that no possibility of names, phone numbers or credit card information, were leaked.

It’s thought that the hacker obtained server credentials after a subcontracted website developer published part of the source code to their public GitHub account in error.

With 95% of all data breaches caused by human error, mistakes are the most considerable cyber vulnerability in cases that could have easily been prevented. The Toyota breach could have been avoided with third-party cyber awareness training and taking appropriate measures to prevent source code from being publically released.

Workplace human error is typically a result of improper training and a lack of cyber awareness across teams. As human error comprises a significant portion of breaches, training your employees and introducing cyber security measures should be a key component of your cyber security strategy.

Microsoft Data Leak Affects Over 65,000 Entities

Earlier this month, Microsoft announced a data leak affecting thousands of customers after an endpoint was made publicly accessible.

This misconfiguration resulted in unauthenticated access to transactional data corresponding to interactions between Microsoft and prospective customers. It’s thought that the B2B data leak was caused by an unintentional misconfiguration on an endpoint, rather than an exploited security vulnerability.

The leak is believed to have exposed 2.4 terabytes of data from 2017 to August 2022. Microsoft is in the process of directly notifying impacted customers; however, the scale of the data leak hasn’t been confirmed.

Microsoft has faced criticism, with over 65,000 current and prospective customers reportedly affected. Exposed data included signed invoices, signed contracts, contact information, and email addresses of customers - all of which could be invaluable to potential attackers looking for vulnerabilities within one of these organisations' networks.

Emotet Botnet Distributing Self-Unlocking Password-Protected RAR Files to Drop Malware

The Emotet botnet has made a notorious name for itself with its success in using spam emails to compromise machines. First detected in 2014, Emotet has a history of disappearing and re-emerging. Just last week, Emotnet was linked to a new wave of malspam campaigns that take advantage of password-protected archive files ​​to drop CoinMiner and Quasar RAT on compromised systems.

Disguised as an invoice, the ZIP file attachment contained a nested self-extracting (SFX) archive that executes a second RARsfx contained within itself, before a password-protected RARsfx is extracted and executed, with no user input needed.

Self-extracting archives are commonly used to distribute malware, often facilitating cryptojacking, data exfiltration, and ransomware.

While phishing attacks traditionally exploit users often through human error, Emotnet botnet bypasses this hurdle through a batch file that automatically supplies the password to unlock the payload.

95% Agree That Human Behaviour Poses the Greatest Cyber Challenge

On the topic of human error, you may not be surprised to hear that human behaviour is considered a threat to businesses around the globe. When asked to what extent is changing human behaviour the greatest barrier to a more secure cyber defence, 58% of respondents agreed, while 37% strongly agreed. In contrast, only 50% of global CISOs surveyed expanded the frequency of employee cyber security training.

In the HLB Cybersecurity Report 2022, 753 senior IT professionals were interviewed. Other findings include the following:

  • 85% agree that skill shortages are a threat to cyber security
  • 77% agree on the lack of cyber security awareness from their staff
  • 47% admitted seeing a notable increase in cyber attacks over the past 12 months
  • 78% expressed concern about the impact of new technology on cyber security
  • 81% emphasised worries over cloud vulnerabilities

HLB’s report highlights the growing need for creating a cyber secure culture in the workplace through cyber security awareness. As your cyber security is only as strong as your weakest employee, continuously upskilling and providing cyber security awareness training helps to amp up business defences for heightened protection.

Happy Hackerween!

Blue teamers, red teamers, and cybersecurity fanatics, rejoice! For the very first time, TryHackMe released Happy Hackerween - a frightening 5-day event packed full of spooky cyber security challenges to practice your skills in action!

Hackerween was all about giving you a range of challenges in one, celebrating everything cyber security and upskilling in your field.

Daily challenges alternated between blue teams and red teams to test your skills in offensive and defensive topics.

  • October 27th: PrintNightmare (Blue Team, Easy)
  • October 28th: Epoch (Red Team, Easy)
  • October 29th: Warzone (Blue Team, Medium)
  • October 30th: Templates (Red Team, Medium)
  • October 31st: PS Eclipse (Blue Team, Medium)

Missed Hackerween? Not to worry! Keep your eyes peeled for TryHackMe’s annual festivities coming in December, with Advent of Cyber! Follow us on Facebook and Twitter to stay updated.

Blue Team Pathway… Coming Soon!

Our team of experts have been very busy this month! We’re elated to be bringing you Hackerween, and we’ll also be announcing a brand new blue team pathway in early November!

Psssst! TryHackMe is now on TikTok - make sure to give us a follow!