The Top Cyber Attacks of September 2022

Share :

Maybe it’s the changing of the seasons, the start of a new school year, or just something in the air, but September’s cybersecurity landscape was marked with high-energy hacks that seem to have served as twisted amusements for their perpetrators.

This month’s round-up is full of criminals who weren’t content just to collect a ransom or sell some private data. These hackers wanted to scorch the earth and hurt their victims with an extra layer of malice and humiliation. The world of cybersecurity is seldom pretty, but we can’t deny it’s lively.

September’s Biggest Cyber Attacks

Grand Theft Auto Lives Up to its Name

In one of the year’s most buzzed-about breaches, a mid-September hack yielded a striking amount of material from a titan of the gaming industry. The hotly anticipated release of Rockstar Games’ Grand Theft Auto 6 was thrown into disarray when a hacker known as “teapotuberhacker” breached Rockstar’s internal Slack channel and purloined 90 videos of work-in-progress gameplay.

Those videos were widely shared online despite the company’s attempts to have them removed from streaming sites as quickly as they were posted.

Even more troubling for Rockstar, teapotuberhacker also managed to get their hands on source code for both GTA 6 and GTA 5. Dissemination of that data could be a boon for video game bootleggers and pirates, and may also expose any number of valuable company secrets.

Rockstar has downplayed the impact of the thefts and claims that production of GTA 6 will continue unimpeded, but at the very least this represents a major bout of bad press for one of the biggest names in video games.

Records Exposed: Source code and unfinished gameplay videos

Type of Attack: Social engineering and password theft

Industry: Video games

Date of Attack: September 18, 2022

Location: New York City

Key Takeaway: While the long-term damage here is probably limited – it’s not as if this leak will stop GTA 6 from smashing sales records when it’s eventually released – it’s still a very bad look for Rockstar.

As we’ve seen many times in the past, high-profile targets mean big thrills and status boosts for cybercriminals. They also mean irresistible headlines for share-hungry media outlets, which amplifies the reputational damage many times over.

Uber Gets Taken for a Ride by a Familiar Foe

But wait, there’s more! In an extremely similar Slack attack, teapotuberhacker lived up to their screen name on September 14 when they, well, hacked Uber. The international ride-share company was breached even more deeply than Rockstar, with the hacker gaining “pretty much full access to Uber,” including email systems, internal communications, cloud storage, and code repositories.

The breach started as a social engineering attack with the hacker posing as an IT employee in order to steal password info that allowed them into the Uber Slack channel and, ultimately, the overall system.

While it remains unclear how much, if any, data was stolen in the hack, there are reports that the attacker wreaked havoc internally.

Uber employees have stated that internal web searches were redirected to pornographic images and a message about the company underpaying its drivers. The good-ish news for both Rockstar and Uber is that a 17-year-old hacker, thought to be an associate of the notorious Lapsus$ cybercrime gang, was arrested in London in late September in connection with the crimes. The bad news is that the reputational damage has already been done.

Records Exposed: Email systems, internal communications, cloud storage, code repositories, and more

Type of Attack: Social engineering and password theft

Industry: Transportation

Date of Attack: September 15, 2022

Location: San Francisco, CA

Key Takeaway: Ditto what we said about Rockstar, but with higher stakes.

While the alleged hacker in both instances was apparently connected to a high-profile cybercrime group, it also seems that both of these breaches were perpetrated partly in the pursuit of reckless kicks rather than to do damage or demand a ransom. Which is good news, as the social engineering efforts seem to have been pulled off easily, and the hacker gained access to a startlingly broad range of Uber’s inner workings.

Lapsus$ or not, it’s never a good look to have your whole system laid bare by a teenager.

IHG Hotels Data Gets Wiped Just for Fun

Some people commit cybercrimes for the money. Some do it as a form of protest or political espionage. Maybe the most disturbing, though, are the people who do it for the “lulz.” That seems to be the case with a hacker couple based in Vietnam known as TeaPea, who breached the database of InterContinental Hotels (IHG) in early September in an attempted ransomware attack.

When IHG’s security team repeatedly foiled those efforts, TeaPea switched to plan B and simply deleted a large swath of internal data in a move the hackers described as “having some funny.”

To make matters worse for IHG — the parent company of Holiday Inn, Crown Plaza, and Regent Hotels — it appears that the incident began as a spearphishing attack that was made considerably easier by the database’s comically simple password: Qwerty1234. The breach took booking systems offline for much of the IHG network and also severely hampered internal communications for days afterward, though no customer data is believed to have been compromised.

For their part, the hackers remain boldly unrepentant, telling a reporter, “We don’t feel guilty, really. We prefer to have a legal job here in Vietnam but the wage is average $300 per month. I’m sure our hack won’t hurt the company a lot.”

Records Exposed: Internal communications, corporate data, booking systems

Type of Attack: Spearphishing and password theft

Industry: Lodging and hospitality

Date of Attack: September 7, 2022

Location: Denham, UK

Key Takeaway: What a frustrating and frightening scenario this is. It appears that IHG’s internal security measures were on point and working as intended, since they were able to shut down multiple ransomware breach attempts. Unfortunately, they happened to cross paths with a particularly nihilistic team of hackers who had no qualms about venting their annoyance by permanently deleting large amounts of data.

It’s important for businesses to have a security system that protects them from all angles, because some criminals won’t be deterred by the first locked door. (Also, for heaven’s sake, don’t try to protect your corporate data with a simple password like Qwerty1234!)

Fast Company Readers Get Some Unwelcome Messages

In yet another instance of password insecurity, a bad actor wormed their way into the inner workings of the widely read business publication Fast Company, leading to some unpleasant correspondences with readers.

The September 25 breach was allegedly perpetrated by a hacker known as “Thrax,” who crowed online about how “ridiculously easy” it was to crack Fast Company’s default password and then create chaos via the publication’s content management system.

The intruder initially posted obscene messages on the company’s website before upping their game later in the week. Fast Company subscribers using Apple News received two push notifications on September 27 containing obscene and racist language before the breach was addressed.

The hacker also claimed to have gained administrative access to a number of Fast Company assets, including “Auth0 tokens, Apple News API keys, Amazon SES secrets” and more, as well as a range of personally identifiable employee information. The Fast Company website remained offline for at least several days afterward.

Records Exposed: Content management functions, Auth0 tokens, Apple News API keys, Amazon SES secrets

Type of Attack: Spearphishing and password theft

Industry: Media

Date of Attack: September 25, 2022

Location: New York City

Key Takeaway: Look, you’ve all read about the overemphasis on passwords as a safeguard against cybercrime. Even a strong password probably isn’t going to ward off a determined hacking effort, but that’s still no excuse for making it easier than it has to be.

The common trait shared between all four of this month’s featured breaches is the ease with which the criminals were able to crack into what should have been highly protected areas of high-profile businesses. You wouldn’t invest in a state-of-the-art home security system and then leave your front door unlocked. That logic ought to carry through to your online activities as well.

The big lessons this month: strengthen your passwords, protect all flanks, and be aware that for some bad actors, cybercrime is both a career and a sport.

Don’t let your organization be the next to fall victim to a criminal with a taste for cruelty. Investing in security operations and systems that head off intruders before they can sow chaos is the surest way to keep your business out of unwanted headlines.

Additional Resources:

Arctic Wolf

Arctic Wolf

Arctic Wolf provides your team with 24x7 coverage, security operations expertise, and strategically tailored security recommendations to continuously improve your overall posture.
Share :
Table of Contents
Categories
Subscribe to our Monthly Newsletter