Welcome to the October edition of Upfort’s Threat Matrix! This month, we’re seeing cyberattacks get more creative, more persistent, and more opportunistic. From hackers exploiting government shutdowns and breaking into GPS-reliant systems to new malware strains targeting online retailers and spyware vendors abusing Chrome zero-days—no corner of the digital economy is off-limits.

For small businesses, the big takeaway is clear: you don’t need to be a major corporation to be a target. Whether you rely on platforms like Discord, Adobe Commerce, or Oracle, or simply use cloud services powered by big tech, your exposure often depends on how well those systems are secured and updated.

Each story in this roundup includes simple, actionable steps to reduce your risk—because cyber threats may be complex, but protecting your business doesn’t have to be.

Want to know how protected your company really is? Take two minutes to complete our interactive cybersecurity checklist or get a free cybersecurity risk assessment to uncover exploitable vulnerabilities in your network.

U.S. government shutdowns linked to spike in cyberattacks

A new report shows that cyberattacks against U.S. federal agencies increase during government shutdowns, when IT teams are short-staffed and distracted by operational disruptions. Threat actors—both nation-state and criminal—take advantage of these windows to launch attacks, often targeting outdated systems or unpatched vulnerabilities.

This finding matters beyond the public sector. Hackers don’t just go after federal systems—they often pivot to private sector targets through shared vendors, contractors, or exposed infrastructure. That means small businesses that work with public agencies or rely on government-funded platforms could be at risk during shutdown periods.

How to protect your business: Stay alert during shutdown windows, patch systems promptly, and confirm vendors are maintaining proper security practices even during disruptions.

Read More

‍

‍

Canada says hacktivists breached water and energy facilities

The Canadian government has confirmed that multiple water treatment plants and energy facilities were breached by hacktivist groups earlier this year, highlighting growing risks to critical infrastructure.

According to a joint cybersecurity advisory from the Canadian Centre for Cyber Security and the U.S. CISA, the attackers exploited weak or default credentials on internet-exposed systems like human-machine interfaces (HMIs), engineering workstations, and SCADA equipment. In some cases, hacktivists took systems offline or defaced control panels to display anti-Israel or anti-Western messages.

While the incidents appear politically motivated rather than financially driven, officials warn that these types of intrusions can still cause serious operational disruptions—especially when they target industrial control systems with minimal security protections.

How to protect your business: Audit all internet-exposed OT systems and disable unnecessary remote access. Enforce strong, unique passwords, and segment operational technology from IT networks. Enable multi-factor authentication and monitor for abnormal access patterns.

Read More

‘SessionReaper’ flaw in Adobe Commerce is being actively exploited

Adobe has issued an urgent warning about a vulnerability in its Adobe Commerce and Magento platforms that is now under active attack. The flaw—dubbed SessionReaper—lets attackers hijack user sessions, potentially gaining unauthorized access to sensitive customer or admin data.

Adobe Commerce powers thousands of online stores, including many small and midsize retailers. If unpatched, this vulnerability could be used to steal customer information, modify orders, or take over store admin accounts.

How to protect your business:

Update Adobe Commerce and Magento installations immediately to the latest version. If you use a third-party developer or hosting provider, confirm they’ve applied the necessary patches.

Read More

‍

‍

North Korean hackers expand crypto theft operations targeting businesses

A North Korean state-sponsored hacking group known as BlueNoroff is ramping up attacks on businesses to steal cryptocurrency, according to new threat intelligence. Part of the larger Lazarus Group, BlueNoroff is now using more sophisticated methods—including fake job offers and trojanized software updates—to trick employees into downloading malware.

The group’s goal is to gain access to internal systems and siphon funds from cryptocurrency wallets and exchanges, often by hijacking transaction approvals or manipulating trusted apps.

While these attacks have primarily hit crypto-related firms, small businesses with any connection to digital assets or financial workflows could be at risk—especially if they handle transactions, work with blockchain vendors, or allow employees to use unmanaged devices.

How to protect your business: Train employees to spot phishing and fake job recruiter messages, block unknown software downloads, and require multi-factor authentication for any systems that handle financial transactions.

Read More

Electronic warfare disrupts GPS signals across North America

Reports are emerging of commercial GPS disruptions likely caused by electronic warfare tactics tied to ongoing global conflicts. While these attacks have typically targeted military systems, civilian users—including businesses that rely on GPS for fleet tracking, shipping, and logistics—have begun noticing outages and irregularities.

Experts warn that spoofing and jamming techniques could continue to interfere with commercial GPS signals, impacting everything from delivery routes to farming equipment.

How to protect your business:

Have a backup plan in place for GPS outages. This could include using alternative mapping tools, enabling offline navigation, or setting up manual routing processes. If your operations depend heavily on GPS, consider reaching out to your provider to ask about resiliency features.

Read More

CISA warns of two more actively exploited Dassault vulnerabilities

CISA has added two newly discovered vulnerabilities in Dassault Systèmes’ 3DEXPERIENCE platform to its Known Exploited Vulnerabilities (KEV) catalog, citing confirmed exploitation in the wild. Dassault Systèmes is a French software company known for its 3D design and engineering tools used in critical industries like aerospace, automotive, and manufacturing. Its 3DEXPERIENCE platform manages everything from product development to supply chain coordination—making it a high-value target for attackers.

The flaws—CVE-2024-3596 and CVE-2024-3595—allow remote attackers to execute arbitrary code or gain elevated privileges due to insecure deserialization and improper access controls.

How to protect your business: Apply the latest security updates from Dassault immediately. Limit internet exposure of 3DEXPERIENCE platforms, and monitor logs for signs of unauthorized access or privilege escalation.

Read More

TeeFAIL attack breaks data protections on Intel, AMD, and Nvidia chips

A newly discovered cyberattack method called TeeFAIL can break the advanced security protections built into many modern computer chips from Intel, AMD, and Nvidia. These protections—known as “confidential computing”—are supposed to keep sensitive data safe, even if a hacker gets into the system.

But researchers found a way to bypass those protections and potentially steal private information like passwords, customer data, or encryption keys. While chipmakers have released security updates, some of the underlying issues may be harder to fix and could affect systems used by cloud providers, software vendors, or device makers.

How to protect your business: Install all security updates from your software and hardware vendors. Talk to your IT provider or cloud vendor to make sure they’re aware of the issue and applying fixes. If your business handles sensitive customer or financial data, now’s a good time to review how it’s protected.

Read More

Discord breach exposes government-issued IDs

Messaging platform Discord has confirmed a data breach involving user-submitted government IDs, which were collected as part of its identity verification process. The incident occurred after a third-party vendor used by Discord was compromised.

While Discord says the breach did not affect its core platform or broader user base, it did expose sensitive personal information of individuals who submitted IDs for verification, including images of driver’s licenses and passports.

How to protect your business: Avoid submitting sensitive documents to platforms unless absolutely necessary. Vet third-party vendors and ensure your business partners follow strong security protocols. If your company collects ID information, make sure it’s stored securely and encrypted.

Read More