Another year has passed, with major events taking place in the field of cyber security. Threat actors tried to use all the tools and ingenuity at their disposal to bypass corporate defenses in an environment where macroeconomic and geopolitical uncertainty continued. Cybersecurity company ESET examined high-profile cyber incidents that occurred in 2023.
According to Verizon’s Data Breach Investigations Report, external actors are responsible for the vast majority of breaches (83%) and financial gain is involved in almost all of the breaches (95%). While most of the incidents on this list involve ransomware or data theft, that’s not always the case. Sometimes this can be due to human error or a malicious insider, or the impact of attacks can be large even if the number of victims is relatively small.
ESET has selected the 10 biggest attacks of 2023, in no particular order.
MOVEit
This attack, which traced back to the Lace Tempest (Storm0950) Clop ransomware affiliate, bore all the hallmarks of the group’s previous campaigns against Accellion FTA (2020) and GoAnywhere MFT (2023). The method is simple; Exploiting a zero-day vulnerability in a popular software product to gain access to customer environments and then exfiltrating as much data as possible for ransom. It is still unclear exactly how much data was compromised and how many victims there were. But some estimates suggest there are more than 2,600 organizations and more than 83 million individuals. This impact was further compounded by the fact that many of these organizations were suppliers or service providers for others.
UK Electoral Commission
The UK’s independent regulator of party and election financing said in August that threat actors had stolen the personal information of an estimated 40 million voters.
Police Service of Northern Ireland (PSNI)
This incident falls into the category of an insider violation and is an incident in which a relatively small number of victims can suffer a large impact. The PSNI announced in August that an employee had mistakenly sent sensitive internal data to the WhatDoTheyKnow website in response to a Freedom of Information (FOI) request. This information included the names, ranks and departments of approximately 10,000 civil servants and civilian personnel, including those working in surveillance and intelligence.
DarkBeam
In the biggest data breach of the year, 3.8 billion records were exposed after digital risk platform DarkBeam misconfigured its Elasticsearch and Kibana data visualization interface. A security researcher noticed the privacy bug and reported it to the company, which quickly fixed the problem. However, it is unclear how long the data has been out in the open or whether anyone has ever maliciously accessed it.
Indian Council of Medical Research (ICMR)
Another mega breach has been spotted, this time in one of India’s largest. It emerged in October after a threat actor put the personal information of 815 million people up for sale. The data appears to have been leaked from ICMR’s COVID testing database and includes name, age, gender, address, passport number and Aadhaar (government identification number).
23andMe
A threat actor claimed to have stolen as much as 20 million pieces of data from a US-based genetics and research company. They apparently first used classic credential stuffing techniques to gain access to user accounts – essentially using previously breached credentials that those users had recycled at 23andMe. For users who had opted into the DNA Relatives service on the site, the threat actor was then able to access and scrape many more data points from potential relatives. Information listed in the data dump included profile photo, gender, year of birth, location, and genetic ancestry results.
Quick Reset DDoS attacks
Another unusual case involves a zero-day vulnerability in the HTTP/2 protocol, disclosed in October, that allowed threat actors to launch some of the largest DDoS attacks ever seen. Google said these attacks peaked at 398 million requests per second (rps), while the previous highest rate was 46 million rps. The good news is that internet giants like Google and Cloudflare have fixed the bug. Companies that manage their own internet presence were immediately called on to do the same.
T-Mobile
The US telecommunications company has suffered many security breaches in recent years, but the breach it revealed in January is one of the largest to date. It affected 37 million customers, with customer addresses, phone numbers and dates of birth stolen by a threat actor. A second incident, announced in April, affected just 800-odd customers but involved many more data points, including T-Mobile account PINs, social security numbers, government identification information, dates of birth and internal codes the firm uses to service customer accounts .
MGM International/Cesars
Two of Las Vegas’ biggest names were targeted within days of each other by the same ALPHV/BlackCat ransomware known as the Scattered Spider affiliate. In MGM’s case, attackers were able to gain access to the company network by simply searching on LinkedIn, and then impersonated the IT department and launched a vishing attack on the person whose credentials they wanted. This attack caused great financial damage to the company. They had to shut down their IT systems due to the attack, which disrupted slot machines, restaurant management systems and even room key cards for days. The company’s loss is estimated to be 100 million dollars. Although the cost to Cesars is unclear, the firm admitted to paying $15 million to blackmailers.
Pentagon Leaks
The latest incident is a cautionary tale for the U.S. military and any major organization concerned about malicious insiders. Jack Teixeira, a 21-year-old member of the intelligence wing of the Massachusetts Air National Guard, leaked highly sensitive military documents to earn praise from the Discord group he belonged to. These were later shared on another platform and republished by Russians covering the war in Ukraine. These documents provided Russia with a trove of military intelligence for its war in Ukraine and undermined America’s relations with its allies. Incredibly, Teixeira was able to print out top-secret documents and take them home to photograph and upload to the Internet.
Follow our site to read more technology news!
