As we approach the end of 2023, it becomes crucial to reflect on the cybersecurity landscape and glean insights from the year’s events.
Upon the culmination of the year and the subsequent release of statistics, it is anticipated that ongoing trends in cyber threats will persist. This article aims to document the major cyber attacks of 2023, providing technical analysis and insights while exploring valuable lessons.
The three key lessons for companies emerging from this year’s cyber attacks are:
Prioritize and continually review third-party providers of software or services.
Reevaluate and document protocols for responding to security breaches, especially ransomware attacks. This includes reporting procedures, involvement of insurance companies, and provisions for emergency assistance and forensic investigations.
Recognize the importance of swift and informed actions during emergencies, as the speed of response can significantly impact the containment of a breach.
As cybercrime groups continually seek new avenues of attack, supply chain attacks, particularly those exploiting peripheral weaknesses, have become insidious and highly effective.
As we know, cyber crime groups are always on the lookout for new avenues of attack. Phishing and other means of credential theft remain the most popular — but supply chain attacks, where the identified weakness is a peripheral part of the organisation’s main activity, can be insidious and highly effective.
What more tempting target for a cyber criminal than software that manages secure movement of files? We started with the Data Brench that has been keeping us busy the half time of these year:
Number one: Move IT
A wave of cyberattacks began in May 2023, exploiting a vulnerability in MOVEit, a managed file transfer software.
The Clop ransomware gang abused a zero-day exploit, resulting in data theft from government, public, and business organizations worldwide. Including New York City’s public school system, a UK-based HR solutions and payroll company with clients like British Airways and BBC, among others.
According to a running tally from Emsisoft, over 2,000 organizations reported being attacked, with data thefts affecting more than 62 million people, primarily in the US. Including Sony, Microsoft, and the most scary part is how much information about health of people around the world has been compromised.
For example, BORN Ontario, attacked in June, revealed that data from newborns and pregnant patients in Ontario spanning from January 2010 to May 2023 was stolen, affecting about 3.4 million people.
Privacy Concerns:
Health information is highly personal and often includes sensitive details about an individual’s medical history, conditions, treatments, and medications. The exposure of such information can violate an individual’s privacy.
Also, Stolen health data can be used for identity theft and insurance fraud. Criminals may use the information to create fake identities, file false insurance claims, or obtain medical services under someone else’s name.
Number two: Kid Security
And the concerns below are the ones, why we choose this as top 2 of the cyber attacks in 2023:
The widely-used parental control app, Kid Security, designed for parents to monitor and control their children’s online safety, inadvertently exposed user activity logs on the Internet for over a month due to misconfigured Elasticsearch and Logstash instances.
More than 300 million data records were compromised, including 21,000 telephone numbers and 31,000 email addresses. Some payment card data was also exposed. The data was accessed; the Readme bot “partially destroyed” the open instance, injecting a ransom note with a bitcoin wallet address to send a payment in exchange for the files.
Imagine that you got Kid security to protect your Children online activity but at the same time is the same cause to expose his or hers, digital ID.
Number three: 23andMe
This is a consumer genetics and research company headquartered in California, US.
Significantly, the 23andMe site contains considerable amounts of DNA data on Ashkenazi Jews, millions of German and English citizens and hundreds of thousands of Chinese people.
In early October 2023, the threat actor claims to have 20 million 23andMe data records, indicating further data leaks are likely.
Whoever is responsible for collecting the data has begun attempting to sell it online. They are charging $1 to $10 per account, which contains data such as name, sex, birth year and some details about genetic history. It does not seem that raw DNA data has been leaked.
While this recent data leak is significant as it indicates companies keeping sensitive data like DNA profiles could become focused targets in the future, because remember in the future, where you open even the doors of the supermarket with your Iris or fingerprints, your Digital ID will be depending on this information.
Iris-Scanning für Geld: Würdest Du es tun?
For some time now, a phenomenon has been emerging in squares and public spaces in Argentina and other Latin American cities: long queues of people waiting to have their iris scanned with a silver sphere on a stand.
This is the Worldcoin project, an initiative by Sam Altman, the owner of OpenAI, the company that developed ChatGPT, which issues money (cryptocurrencies or dollars) in exchange for you getting your eye scanned.
Number Four: DarkBeam
DarkBeam is in position number 3 because is funny and concerned that a a cyber risk protection company is at risk to reveal your data.
On 18 September, CEO Bob Diachenko of SecurityDiscovery discovered that the digital risk protection firm DarkBeam had “left an Elasticsearch and Kibana interface unprotected, exposing records with user emails and passwords from previously reported and non-reported data breaches.”
Diachenko informed DarkBeam, which promptly closed the vulnerability.
While most of the 3.8 billion exposed data records come from previous breaches assembled by DarkBeam to alert customers, the organized information means anyone accessing it could create plausible phishing campaigns.
If you use this company please remember to check credentials via haveibeenpwned.com and take precautions, such as changing reused passwords and implementing multifactor authentication.
Number Five: Twitter
This year, Twitter faced multiple PR crisis and one of those is thanks to the criminal hacker, ‘Ryushi,’ who leaked over 220 million users’ email addresses.
The fraudster initially demanded $200,000 to hand over or delete the stolen information. A week later, after presumably being rebuffed by Twitter, the hacker put the data up for sale on the hacking forum Breached.
While it appears that no personal information beyond email addresses was compromised, the incident poses significant privacy risks, especially for individuals easily identified by their email addresses, such as celebrities and high-profile figures.
As Twitter has been claiming of free speech, cybersecurity experts like Alon Gal from Hundson Rocks, believed that this database is going to be used by hackers, political hacktivists, and governments to harm our privacy even further.
Conclusion
In conclusion, the top five cyberattacks of 2023 underscore the persistent and evolving threats in the digital landscape. These incidents reveal the vulnerabilities across diverse sectors, from parental control apps to genetic research companies, digital risk protection firms, social media giants, and critical enterprise file transfer tools. The breaches not only compromised massive amounts of personal and sensitive information but also exposed systemic weaknesses in cybersecurity infrastructure.
These attacks emphasize the urgency for organizations to prioritize robust cybersecurity measures, including regular audits, prompt vulnerability patching, and employee training. Additionally, individuals must remain vigilant, adopting practices such as secure password management, multifactor authentication, and regular checks for potential compromises.
The fallout from these cyberattacks extends beyond immediate financial or reputational damage, delving into privacy infringements, identity theft, and the potential for broader societal impacts. The incidents serve as a stark reminder that cybersecurity is a collective responsibility, requiring continuous efforts from individuals, organizations, and policymakers to adapt and fortify against emerging threats in an increasingly interconnected digital world. As technology advances, so must our commitment to securing the digital realm to protect both personal and collective well-being.