The year 2023, which has been characterized as a "disaster year" for cybersecurity by industry insiders, has turned the page, but the record data breaches, ransomware, zero-day vulnerabilities, spyware, and **chain attacks that occurred in the past year have set the main theme and tone for the global cybersecurity threat landscape in 2024.
Below we will review the top 10 most influential and disruptive cybersecurity incidents in various industries in 2023, and review and summarize these incidents will be an important reference for cybersecurity professionals to formulate risk management strategies and goals at the beginning of 2024:
One
The largest chain attack with the largest killing radius: the MoveIt Transfer data theft attack
According to Emsisoft, the vulnerability of the file transfer service MoveIt has led to (ransomware) attacks on 2,706 organizations and the compromised personal data of more than 93 million people.
MoveIt Transfer is a managed file transfer (MFT) solution developed by IPSWITCH, a subsidiary of Progress Software Corporation in the United States, that allows businesses to securely transfer files between business partners and customers using SFTP, SCP, and HTTP-based uploads.
An attacker can exploit a vulnerability exposed by the MoveIt Transfer server to hack and ** the user's stored data.
The Clop ransomware gang was quick to claim responsibility for the attacks, having previously launched similar attacks via zero-day vulnerabilities in the Accellion FTA and GoAnywhere.
Another wide-ranging chain attack in 2023 was when 3CX was breached by North Korean hacker group Lazarus, which used the company's Voice over Internet Protocol (VoIP) desktop client to push malware through a chain attack.
3CX is a VoIP IPBX software development company whose 3CX** systems are used by more than 350,000 companies worldwide and have more than 12 million daily active users.
II
The most technologically sophisticated spyware attack: triangulation
Recently, Kaspersky security researcher Boris Larin revealed the technical details of the most sophisticated spyware attack in the history of the iPhone, triangulation. This attack technique has been used to spy on iPhone users since 2019.
In June 2023, Russia **first** carried out a large-scale iPhone backdoor campaign, in which attackers used triangulation attacks to infect the iPhones of Russian diplomatic missions and thousands of embassy staff. Even Kaspersky discovered triangulation attacks in its own network, and several Kaspersky employees were recruited, which was once a joke in the cybersecurity industry. Russian intelligence (FSB) accused Apple of providing backdoors to the U.S. Agency for targeting Russians and embassy personnel.
Triangulation is a spyware campaign targeting Apple iPhone devices that exploits up to four zero-day vulnerabilities. Together, these vulnerabilities form a zero-click vulnerability that could allow an attacker to escalate privileges and perform remote** executions.
III
The most influential security incident in the financial industry: the US subsidiary of ICBC was attacked by the Lockbit ransomware
On November 10, 2023, ICBC Financial Services Co., Ltd. (ICBCFS), a wholly-owned U.S. subsidiary of the Industrial and Commercial Bank of China (ICBC), announced on its official website that it had suffered a Lockbit ransomware attack on November 8, resulting in some system disruptions.
After the attack, ICBC headquarters and other overseas branches were not affected because the attacked system was isolated and disconnected, but it also caused ICBC Financial to be unable to clear pending US Treasury transactions and was forced to send settlement data through USB flash drives. According to Bloomberg, the attack on the U.S. subsidiary of ICBC has disrupted the U.S. Treasury market.
Security expert Kevin Beaumont speculates that the attackers may have exploited the Citrix Bleed vulnerability (CVE-2023-4966) that was not patched in a timely manner.
Marcus Murray, founder of Swedish cybersecurity firm Truesec, said: "The ransomware attack on ICBC is a major shock to the world's largest financial firms. From that moment on, the ICBC hack will force the world's largest banks to race to improve their defenses. ”
According to Reuters on November 15, Lockbit claims that ICBC has paid the ransom.
Fourth
Worst healthcare data breach: the 23ANDME data breach
In October 2023, genetic testing provider 23andme suffered a credential stuffing attack, resulting in a major data breach, with the data of 6.9 million users being compromised.
23andme said that the attackers only compromised a small number of accounts in the credential stuffing attack, but shared sperm and abused other features to steal the data of millions of people.
The attackers tried to steal the data, but with no buyer taking over, the hackers ended up leaking the personal data of 1 million Ashkenazi Jews and 4 million UK residents on the forum. This includes 5.5 million DNA tracing users and 1.4 million genealogy users.
Eventually, the data breach led to multiple class action lawsuits filed by 23andme for failing to adequately protect data.
Five
The worst cloud data security incident: a Danish cloud service provider lost all user data
In August 2023, after a ransomware attack encrypted most of their customers' data, Danish hosting providers CloudNordic and AzeroCloud (two brands belonging to the same company) were forced to shut down with unsuccessful data recovery.
"Because we can neither nor want to meet the ransom demands of the criminal hackers, CloudNordic's IT team and external experts have been stepping up their work to assess the damage and determine what can be recovered," CloudNordic's statement read. ”
Unfortunately, we can't recover more data, so most of our customers lose all of their data. ”
Another serious cloud data security incident in 2023** is the leakage of GoDaddy customers' personal information. Web hosting giant GoDaddy says it suffered a blink in years that allowed unknown attackers to steal sources** and install malware on its servers.
This vulnerability, which began in 2021, was exploited by an attacker to disclose the personal information (including credentials) of 1.2 million hosted WordPress customers and use that access to redirect ** to a different domain.
No hacking group has claimed responsibility for GoDaddy's attack.
Six
The most serious cybersecurity incident in the gaming industry: GTA5 source code leak
The source of the best-selling game of all time, GTA5 (Grand Theft Auto 5), was leaked on Christmas Eve 2023, and the publisher claimed that this move was to avenge the recent conviction of Arion Kurtaj, a member of the LAPSUS$ hacking group, who was recently sentenced to permanent medical surveillance, and also to stop the malicious version of GTA5 source** from circulating online.
In 2022, the hacker group LAPSUS$ hacked into the gaming company Rockstar Games, gained access to Rockstar's internal Slack servers and ConfluenceWiki, and stole a large amount of confidential data (including the source of GTA5 and GTA6** and the test version of the latter), and LAPSUS$ immediately leaked the stolen data, including the GTA6 beta version, but the source of GTA5** It wasn't until Christmas Eve, a year later, that the leak was made public.
Currently, the link to GTA5's source is shared across multiple channels, including the dark web, Discord, and the Telegram channel that hackers previously used to leak stolen Rockstar data.
Seven
The DDoS group that poses the biggest threat to the tech industry: Sultan Anonymous
In mid-2023, a DDoS attack by a hacker group called Anonymous Sudan paralyzed the lives and services of several global tech giants, which took everyone by surprise.
The group's attack even managed to take down the login pages of Microsoft services, including Outlook, OneDrive, and Azure portals, which immediately attracted a lot of attention. A little over a week later, Microsoft finally confirmed that the DDoS attack caused the outages.
Microsoft confirmed: "Starting in early June 2023, Microsoft has seen a spike in traffic to certain services, temporarily impacting availability. Microsoft immediately launched an investigation and subsequently began tracking ongoing DDoS activity, which Microsoft tracked down as Storm-1359. ”
Anonymous Sudan "later targeted a number of others, including ChatGPT, Cloudflare, and the US service."
The increasing number of DDoS attacks and their impact prompted the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to issue an incident bulletin.
Eight
The most impactful** financial services data breach: the PayPal credential stuffing attack
In 2023, PayPal disclosed that its user accounts were compromised in a large-scale credential stuffing attack. The attack took place between December 6 and 8, 2022, and the attackers breached 34,942 PayPal accounts.
Credential stuffing attacks, also known as credential stuffing, refer to hackers collecting a large number of usernames and passwords that have been leaked on the network, and then using these usernames and passwords to log in to another.
It is reported that the hackers obtained the full name, date of birth, postal address, social security number and personal tax identification number and other personal sensitive information of the PayPal account holder in this credential stuffing attack.
Nine
The worst hack in the gaming industry: a cyberattack at MGM Resorts that led to the shutdown of IT systems
This summer, Las Vegas casino giant MGM Resorts International suffered a massive attack that led to a prolonged disruption to its business, including its main**, reservations, and in-casino services such as ATMs, ** and credit card machines.
The Blackcat ransomware operation claimed responsibility for the attack, with its affiliates saying they encrypted more than 100 ESXi hypervisors during the incident.
Bloomberg reported that the group also hacked into the network of another casino giant, Caesars Entertainment, which implied in the SEC's Form 8-K document that it had paid attackers to prevent customers from being stolen by data breaches.
The worst attack in the history of the gambling industry allegedly came from a loose hacking group known as the "Scatttered Spider".
Scattered spiders, also known as 0ktapus, starfraud, unc3944, and muddledlibra, specialize in social engineering, relying on phishing, multi-factor authentication (MFA) fatigue bombing, and SIM swapping to gain initial network access at scale.
The members of the group are affiliates of the Blackcat ransomware gang and are made up of young native English speakers with different skill sets who often visit the same hacking forums and Telegram channels.
While many people think of it as a cohesive gang, the gang is essentially a network of individuals, with different attackers involved in each attack. The structure of this flow makes it challenging to track them.
Scattered Spider was also behind previous attacks on well-known services such as Reddit, Mailchimp, Twilio, Doordash, and RiotGames.
X
The most impactful security incident for the military-industrial complex: Boeing was attacked by the Lockbit ransomware
In late October 2023, Boeing was hit by a Lockbit ransomware attack, and on October 27, 2023, Lockbit posted a message at the data breach site claiming to have stolen a large amount of sensitive data from Boeing, and used this to coerce Boeing into making the stolen sensitive data public if it did not contact the Lockbit organization by November 2, 2023.
After that, Boeing disappeared from the victim list for a time, until November 7, when the Lockbit group added Boeing to the victim list again, claiming that Boeing ignored its warnings and threatened to release about 4gib of data. Possibly due to the failure of negotiations between the two sides, the Lockbit group publicly released the 21. stolen from Boeing on November 106 Gib of data (** reported as 43 Gib, double counting of compressed and expanded data).