Cyber attacks today have become a daily occurrence in today’s hyperconnected world. With more users and devices getting online each day, there is an ever-increasing attack surface for cybercriminals to target. 2023 saw some massive cyberattacks and data breaches that compromised millions of user records and even brought down large organizations.
Here are the most prolific top 10 most recent data breaches and cyberattacks that occurred in 2023.
Top 10 Most Recent Cyber Attacks 2023
DarkBeam Cyber Attack 2023
The DarkBeam Cyber Attack was a significant cybersecurity incident that occurred in September 2023. The breach was discovered by Bob Diachenko, CEO of SecurityDiscovery, who promptly alerted DarkBeam.
The digital risk protection firm DarkBeam had exposed an Elasticsearch and Kibana interface without protection.
The attack exposed more than 3.8 billion records, making it one of the largest data breaches in recent memory. The records included user emails and passwords from both previously reported and unreported data breaches.
DarkBeam, a top-performing cyber vulnerability and threat management provider, claimed to collect this information to alert its customers in case of a data breach.
Although most of the 3.8 billion exposed data records were from past breaches, Ironically DarkBeam had assembled the information in order to notify its customers through the site if their personal information was impacted by security incidents.
However, the extent of data held by DarkBeam and how it was organized meant that anyone who accessed it could potentially use the information for phishing campaigns.
- Date of breach: September 18, 2023
- Ransomware group involved: Unknown
- Amount of ransom: No ransom was demanded
- Methods of infiltration: The attackers used an Elasticsearch and Kibana interface to infiltrate DarkBeam’s systems
- Volume of data stolen: Over 3.8 billion records
- Type of data stolen: The breached data contained user emails and passwords from both previously reported and unreported data breaches
MOVEit Data Breach (Biggest Supply Chain Cyber Attack 2023)
The MOVEit Data Breach was the most hottest cyber attack news in mid 2023 and its impact can still be felt today as new victims are coming forward.
The MOVEit data breach occurred in May 2023 and is one of the biggest supplychain cyber attacks in 2023. The breach was carried out by a ransomware group known as CL0P known to have committed some of the biggest ransomware attacks.
The CL0P ransomware group exploited a vulnerability in MOVEit, a managed file transfer software, to steal files from organizations through SQL injection on public-facing servers.
The transfers were facilitated through a custom web shell identified as LemurLoot, disguised as ASP.NET files used legitimately by MOVEit.
The breach has impacted tens of millions of people and thousands of companies, including the U.S. Department of Energy, British Airways, pension funds, and more.
The type of data stolen was sensitive personal data. The exact amount of ransom demanded by the group is not specified, but it’s known that the average ransom paid in similar attacks in 2021 exceeded half a million dollars. The financial impact of the breach is still unfolding.
- Date of breach: May 2023
- Ransomware group involved: Clop ransomware group
- Amount of ransom: Unknown
- Tools used for infiltration: Zero-day vulnerabilities in the MOVEit Transfer software
- Methods of infiltration: Exploiting zero-day vulnerabilities to gain unauthorized access to the MOVEit Transfer servers and steal sensitive data.
- Volume of data stolen: Over 77.2 million individuals, 2,620 organizations
- Type of data stolen: Sensitive personal data stored by organizations using the MOVEit Transfer software
- Financial impact: Unquantifiable
Here are some of the major reported victims of the MOVEit data breach in 2023:
- The US Department of Energy
- Shell company
- First National Bankers Bank
- Putnam Investments
- Datasite
- Swizz Insurance company ‘OKK’
- Leggett & Platt
- Multinational firm PricewaterhouseCoppers(Pwc)
- Ernst & Young
- Health Services Ireland
- BBC
- British Airways
- Boots Retail
- Medibank
- Colorado Department of Health Care Policy and Financing
- Bank OZK
- Unum Group
- Indiana University Health
- Missouri Department of Social Services
- United Bank
- UMass Chan Medical School
- Data Media Associates
- Hillsborough County
GoAnywhere Clop Ransomware Attack
The GoAnywhere Ransomware Attack was discovered in February 2023. The ransomware group Cl0p claimed responsibility for the attack, which exploited a zero-day vulnerability in GoAnywhere MFT, a secure file transfer service by Fortra.
The vulnerability, tracked as CVE-2023-0669, is a remote code execution (RCE) flaw. The flaw was exploited by sending a post request to the endpoint at /goanywhere/lic/accept.
The attack affected several large organizations, including Hitachi Energy, Proctor and Gamble, and Rubrik. Interestingly, Cl0p did not follow a double extortion method for these attacks, nor did it appear to leave a locker. The exact ransoms demanded of Cl0p’s victims in this campaign have been unknown.
Despite the vulnerability being patched quickly after it was made public, many firms failed to promptly apply updates following security disclosures. This led to a rise in attacks, and many businesses may still be vulnerable. The financial impact of the breach is still unfolding.
- Date of breach: May 2023
- Ransomware group involved: Clop ransomware group
- Amount of ransom: Unknown
- Tools used for infiltration: Zero-day vulnerabilities in the GoAnywhere MFT secure file transfer tool
- Methods of infiltration: Exploiting zero-day vulnerabilities to gain unauthorized access to the GoAnywhere MFT servers and steal sensitive data
- Volume of data stolen: Data from 130 organizations
- Type of data stolen: Sensitive personal data stored by organizations using the GoAnywhere MFT software
- Financial impact: Unquantifiable at this moment
UK Electoral Commission Data Breach 2023
The UK Electoral Commission Attack was a complex cyber-attack that potentially affected millions of voters. The attack was discovered in October 2022, but the hostile actors had gained access to copies of the electoral registers as far back as August 2021.
The data accessed included the names and addresses of people in the UK who registered to vote between 2014 and 2022. The commission’s email system was also accessed during the attack.
The attackers were able to access full copies of the electoral registers, held by the commission for research purposes and to enable permissibility checks on political donations. However, the data of anonymous voters whose details are private for safety reasons and the addresses of overseas voters were not accessible to the intruders.
The commission estimates the register for each year contains the details of around 40 million people. The personal data held on the registers – name and address – did not itself present a “high risk” to individuals, although it is possible it could be combined with other public information to “identify and profile individuals”.
The commission has not disclosed the exact identity of the hostile actors involved in the attack.
- Date of breach: October 2022
- Ransomware group involved: Not identified
- Amount of ransom: None
- Methods of infiltration: Exploiting zero-day vulnerability to gain unauthorized access to the Electoral Commission’s systems
- Volume of data stolen: Copies of the electoral registers from August 2021, which included the names and addresses of people in the UK who registered to vote between 2014 and 2022. The data of people who qualified to register anonymously was not accessed
- Type of data stolen: Names and addresses of people in the UK who registered to vote between 2014 and 2022
- Financial impact: Unknown
MGM Resorts Cyber Attack 2023
The MGM Resorts Cyber Attack was a significant cybersecurity incident that occurred in September 2023. The attack was carried out by a group known as Scattered Spider, which is known for its sophisticated social engineering attacks.
The attackers gained unauthorized access to personal information of some of MGM Resorts’ customers on September 11, 2023. The affected information included names, contact information, gender, date of birth, and driver’s license numbers. For a limited number of customers, Social Security numbers and/or passport numbers were also affected.
The attack led to disruptions in MGM Resorts’ operations, including issues with slot machines and online room booking systems. Some systems were shut down due to the cybersecurity issue, but the firm stated that its facilities remained operational. The financial impact of the breach is expected to exceed $100 million.
- Date of breach: September 11, 2023
- Ransomware group involved: Scattered Spider
- Amount of ransom: Unknown
- Tools used for infiltration: Zero-day vulnerability in the Exchange Server
- Methods of infiltration: Social engineering tactics to gain access to MGM’s internal systems
- Volume of data stolen: Personal information of 10 million MGM’s customers
- Type of data stolen: Personal information
- Financial impact: Estimated $100 million
Johnson Controls Ransomware Attack
The Johnson Controls Ransomware Attack occurred in September 2023. The attack was carried out by a group known as Dark Angels, which encrypted devices and disrupted internal and partners’ operations.
23andMe Data Breach 2023
- Date of breach: October 6, 2023
- Ransomware group involved: Golem
- Amount of ransom: No ransom was demanded, data intended to be sold on the dark web
- Tools used for infiltration: The attacker exploited a misconfigured firewall in 23andMe’s cloud computing system
- Methods of infiltration: Social engineering tactics using brute force and credential stuffing to gain access to 23andMe’s internal systems
- Volume of data stolen: Personal information of approximately 6.9 million individuals
- Type of data stolen: Names, addresses, phone numbers, email addresses, dates of birth, and self-reported income of 23andMe customers and applicants
- Financial impact: Unknown
T-Mobile Cyber Attack 2023
- Date of breach: Around November 25, 2022 (detected January 5, 2023)
- Ransomware group involved: Not specified
- Ransom amount: Not specified
- Infiltration tools: T-Mobile’s Application Programming Interfaces (APIs)
- Infiltration methods: Exploitation of the API
- Data volume stolen: Approximately 37 million customer accounts
- Data type stolen: Customer name, billing address, email, phone number, date of birth, T-Mobile account number, customer lines info, plan features
- Financial impact: Significant, exact amount not specified
Rapid Reset — The Largest Cyber Attack in Internet History
- Date of breach: October 2023
- Ransomware group involved: Not specified
- Amount of ransom: N/A
- Tools used for infiltration: HTTP/2 protocol’s concurrent stream processing
- Methods of infiltration: Opening a multitude of streams and canceling each request
- Volume of data stolen: N/A
- Type of data stolen: N/A
- Financial impact: N/A
Dori Media Group Cyber Attack
- Date of breach: December 2023
- Ransomware group involved: MalekTeam
- Volume of data stolen: Over 100 TB
- Ransom amount: Not specified
- Infiltration tools: Not specified
- Infiltration methods: Not specified
- Type of data: Not specified
- Financial impact: Not specified
Conclusion
The frequency and scale of recent cyberattacks witnessed in 2023 demonstrate how serious an issue cybersecurity has become. With more of our lives and data moving online every day, there are growing risks from both sophisticated cybercriminal groups and opportunistic attackers.
While some of the largest cyber attacks 2023 compromised millions of user records, even smaller organizations were not spared from being targeted. The financial and reputational losses incurred by companies have been massive. Most concerning is the risk these security breaches pose to users, with personal details being stolen that enable identity theft and fraud.
Looking ahead, cybersecurity needs to become a bigger priority for both technology companies and individuals. Stronger authentication, encryption, access controls and monitoring cybersecurity trends will help curb the impact of future breaches. However, eliminating vulnerabilities completely may not be realistic given the dynamic threat landscape.
Increased cooperation between governments, law enforcement and the private sector will also be important to curb the activities of cybercriminal networks and beef up our cyber shields. Users must also become more cautious about sharing personal information online and avoid phishing attempts. Only with diligence on all fronts can we hope to curb the growing tide of cyberattacks.