Cyber attacks became the top-rated risk since 2020 and have become a prevalent threat across public and private sectors. Attackers continue to find new ways to breach security defenses, steal valuable data, and disrupt operations. According to the FBI there are over 4,000 cyber attacks per day. For the constraints of this blog, we’ll take a look at some of the most notable cyber attacks of 2023.
January: Twitter
The criminal hacker who goes by the name ‘Ryushi,’ initially demanded $200,000 to hand over or delete the stolen information. A week later – after presumably being rebuffed by Twitter – the hacker put the data up for sale on the hacking forum Breached. More than 220 million users’ email addresses were leaked.
Reportedly no personal information other than email addresses was compromised. However, many people can be easily identified by their email address, especially if they use their name or the name of their business.
February: PeopleConnect
PeopleConnect (the information provider for background check services), TruthFinder, and Checkmate, confirmed in February that they had suffered a data breach affecting 20 million people. Criminal hackers leaked a 2019 backup database containing personal information from customers. According to reports, the compromised information includes email addressed, hashed passwords, first and last names, and full names.
March: Latitude Financial
The largest confirmed data breach of March 2023 took place at Latitude Financial with more than 14 million records being compromised. The Melbourne-based company provides personal loans and credit cards to people in Australia and New Zealand. They reported that cyber criminals had captured almost 8 million drivers’ licenses, along with 53,000 passport numbers and dozens of monthly financial statements. Additionally, 6 million records dating back to 2005 were also compromised in the attack.
April: Shields Healthcare Group
Towards the end of April, reports emerged that Shields Health Care Group, a Massachusetts-based medical services provider, was the victim of a cyber-attack. Criminal hackers gained access to the organization’s systems and had stolen the personal data of 2.3 million people.
The criminals reportedly had access to sensitive data for two weeks. That data included patients’ social security numbers, dates of birth, home addresses, healthcare provider information, and healthcare history. In addition, billing information, insurance numbers, and other financial details, were stolen in the attack.
May: Luxottica
Luxottica, the world’s largest eyewear company, fell victim to a major cyber-attack in May. According to D3 Labs Draghetti, the leak exposed 74.4 million unique email addresses, 2.6 million unique domain email addresses, and 305 million records. Have I Been Pwned’s Troy Hunt said that more than 77 million unique accounts were included in the leaked data. According to the seller, the database contained customers’ full names, email addresses, home addresses, and dates of birth.
June: Oregon and Louisiana Department of Motor Vehicles
In the USA, the states of Oregon and Louisiana said that their departments of motor vehicles were compromised as part of the MOVEit software vulnerability. Louisiana’s OMV (Office of Motor Vehicles) said that at least six million records, including driver’s license information, were stolen. The state of Louisiana OMV also reported that the breach was not internal but rather it occurred through the third-party software provider.
While the Louisiana OMV have not been able to determine the full extent of the damage in this incident, they believe that all Louisianans with a state-issued driver’s license, ID, or car registration, may have had personal data exposed. On the other hand, the Oregon DMV (Department of Motor Vehicles) said that an estimated 3.5 million driver’s license and identity card details have been compromised.
July: Tigo
Reports emerged in July that the video chat platform Tigo leaked more than 700,000 people’s personal data online. Tigo is one of China’s most popular online messaging platforms, despite concerns regarding its data privacy practices. The information contained people’s names, gender, email addresses, and IP addresses. It also included users profile pictures as well as private messages. According to Have I Been Pwned, more than 100 million records were compromised in total with this incident.
August: UK Electoral Commission
On 8 August, the UK’s Electoral commission issued a public notification of a “complex cyber-attack” in which malicious actors gained access to the UK’s electoral registers, which contain an estimated 40 million people’s personal information. The attackers accessed Electoral Commission servers that held emails, control systems, and copies of the electoral registers, of those registered to vote in the UK between 2014 and 2022. Electoral registers contain voters’ names, addresses, and the date on which they achieve voting age.
Security researcher Kevin Beaumonton explained in doublepulsar.com that the Commission was known to have been running an unpatched version of Microsoft Exchange Server that was vulnerable to ProxyNotShell attacks at the time of the incident.
September: DarkBeam
According to Cybernews, on September 18 CEO of SecurityDiscovery Bob Diachenko, discovered that the digital risk protection firm DarkBeam had “left an Elasticsearch and Kibana interface unprotected, exposing records with user emails and passwords from previously reported and non-reported data breaches.”
Among the leaked data, there were 16 collections named “email 0-9” and “email A-F,” each containing 239,635,000 records. Ironically, the 3.8 billion exposed data records came from previous data breaches, which had been assembled by DarkBeam to alert its customers to security incidents affecting their personal information. The data leak was closed instantly after Diachenko informed the company about the issue.
October: DDoS Attack
The DDoS attacks were reported on October 10; Cloud infrastructure providers Google Cloud, Cloudflare, and Amazon Web Services, noticed that the attacks were part of a mass exploit of a zero-day vulnerability. In a recent blog Google Cloud stated “This new series of DDoS attacks reached a peak of 398 million requests per second (rps), and relied on a novel HTTP/2 “Rapid Reset” technique based on stream multiplexing that has affected multiple Internet infrastructure companies. By contrast, last year’s largest recorded DDoS attack peaked at 46 million rps.”
DDoS attacks attempt to disrupt internet facing websites and services, making them unreachable. This is done by directing overwhelming amounts of Internet traffic to targets, which can exhaust their ability to process incoming requests. DDoS attacks can have a devastating impact to victim organizations such as loss of business and unavailability of critical applications, which often cost victims time and money.
November: Tri-City Medical Center
On November 9, Tri-City Medical Center was hit by a ransomware attack that shut down most of the hospital’s emergency services. The hospital said it learned about unauthorized activity on its computer network and had to shut down equipment to slow any malware spread. Tri-City placed itself on an Internal Disaster Diversion with San Diego County’s Office of Emergency Services.
This attack may not be of the greatest proportions as far as the number people affected, however it is noteworthy as the hospital could not accept any patients through the 911 system due to the critical disruption of the ability to provide medical services. This is one of many medical facilities that are often victims of cyber criminals. Hospitals tend to be more vulnerable because of their equipment. Things such as heart monitors and IV pumps run on older software systems that make the hospital more liable for attacks; this poses a direct threat to the patients as opposed to the hospital, increasing the emphasis that human lives are at stake.
Cybersecurity Threats Keep Increasing
2023 has been a year of massive data leaks and expensive ransomware payouts. In the last year, not only have we seen an increase in cyber attacks but they have become more advanced than ever before and were highly coordinated. Endpoint attacks have become complex, multi-stage operations. Ransomware is no longer a problem affecting only big corporations but small businesses as well.
According to Proofpoint’s 2023’s Human Factor report, more than 99% of threats require human interaction to execute, such as enabling a macro, opening a file, following a link, or opening a malicious document. This means social engineering plays a crucial role in a successful attack. “Cybercriminals are aggressively targeting people because sending fraudulent emails, stealing credentials, and uploading malicious attachments to cloud applications, is easier and far more profitable than creating an expensive, time-consuming exploit that has a high probability of failure,” says Proofpoint’s chief of threat operations. With this said, training and testing employees to recognize a social engineering attack as well as how to respond and properly report it is vital.
Threats to information security consistently focus their attacks on company employees. At Social-Engineer LLC, we provide security awareness managed services which are designed to test, educate, and protect, your human network from Vishing, Phishing, SMiShing, and Impersonation, attacks. We apply scientifically proven methodologies to uncover vulnerabilities, define risk, and provide remediation. Some say that humans are the weakest link in cyber/information security. With the right education, training, and testing, they can be your best line of defense.
Written by:
Rosa Rowles
Human Risk Analyst at Social-Engineer, LLC