With significant cybersecurity developments such as generative AI driving trends in 2023, there were several impactful cybersecurity and cyberattack headlines dominating the year. Here is a recap of just some of the top cybersecurity and cyberattack newsmakers of 2023.
Twitter (X)
One of the largest attacks of 2023 was on social media platform Twitter (X) at the very start of the year. 235 million Twitter users and their associated email addresses were leaked to an online hacking forum. As of October 2023, there have been no reported Twitter breaches since this incident.
Following a string of ransom attempts and leaks, a trove of data on over 200 million Twitter users circulated among hackers in December 2022, and was published in full on BreachForums on January 4, 2023. This data includes email addresses, names, and usernames, but does not appear to include passwords or other highly sensitive data.
23andMe Data Breach
Genetic testing company 23andME notified 6.9 million individuals that their personal data was compromised in October 2023. The privately held company, based in Mountain View, California, acknowledged in a filing with the Securities and Exchange Commission that the hacker accessed 0.1% of 23andMe’s user accounts.
A 23andMe spokesperson said that about 5.5 million customers had their “DNA Relatives” profiles accessed in an unauthorized manner. The profiles contain information such as display names, predicted relationships with others and the DNA percentages the user shares with matches.
Additionally, about 1.4 million customers participating in the Relatives feature had their “Family Tree” profile information accessed, which 23andMe describes as a limited subset of the Relatives profile data.
23andMe notified affected customers and since the incident now requires existing customers to reset their passwords and enable two-step verification.
The MOVEit Transfer data theft attacks
Ransomware gang Clop, a Russian-speaking group, is behind one of the largest breaches in recent history. .The group exploited a critical vulnerability in Progress’ MOVEit file transfer tool in late May 2023.
Clop’s widespread attack was far reaching, impacting government, public, and business organizations worldwide, including New York City’s public school system, a UK-based HR solutions and payroll company with clients like British Airways and BBC, and others.
The MOVEit campaign is among the farthest-reaching attacks of 2023, and also makes it one of the biggest data heists in recent years. Within the IT industry, victims of the MOVEit data extortion campaign included IBM, Cognizant and Deloitte, PricewaterhouseCoopers and Ernst & Young.
https://enfortra.crs-consulting.com/moveit-impacts-600k-medicare-beneficiaries-ranks-as-biggest-hack-of-2023/
Concern About AI’s Impact on Data Privacy Grows
AI is at the forefront of the battle to protect data privacy and security. As artificial intelligence (“AI”) rapidly advances and impacts various industries, it transforms the way we live, work, and interact, it is also being used as a tool by cybercriminals. One of the most noteworthy developments making headlines in 2023 is AI’s potential to affect privacy rights and the protection of users’ personal data.
In the fall, President Joe Biden issued the “Executive Order on Safe, Secure, and Trustworthy AI Development and Use of Artificial Intelligence,” recognizing the benefits of the government’s use of AI while detailing core principles, objectives and requirements to mitigate risks. Building off the executive order, the Office of Management and Budget followed with its proposed memo “Advancing Governance, Innovation, and Risk Management for Agency Use of Artificial Intelligence.” The OMB memo outlines requirements for government agencies as they procure, develop and deploy AI.
T-Mobile Data Breach
The T-Mobile breach ranks as the third consumer data exposure of the year. In September the mobile company said that the issue has been resolved and was due to a “technology update” glitch.The company also suffered a data breach impacting employees in April 2023
“There was no cyberattack or breach at T-Mobile. This was a temporary system glitch related to a planned overnight technology update involving limited account information for fewer than 100 customers, which was quickly resolved,” said Tara Darrow, T-Mobile spokesperson, in a statement.
Casinos Taken Down by Cyber-Attacks
Casino and hotel chain MGM Resorts, one of the largest casino operators in the world, was hit by a cyberattack that disrupted its operations for several days in September 2023
Ransomware group LPHV / BlackCat claimed responsibility, according to a post on X (formerly Twitter), from malware tracker vx-underground, saying they received the information directly. The unverified post alleges that the group used a social engineering attack, calling the company’s help desk with an MGM Resorts employee’s information they found on LinkedIn.
City of Oakland Declares State of Emergency After Ransomware Attack
Government officials from the city of Oakland, California declared a local state of emergency in February 2023, almost seven days after a ransomware attack shut down most city services. The announcement, issued by Interim City Administrator, G. Harold Duffey, was posted on the City of Oakland website. Oakland’s information technology department was working with law enforcement and a third party forensics firm to determine the scope and severity of the attack, which disrupted internal systems and leaked personal data on thousands of city employees and some residents.
City governments can be particularly vulnerable to cyberattacks since they house vast amounts of information, yet are relatively at the “bottom of the food chain” when it comes to available technology resources and ability to counteract. According to security researcher Comparitech, hackers launched 330 ransomware attacks on U.S. governmental entities between 2018 and October 2022, costing an estimated $70 billion in downtime alone. Of those, 72 of the ransom amounts were revealed, totaling about $36.5 million, and hackers received about $5 million in payments from 27 of these 72 cases, Comparitech said.
