The Worst Cyberattacks of 2023 to Date

Cyberattacks can be devastating to the victimized organizations. A successful attack can impact business-critical systems, making it impossible for a company to service its customers. Unfortunately, cyberattacks continue to be a serious problem despite the best efforts of large and small security teams.

Many cyberattacks, specifically when ransomware is the weapon, are designed to compromise business-critical systems or steal enterprise data resources. These attacks put sensitive personal and financial data at risk and can be extremely hard to address after the fact. Threat actors typically threaten to disclose exfiltrated data to convince victims to pay their ransom demands.

Some of the Worst Cyberattacks of 2023

Let’s take a look at some of the worst cyberattacks that have occurred so far in 2023. Some breaches were initiated before 2023 but have only been identified or announced by the victims this year. A large percentage of attacks this year have been conducted by exploiting a vulnerability in the MOVEit third-party file transfer software and have been responsible for significant data breaches.

The MOVEit Security Vulnerability

MOVEit is managed file transfer software produced by Ipswitch, Inc. The company has over 600 customers who use the software as a secure collaboration and file-sharing solution. It is a certified solution used by government institutions and other organizations to transfer sensitive information.

A zero-day vulnerability in the software has been exploited by the Clop ransomware gang and has had a wide-ranging effect on many organizations. In addition to the companies directly affected by their use of the software, other entities have been impacted by third parties in the supply chain using the platform.

The software’s flaw, now identified as CVE-2023-35362, is considered critical by the NIST. An SQL vulnerability can enable an unauthorized user to gain access to the MOVEit transfer database. The intruder can investigate the database contents and may be able to execute code to compromise or delete database elements. Exploiting this kind of flaw typically involves threat actors gaining access to an environment and remaining hidden while they search for valuable information and critical systems.

MCNA Dental

Managed Care of North America (MCNA) Dental reported a data breach that affected the sensitive personal information of close to nine million patients. The company became aware of an unauthorized intrusion into its IT environment on March 6th, 2023. Investigations indicate hackers had gained initial access on February 26th. Stolen data includes patients’ names, addresses, Social Security numbers, and health insurance plan information.

The LockBit ransomware gang has claimed responsibility for the attack and threatened to publish the exfiltrated data if its ransomware demand of $10 million was not met. When MCNA failed to pay, LockBit released the data on its public website, making it available to other threat actors.

UK Electoral Commission

The UK Electoral Commission announced a data breach on August 8th, 2023 that involved the records of up to 40 million individuals who registered to vote between 2014 and 2022. The Commission first identified the incident in October 2022 and investigations indicate the systems were first breached in August 2021. The attackers gained control of email servers, control systems, and copies of electoral registers. Authorities in Great Britain suspect that a nation-state is behind the attack and data breach.

Luxottica

Luxottica, the world’s largest eyewear company and prescription frames maker was the victim of a data breach announced by the company in May 2023. Over 70 million records in a database were stolen in 2021 with some partial data leaks in 2022. In late April and May of 2023, the complete database was leaked for free making its information available to additional threat actors. The company states that the breach originated with a security incident involving a third-party contractor storing customer data.

Latitude Financial

Latitude Financial is a consumer finance company operating in Australia and New Zealand. In March 2023 the company announced that 14 million records were stolen due to a cyberattack on its IT environment. The stolen information included driver’s license and passport numbers as well as financial data. The company had initially reported that the incident affected a much smaller number of individuals. Security personnel responded to the initial intrusion but the threat actors were able to obtain login information used to access the information.

T-Mobile

T-Mobile announced that they discovered a data breach on January 5, 2023 responsible for exposing 37 million customer records. The stolen data includes addresses, phone numbers, and dates of birth. The breach does not appear to have involved Social Security numbers, PINS, or financial information. The company said the intruders first accessed the data on November 25, 2022.

T-Mobile also experienced a second data breach in late February 2023 in which hackers had access to customer data for more than a month. Though the incident affects less than one thousand customers, it involves sensitive information that could put the victims at risk of identity theft. The multiple attacks have made some question the effectiveness of the cybersecurity measures in place at T-Mobile.

How Samurai XDR Protects Organizations From Cyber Attacks

An extended detection and response (XDR) solution provides organizations with enhanced capabilities for protecting themselves from cyberattacks. Samurai XDR employs advanced threat intelligence as the foundation for identifying threats to the IT environment.

• Samurai XDR detects known and emerging threats to an IT environment so they can be investigated by security personnel before they can cause damage. It offers protection that cannot be replicated through traditional cybersecurity methodology.
• Samurai XDR’s detection engine leverages NTT’s Tier 1 internet backbone which monitors over 25% of the world’s internet traffic to provide superior threat intelligence.
• The platform efficiently analyzes large volumes of telemetry using advanced artificial intelligence and machine learning to uncover anomalous behavior that may indicate the presence of threat actors. The platform identifies lateral movement through the environment that often is a sign of an APT.
• Functionality such as Samurai’s Boost Scoring feature assists by prioritizing threats so security personnel can concentrate on the threats that pose a significant risk to the organization.
• Samurai XDR consolidates threat information from across the environment in a unified interface for increased productivity. This benefit helps small teams provide the robust cybersecurity needed to protect an organization.

Start protecting your valuable IT environment with the advanced capabilities of Samurai XDR. Customers can talk to the threat detection experts at Samurai and request a free trial of this advanced XDR solution.