Friday, February 2, 2024

The Top 3 Security Breaches Of 2023 & Why They Happened

 


I know that it seems kind of unusual to be posting about some of the top Cyberattacks that happened in 2023 (just last year), but I am going to take a shot now at it, and review those that were some of the major ones.  So, here we go:

1)     MOVEit:

This has probably been of the largest Cyber breaches that happened last year.  It is essentially a file transfer software package.  The malicious payload that was deployed into was the ever so famous SQL Injection Attack.  Here are some of stats into its large impact:

“*More than 62 million individuals were impacted.

*Over 2,000 organizations were breached.

*Approximately 84% of breached organizations are US-based.

*Approximately 30% of breached organizations are from the financial sector.

*$10 billion is the total cost of the mass hacks so far.”

(SOURCE:  https://www.darkreading.com/cyberattacks-data-breaches/top-3-data-breaches-2023-what-lies-ahead-2024).

This security breach demonstrated just how wide scale a single piece of malicious payload can be.  In fact, it can even be likened to the Solar Winds hack, there just one backdoor was used to infiltrate and infect thousands of victims, which included some of the largest of the Fortune 500 companies and even the US Federal Government.

Although three major patches have been released, it still continues to impact victims.  Some of the notable ones include Sony Interactive Entertainment, the BBC, British Airways, the US Department of Energy, and Shell.  This truly represents a broad spectrum of industries and only proves that nobody is immune to a Cyberattack.

2)     The Indian Council of Medical Research (ICMR):

This security breach has been deemed to be one of the largest in terms of data exfiltration.  By using a simple alias of “pwn0001”, the names, addresses, and phone numbers of over 81 million Indian citizens was exposed.  They were also able to hijack the datasets from the COVID-19 databases owned and operated by the Indian Government.  More information about this can be seen at the link below:

https://www.thehindu.com/news/national/us-cyber-security-form-indicates-data-breach-sourced-from-icmr/article67477424.ece

Here are some of the stats of this breach:

“*5 million breached personal records and COVID test details from the New Delhi-based organization.

*90GB of data offered for sale for $80,000.”

(SOURCE:  https://www.darkreading.com/cyberattacks-data-breaches/top-3-data-breaches-2023-what-lies-ahead-2024).

This Cyberattack simply underscores the need to keep auditing the controls that you have in place for protecting your information and data, and the need to have an effective response plan in place to contain any breaches like this.

3)     23andMe:

In this particular Cyberattack, credential stuffing was the main threat vector that was used.  Login information (such as usernames and passwords) were hijacked, and were able to gain access to private data, which included the following:

*Names

*Email addresses

*Dates of birth

*Genetic ancestry and history

Here are the stats of the impact:

“*9 million user accounts were compromised — about half of the company's users.

*More than 5.5 million customer records were scraped and leaked.

*$6 is the average black-market price of a breached account.”

(SOURCE:  https://www.darkreading.com/cyberattacks-data-breaches/top-3-data-breaches-2023-what-lies-ahead-2024).

This security breach only underscores the need to deploy and maintain strong levels of Cyber              Hygiene, as well as the need to implement Multifactor Authentication (also known as “MFA”).

My Thoughts On This:

As I said earlier in this blog, nobody is immune to becoming a victim of a Cyberattack.  As I have said time and time again, the key is in mitigating that risk from happening.  Corporate America really needs to step up to the plate and take accountabilities for all of the datasets that are in their possession.  They have to realize, that we, as US citizens, are trusting them with the safekeeping of them.

They need to know where all of the datasets reside at, and continually do Risk Assessments not only to make sure that the controls protecting them are optimized, but to address and quickly remediate any gaps or weaknesses that have been found. 

Also, the need to keep training employees is a must to make sure that they are maintaining their contributions to a high caliber of Cyber Hygiene.  Also, companies need to make sure that they have all of the right plans in place in order to contain the breach, should it happen.

These include the Incident Response (IR), Disaster Recovery (DR), and Business Continuity (BC) Plans.  They must not only be documented, but they must practice on a regular basis to keep them updated.

No comments:

Post a Comment

How To Launch A Better Penetration Test In 2025: 4 Golden Tips

  In my past 16+ years as a tech writer, one of the themes that I have written a lot about is Penetration Testing.   I have written man blog...