As we bid farewell to 2023, it's crucial to reflect on the cyber threats that dominated headlines. From data leaks and artificial intelligence to the persistent threat of ransomware, this year showcased the challenges faced by cybersecurity professionals. Let's check the top stories of the year.
1. 23andMe Data Leak Exposes Nearly 7 Million Users
23andMe, the renowned DNA testing and ancestry service, confirmed that almost 7 million of its customers had their profile data compromised in October. The breach raised concerns as sensitive health-related information including predispositions to diseases was among the data exposed. This article explores the details surrounding the breach, the extent of the leaked information and 23andMe's response to mitigate the impact.
2. Roblox and Twitch Reportedly Under Attack by Ransomware Group
It appears that online gaming giant Roblox and live streaming platform Twitch have become the latest victims of the notorious ALPHV/BlackCat ransomware cartel. The cybercriminals behind this attack claim to have gained access to sensitive data through breaching the systems of accounting software provider Tipalti.
3. Black Basta Ransomware Gang Scores $100 Million Heist in 2 Years
The notorious Black Basta ransomware group has raked $100 million using double-extortion tactics since 2022. The recent findings by Elliptic and Corvus show that the group targeted the 329 organizations and extracting more than $107 million from 90 victims.
The researchers also highlight some alarming details noting that individual impacts were severe with one victim losing $9 million and 17 others losing over $1 million each. The group believed that they have ties with the disbanded Conti Group employs advanced double-extortion techniques.
4. ChatGPT: A Tool for Cybercriminals
Within a month of its release, ChatGPT became a tool in the hands of cybercriminals, enabling them to craft phishing emails and develop malicious software. The Check Point Research report revealed the dark web discussions where hackers bragged about leveraging the generative AI model for nefarious activities. This highlighted the potential misuse of advanced technologies and the challenges in mitigating such threats.
5. Law Firm Hit by Ransomware Attack
Eckell Sparks Law Firm, a well-known legal institution in Pennsylvania was hit by a severe ransomware attack on November 23, 2023, at 11:11:19 AM. The attackers breached the firms digital systems, gained unauthorized access and stole over 100 gigabytes of sensitive data. The attackers also successfully exfiltrated the data from the company's file servers and compromised information that includes the internal company data, employee personal information such as CVs, drivers licenses, IDs and Social Security numbers, financial reports, accounting data, loans information, insurance details and various agreements.
6. Apple Report Exposes Staggering 2.6 Billion Record Data Breach Over Two Years
Apple-commissioned data breach report, spearheaded by MIT Professor of Information Technology Stuart Madnick, uncovered a staggering 2.6 billion records pilfered by hackers between 2021 and 2022. The findings, released on Thursday, underscore a disconcerting 20% surge in breaches during the first three quarters of 2023 compared to the entirety of the preceding year.
Madnick's comprehensive report amalgamates statistics and case studies from over 200 sources, providing a panoramic view of data breaches over the past two years. The report articulates a growing menace posed by increasingly sophisticated ransomware attacks and assaults on third-party vendors, emerging as pivotal factors in the expanding landscape of data breaches
7. MOVEit Breach Unraveled: A Supply Chain Nightmare
The MOVEit breach emerged as one of the most consequential events of 2023, involving zero-day exploits, ransomware, and supply chain vulnerabilities. With nearly 370 organizations confirmed as victims, the incident underscored the complexities of supply chain security and the far-reaching impact of such attacks.
8. Over 3 Million Patients Affected in California Hospital Ransomware Attack
A ransomware attack exposed the information of more than 3.3 million patients on Dec. 1, 2022. Multiple medical groups are affected under the Heritage Provider Network in California. These are:
- Lakeside Medical Organization
- Regal Medical Group
- ADOC Medical Group
- Greater Covina Medical
- Understanding Ransomware
Ransomware is a malicious computer program that attempts to infect computers and data systems. Its goal is to locate sensitive files and prevent users from accessing them. It then sends a message to pay an amount or perform a specific action. If the users fail to meet the demands, the perpetrators delete the files. That is where the program gets its name.
9. Mr. Cooper Faces Unprecedented Data Breach
Mr. Cooper, a major U.S. mortgage servicer, disclosed a massive data breach that occurred on October 30, 2023, affecting nearly 14.7 million individuals, including both current and former customers. The breach, detailed in an SEC filing updated on December 15, 2023, has raised concerns about the security measures in place and the potential risks associated with long-term data retention.
The cybersecurity landscape of 2023 was marked by a various range of threats, emphasizing the need for constant adaptation and preparedness. As we step into the new year, the lessons learned from these incidents will undoubtedly shape the strategies employed by organizations and cybersecurity professionals in the ongoing battle against cyber threats.
10. Your Complete Guide to the New SEC Cybersecurity Rules
To combat the surge in cyber breaches, the U.S. Securities and Exchange Commission has introduced fresh cybersecurity disclosure mandates for public companies. Access a thorough handbook to assist you in understanding the updated regulations, featuring essential timelines, an outline of the requirements, and guidelines for preparation.
