The Year in Review: 2023’s 10 Most Notable Cyberattacks

Or listen on:

             

Explore the 10 most notable cyberattacks of 2023, from Twitter’s data leak to the MongoDB breach, in this review of the past year.

As 2023 draws to a close, in the first of a two-part series, we take a deep dive into the year’s most significant cyber incidents, from the largest data breaches and leaks to the most notorious hack events. For a look ahead to the future, check out our recent episode where we made 9 predictions about cybersecurity in 2024.

While once the severity of a breach was gauged by the sheer volume of records compromised or the number of individuals affected, the focus has shifted. The size of a breach doesn’t necessarily correlate to its impact or influence. In this episode, we move past the traditional metrics to discuss what are, in our opinion, the 10 most impactful data breaches of 2023.

1) Twitter’s Rocky Start to 2023

January

For Twitter, the year started with a significant data breach, where around 220 million users’ email addresses were leaked from Twitter’s database. While not necessarily alarming at the outset, a major potential problem arose: the ease of linking the leaked email addresses to user accounts can lead to unauthorized access. This breach not only exposed users to potential security risks across various platforms but also marked a low point for Twitter, which was already grappling with management upheavals and previous breaches in 2022. The breach is seen as a major setback for a platform already struggling to regain stability, underscoring the complexities and challenges Twitter faces in the current social and digital environment.

2) The ESXi Hack

February

Unlike the Twitter breach, which affected general internet users, the ESXi Hack targeted a vital component in the business tech infrastructure: the ESXi hypervisor platform, widely used for hosting virtualization. This attack, named ESXi.args, exploited a remote code execution vulnerability, or CEV, leading to the compromise of around 3,800 systems. This is particularly alarming because each affected hypervisor can run multiple virtualized systems, potentially escalating the number of compromised servers and services into the tens of thousands. The ESXi platform’s widespread use meant that this attack had a sizable impact on numerous highly virtualized businesses. This hack, therefore, not only compromised the hypervisors but also all the services running on them, marking it as a significant event in the business world of cybersecurity.

3) The 3CX Supply Chain Attack

March

The next major cybersecurity incident on our list is a significant 3CX supply chain attack against 3CX, a major cybersecurity event of 2023 that affected about 600,000 users. 3CX, a prominent provider of Voice over Internet Protocol (VoIP) services, was compromised, impacting numerous businesses reliant on its software for daily operations. This attack was particularly insidious as it infiltrated the software’s distribution system, meaning that as businesses promptly updated their systems (a practice encouraged for security), they unknowingly integrated the malicious code into their operations. Making the situation even worse for 3CX’s customers, many faced a lose-lose dilemma: abandon a potentially business-critical system pending repairs or replacement or continue using potentially compromised software. Switching away from a major vendor like 3CX isn’t a simple, quick decision for most businesses. Unfortunately, it seems unlikely that this type of supply-chain attack is going away any time soon.

4) The Devastating MoveIt Breach

March

The MoveIt Breach was one of the most significant cyber incidents of 2023, especially concerning data protection. Progress Software, behind the MoveIt File Transfer Utility, faced a series of vulnerabilities that led to this breach. The software, widely used for securely transferring large volumes of sensitive data, including HIPAA-protected health information, financial records, and other information that requires confidentiality like trade secrets, was compromised, impacting 2,500 to 3,000 direct clients. The breach was meticulously planned to avoid detection before launching widespread data exfiltration. The breach affected up to 4 million individuals, including healthcare and pension plan entities. On the bright side, businesses that regularly deleted transferred data from MoveIt were less impacted, highlighting the necessity of secure data handling and prompt deletion to minimize risk in the event of such breaches. The ongoing repercussions and the climbing number of victims make the MoveIt Breach a stark reminder of the evolving challenges in cybersecurity and data protection.

5) The Unprecedented Response to the Barracuda ESG Breach

May

May 2023 witnessed a significant breach in the Barracuda Email Security Gateway (ESG). This incident, originating from a vulnerability dating back to October 2022, was only recognized in 2023, making it a major cybersecurity event of the year. Barracuda’s response deviated from the industry norm of issuing patches to remove any exploited vulnerabilities. Instead, they recommended the complete replacement of the affected physical hardware, a rare and drastic measure. Barracuda even offered free replacements for most of the compromised ESG units. While acknowledging Barracuda’s thoroughness in addressing the issue, the potential loss of trust and the long-lasting impact of such a significant breach on the company’s reputation will have huge impacts for years. The incident serves as an example of the complex challenges vendors face when rectifying serious security flaws.

6) The High-Stakes Governmental Impact of the Microsoft Cloud Email Breach

June

Here’s where we remind everyone again that the severity of a breach isn’t always reflected in numbers alone. The June breach of the Microsoft Cloud Email System, while limited in scope, had profound implications. The affected accounts were U.S. State Department accounts, and the breach compromised around 60,000 emails, many of which were top-secret government communications. Of course, we don’t know the classification of the material that was taken, but it could potentially include sensitive information on foreign policy and other governmental matters, raising serious concerns about national security, especially considering an upcoming election year.

The fact that Microsoft, a global leader in cybersecurity, was the victim, adds to the gravity of the situation. Microsoft, known for investing heavily in cybersecurity, also manages the Azure Government Cloud, specifically for government entities. Despite the smaller scale, the breach’s potential to affect foreign relations and intelligence matters made it particularly alarming. It highlights the far-reaching consequences that can arise when such high-stakes information is compromised.

7) The MGM Cybersecurity 101 Fail

September

The MGM Hack, covered extensively in a previous episode, serves as a critical case study of the importance of fundamental cybersecurity practices. In this breach, what we’ve named “The Day the Slot Machines Stopped,” MGM Resorts International fell victim to a surprisingly trivial social engineering attack. Despite being a large organization with substantial financial transactions and a vast customer base, it was compromised by basic hacking tactics employed by young, non-state actors. Remarkably, the actual hacking operation took about 10 minutes, highlighting severe lapses in MGM’s cybersecurity defenses across various areas, including alerting, response, basic defenses, and network segmentation.

8) Breaching Cisco’s Network Perimeter Systems

October

Cisco, a dominant player in the networking hardware market, experienced a major remote code execution(RCE) attack on its IOS system, a network perimeter defense system not to be confused with iOS, affecting about 42,000 devices. This breach was particularly alarming due to Cisco’s prominent role in network infrastructure; their devices often form the first line of defense at the perimeter of many major companies’ networks. The RCE vulnerability allowed attackers to run code remotely on these devices, potentially leading to full system control. This breach is akin to breaching the walls of a fortress – if a company relied entirely on their perimeter wall for defense, the compromised Cisco devices could give attackers unfettered access to internal networks. The podcast highlights the severity of this scenario, where a company’s own defenses are turned against it, and underlines the need for zero-trust cybersecurity measures.

9) The Okta Support Hack

October

Initially identified in October, the breach affected Okta’s primary support system, a critical cybersecurity tool that is used most frequently by network administrators and other high-privilege-level IT personnel. Initially, Okta reported that only a small subset of customers was affected. However, as the investigation progressed, the number of impacted customers increased significantly, eventually encompassing all users of the support portal. This evolving narrative highlights a common challenge in cybersecurity incident response: the gap between early notifications and the complete understanding of a breach’s scope. This case exemplifies the complexities of managing and communicating about cybersecurity breaches in an era where the full extent of an incident may not be immediately apparent, necessitating a shift in how both companies and users perceive and respond to data breach notifications.

10) The Emerging MongoDB Breach

December

The final entry in our list is the recent news of a breach at MongoDB. Known for its user-friendly and flexible database systems, MongoDB is a major player akin to SQL or Oracle, widely used for backend storage by various applications and businesses. The breach, still under investigation, involved unauthorized access to the system, with preliminary reports indicating the compromise of basic customer data such as email addresses and names. However, the full extent of the breach, including the depth of intrusion and the complete range of impacted data, remains unclear. More details will likely emerge over time, as is common with cybersecurity incidents, but the breach highlights the ongoing challenges in cybersecurity, especially for widely adopted platforms like MongoDB, which attract significant attention from malicious actors.

We’re here to help make the complex language of cybersecurity understandable. So if there are topics or issues that you’d like Ryan and I to break down in an episode, send us an email at info@fearlessparanoia.com or reach out to us on Facebook or LinkedIn. For more information about today’s episode, be sure to check out Fearless Paranoia.com where you’ll find a full transcript as well as links to helpful resources and any research and reports discussed during this episode. While you’re there, check out our other posts and podcasts as well as additional helpful resources for learning about cybersecurity.

Episode Resources:

We aim…

to make cybersecurity understandable, digestable, and guide you through being able to understand what you and your business need to focus on in order to get the most benefit for your cybersecurity spend.

Contact Us

©2024 Fearless Paranoia