Successful data breaches and cyber-attacks are becoming commonplace in today's technological landscape. Cyber criminals are targeting large corporations, critical infrastructure, and small-medium sized businesses alike. Every year thousands of organizations fall victim to a ransomware attack or data breach and face drastic financial, reputational, and legal repercussions. 2023 was no different and as the new year begins, it's important to look back on previous years to see what businesses can learn. Continue reading to learn about some of the largest and most impactful hacks and data breaches of 2023.
ESXiArgs Ransomware
In early February of 2023, a ransomware strain known as ESXiArgs began making waves by compromising thousands of VMware servers. This ransomware strain took advantage of a previously patched vulnerability in VMware's ESXi servers known as CVE-2021-21974. Thousands of users who had not patched or updated their server's fell victim to the ransomware attacks as cyber criminals targeted out of date hypervisor's. VMware was quick to respond and point at that the exploit was not due to a zero-day attack, but rather took advantage of an older vulnerability that had been addresses two years earlier.
VMware and CISA worked fast to provide remediation scripts for organizations who had been impacted by the attack. CorpInfoTech was able to respond to the event in a timely manner and secure its clients from the ransomware threat. Within 24 hours every one of our managed services clients had been evaluated and secured. This particular hack shows the importance of consistent patch management. Keeping your devices and IT infrastructure up to date can help protect your data from external threats.
MGM Casino
In September of 2023, MGM Resorts International fell victim to a cyber-attack that would end up costing them over $100 million as well as extended operational downtime. MGM Resorts is one of the world's largest gambling firms and owns several of the largest casinos in Las Vegas. A hacking group known as "Scattered Spider" was able to successfully breach the companies IT systems and deny access to various customer facing services within their casinos. Customers reported error messages appearing on machines in addition to hotel room cards not working. MGM employees were also locked out of their email systems making it hard to communicate. Customers'' private data was also leaked including contact information, date of birth, drivers' licenses and more. Even for large enterprises, cyber-attacks can cause massive damage.
Okta
Okta, an enterprise level identity management service, was the victim of a large-scale data breach in September of 2023. Okta's cloud software allows IT departments to control access to applications, accounts, and devices with features including Single Sign-on (SSO), Active Directory (AD), and LDAP integration. Okta is relied on by thousands of organizations to secure access to their business assets. Unfortunately, in September Okta was breached by a sophisticated threat actor. Okta revealed in September that the breach had only impacted around 1% of their customers, however it was later announced that all Okta customers had been impacted. For roughly 99% of customers hackers were only able to gain access to full names and addresses, however the usernames and contact information of some employees was also revealed. Such information can be used later in the future for more personalized social engineering or phishing attempts.
23andme
23andMe is a genetic testing organization that traces its customers DNA to build their family tree and help users learn more about their ancestry. As many can probably guess, the company collects a substantial amount of personal identifiable information (PII) from its users in order to track down distant relatives. This includes names, gender, age, contact information, as well as DNA. Threat actors were able to infiltrate the company in October 2023, and directly access the personal information of roughly 14,000 users. However, hackers were able to gain a substantial amount of additional information through ancestry profiles. An opt-in feature of 23andMe allows for genetic relatives to contact each other meaning that the hackers were able to expand their knowledge of 23andMe's customer base. Another feature lets users see their entire family tree though DNA submission. With this knowledge, hackers were able to learn even more about the users of the service. Overall, it is estimated that around 7 million users were impacted by this breach.
MOVEit
One of, if not the largest hack of 2023 involved MOVEit, a managed file transfer software. In May of 2023 CL0P, a well-known ransomware gang, gained access to MOVEit and their customer base. The ransomware group injected malware into MOVEit's transfer apps and threatened to release the private information of the companies that had been breached if a ransom wasn't paid. The breach impacted over 1,000 different organizations potentially effecting up to 60 million individuals. The data breach was the result of a zero-day exploit that impacted both MOVEit and customers' file transfer servers. Organizations must be wary of what third-party services they entrust their data too. In the event that these service providers are exploited, your own data may be at risk.
Stay Secure in the New Year!
Your organization's data and security are important, so how can you protect your business in the new year? Make sure that your business consistently patches and updates your devices and applications that make work possible. Avoid falling victim to ransomware that preys on legacy and unpatched devices by implementing a comprehensive patch management system. Businesses should also practice foundational cyber security hygiene including complex password policies, MFA, and security awareness training. These practical steps can protect against a litany of attacks and are extremely valuable for every organization. Additionally, ensure that the third-party service providers you work with can be trusted with your private data and take necessary security precautions. Your organization does not want to become collateral damage in another businesses data breach.
CorpInfoTech provides managed services to small-medium sized businesses that holistically secure them against the most advanced cyber threats. Our services include security assessments, vulnerability and patch management, firewall management, and industry compliance help.
Contact us today to learn more about how we can protect your business!