2023 Roundup: The Year in Cyberattacks
With cyberattacks becoming more common and more varied, a few stood out this year for the ways they impacted the organizations that were hit.
2023 was another big year for malware, ransomware, brute force attacks, and any number of other methods of cybercrime, meaning you can read multiple “top cyberattack” lists and see surprisingly little overlap. Here are a few that should remind resilience professionals in every industry and sector why cybersecurity remains at the top of their concerns.
Royal Mail – The UK’s postal service was hit in January by a $79.9 million ransomware attack that stole data and temporarily shut down international deliveries. The Royal Mail refused to pay, and on top of lost revenues, it spent millions more on ransomware remediation.
Oakland, CA – After a ransomware attack in February, the administration of the City of Oakland, CA, had to declare a state of emergency, shutting down non-emergency services and government buildings. Months later, the city admitted the hackers had made off with a decade’s worth of data, including sensitive information about residents and city employees, including police officers.
File transfers – File transfer companies have become a tempting target for attacks. In February, GoAnywhere was exploited; in addition to its own 3 million members, the attackers used the platform to steal data from other large organizations including Procter & Gamble, the City of Toronto, Crown Resorts. The MOVEIt tool was attacked in May via a critical vulnerability. A number of organizations whose supply chains use the app have suffered a data breach as a result, with customer and/or employee data being stolen. All told, some 60 million may have been affected.
23andMe – In October, the genetic testing company revealed that hackers accessed the personal data of “a significant number” of its users. Earlier this month, a 23andMe spokesperson confirmed to TechCrunch that they accessed the personal information of about 5.5 million people who had opted into the company’s DNA Relatives feature, which allows customers to automatically share some of their data with others.
Las Vegas Casinos – MGM Resorts International reported in September that they had experienced a cyber incident that affected parts of business for several hours. The company lost more than $100 million for refusing to pay the ransom demand. Days later, Caesars Entertainment also said they’d been compromised by ransomware.
Revisiting stories like these, it makes sense to worry how cyber-resilient your organization is. Come to DRI2024 to make sure you’re secure – register now for the pre-conference Cyber Resilience (CRLE 2000) course, and join us for Sunday, Mar. 3’s engaging tabletop exercise, designed after a real-life cyber breach.