You might also be interested in:
- Top 10 AI Security Stories of 2023
- Top 10 Cybersecurity Predictions for 2024 and Beyond
- Top CISO Challenges
The cybersecurity community has spent 2023 battling against ever-more sophisticated threat actors and adversary techniques.
There has been a wide range of major cybersecurity incidents in 2023, from nation-state espionage campaigns to attackers gaining a gateway to thousands of enterprises through software supply chain vulnerability exploitations.
These have had significant real-world impacts, such as victim organizations experiencing loss of service and crippling financial costs, while many millions of individuals have had highly sensitive data stolen, putting them at risk of follow-on attacks.
In this article, Infosecurity Magazine has set out the top 10 cyber-attacks of 2023, which have been decided based on factors like the scale of the incident and its longer-term implications. These have been listed in order of the dates the attacks were first reported.
1. Royal Mail Faces Huge Financial Loss Following LockBit Attack
In January 2023, it emerged that the UK’s postal service the Royal Mail was hit by a ransomware attack which resulted in a temporary halt to international deliveries. Data was also stolen by the attackers. The Royal Mail refused the pay the £65.7m ($79.85m) demand from the LockBit group to return the stolen data. However, the service revealed it had experienced huge financial costs as a result of the attack, including large revenue losses and the company is said to have spent £10m on ransomware remediation.
2. Enormous Data Breach at T-Mobile
International telecoms giant T-Mobile admitted that 37 million customers had their personal and account information accessed by a malicious actor via an API attack that began on November 25, 2022. The incident was not discovered until January 5, 2023. In a separate incident, T-Mobile USA notified customers of another breach of personal and account data that occurred in February and March 2023. The breaches mean many millions of customers are vulnerable to follow-on fraud attempts.
3. City of Oakland Declares State of Emergency After Ransomware Attack
In February 2023, the administration of the City of Oakland, California, declared a state of emergency as a result of a ransomware attack. The incident shut down many non-emergency services, while government buildings were forced to close temporarily. It was later reported that the hackers stole a decade’s worth of sensitive data from city servers in the attack, including information about employees in sensitive roles such as the police.
4. MOVEit File Transfer Exploitation
The exploitation of a zero-day vulnerability in the popular file transfer software MOVEit is thought to have impacted thousands of organizations, ranging from media to healthcare. The flaw was first exploited by the notorious Clop ransomware gang in May 2023. Clop continued to successfully compromise end users despite a patch being deployed by May 31. The fall out from the attack is believed to contributed to a record number of ransomware attacks in July 2023.
5. Chinese Espionage Campaign Infiltrates US Government
Microsoft discovered a Chinese cyber-espionage campaign that enabled the Storm-0558 group to gain access to customer email accounts from May 15, 2023. This included employees in the US State and Commerce Departments and other US government agencies. To launch the campaign, the attackers compromised a Microsoft engineer’s corporate account, leading to the tech giant being criticised and even accused of negligence by a US lawmaker.
6. UK Electoral Commission Attack Exposes 40 Million Voters’ Data
In August 2023, the UK’s Electoral Commission revealed it had been the victim of a “complex cyber-attack” exposing the personal data of anyone in the UK who was registered to vote between 2014 and 2022. Worryingly, the attackers had remained undetected in the systems for 15 months, suggesting they were in search of something beyond quick financial gain. It was later reported that the Electoral Commission had received an automatic failure during a Cyber Essentials audit.
7. Casinos Taken Down by Cyber-Attacks
In September 2023, hotels and casinos giant MGM Resorts International reported that it had experienced a cyber-incident affecting critical parts of its business for several hours. The attack, perpetrated by the ALPHV/BlackCat ransomware gang, cost the firm more than $100m after refusing to pay the ransom demand. Just days after the MGM incident, another Las Vegas based casino and hotel chain company, Caesars Entertainment, revealed it had also been compromised by ransomware threat actors.
8. Logistics Firm Closes Due to Ransomware Attack
One of the UK’s largest privately owned logistics firms, KNP Logistics Group, was forced into administration in September 2023 following a ransomware attack it suffered earlier in the year. The firm will be forced to make over 700 employees redundant, with the business stating that it has been unable to secure urgent investment due to the attack. The incident highlights the serious real-world impact that cyber-extortion attacks can have.
9. 23andMe Suffers Major Data Breach
A DNA testing firm 23andMe confirmed its customers had their profile information accessed by threat actors following a credential stuffing campaign in October 2023. The threat actor claimed to have 20 million 23andMe data records in their possession, raising concerns that highly sensitive data, such as ethnicity, could be used against victims. 23andMe later confirmed that over 6 million individuals' information was accessed from the data breach, and revealed the hackers were able to access a significant number of files containing information about users' ancestry.
10. British Library Suffers Damaging Ransomware Incident
One of the world’s largest and most renowned libraries, the British Library, was hit by a ransomware attack that took down online and onsite services. The library revealed the attack occurred on October 28, later confirming that internal HR data was stolen and leaked and that user data was hacked and offered for sale on the dark web. The Rhysida ransomware group have claimed responsibility for the attack.