Top 5 Cyber Attacks in 2023

Were you aware that in 2023, the worldwide mean expense of a data breach was $4.45 million? The number is more than figures; it reflects the deep-seated impact of cyber threats on the global economy. They underscore a stark truth: no entity is immune – not even governments. Amidst unprecedented technological leaps forward, 2023 has seen a parallel surge in cyber threats. The interconnectedness of our world has birthed new challenges in cybersecurity, compelling experts to combat increasingly ingenious cyber attacks.

 Let’s look at the top 5 cyber attacks that have made a significant impact in 2023, unraveling the evolving landscape of the digital world. 

5 Significant Cyber Attacks in 2023

Cyberattacks have the power to disrupt and devastate businesses, with the average expense of a data breach soaring to USD 4.35 million. This encompasses breach detection, management costs, lost revenue from downtime, and lasting damage to a brand’s reputation.

Here are 5 cyber attacks in 2023:

1. KidSecurity App- Data Compromised without Password
2. ICMR Data Breach Exposes Personal Information of 815 Cr Indians
3. Cyber Attack on UK Electoral Commission
4. 146 Million Records were breached at Tigo
5. Moveit affected by Zero-Day

KidSecurity App- Data Compromised without Password

KidSecurity, a widely used parental control app with over a million downloads on Google Play, suffered a significant data breach due to a configuration oversight. The app failed to secure its Elasticsearch and Logstash collections, leaving over 300 million activity logs exposed on the internet for more than a month. This exposed sensitive user data including 21,000 telephone numbers, 31,000 email addresses, and partial credit card information. Malicious actors targeted the unprotected data, leading to its partial destruction by a bot named ‘Readme’ and indicating potential compromise. Security experts warned about the leak’s risks, especially for children and families, including identity theft and unauthorized transactions.

Impact:

• The extensive violation of an individual’s privacy occurs when sensitive consumer data, including phone numbers, emails, and partial credit card information, was made public.

• Since the software is used to monitor children, the compromising of personal data presents a serious risk to children’s and their families’ safety.

• KidSecurity’s data breach undermines user trust, impacting its reputation and reliability for parents entrusting their children’s safety. 

• The impact of this attack extends beyond financial losses, affecting the security, privacy, and trust of the app’s users, especially in the context of an application designed for children’s safety. 

ICMR Data Breach Exposes Personal Information of 815 Cr Indians

Over 815 million Indians had their personal information compromised due to a significant data breach that the Indian Council of Medical Research (ICMR) had to cope with. The material that was disclosed included sensitive personal information that was protected, such as names, dates of birth, gender, phone numbers, and COVID-19 test results. The Economic Times has revealed this compromise, which raises serious issues over the security and privacy of people’s fitness data. ICMR, India’s leading medical research body fighting COVID-19, handles extensive sensitive health data. This dataset’s exposure risks misuse, identity theft, and privacy breaches for millions. The incident underscores the critical need for stringent data protection measures, particularly concerning healthcare and sensitive personal information. 

Impact:

• The breach has compromised the privacy of individuals, exposing sensitive details like names, birthdates, gender, contact information, and COVID-19 test results. 

• ICMR data breach erodes trust in health institutions, impacting public confidence in government health efforts and data security. 

• The extensive data exposure reveals serious security lapses, signaling a need for stronger protocols in government agencies handling sensitive health data.

Cyber Attack on UK Electoral Commission:

The Electoral Commission of the UK experienced a cyber-attack discovered in October 2022, revealing unauthorized access by hostile actors who initially breached their systems in August 2021. Hackers accessed sensitive data, including email content and voter registers from 2014 to 2022 for Great Britain, 2018 registers for Northern Ireland, and overseas voter names, posing risks to about 81.5 million people. The breach revealed personal data, yet the Commission assures minimal risk, stressing no impact on voting processes or registration status. Measures were taken to secure systems, but individuals are urged to stay vigilant, and a contact point for concerns regarding personal data has been provided. The Commission has outlined mitigation steps taken and encourages reporting to the Information Commissioner’s Office if necessary.

Impact:

• The Commission’s failure to prevent the cyber attack may lead to legal consequences and increased regulatory scrutiny. This breach highlights the necessity for stronger data protection measures. 

• The intrusion impacting file sharing and email systems might disrupt The Electoral Commission’s operations, potentially causing delays or difficulties in managing electoral procedures and communications. 

• The cyber attack on The Electoral Commission has ramifications beyond data exposure, affecting trust, privacy, democratic processes, and regulatory compliance.

• Rebuilding trust and implementing robust security measures will be critical to mitigate future breaches.

146 Million Records were breached at Tigo

In July, over 146 million records were compromised across 87 publicly disclosed security breaches, a stark increase of 47% compared to July 2022 and a staggering 920% surge from June 2023. Among the significant breaches were incidents impacting Tigo, Indonesia’s Immigration Directorate General, and the Teachers Insurance and Annuity Association of America. Tigo, a major Chinese messaging platform, had a data leak of 100+ million records from 700,000 users, revealing names, usernames, genders, emails, IP addresses, user photos, and private messages. 34 million Indonesians were affected in a big breach at the Immigration Directorate General, Ministry of Law and Human Rights. Cybersecurity expert Taguh Aprianto highlighted the compromised passport data.

Impact:

• The breach presents significant privacy risks. Exposed personal information like names, email addresses, IP addresses, and user photos could result in identity theft, phishing, and misuse of sensitive data.

• The breach damaged the trust in Tigo, Indonesian Immigration Directorate General, and the Teachers Insurance and Annuity Association of America. This loss of trust might lead to decreased user engagement or a shift to other services.

• The breach of passport data from Indonesia’s Immigration Directorate General raises serious national security concerns due to unauthorized access to sensitive government information, potentially impacting security and diplomatic relations.

Moveit affected by Zero-Day

On May 31, 2023, Progress Software alerted its clientele about an undisclosed vulnerability found in MOVEit Transfer and MOVEit Cloud software. This SQL injection (SQLi) vulnerability, identified as CVE-2023-34362, has been actively exploited by attackers. Mandiant’s report revealed that exploitation attempts of this flaw were noticed as early as May 27, 2023. Simultaneously, Akamai researchers intercepted exploitation efforts against one of their financial clients on the same day, successfully thwarting the attack using the Akamai Adaptive Security Engine.

The campaign was attributed to a ransomware group named CL0P, known for financial motivations and employing data exfiltration for extortion. Exploiting the SQLi vulnerability allowed the deployment of a custom ASP.NET web shell (LEMURLOOT) by attackers to establish persistence within victim networks for further incursions. Despite undisclosed exploit specifics, Akamai’s Security Intelligence Group and Progress’s security team collaborated, ensuring customer protection via the Adaptive Security Engine against exploitation attempts.

Impact:

• The exploitation of the SQL injection vulnerability in MOVEit Transfer and MOVEit Cloud could lead to unauthorized access and potential compromise of sensitive data stored within these systems.

• Deployment of the ASP.NET web shell (LEMURLOOT) enables attackers to establish persistence within victim networks, potentially disrupting operations, hindering services, and causing downtime. 

• The exploited vulnerability highlights the urgency for quick detection and patching by software vendors and organizations. It stresses the vital role of robust cybersecurity measures and timely updates against potential threats.

How can cyber attacks be prevented?

Securing your organization against cyber threats involves implementing robust defense strategies and staying vigilant against potential attacks. Here are a few strategies that organizations should follow to protect themselves from cyber attacks: 

Encrypt and backup data for added security:

Businesses frequently gather and retain personally identifiable information, a target for hackers seeking identity theft and subsequent data breaches. Creating data backups is crucial during cyber attacks to avert extended downtime, data loss, and financial harm. However, ransomware can potentially target and corrupt backup software, compromising backup files, despite robust security measures. Encrypt all sensitive data, encompassing customer and employee information, to enhance protection.

Conduct Regular Audit:

Eliminating all cyber attack risks isn’t possible, but regularly assessing your cybersecurity is crucial. Regularly scrutinize cybersecurity protocols, software, systems, and servers to ensure comprehensive protection for your business. Test the retrieval process by accessing and downloading backed-up files to assess their reliability. Identify and address potential vulnerabilities and verify the integrity of backed-up files for any signs of corruption. Mitigate risk by removing unused software that cyber attackers might exploit for data theft or destruction.

Update Software, Devices, and Operating systems regularly:

Cyber attacks often occur due to outdated systems and software vulnerabilities, which hackers exploit to breach networks. Some businesses opt for a patch management system to oversee software and system updates, ensuring a resilient and updated system.

Implement an effective password policy as a best practice:

Ensure the implementation and adherence to a suitable password policy. A well-enforced policy will deter users from choosing easily predictable passwords and should include account lockouts after repeated failed attempts. Employees should generate robust passwords incorporating letters, special characters, and numbers. Enabling multi-factor authentication adds an extra layer of defense against unauthorized device access. Employing passphrases instead of passwords can heighten system security. Avoid using identical passwords or passphrases across the organization and secure your Wi-Fi network with a unique password. 

Conclusion:

In 2023, the key to securing your business is to make it extremely challenging for hackers. While zero-day exploits may be beyond your control, you can prevent running vulnerable appliances by always applying available patches. Educate your teams extensively and embed cybersecurity as a fundamental aspect of your business operations. With these measures in place, you’ll enhance your security posture significantly.

Kratikal, a CERT-In empanelled auditor plays a pivotal role in enhancing web application security. With vast expertise in Vulnerability Assessment and Penetration Testing (VAPT), Kratikal performs audits on decentralized software and smart contracts, meticulously pinpointing and addressing potential vulnerabilities.

About The Author