by ASTRA IT, Inc.,
Cyber Attacks are on the increase and will likely stay that way.
The prediction is that $8 trillion will be lost to cyber crimes by the end of 2023, which is almost a third of the USA’s GDP in 2022 and twice as much as India’s predicted GDP in March 2023. The global loss to cybercrime is will grow more than 15% year by year to reach $10.5 trillion by 2025.
Before we start looking at the recent cyber attacks, it is important to understand the threat landscape we are dealing with at this point in time. We’d like to draw your attention to a few phenomena that are currently impacting the global cyber threat landscape.
- The Covid 19 Pandemic
The pandemic, the lockdown, and the ensuing adaptations made by businesses and communities across the globe have changed how cyber security is perceived. The impact of the pandemic on cyber security is deep and pervasive. Thanks to the bring-your-own-device trend, remote workplaces, and the exigency of third-party applications, attackers are exploring new attack surfaces and there is a frightening number of new vulnerabilities.
- The Ukraine-Russia War
The information assault that Russia exercised against Ukraine since 2014 culminated in February 2022 with Russia’s invasion of Ukraine. Ukraine’s defenses against Russian cyber attacks had been hardened over the years. Hence, the practical impact of the Russian attacks during and after the invasion wasn’t noteworthy. Nonetheless, a lot of valuable lessons were learned by the security experts of the world from these incidents as well as the hackers.
- The Emergence of RaaS Gangs
From Doppelpaymer and REvil to Vice Society and Nevada, a bunch of Ransomware as a Service gangs have posed significant threats to businesses, individuals, and governments across the world. Some were politically motivated like the Conti gang and some have specific targets like Vice Society almost exclusively targets schools and other educational institutes. The rise of RaaS has forced administrative bodies to rethink security.
Major Cyber Attacks in May 2023
Attacks aside, the most interesting news from May 2023 is Meta being charged with a $1.2 billion penalty by the European Commission. Facebook has violated GDPR by transferring data improperly between Europe and the United States. Meta argues that following GDPR is prohibitively difficult for the company. But that’s also the point of having data safety regulations. This clash will go on.
Attack on Skolkovo Foundation
- Date: May 2023
- Attack type: Unauthorised Access
- Target: File hosting service on physical servers
- Vulnerability: Unknown
- Perpetrators: Ukrainian hacktivists
- Impact: Unknown
Skolkovo Foundation is a large Russian company responsible for overseeing a high-tech business area. This company represents Russia’s efforts to rival Silicon Valley. The attack could be seen as part of the constant cyber conflict between Ukraine and Russia.
Attack on Jimbos Protocol
- Date: May 2023
- Attack type: Price manipulation
- Target:
- Vulnerability: lack of slippage control on liquidity conversions
- Perpetrators: Unknown
- Impact: 4000 Ether valued at $7.5 million lost. The price of Jimbos Protocol’s native token, Jimbo, dropped by 40%
Jimbos Protocol is a decentralized finance or DeFi platform. In an attack, hackers manipulated prices to steal 4000 ETH which is valued at $7.5 million.
Attack on Multiple Large British Companies
- Date: May 2023
- Attack type: Supply chain attack
- Target: Progressive Software
- Vulnerability: Unknown
- Perpetrators: Unknown
- Impact: Stolen PII
Companies like British Airways, Aer Lingus, Boots, and the BBC have all been impacted by an attack on the MOVEit Transfer Tool of Progressive Software. In a classic example of a third-party data breach, British companies are poised to lose large amounts of personally identifiable information.
Major Cyber Attacks in April 2023
Attack on Shields Healthcare Group
- Date: March 2022
- Attack type: Data Breach
- Target: Database
- Vulnerability: Unknown
- Perpetrators: Individual hacker
- Impact: Sensitive information of 2.3 million patients stolen
The attack on the Shield Health Care group took place in March 2022. They issued a letter to the affected individuals after concluding investigations in April 2023. The hacker got unauthorized access to sensitive data that included social security numbers, home addresses, and other PII of 2.3 million patients.
Attack on UK’s Criminal Records Office
- Date: March 21, 2023
- Attack type: Data Breach
- Target: Undisclosed
- Vulnerability: Unknown
- Perpetrators: Undisclosed
- Impact: Disrupted operations – other effects unknown.
The UK’s Criminal Records Office – ACRO suffered an attack on March 21 when its website went down. The office tried to put a lid on the incident by citing “essential maintenance”. On 31st March, the site went offline again, and this time, they blamed technical issues. Finally on April 6, the office declared that they’d faced a security incident. The impacted services are yet to recover fully.
Attack on Yellow Pages
- Date: Mid March 2023
- Attack type: Ransomware
- Target: Database
- Vulnerability: Unknown
- Perpetrators: Black Basta gang
- Impact: Stolen social security numbers, scans of passports, IDs, and assorted tax documents.
While Yellow Pages is a public facing business that offers a database of publicly available information, it also stores sensitive personal data. Black Basta’s attack on Yellow Pages highlights the fact that no industry is immune to cyberattacks.
Major Cyber Attacks in March 2023
March 2023 saw a 91% hike in the number of ransomware attacks from February and a 62% increase from March 2022. Cybersecurity analysts recorded 459 ransomware attacks in March, setting a new record. The “Industrials” sector received 147 of these attacks, amounting to 32% of all attacks in the month.
Attack on Minneapolis Public Schools
- Date: Early March, 2023
- Attack type: Data Breach
- Target: Public school database
- Vulnerability: Unknown
- Perpetrators: Medusa Hacker Collective
- Impact: Personally Identifiable Information of students and staff stolen and leaked
The Minneapolis Public School sector has been hit hard by hacking activities. On March 7, the hacker collective Medusa took credit for a breach into the school’s information system. They released a small sample of personal information on the dark web as proof of involvement. On March 17 they disclosed a bigger sample of data. Stolen and leaked data includes payroll information of staff, pictures of students, safety plans, among other personally identifiable information.
Attack on BMW
- Date: March 10 & 29, 2023
- Attack type: Exposure andRansomware
- Target: .git and .env repositories
- Vulnerability: Unknown
- Perpetrators: Play ransomware group
- Impact: Contract information, financial information, and PII stolen
On March 10, analysts at Cybernews discovered that exploitable .git and .env files were exposed on BMW Italy’s website. These files could be easily used to compromise the source code for the BMW website.
On March 29, BMW France suffered a ransomware attack at the hands of the Play ransomware group (the same group that was responsible for the infamous attack on the city of Oakland. The ransomware group has demanded ransom threatening BMW with the exposure of sensitive information.
Major Cyber Attacks in February 2023
Attack on Tallahassee Memorial
- Date: February 2, 2023
- Attack type: Ransomware (unconfirmed)
- Target: IT systems of Tallahassee Memorial Hospital
- Vulnerability: Unknown
- Perpetrators: Unknown
- Impact: Surgeries were rescheduled, patients were re-directed, and IT systems were shut down for weeks.
Tallahassee Memorial is a 772-bed hospital and it also has special care units in 21 counties across North Florida. A suspected ransomware attack crippled the hospital’s IT systems and forced it to shut down all online procedures for over a week. All elective surgeries had to be rescheduled. A lot of patients had to be transferred to other facilities.
As of the end of 2022, Microsoft has detected more than 50 new active ransomware families and 100 threat actors deploying ransomware.
Attack on VMware ESXi
- Date: February 3, 2023
- Attack type: ESXiArgs Ransomware Attack
- Target: Unpatched VMware ESXi prior to version 6.7
- Vulnerability: CVE-2021-21974. Vulnerable Open Service Location Protocol
- Perpetrators: Nevada (Unconfirmed)
- Impact: Nearly 1000 ESXi servers have been infected
VMware ESXi provides a Hypervisor to run virtual machines. The company launched a patch for the vulnerable OpenSLP in 2021 but a lot of servers weren’t patched, apparently. “The ransomware encrypts files with the .vmxf, .vmx, .vmdk, .vmsd, and .nvram extensions on compromised ESXi servers and creates a .args file for each encrypted document”
Bank Accounts Hacked in Nepal
- Date: February 3, 2023
- Attack type: credential theft
- Target: Individuals using net banking
- Impact: Several million rupees stolen
Eight malicious actors were arrested in Kathmandu, Nepal, were arrested by the police for hacking into bank accounts. The attackers shared the Android package kit (APK) for a fake app called Nepali Keti over WhatsApp. Then they hacked into the bank accounts of the people who downloaded the app and stole money.
XSS vulnerabilities found in DMS providers
- Date: February 7, 2023
- Attack type: Zero-day
- Target: OnlyOffice, OpenKM, LogicalDOC, Mayan
- Vulnerability: Improper input neutralization
- Impact:Unknown
Four DMS providers reportedly had XSS vulnerability – CWE – 79. The companies have both free and freemium offerings. The zero-day vulnerabilities were discovered by Rapid7 during a regular inspection.
71 million request-per-second HTTP DDoS attack thwarted by CloudFlare
- Date: February 14, 2023
- Attack type: DDoS
- Target: Cloudflare users
- Perpetrators: Unknown
- Impact: The attack was mitigated
On 14th February 2023, Cloudflare thwarted the largest known DDoS attack peaking at 71 million requests per second. The attack was mounted against gaming platforms, cryptocurrency companies, and hosting providers, among others, that use Cloudflare to protect their websites. The attack was based on HTTP/2 and involved 30,000 IP addresses.
Dish Network faced a data breach
- Date: February 23, 2023
- Attack type: Data Breach
- Target: Dish Network
- Impact: Some data was extracted and Dish’s share price fell by 6.5%
Dish Network, one of the USA’s biggest television providers, disclosed that the network outage reported earlier was connected to a cyber attack. The root causes of the intrusion are yet to be found. The attack resulted in data theft and internal communication breakdown.
US Marshals Service faces ransomware attack
- Date: February 17, 2023
- Attack type: Ransomware
- Target: USMS
- Impact: Sensitive law enforcement data exposed
The U.S. Marshals Service is responsible for sensitive tasks like the security of federal judges, fugitive apprehension, etc. The stand-alone USMS system was compromised by attackers exposing data related to USMS investigations.
Major Cyber Attacks in January 2023
In this section, we’ll learn about recent cyber attacks – their targets, perpetrators, impact, and current status. This is not an exhaustive list. We’ve picked the most impactful attacks.
T-Mobile Data Breach
- Date: January 5, 2023
- Attack type: API data breach
- Target: T-Mobile
- Perpetrator: Unknown
- Impact: Limited types of information were exposed affecting 37 million users
On January 19, 2023, T-Mobile, a wireless telecommunication provider in the US, announced that a bad actor had gained access to some customer data through a vulnerable API. As per their declaration, sensitive data like payment card information, or social security numbers were stolen in the breach.
Attack on AirFrance and KLM
- Date: January 9, 2023
- Attack type: Data breach
- Target: Flying Blue customers of AirFrance and KLM
- Perpetrator: Unknown
- Impact: Exposure of email IDs, user names, earned miles balance
In a recent report, two major airlines, AirFrance and KLM have confirmed unauthorized access to customer data. The attack exposed some personally identifiable information about Flying Blue customers. However, no Passport, financial information, or social security information was exposed. Flying Blue is a customer-loyalty program run by a number of airlines.
Windows ALPC Zero Day
- Date: January 10, 2023
- Attack type: Zero-day
- Target: Windows Advanced Local Procedure Call
- CVE: CVE-2023-21674
- Impact: Privilege escalation
According to Microsoft, A malicious user who successfully exploited this vulnerability could gain SYSTEM privileges”
Notably, Microsoft released 98 patches on January 10, 2023, including the one for the ALPC zero-day vulnerability.
Attack on Mailchimp
- Date: January 11, 2023
- Attack type: Data Breach through social engineering
- Target: Tool used by Mailchimp’s customer-facing teams
- Perpetrator: Unknown
- Impact: Unauthorized access to 133 Mailchimp accounts
On January 11, 2023 Mailchimp discovered unauthorized access to some Mailchimp accounts. Attackers used social engineering to steal employee credentials for a tool used by MailChimp’s customer-facing employees. As per the declaration by Mailchimp, the attack was limited to 133 accounts. On 12th January the affected accounts were shut down and later reinstated.
A third-party data breach affected Nissan North America
- Date: January 16, 2023
- Attack type: Third-party data breach
- Target: A third-party software development vendor used by Nissan North America
- Perpetrator: Unknown individual
- Impact: Personally Identifiable Information of 17,998 customers was exposed
Nissan North America reported on January 16, 2023, a data breach that had taken place in June 2022. A third-party vendor that had access to limited customer data for development purposes was victimized by the bad actor. An investigation launched by Nissan in September 2022 confirmed that the attack took advantage of the badly configured database used by the vendor.
Attack on PayPal customers
- Date: January 18, 2023
- Attack type: Credential stuffing
- Target: PayPal customers
- Perpetrator: Unknown
- Impact: Hackers had access to the personal data of 34,942 PayPal users for 2 days
Credential stuffing is a cyber-attack where hackers use automated tools to enter thousands of user IDs and passwords stolen during earlier attacks into the input fields meant for customers. Due to the habit of people using the same credentials for multiple accounts, credential stuffing actually works.
In the case of PayPal users, hackers had access to the full names, dates of birth, social security numbers, postal addresses, and individual tax identification numbers of 34,942 users for 2 days.
Attack on Schools in Tucson, Arizona, and Nantucket
- Date: January 20, 2023
- Attack type: Ransomware
- Target: Tucson Unified School District, Arizona
- Vulnerability: Clickjacking (unconfirmed)
- Perpetrators: Royal Ransomware gang
- Impact: 42000 students and 7000 staff members are affected.
The Tucson Unified School District is Southern Arizona’s largest school district. The schools had to shift to an offline mode of instruction as their data was encrypted by a ransomware attack on the last weekend of January. The hackers have demanded ransom and threatened to publish stolen data on non-payment.
Exposition of Yandex source code
- Date: January 26, 2023
- Attack type: Information theft
- Target: Yandex
- Perpetrator: Allegedly former Yandex employee
- Impact: Unconfirmed
Yandex is a major Russian technology company. Code repositories amounting to 44.7GB were published as a Torrent on a hacker forum recently. The poster claimed that the files contain Git resources belonging to Yandex. The company has denied having been hacked. It has blamed a former employee for the theft and also confirmed that the exposed source code is not currently in use.
Killnet targets US hospitals with DDoS attacks
- Date: January 30, 2023
- Attack type: DDoS
- Target: 14 hospitals in the USA
- Perpetrators: KillNet
- Impact: Outage in IT services and electronic health records
KillNet is a Russian hacktivist group that has been actively targeting US healthcare facilities including Stanford University. The US Department of Health and Human Services has raised an alert regarding these attacks. KillNet is well-known for attacking countries that opposed Russia’s invasion of Ukraine.
Notably, Kaspersky’s recent quarterly report mentioned 57000 reported DDoS attacks in three months. There was a 79% spike in DDoS attacks in 2022.
Attack on ION Group
- Date: January 31, 2023
- Attack type: Ransomware
- Target: ION Cleared Derivatives
- Vulnerability: Unknown
- Perpetrators: LockBit Ransomware gang
- Impact: 42 Financial Institutions in the US and Europe
The Russian RaaS gang LockBit added ION Group to their data leak site threatening to publish sensitive data of investors after mounting a ransomware attack on ION Cleared Derivatives, a branch of ION Markets, on January 31. This affected derivative trading in Europe, the US, and the UK.
Cyber Security Trends and Predictions for 2023
- There will be a rise in zero-day vulnerabilities and attacks on supply chains
- Owing to the decreasing profitability of illegitimate crypto mining, crypto-jacking groups are likely to turn their focus on cloud-based applications and perpetrate DDoS and ransomware attacks.
- IoT devices are likely to be attacked with ransomware more frequently
- API continues to be one of the most important attack vectors
- Deepfake audio and videos will be used more frequently in phishing attacks.
How to Secure Your Business?
While the current cyber threat landscape is gloomy and quite frightening, you can take some fairly simple steps to decrease the risk of being victimized by a cyber attack.
- Implement multifactor authentication for all your accounts
- Stress on using vendors that offer multifactor authentication
- Implement proper input validation on all customer-input-enabled areas on your website
- Keep all extensions, appliances, and applications up-to-date
- Do not delay implementing patches
- Practice regular security testing – vulnerability assessment and penetration testing.
Conclusion
The best you can do to run a secure business in 2023 is to make life really hard for hackers. While you may not have control over zero-day exploits, you can ensure that you never run a vulnerable appliance for which a patch was available. Educate your teams, and make cybersecurity an integral part of your business functionality. You should be good.
Copyright © 2022 ASTRA IT, Inc. All Rights Reserved.