How hackers broke into the world: the 14 most high-profile hacks of 2023

[Brother]

A selection of the most significant incidents that divided the cyber front into "before" and"after".

In 2023, the world of cybersecurity experienced a real explosion of activity in cyberspace: from mass attacks to the emergence of new threats and vulnerabilities. Out of a huge number of events, we can single out 14 of the most significant cybersecurity incidents, each of which deserves attention.

1. andMeData Leak 23. 23andMe, a genetic testing company, was hacked, which resulted in a data leak of 6.9 million users. The attack revealed the genetic information of Ashkenazi Jews, residents of Great Britain and Germany, among whom, according to hackers, there are data on members of the royal family, the Rothschilds and Rockefellers.
2. A hosting company lost all customer data after a ransomware attack. Danish cloud provider CloudNordic was the victim of a ransomware attack, which resulted in the majority of customers permanently losing data stored on their servers.
3. DDoS attacks can affect major technology companies.The group has caused disruptions to the websites and services of major technology firms, including Microsoft, using DDoS attacks.
4. A new acoustic attack steals data when you press keys with 95% accuracy. A team of researchers from British universities has trained a deep learning model that can steal data about keyboard keystrokes recorded using a microphone with up to 95% accuracy.
5. PayPal Account hacking . PayPal faced a Credential Stuffing attack that affected 34,942 accounts, resulting in the disclosure of users ' personal data.
6. Network and the DISH ransomware attack . The American TV giant DISH Network faced problems in the operation of its services due to a ransomware attack, as a result of which user data was compromised, and the company's systems were turned off for several days.
7. Hackers stole GoDaddy's source code and installed malware. The GoDaddy hosting service suffered from an attack that allowed unknown attackers to steal the source code and install malware on the company's servers. The hack began in 2021 and allowed cybercriminals to gain access to the personal information of 1.2 million WordPress site owners, including their credentials, and use it to redirect websites to other domains. None of the attackers claimed responsibility for the attack.
8. International Resorts MGM Ransomware attack on . A cyberattack on one of the largest companies in the hotel and entertainment industry disrupted several key systems – on the main site, in the online booking system and casino services. ATMs, slot machines, and credit card payment terminals were targeted. In addition, the same group (Scattered Spider) also attacked another casino – Caesars Entertainment. According to the researchers, the members of the hacker group responsible for hacking are young people aged 19 and over, living in the United States and the United Kingdom.
9. CX In a supply chain attack, hackers broke into App 3. The North Korean hacking group Lazarus hacked 3CX's systems to inject malware into the company's supply chain.
10. ESG Barracuda called for urgent replacement of the hacked devices . It was revealed that some Barracuda Email Security Gateway (ESG) devices were hacked using a zero-day vulnerability, which led to malware installation and data theft.
11. Large-scale attack of the ESXiArgs ransomware program on VMware ESXi servers around the world. As a result of the cyberattack, more than 3,000 VMware ESXi servers were encrypted using the ESXiArgs program. A few hours after the attack, victims started reporting that all files associated with VMware ESXi virtual machines (vmxf, .vmx, .vmdk, .vmsd and. nvram) were encrypted.
12. Brazil is confiscating shipments of Flipper Zero to prevent them from being used for criminal purposes. In early March 2023, Brazilian customs seized a batch of Flipper Zero gadgets. The devices are stored in customs warehouses, and their delivery to recipients is blocked. According to media reports, the Brazilian authorities confiscated Flipper Zero kits sent to the country due to the alleged use of gadgets in criminal activities. At the same time, the buyers said that the country's regulator actually rejected all attempts to certify this multifunctional cybersecurity tool for pentesters.
13. iPhone spyware as part of the operation "Triangulation"Infection . Kaspersky Lab specialists have revealed details of Operation Triangulation, during which cyber spies collected data from iOS devices. To do this, they used a unique TriangleDB implant that works in the device's memory and leaves no traces on disk.
14. TransferMOVEitTheft of company data through an attack on . A series of data theft attacks using a zero-Day vulnerability in the MOVEit Transfer file transfer platform. The vulnerability allowed attackers to hack into MOVEit Transfer's servers and download the stored data. The flaw compromised 2,706 organizations and exposed the personal data of more than 93 million people.

These cybersecurity developments in 2023 highlight the importance of paying close attention to data protection and being prepared for new threats. Examples are a reminder that cyberspace is constantly evolving, and it is important not only to respond to emerging threats, but also to anticipate potential risks.

These incidents serve as a warning to organizations of all sizes to invest in enhanced security measures, staff training, and developing incident response plans to minimize the risks and consequences of cyberattacks.