The trend of Cyberattacks and breaches continued to gain steam in 2023. WeLiveSecurity.com has compiled a report detailing 10 of the biggest security incidents of 2023. Here we present some highlights from their global report—along with recommended reading from the Keesing Platform.
Traced back to the Lace Tempest (Storm0950) Clop ransomware affiliate, this attack had all the hallmarks of the group’s previous campaigns against Accellion FTA (2020) and GoAnywhere MFT (2023). The MO is simple: use a zero-day vulnerability in a popular software product to gain access to customer environments, and then exfiltrate as much data as possible to hold to ransom.
Keesing Platform: Ransomware and Identity and Access Management
The UK Electoral Commission
The UK’s independent regulator for party and election finance revealed in August that threat actors had stolen personal information on an estimated 40 million voters on the electoral register. It claimed a “complex” cyberattack was responsible, but reports have since suggested its security posture was poor – the organization having failed a Cyber Essentials baseline security audit.
Keesing Platform: Which Industries are Top Targets of Cyberattackers?
Indian Council of Medical Research (ICMR)
Another mega-breach, this time one of India’s biggest, was revealed in October, after a threat actor put up for sale personal information on 815 million residents. It appears that the data was exfiltrated from the ICMR’s COVID-testing database, and included name, age, gender, address, passport number and Aadhaar (government ID number).
Keesing Platform: The Impacts of Compromised Credentials
Two of the biggest names in Las Vegas were hit within days of each other by the same ALPHV/BlackCat ransomware affiliate known as Scattered Spider. In the case of MGM they managed to gain network access simply via some LinkedIn research and then a vishing attack to the individual in which they impersonated the IT department and asked for their credentials. Yet the compromise took a major financial toll on the firm. It was forced to shut down major IT systems which disrupted slot machines, restaurant management systems and even room key cards for days. The firm estimated a $100m cost. The cost to Cesars is unclear, although the firm admitted paying its extorters $15m.
Keesing Platform: The Benefits of Developing a Business Continuity Plan
The Keesing Platform team brings you the latest in various fields, including security documents, security printing, banknotes, identity management, biometrics, blockchain, crypto technology and online onboarding.