Top 3 Data Breaches of 2023, and What Lies Ahead in 2024

We Keep you Connected

Top 3 Data Breaches of 2023, and What Lies Ahead in 2024

Take a look at last year’s most impactful data breaches and what companies can do to protect themselves going forward.
January 29, 2024
COMMENTARY
The migration to the cloud, coupled with the rise of artificial intelligence (AI) and machine learning, have exponentially accelerated the use, spread, and storage of data in the cloud. The adoption of new technologies to assist with these processes, and the increasing number of privacy laws and regulations to try and govern them, heightened awareness of the need to address data as a standalone security priority in 2023.
Attackers, as always, were not far behind efforts to stop them. Alongside the adoption of data security tools and processes, 2023 was a year of data breaches, with billions of sensitive records exposed and millions affected. Take a look at the top three data breaches of 2023, categorized by type of impact, and assess what lies ahead for the dynamic security sector.
In May 2023, a ransomware group that goes by the name CL0P (TA505) began abusing a zero-day exploit in MOVEit, a managed file transfer software. The attack took the form of an SQL Injection of Progress Software's MOVEit Transfer – CVE-2023-34362. Internet-facing MOVEit Transfer's Web applications were exploited and infected with a Web shell named LEMURLOOT, which was used to steal data from underlying MOVEit Transfer databases and internal servers.
The breach by the numbers:
More than 62 million individuals were impacted.
Over 2,000 organizations were breached.
Approximately 84% of breached organizations are US-based.
Approximately 30% of breached organizations are from the financial sector.
$10 billion is the total cost of the mass hacks so far.
MOVEit's data breach is notable for its scale and the variety of victims affected. It demonstrated how a flaw in a single piece of software can trigger a global data privacy disaster, exposing data from numerous governments and industries, financial information as well as sensitive healthcare data — and the scope continues to widen.
Although Progress Software issued three successive patches to mitigate the breach, the harm was already done. In every month since the attack began, new organizations report they have been breached, including Sony Interactive Entertainment, BBC, British Airways, the US Department of Energy, and Shell. A growing number of cyber incidents have been linked to the original MOVEit breach as the conduit that exposed credentials and "phishing fertilizer" details.
In October 2023, a threat actor using the alias 'pwn0001' posted a thread on Breach Forums brokering access to identification and passport details (including names, addresses, and phone numbers) of 81.5 million citizens of India. They proved their abilities by providing samples of these documents, with hundreds of thousands of confirmed personally identifying information (PII) details were taken from ICMR's COVID-19 databases.
The breach by the numbers:
5 million breached personal records and COVID test details from the New Delhi-based organization.
90GB of data offered for sale for $80,000.
This is considered the most significant data breach in India's history, and attention should be paid to both the amount of data extracted and its sensitivity. The lack of data security processes and protocols governing such a large and strategic database places government agencies and ministries at high risk. Without robust and dedicated data security plans in place, we can anticipate similar breaches leveraging sensitive data for criminal purposes.
In October 2023, genetics testing company 23andMe reported the detection of unauthorized access. It said the attackers used credential-stuffing methods and scraping of 23andMe's DNA Relatives feature, which users can opt into to share more data with friends and family. According to 23andMe, the hackers detected were able to guess the login credentials of verified users to gain access to their 23andMe accounts. After obtaining access, the hackers used the DNA Relatives feature to acquire even more information about other users including names, email addresses, dates of birth, genetic ancestry and history, and more.
The breach by the numbers:
9 million user accounts were compromised — about half of the company's users.
More than 5.5 million customer records were scraped and leaked.
$6 is the average black-market price of a breached account.
Without strong data security hygiene in highly sensitive databases, threat actors can easily gain access using stolen credentials, a method gaining traction and popularity. 23andMe responded by requiring all customers to use two-step verification, temporarily disabling some DNA Relatives tool features, and advising users to change their login information and enable multifactor authentication.
Accountability and rebuilding trust with customers are key tenets for organizations that understand the inevitability of attacks as well as their role in preventing damage and disruption. The balance between using data and keeping it secure will continue to be a challenge, especially with the blurred lines around generative AI tools. We will continue seeing the trend of lingering impact attacks and "secondary blasts," with identity-based breaches using techniques such as credential stuffing rising in number and impact.
There are numerous levels of risk and varying degrees of data security hygiene that permitted these breaches to occur. Quickly taking accountability for the company's sensitive data and reacting to reduce its risk by eliminating unnecessary data, encryption, and access permissions must be pillars of every organization's post-attack security protocol.
Embracing both "left-of-boom" (pre-attack) and "right-of-boom" (post-attack) responsibility helps organizations become quick to react and reduce impact, provided they have fine-grained visibility into their security controls and access policies. Complete discovery of sensitive data, wherever it resides within the organization, is a core ability that helps companies focus on risk reduction and control their data sprawl.
Gad Rosenthal
Product Manager, Eureka Security
Gad Rosenthal is a Product Manager at Eureka Security, a Cloud Data Security company that enables security teams to navigate the ongoing and often chaotic expansion and growth of cloud data. Prior to joining Eureka, Gad had cybersecurity roles at Microsoft, Siemplify (now part of Google), Imperva, and additionally led cybersecurity and compliance initiatives at the Israeli Cyber Command and the Israeli Cyber Education Center. Passionate about technology, cyber, compliance, and people, Gad is driven to identify and develop exciting new technologies and strategies to help fellow security leaders.
You May Also Like
Tips for Managing Cloud Security in a Hybrid Environment
Top Cloud Security Threats Targeting Enterprises
DevSecOps: The Smart Way to Shift Left
Making Sense of Security Operations Data
Your Everywhere Security Guide: 4 Steps to Stop Cyberattacks
Cybersecurity’s Hottest New Technologies – Dark Reading March 21 Event
Black Hat Asia – April 16-19 – Learn More
Black Hat Spring Trainings – March 12-15 – Learn More
Cyber Resiliency 2023: How to Keep IT Operations Running, No Matter What
Passwords Are Passe: Next Gen Authentication Addresses Today’s Threats
The State of Supply Chain Threats
How to Deploy Zero Trust for Remote Workforce Security
What Ransomware Groups Look for in Enterprise Victims
Forrester Total Economic Impact Study: Team Cymru Pure Signal Recon
SANS ICS/OT Cybersecurity Survey: 2023’s Challenges and Tomorrow’s Defenses
IT Zero Trust vs. OT Zero Trust: It’s all about Availability
The OT Zero Trust Handbook: Implementing the 4 Cornerstones of OT Security
Migrations Playbook for Saving Money with Snyk + AWS
Understanding AI Models to Future-Proof Your AppSec Program
Cybersecurity’s Hottest New Technologies – Dark Reading March 21 Event
Black Hat Asia – April 16-19 – Learn More
Black Hat Spring Trainings – March 12-15 – Learn More
Cyber Resiliency 2023: How to Keep IT Operations Running, No Matter What
Copyright © 2024 Informa PLC Informa UK Limited is a company registered in England and Wales with company number 1072954 whose registered office is 5 Howick Place, London, SW1P 1WG.

source

TNC

LET US MANAGE YOUR SYSTEM
SO YOU CAN RUN YOUR BUSINESS

GET THE LATEST UPDATES, OFFERS, INFORMATION & MORE