2023 Data Breaches
Its been a while since I’ve posted, life and holidays happen. Typically I post about threat actors, vulnerabilities, hacking, etc. Today I wanted to look back at some of the major data breaches and cyber attacks of 2023.
23andMe – A credential stuffing attack lead to the breach of about 20m records. This attack uses compromised user credentials and it’s typically automated to find the combinations. It relies on user credentials that are reused.
ESXi VMware hypervisor – Threat actors exploited a two-year old vulnerability (CVE-2021-201974) that affected older versions of the ESXi hypervisor. It involved exploiting OpenSLP service to execute remote code. The campaign was known as the “ESXiArgs” campaign. it affected over 3,800 servers.
Forta GoAnywhere – in February of 2023 it was found that Forta’s GoAnywhere file transfer service could be exploited to execute remote code on vulnerable systems. This was harder to prevent as the attackers utilized a zero-day exploit for the RCE and on-premise systems were at a higher risk. The attack affected 3m members.
MOVEit – Progress’s MOVEit file transfer service was exploited by Clop (RU speaking threat group) that was believed to have started in May 2023. Clop threatened to expose customer records online if the victim did not pay the ransom. Those that did not pay had records exposed. Over 2600 records were exposed on the dark web to date. There is no evidence that Clop provided decryption keys for those that paid. It’s estimated that the group may have made up to $75m from the attack.
Microsoft Cloud Email – Using a stolen Azure AD key that was improperly stored, Storm-0558, a China-linked threat group, used the stolen key to forge authentication tokens. This lead to the compromise of emails from 25 organizations from multiple US government organizations. Over 60,000 emails were exposed.
In all most of these, arguably all, could have been prevented with good cyber security practices. Don’t reuse credentials, system updates and patching, phishing and security awareness training. Stay vigilant!