As the year winds down to a close, it is both incredibly interesting and important to reflect on some of the most outrageous cyber attacks of the last 12 months. In recent years, we have witnessed some pretty alarming attacks including the devastating NotPetya and WannaCry ransomware in 2017, SolarWinds in 2020, and the Colonial Pipeline attack in 2021. And so many more. These incidents underscore the relentless threats being perpetrated by global actors for both financial gain and often state-sponsored malice.
2023 emerged as a cybersecurity battleground where threat actors pushed the boundaries of both audacity and sophistication. Cyber incidents exploited vulnerabilities and showcased a heightened level of strategic intent. Data breeches were big news and it became very clear that no industry is immune from hacks, ransomware and data breeches. The cybercriminal playbook is evolving, which only underscores the essentialness for organizations to have a strong, forward-thinking cybersecurity strategy.
Now let’s take a look back at the most newsworthy and audacious cyberattacks of 2023.
In January 2023, the United Kingdom’s national postal service, the Royal Mail, was victim to a ransomware attack and data theft perpetrated by the LockBit Group, a team of cybercriminals likely originating from Russia or Eastern Europe. The Royal Mail refused to pay the $79.85 million USD ransom, taking a big hit to revenue and around $13 million USD in mitigation costs.
In February 2023, Oakland, California declared a state of emergency due to a ransomware attack that shut down many of the city’s non-emergency services. Sensitive data was stolen including personal information about members of the police force.
In March 2023, according to IT Governance, a global cyber solutions company, nearly 42 million records were compromised by cyberattacks globally.
In April 2023, protected health information of 411,383 people was compromised in a cyberattack against the Chattanooga Heart Institute in Texas.
In May 2023, Chinese cyber espionage actors accessed Microsoft email accounts including those of employees of the US State and Commerce Departments, as well as other government agencies. Also in May, the MOVEit file transfer exploitation affected thousands of organizations and contributed to a record-breaking ransomware attacks a few months later.
In June 2023, a cyberattack targeted U.S. federal agencies responsible for critical government functions.
In July 2023, multiple Norwegian government ministries were victims of a cyberattack. While it is still unclear who perpetrated the crime, it is believed the attack leveraged a vulnerability in a third-party supplier to the government.
In August 2023, the UK’s Electoral Commission reported a complex cyberattack that exposed the personal data of voters registered between 2014 and 2022. It was reported that the attackers remained in the system for up to 15 months.
In September 2023, Las Vegas casinos Caesars and MGM were victims of a massive cyberattack that ultimately cost them over $100 million. The companies vowed to invest substantially in cybersecurity upgrades.
In October 2023, biotechnology company 23andMe announced that 20 million data records including highly sensitive genetic information had been breached by threat actors. The company later amended that number to more than 6 million.
In November 2023, the British Library was hit by a major ransomware attack. London’s King Edward Hospital was also breached, and the hacking group threatened to leak the medical records of the Royal Family. It was also reported that the UK’s most hazardous nuclear site had been hacked into by groups likely linked to Russia and China.
In December 2023, Norton Healthcare, headquartered in Louisville, Kentucky, announced a data breach impacting an estimated 2.5 million people.
We highlighted 12 shocking cyber incidents here. But it is important to note that there were a projected 800,000 cyberattacks in 2023, with total monetary losses estimated at $8 trillion. And it is impossible to put a number on the loss of data and personal privacy.
Hopefully these examples serve as a bit of a wake-up call. No organization is immune to cybercrime. But one thing is for certain. The best defense will always be a strong offense. So keep that in mind as you enter 2024, because cybercrime is only expected to surge and your organization must be ready.
Concerned about cyber threats to your organization? Reach out now to schedule pen testing, vulnerability scanning or to just talk about your cybersecurity strategy.