As we prepare to turn the calendar’s page to another year, it’s time to reflect on this past year’s most notable cybersecurity incidents and hacks. If one thing is for certain, it’s that incidents are happening more often, and are becoming increasingly sophisticated. Simply stated, hacking and cybercrime show no signs of slowing down. By 2025, cybercrime will siphon an estimated $10.5 trillion from the World’s economy. This accounts for a 15% increase year over year, clearly demonstrating the velocity at which these attacks are damaging businesses across the globe.
Let’s be very clear. We don’t examine these events to shame the organizations, or to just point-and-laugh a la Nelson from The Simpsons. We do so in the same way elite athletes watch, re-watch, and examine game film. The intention is to better understand what happened, where things went wrong, and most importantly, how we can learn and improve moving forward. Let’s take a look at some of the most notable hacks of 2023 to see where we can improve in the new year.
T-Mobile Data Breach January 2023: In January, T-Mobile announced its discovery of hackers gaining entry to their servers via a vulnerable API, resulting in the data theft of over 37 million customers. Hackers obtained private information, including birthdays, email addresses, and full names. If you’re interested, there’s a running timeline of how this is playing out in near real time. Check out Firewall Times for the play-by-play.
Norton: Early in January, Norton said that over 6,000 customers were victims of a stuffing attack. A stuffing attack is when hackers use compromised passwords and login info to gain entry to users’ other accounts that may share the same password. Norton alerted all the hacked accounts. They also encouraged all their users to enable the two-factor authentication feature to help avoid future hacking attempts. A hacker group called BlackCat Ransomware claimed responsibility for the Norton Healthcare attack and leaked files as proof. Norton isn’t saying much about the case as the FBI investigates.
Reddit: Reddit has confirmed that the company suffered a data breach in February. CTO Christopher Slowe explained in a statement, “As in most phishing campaigns, the attacker sent out plausible-sounding prompts pointing employees to a website that cloned the behavior of our intranet gateway, in an attempt to steal credentials and second-factor tokens. After successfully obtaining a single employee’s credentials, the attacker gained access to some internal docs, code, as well as some internal dashboards and business systems.”
What did we learn here? Phishing is still a REAL PROBLEM. Remove passwords and explore unphishable MFA to prevent phishing attacks.
MOVEit: The mass hack of file transfer tool, MOVEit, has impacted more than 200 organizations and up to 17.5million individuals. Multiple federal agencies are among those affected, including the Department of Energy, Department of Agriculture, and Department of Health and Human Services. It’s widely believed the vast majority of schools across the U.S have also been targeted by the hack. As the implications of the attack continue to emerge, further breaches have been confirmed at Shell, Siemens Energy, Schneider Electric, First Merchants Bank, City National Bank, and many, many more. The attack originated with a security vulnerability in MOVEit’s software. The flaw was patched when identified, but hackers had already gained access to sensitive data. Clop, a Russia-linked ransomware group, claims responsibility for the breaches, and has threatened to publish stolen information on the dark web. This has been called “The Biggest Hack of 2023”, and it’s only getting bigger…
What did we learn here? You’re only as strong as your weakest link. Most of these organizations most likely had no idea their users were participating in file sharing on the platform and putting them at risk. Stricter policies on appropriate tools for filles sharing are encouraged. Also be sure to explore your software supply chain to ensure there are no vulnerabilities.
MGM: A known ransomware gang called Scattered Spider has taken credit for the September 2023 hack that impacted MGM’s website, casinos, and systems (even the room keys). Scattered Spider used social engineering to trick MGM help desk employees into resetting the passwords and multi-factor authentication (MFA) codes of high-value MGM employees. This gave them access to the social media accounts of these employees. They were able to obtain access to MGM’s Managed IT Service, Okta, to install an identity provider to create SSOs (Single Sign On) for themselves. The Microsoft Azure cloud environment became compromised as well, jeopardizing not only the managed applications, but all assets stored on the digital cloud. This resulted in multiple system vulnerabilities, exposure of customer data, and more access to MGM’s critical assets. All in, it’s estimated that the hack cost about $100 Million.
Okta: In what appears to be the most financially impactful of 2023, Okta has been hacked as well. According to reports, the hack has wiped out $2 BILLION in market cap for the organization. In this scenario, threat actors leveraged stolen credentials to access the support case management system. “The threat actor was able to view files uploaded by certain Okta customers as part of recent support cases,” David Bradbury, Okta’s chief security officer, said. “It should be noted that the Okta support case management system is separate from the production Okta service, which is fully operational and has not been impacted.”
What did we learn here? Zero trust principles applied by Okta most likely prevented a more significant impact. By having separated their Support Case Management and Okta service production instances, they saved themselves a lot of time and money.
As we reflect on the most notable hacks of 2023, it becomes increasingly clear that stolen credentials are a real problem. These incidents serve as stark reminders of the importance of learning from the mistakes of our peers in the industry. To guard against the risks of stolen credentials, it is imperative to consider removing the most susceptible attack vector, passwords. Consider exploring third-party Public Key Infrastructure (PKI) solutions like EZCA and EZCMS from Keytos! As we prepare to step into the new year, let’s prioritize strengthening our respective cybersecurity postures. Doing so will surely save us time, money, and most likely a few headaches. Remember, the lessons of the past are the blueprints for a more secure future!