As we bid farewell to 2023, it's time to reflect on a year that has been both groundbreaking and challenging in the realm of digital security. From sophisticated attacks to innovative defences, the past year has witnessed a series of events that have significantly impacted businesses, governments, and individuals worldwide.
2023 has been a year of resilience, innovation, and unforeseen vulnerabilities, with the security agenda dominated by some of the biggest news stories facing the headlines. We’ve created an overview of just some of these stories - let’s dive in!
MOVEit - the biggest hack of the year?
Described as the largest hack of the year by many, the mass exploitation of MOVEit Transfer software took the cyber world by storm.
The fallout began in May when Progress disclosed a zero-day vulnerability in MOVEit Transfer, which was later discovered to allow Clop attackers to access, abuse, and steal sensitive data stored within the MOVEit Transfer servers.
While Progress quickly issued a patch, extensive damage was already made, with Clop’s widespread attack stealing data from government, public, and business organisations worldwide. Researchers believe that the ransomware group, Clop, may have been plotting this attack as early as 2021.
Okta’s breaches
Okta has hit quite a few headlines in recent months with incidents not only affecting their financial standing, but also their reputation as a trusted service provider in the cyber security landscape.
In October, we reported Okta Security detecting unauthorised access using a stolen credential. The threat actor accessed Okta's support case management system, specifically recent support cases where sensitive data was exposed. Initially, Okta suggested only 1% of its customers were impacted; now, the company admits the breach affected 100% of its customer base.
This breach resulted in a considerable drop in Okta's share value, a loss of over $2 billion in market cap, and raised serious concerns about the effectiveness of Okta’s security measures.
Just a few weeks later, in November, it was reported that Okta suffered another data breach after its third-party vendor, Rightway Healthcare, was hacked. This time, 4,961 employees were warned that their personal data was exposed as a result.
These breaches show a clear pattern of attacks on Okta by sophisticated threat actors. Since the breaches have occurred, Okta has taken steps to prevent future incidents.
China's ICBC, the world's biggest bank, hit by cyber attack
In November, the U.S. financial services division of Chinese bank ICBC was hit by a ransomware attack that reportedly affected the trade of U.S. Treasurys.
It was later revealed that ransomware from the hacking group, Lockbit, was used to carry out the attack. However, it is not clear who was behind it. When the hack was discovered, ICBC isolated impacted systems and began a thorough investigation to identify the root cause. The Chinese bank also said it is working with law enforcement.
LockBit is the group behind the ransomware-as-a-service software, which effectively sells its malicious software to other hackers who then go on to carry out the cyber attacks.
Samsung
Just recently, Samsung announced a historic year-long data breach between July 2019 and June 2020, that was only just discovered this year.
In a letter sent to affected customers (shown in the tweet below), Samsung admitted it didn’t discover the compromise until 13th November, 2023.
Data breach at @Samsung: https://t.co/j3JXFvYrfp
— Troy Hunt (@troyhunt) November 15, 2023
It’s thought that hackers may have accessed the personal information of Samsung UK customers, including the names, phone numbers, postal addresses and email addresses. No financial data or customer passwords were impacted. While Samsung have been open about the leak, it’s not clear how many customers were affected or how hackers accessed their systems.
The ever-increasing scale of DDoS attacks
We’re certain this one isn’t coming as a surprise, but the scale of DDoS attacks is exponentially increasing. At the beginning of the year, in February, we reported on the largest HTTP DDoS attack reported to date. Just two months ago, it was also announced that Google mitigated a DDoS attack which peaked at 398 million requests per second. It appears attackers exploited a weakness in HTTP/2 – a newer version of the HTTP network protocol.
And in October, Google, Amazon and Cloudflare say they have ‘weathered’ the internet's largest-known denial of service attack and are advising companies to update their web servers to ensure that they do not remain vulnerable.
According to a report from Kaspersky, 20% of companies with a workforce of 50 or more reported experiencing at least one DDoS or denial of service (DoS) attack. 24% of these companies were in telecommunication, and 22% were in financial services. Meanwhile, Baffin Bay Networks revealed the true cost of a DDoS attack, with attackers spending as little as $200 to initiate a DDoS attack for 24 hours using 20,000 to 50,000 requests per second.
MongoDB faces unauthorised access incident
MongoDB experienced a security breach where unauthorised access to its corporate systems was detected on December 16, 2023.
The breach involved customer account metadata, including names, phone numbers, and email addresses. However, there was no evidence of access to customer system logs or MongoDB Atlas cluster authentication systems.
A separate incident of high login attempts was reported but was unrelated to the breach. MongoDB is investigating the incident with authorities and experts. No security vulnerabilities in MongoDB products were identified in relation to this incident.
You’re one in two million!
Earlier this year, TryHackMe reached two million users! With more users joining us on this journey daily, this number continues to grow, bringing the total TryHackMe user count to just over 2.6 million.
Check out our TryHackMe in Review (2023) blog to learn more about our remarkable year, and what you can expect from us in 2024!
Ben Spring