Cyber Security Year In Review

Show Notes

Join us as we reflect on the highs and lows of the cybersecurity landscape in 2023, providing valuable insights for cybersecurity enthusiasts, professionals, and anyone interested in the dynamic world of digital security.

See where Fortra GoAnywhere, 3CX, MOVEit, Barracuda, Microsoft, and Cisco dropped the cybersecurity ball this year. How their failures affect governments, and your every day life. 

Support the show

Subscribe now to Darnley's Cyber Cafe and stay informed on the latest developments in the ever-evolving digital landscape.

Chapters

• 0:00: Introduction
• 1:27: Episode Recap
• 1:49: Bid Farewell to 2023
• 4:10: 10 Major Cyber Attacks and Breaches
• 17:36: 2024 Onward
• 19:15: Final Thoughts, Ending

Transcript

EP 61 – Cyber Security Year In Review

 

 

 

 

Episode Recap

·      End of a year review

·      10 Major Cyber Attacks and Data Breaches

·      2024 onward

 

The end of 2023 review

·      As we bid farewell to another year, it's important to reflect on the ever-evolving landscape of cybersecurity that has defined 2023. This year has been marked by unprecedented challenges, innovative solutions, and a heightened awareness of the crucial role cybersecurity plays in our interconnected world.

·      From the rise of AI and machine learning, supply chain security, to stressing the importance of proper cyber hygiene. This year has been quite the typical mixed bag of events.

·      If I’m honest with everyone, this is business-as-usual as far as I can tell. The cybersecurity landscape is poised for further evolution, and along this evolution there are bound to be some headaches along the way. 

·      This is why cybersecurity plays an important role in all of our lives, regardless if you are a business professional, IT specialist, or anyone who wants to keep their ear on news and events. I always want to underscore the importance of understanding and gaining new knowledge to better protect yourself. 

·      What do we need to review exactly? Isnt the world going to hell in a hand basket? Haha, no…not yet anyway. 

·      One of the biggest events I want to highlight for 2023 is within the cybersecurity community, we witnessed a massive collaboration and information sharing among organizations, government agencies, and security researchers. This collective effort has and will continue to play a defining role in identify and mitigating cyber threats. 

·      Did you think 2023 was a good year? I would say so, depending on who you ask. Again, I do want to highlight that year over year, cyber-attacks are gaining in strength and numbers, cyber criminals are continuing to find new innovative ways to collect and disrupt technologies for their benefit. These come from for-profit criminal rings or from state-sponsored cyber attack groups alike.

 

10 Major Cyber Attacks and Data Breaches

·      Ransomware remained a massive threat to business, especially to smaller and less-protect businesses, the focus on the data theft and extortion-only campaigns by some attackers was a major development within 2023.

·      Not all of the attacks mentioned are encryption-based ransomware, but instead involved extortion demands. Russian-speaking group CLOP, was behind the most of the extortion-only attacks that affected the MOVEit and GoAnywhere attacks. 

·      Here are some of the major attacks that made headlines this year

·      #1 – ESXi Randwomware attacks. The ESXiArgs ransomware campaign targeted customers that ran VMware ESXi hypervisor – according to the FBI and CISA put the number of compromised servers to 3,800 worldwide. This targeted countries such as the US, Canada, France and Germany, according to cybersecurity vendor Censys. The attacks exploited a two-year-old vulnerability that affects older versions of VMware ESXi. 

·      #2 – GoAnywhere Attacks - February, Fortra informed customers that it had identified an actively exploited zero-day vulnerability in its GoAnywhere file transfer platform, which could be used to remotely execute code on vulnerable systems. 

o   The largest incident from the GoAnywhere campaign — the hack of healthcare benefits and technology firm NationsBenefits — impacted 3 million members, according to the Identity Theft Resource Center.

o    The GoAnywhere platform was also exploited by hackers to steal data from numerous other large organizations including Procter & Gamble, the City of Toronto, Crown Resorts and data security firm Rubrik.

·      #3 - The compromise in March of 3CX, a widely used communications software maker, resembled the SolarWinds supply chain attack of 2020 in a number of key ways. Fortunately this attack was caught in weeks rather then months like Solarwinds(n-able)

o   3CX, whose communications software includes a VoIP phone system app targeted in the attack, has said that its customer base totaled more than 600,000 organizations, with sales exclusively through its network of 25,000 partners. Major customers listed by 3CX include American Express, McDonald’s, Coca-Cola, NHS, Toyota, BMW and Honda.

·      #4 – MOVEit Attacks. I mentioned this in detail within our episode 57. The attackers, Clop, a Russian-speaking group, exploited a critical vulnerability in Progress’ MOVEit file transfer tool and are believed to have begun in late May. It’s also believed that the attacks have not included any deployment of encryption, as in traditional ransomware attacks. Instead, Clop claimed that if a victim company were to pay its demand, the group would not leak the victim’s stolen data on its darkweb site. And for hundreds of companies that presumably opted not to pay, Clop did exactly that.

o  But as of July, incident response firm Coveware was estimating that Clop would receive between $75 million and $100 million in the attacks.

o  Makes it one of the biggest data heists in recent years. Within the IT industry, victims of the MOVEit data extortion campaign included IBM, Cognizant and Deloitte, PricewaterhouseCoopers and Ernst & Young.

·      #5 - PBI Research Services Breach - In one prominent case, a MOVEit-related incident ended up resulting in numerous downstream breaches of organizations that used a large third-party vendor. The breach of PBI Research Services became the largest single MOVEit-related incident, in terms of total individuals impacted, after data from 13.8 million individuals was ultimately compromised, according to the Identity Theft Resource Center.

·      #6 - Barracuda Email Security Gateway Attacks - Initially disclosed by Barracuda in late May, the attack campaign leveraged a critical vulnerability in the company’s Email Security Gateway (ESG) on-premises appliances. Further investigation from the company and Mandiant found that the vulnerability had been exploited as far back as October 2022.

o   Barracuda disclosed in June that it believed 5 percent of active ESG appliances had been compromised by attackers.

o   The attacks prompted the highly unusual recommendation from Barracuda that affected customers should actually replace their ESG devices.

o   Mandiant has attributed the campaign to a group it tracks as UNC4841, which is believed to work in support of China’s government. The firm’s researchers reported that government agencies were “disproportionately” targeted in the attacks, with a particular focus on the U.S.

·      #7 - Microsoft Cloud Email Breach - The high-profile breach of Microsoft cloud email accounts belonging to multiple U.S. government agencies, discovered in June, is believed to have impacted the emails of Commerce Secretary Gina Raimondo as well as U.S. Ambassador to China Nicholas Burns and officials in the Commerce Department. A total of 60,000 emails were stolen from 10 U.S. State Department accounts in the compromise, according to reports.

o   In September, Microsoft disclosed that it had identified additional issues that enabled the China-linked threat actor — tracked as “Storm-0558” — to compromise the cloud email accounts of U.S. officials.

o   Microsoft had said a stolen Azure Active Directory key was misused to forge authentication tokens and gain access to emails from an estimated 25 organizations.

·      #8 - Casino Operator Attacks - There are many concerning elements of the highly disruptive attacks against casino operators MGM and Caesars Entertainment in September — including the reported use of social engineering by the hackers to trick an IT help desk into providing access in the MGM breach

o   According to security researchers, the teenage and young adult hackers of Scattered Spider utilized BlackCat ransomware that was provided by Alphv - gang whose members have previously been affiliated with DarkSide, the group behind the Colonial Pipeline attack). While ransomware-as-a-service has been a growing trend for years in Eastern Europe, the alliance between teen hackers — which some reports say include members in the U.S. and U.K. — and Russian-speaking RaaS groups appears to expand the threat landscape in troubling new directions.

o   This could set the stage to what is to come in 2024 regarding these RAAS attacks

·      #9 - Cisco IOS XE Attacks - In mid-October, a campaign against Cisco IOS XE customers rapidly became one of the most widespread edge attacks ever, experts told CRN. Nearly 42,000 Cisco devices were compromised through exploits of a critical IOS XE vulnerability discovered Oct. 16, according to Censys researchers.

o   Cisco said in an advisory that day that the zero-day vulnerability in IOS XE saw “active exploitation” by attackers. The privilege escalation vulnerability received the maximum severity rating, 10.0 out of 10.0, from Cisco. Exploitation of the critical vulnerability can allow a malicious actor to acquire “full control” of the compromised device, Cisco’s Talos threat intelligence team said.

o   Of edge attacks, this is one of the most significant

·      # 10 - Okta Support System Breach - On Oct. 20, Okta disclosed a data breach affecting its support case management system, which the company initially believed had impacted a “very small subset” of its 18,000 customers. In early November, however, Okta acknowledged that data from 134 customers had been accessed. And then in late November, the identity platform provider revised its assessment again — disclosing that the breach had included the theft of all support customer names and emails.

o   The victims of the attack also included several major cybersecurity vendors. Following Okta’s initial disclosure about the support system breach, BeyondTrust, Cloudflare and 1Password each said they were among the impacted customers in the incident.

·      What do we need to look forward to 2024?

 

2024 Onward

·      This is a difficult question for me to answer, and unfortunately I still do not own that cybersecurity crystal ball – if I did I would be a rich man. 

·      To look ahead in 2024, The integration of emerging technologies, continued regulatory developments, and the adaptability of cybersecurity strategies will continue shape the industry's response to future challenges. Collaboration, innovation, and a proactive approach will be essential in safeguarding our digital future. 

·      I will say that the end of 2023 signifies not only the culmination of a year of challenges but also the resilience and adaptability of the cybersecurity community. By learning from the past, embracing technological advancements, and fostering collaboration, we pave the way for a more secure digital landscape in the years to come.

·      The best thing you need to do today is to notice the writing on the wall and how all these mentioned large scale attacks affects us in every way. By ignoring your responsibility of your own cyber hygiene, or your own organizations cyber hygiene then you are only on you way to headaches unimaginable. 

·      Don’t let these things intimidate you, or scare you. It is very easy to follow the simple steps of having basic cyber hygiene moving into 2024. Im stopping short of saying to make this a resolution, but to make this part of your life, today.