Cyber Security Blog

Biggest Cyber Attacks 2023, Top Data Breaches & Ransomware Attacks

Written by Aditi Uberoi | 11 January 2024

2023 was far from being a good year for global cybersecurity. Ransomware attacks continued their rampage across the world. Ransomware gangs attacked smaller and often less protected organisations per usual. But they also brought many major businesses to a halt in the year gone by. 


Ransomware gangs also unfortunately moved away from data encryption and switched heavily to data extortion threats in order to pressurise victims into paying up. Dual Ransomware Attacks were a new trend we witnessed, making it even harder for victims, even those with deep pockets, to recover.  

A zero-day exploit managed to compromise the security of almost 2,000 organisations worldwide with new victim names that continue to emerge every day. Major casino and entertainment giants weren’t able to offer guest services for a few days - a truly damaging scenario. Two of the biggest aviation giants - Boeing and Airbus - were impacted by serious data breaches which resulted in sensitive information being leaked online. 

The above examples, sadly, are just the tip of the iceberg. The table below encapsulates the 20 biggest cyber attacks, ransomware attacks and data breaches of 2023 listed in chronological order. 

As always, the goal here isn’t to highlight the victims and their plight. But as they say, life is too short to learn from your own experiences. The idea of this article is to present in an easily-consumable format how deeply cyber criminals have managed to bring some of the most formidable business giants and government organisations to their knees in the year gone. 

 

20 Major Cyber Attacks, Ransomware Attacks Data Breaches in 2023

 Back to Top 

Month & Victim

The Incident, Threat Actor & Impact

Source Link

January, 2023

Royal Mail

Royal Mail cyber attack linked to LockBit Ransomware - Royal Mail stopped its international shipping services due to the severe service disruption caused by the attack.  It left many small to medium businesses in a limbo. The cyber criminals demanded a ransom which was in millions but Royal Mail refused to pay. It had to resort to manual processes which increased the wait times for its customers tremendously

Royal Mail ransomware attack

January 2023

Yum! Brands, the owner of KFC, Taco Bell, and Pizza Hut fast food chains.

Ransomware gang apparently stole data from Yum!Brands - The business initially said there is no indication that customer information was exposed. Only corporate data was compromised, the organisation claimed in January. The attack forced Yum! Brands to temporarily close 300 locations in the United Kingdom. In April, Yum! Brands said some employee data had been leaked. It faced a class action litigation in relation to the compromise of PII, the company said in a filing with the SEC.

Yum! Brands ransomware attack 

January & March 2023

T-Mobile

T-Mobile hacked & data of 37 million accounts stolen through one of its APIs - T-Mobile was hacked twice in 2023. After the attack in January, in March the company disclosed a cyber attack in which attackers may have accessed T-Mobile account PINs, SSNs, full names, and other data.

T-Mobile cyber attacks 2023

February, 2023

Fruit Giant, Dole

Fruit giant Dole disclosed a ransomware attack impacting operations - Dole halted its shipments to grocery stores as the ransomware attack forced it to shut down operations of its production plants in North America. On May 17, 2023, Dole said the February ransomware attack cost $10.5 million in direct costs.

Food giant Dole ransomware attack

February, 2023

GoAnywhere


Clop ransomware claims it breached 130 organisations using GoAnywhere zero-day - The Clop ransomware gang claimed to be behind attacks that exploited a zero-day vulnerability CVE-2023-0669 in the GoAnywhere MFT secure file transfer tool, saying they stole data from over 130 organisations. According to a report published on March 26, 2023, SecurityWeek said the ransomware group posted on their Tor-based leak site the names of organisations allegedly impacted by the incident, including luxury brand retailer Saks Fifth Avenue, consumer goods giant Procter & Gamble, mining company Rio Tinto, and the U.K.’s Pension Protection Fund (PPF).  

GoAnywhere zero-day exploits

March, 2023

Acer

Acer confirms breach after threat actors (allegedly known as IntelBroker) attacked a server hosting private documents used by repair technicians - The threat actor hacked servers and claimed 160 GB of stolen data containing technical manuals, software tools, backend infrastructure details, product model documentation for phones, tablets, and laptops, BIOS images, ROM files, ISO files, and replacement digital product keys (RDPK).

Acer data breach

March, 2023

AT&T

AT&T alerts 9 million customers of data breach after vendor hack - A vendor that AT&T uses for marketing experienced a security incident in which hackers exposed information of 9 million customers as they accessed Customer Proprietary Network Information from some wireless accounts, such as the number of lines on an account or wireless rate plan, etc.

AT&T data breach

May, 2023

Intel

Money Message extortion gang stole Intel Boot Guard private keys after MSI breach - In March, the Money Message extortion gang attacked computer hardware maker MSI, claiming to have stolen 1.5TB of data during the attack, including firmware, source code, and databases. The gang demanded a $4,000,000 ransom and, after not being paid, began leaking the data for MSI on their data leak site. In May, they began leaking MSI's stolen data, including the source code for firmware used by the company's motherboards. 

Ransomware attack on Intel

May, 2023

PharMerica

Money Message Ransomware Gang steals data of 5.8 million PharMerica patients - PharMerica said the threat actors have exposed data of over 5.8 million patients but the ransomware gang claimed to have stolen 4.7 TB of data during their attack on PharMerica, stating that it consisted of at least 1.6 million unique records of personal information which they have leaked on their extortion site

Ransomware attack on PharMerica

June, 2023

Progress MOVEit

Clop Ransomware claims responsibility for MOVEit extortion attacks - The Clop Ransomware gang took responsibility for the MOVEit Transfer data-theft attacks, where a zero-day vulnerability was exploited to breach multiple companies' servers and steal data.

MOVEit ransomware attack

July, 2023

Microsoft

Microsoft allegedly impacted by data breach, theft of 30 million customer accounts -Hacktivists, Anonymous Sudan, alleged that they had “successfully hacked Microsoft” and “accessed a large database containing more than 30 million Microsoft accounts, emails, and passwords”. Anonymous Sudan offered to sell this database to interested parties for $50,000 and urged interested buyers to engage in contact with their Telegram bot to arrange the purchase of the data.

Alleged Microsoft data breach

 

July, 2023

Nickelodeon

Nickelodeon breached after leak of 'decades old’ data - Hackers stole files of 500 GB from Nickelodeon systems and leaked them on the dark web.

Nickelodeon data breach

September, 2023

MGM Resorts  & Caesars Entertainment

 

Casino & Entertainment Giants MGM Resorts & Caesars Entertainment impacted by massive attacks by Scattered Spider - MGM disclosed that it was dealing with a cybersecurity issue that impacted some of its systems, including its main website, online reservations, and in-casino services, like ATMs, slot machines, and credit card machines. On october 05, 2023, in its SEC Commission 8K filing report, MGM Resorts said: “Based on the ongoing investigation, the Company believes that the unauthorised third-party activity is contained at this time”. 

For Caesars, the cyber attack led to sensitive information of many loyalty programme members being compromised. Some reports suggest that Caesars paid off half of the huge ransom that hackers demanded to prevent leak of the information stolen.

MGM Resorts & Caesars ransomware attack

September, 2023

Sony

Sony impacted by cyber attack as hackers fight over who's responsible - Sony said that it is investigating allegations of a cyber attack. Different hackers stepped up to claim responsibility for the purported hack. Claims of attacking Sony's systems were initially made by an extortion group called RansomedVC. This group claimed that it had breached Sony's networks and stolen 260 GB of data during the attack that they are attempting to sell for $2.5 million. But on the other hand, MajorNelson (another group) leaked for free a 2.4 GB compressed archive, which contains 3.14 GB of uncompressed data that it claims belongs to Sony.

Ransomware Attack on Sony

September, 2023

Airbus

Airbus impacted by data leak allegedly involving thousands of suppliers - Airbus said that it investigated a cybersecurity incident following reports that a hacker posted information on 3,200 of the company’s vendors to the dark web. The threat actor using the moniker "USDoD" posted on BreachForums that they obtained access to an Airbus web portal after compromising the account of a Turkish airline employee.

Airbus data breach

October, 2022

Okta

Okta says its support system was breached using stolen credentials -  Okta spokesperson Vitor De Souza said that around 1% of 18, 400 customers are affected by this breach, but declined to provide a specific number. Due to this breach, the software company's shares ended down by 11.6% at $75.57 on October 20, 2023. CNBC reported that Okta has allegedly shed more than $2 billion from its market valuation since the company disclosed a hack of its support systems. It also said that this incident was made all the more high-profile due to the several incidents that have been tied to Okta or its products in the recent past. 

Okta Security Breach

October, 2023

Boeing

LockBit threatens to leak sensitive Boeing data - The LockBit cybercrime gang claimed that it had "a tremendous amount" of sensitive data stolen from the aerospace giant that it would dump online if Boeing didn't pay the ransom by November 2. On November 10, 2023, according to news reports, LockBit published data stolen from Boeing. Apparently, it has leaked more than 43 GB of files from Boeing after the company refused to pay the ransom.

Boeing ransomware attack 

November, 2023

National British Library

Rhysida Ransomware targets the National British Library - Multiple systems of the venerated institution were pulled offline. Hackers put the stolen data, allegedly containing PII of employees, on sale for 20 BTC.  Shortly after that, Rhysida published 573 GB of data – about 90% of the total amount stolen, to its dark web leak site. This data allegedly included sensitive information of visitors and readers.

National British Library ransomware attack

December, 2023

Toyota Financial Services (TFS)

Toyota warns customers of Medusa data breach exposing personal, financial information - Toyota Financial Services (TFS) confirmed that sensitive personal and financial data was exposed in the attack. The threat actors demanded a payment of $8,000,000 to delete the stolen data and gave Toyota 10 days to respond to their demand, but Toyota did not negotiate a ransom payment with the cybercriminals. Currently, all data has apparently been leaked on Medusa's extortion portal on the dark web.

Toyota Financial Services (TFS) ransomware attack

December, 2023

Xfinity

36 million people affected by data breach at Xfinity - Cable TV and internet service provider Xfinity said a breach linked to a widespread vulnerability (CVE-2023-4966) in Citrix technology exposed data of about nearly 36 million people in mid-October.

Xfinity data breach

Back to Top 

This is not fear mongering but a clarion call for everyone to get their cyber defences and cyber resilience in order for 2024. With each passing year, the advanced hacker is able to devise more and more sophisticated techniques to attack their victims. It is therefore imperative that every organisation worldwide matches pace and remains dynamic in their cybersecurity strategy. 

Don’t know where to start? Let our Virtual Cyber Assistants help you get started with the most cost-effective and flexible cyber security consultancy services in the global market. Our cybersecurity consultants can help you assess where your current breach readiness stands.

They can help you review and refresh your existing cyber incident response plans, incident response playbooks, ransomware response playbooks and more. They can also enable you to clearly understand your team’s cybersecurity awareness training needs, besides enabling you to achieve compliance with industry certifications and regulatory standards. 

But remember, you could have the most effective cybersecurity documents and state-of-the-art infrastructure. Yet if your team is unfamiliar with them, they’re of no use to you in an actual emergency. This is why regular Cyber Attack Tabletop Exercises are an absolute must in 2024. 

While we always recommend hiring an expert external facilitator to conduct your cyber drills, it may not always be possible. That’s why we have curated a Masterclass on How to Conduct an Effective Cybersecurity Tabletop Exercise

You can also use these FREE resources created by the world’s leading cyber drill simulator and get started on building true cyber resilience: 

  1. Top Incident Response Tabletop Scenarios to Rehearse
  2. Data Breach Tabletop Exercise Template
  3. Cyber Tabletop Exercise PPT