Because security moves quickly, it\u2019s important to stay abreast of new and emerging trends. 2023 saw a continuation of some popular attack methods, like ransomware, as well as new vectors spurred by rapid advancements in AI and similar technology. <\/p>\n\n\n\n
In addition, Verizon\u2019s 2023 Data Breach Investigations Report<\/a> shows that cybercrime is becoming more diverse and innovative, with hackers attacking a higher variety of channels. As we continue to digitize more aspects of our lives, attack vectors are diversifying and compromising new and increasingly sensitive types of data, like genetic data, biometrics, and medical information. <\/p>\n\n\n\n In this blog, we\u2019ll cover some of the top attack vectors and breaches in 2023. <\/p>\n\n\n\n As artificial intelligence (AI) quickly makes its way into the workplace, it\u2019s becoming an increasingly prevalent player in the cybersecurity scene. In some attacks, cybercriminals go after the AI tools themselves. By nature, AI tools receive a significant amount of data, which can make them particularly risky, especially for companies inputting or storing sensitive information in an AI tool. Case in point: ChatGPT already experienced its first breach<\/a> when customer data was exposed earlier this year. <\/p>\n\n\n\n In other attacks, cybercriminals use generative AI to develop and mount attacks. WormGPT<\/a>, for example, is a ChatGPT alternative designed without any safeguards in place so that people can use it to generate convincing phishing scams and similar malicious content. <\/p>\n\n\n\n Read more about AI and security in our blog, <\/em><\/strong>3 Security Implications of ChatGPT and Other AI Content-Generation Tools<\/em><\/strong><\/a>. <\/em><\/strong><\/p>\n\n\n\n However, not all AI is bad: AI is also helping companies shore up their security with intelligent SIEM systems, predictive analytics, and more. <\/p>\n\n\n\n Human error remains one of the top exploited factors in breaches. Because it is difficult to determine the exact nature and pathways of breaches, it\u2019s hard to pin an exact number to the prevalence of social engineering attacks. However, Verizon\u2019s 2022 Data Breach Investigation Report<\/a> says that 74% of the attacks in 2022 exploited a human element, and Splunk attributes 98% of cyberattacks<\/a> to social engineering. Anecdotally, it\u2019s rare to meet a person who\u2019s never received a phishing email in either their personal or professional life. <\/p>\n\n\n\n Regardless of the exact number, it\u2019s clear that social engineering is a formidable factor in many of today\u2019s cyberattacks. <\/p>\n\n\n\n Ransomware is malware that blocks access to devices or data until a specific demand (often a financial ransom) is paid. Ransomware accounted for 24% of cybersecurity attacks<\/a> last year, maintaining its status as one of the most common attack vectors.<\/p>\n\n\n\n Third-party vendors are often a weak link in an organization\u2019s cybersecurity defenses. Often, these weak links are the entry point for supply-chain attacks, which target third-party vulnerabilities to reach a long list of affiliated customers, data points, and users. <\/p>\n\n\n\n The more we rely on specialized applications and services, the harder it becomes to ensure the security of each one. This becomes especially risky for companies with sprawled architectures<\/a> and many point solutions from many different vendors. <\/p>\n\n\n\n Maintaining a clear understanding of all the vendors and solutions in your architecture, as well as only engaging with trustworthy vendors, can help defend against these attacks. In addition, compliance regulations, like SOC 2<\/a>, can help you hold third-party vendors to rigorous security standards. <\/p>\n\n\n\n Personally identifiable information (PII) like name, date of birth, and address have been valuable attack targets for years. However, as attack vectors diversify and hackers find new routes to valuable information, the diversity and sensitivity of targeted PII has risen. This year, for example, some of the top attacks leveraged healthcare data, biometrics, and genetic information, to name a few. <\/p>\n\n\n\n As we continue to digitize more aspects of our lives, the security of affiliated data is called into question \u2014 as are the consequences of having such permanent PII compromised. <\/p>\n\n\n\n A cybercriminal group called CL0P Ransomware Gang<\/a> mounted a zero-day attack of Progress Software\u2019s file transfer tool, MOVEit. Because MOVEit is a widely used tool, the ramifications of this supply-chain attack were sweeping. <\/p>\n\n\n\n The attack impacted a variety of organizations, from companies like Sony and IBM, to public sector organizations like the U.S. Department of Justice<\/a>, the State of Maine, and the New York City public school system. According to Security Intelligence<\/a>, this breach \u201ccould be the most devastating exploitation of a zero-day vulnerability ever.\u201d<\/p>\n\n\n\n The exploit was of a previously unknown vulnerability in MOVEit Transfer, MOVEit\u2019s file transfer service. The vulnerability infected MOVEit Transfer\u2019s web applications<\/a> with a web shell that allowed them to steal data from underlying MOVEit Transfer databases. CSO Online estimates<\/a> that 2,620 organizations and 77.2 million were affected by the breach.<\/p>\n\n\n\n Progress Software issued a patch<\/a> to address the vulnerability on May 31, about a week after the attack. It then implemented a third-party security audit and found and patched multiple other vulnerabilities in the following weeks. The company also formalized a \u201cService Pack\u201d program to help their customers stay up to date with the most recent patches. You can read Progress Software\u2019s statement about it here<\/a>. <\/p>\n\n\n\n T. Mobile sustained four breaches<\/a> in 2023. All of the breaches compromised customer or employee data, although they varied in scope and severity. <\/p>\n\n\n\n In the first, a bad actor exploited an API vulnerability to steal the data of 37 million customers<\/a> in January. <\/p>\n\n\n\n The second had a much more limited scope: 836 customers\u2019 data was compromised. <\/p>\n\n\n\n The third occurred in April but wasn\u2019t shared until September: 90GB of personal employee data <\/a>from an independently owned T-Mobile retailer was leaked on the dark web. Malware repository vx-underground<\/a> said its researchers had been contacted by the hackers responsible for the leak, and vx-underground subsequently shared the information on X (formerly known as Twitter). According to vx-underground, \u201cWe do not know why it took the Threat Actor(s) several months to leak the data, we can only speculate, so we will not.\u201d<\/p>\n\n\n\n Finally, a \u201csystem glitch\u201d<\/a> was responsible for leaking the personal data of fewer than 100 customers. T-Mobile refuted the notion that this was an attack, and clarified that \u201cThis was a temporary system glitch related to a planned overnight technology update involving limited account information or fewer than 100 customers, which was quickly resolved.\u201d<\/p>\n\n\n\n MGM Resorts, a prominent owner of casinos and hotels around the world, fell victim to a ransomware attack on September 11 that compromised customer PII. The number of customers affected is still “unspecified,”<\/a> but stolen information included names, dates of birth, driver\u2019s license numbers, and, in some cases, social security numbers. MGM Resorts said passwords and payment details were unaffected. <\/p>\n\n\n\n The attack caused many customer-facing disruptions at the MGM properties, including shut-down slot machines and ATMs. Despite the fact that MGM did not pay the requested ransom, the company reportedly sustained $10 million<\/a> in losses over the incident. <\/p>\n\n\n\n 23andMe, a genetic testing company, reported in October that 14,000 of their users\u2019 data<\/a> was breached. Bad actors accessed the data by infiltrating users\u2019 accounts and moving laterally<\/a> to access additional accounts to mine their data. <\/p>\n\n\n\n 23andMe works with a fairly unique type of information: genetic data. In an environment where most PII floating around is data points like name, address, passwords, etcetera, genetic information is particularly unique and permanent: you can change your address, but you can\u2019t change your DNA. This makes it particularly sensitive to users and valuable to hackers.<\/p>\n\n\n\n In addition, genetic data add complications to judging who was affected: while 14,000 users were directly affected, the question still remains how many relatives of those users were subsequently affected.<\/p>\n\n\n\n The Indian Council of Medical Research (ICMR) was breached on October 9th, where a COVID test database was leveraged to access PII. The compromised information, which was posted for sale on the dark web, included passport information, unique identity numbers, biometrics, names, phone numbers, and addresses. The breach was originally discovered by Resecurity, a U.S. cybersecurity company. You can read their summary of the event here<\/a>.<\/p>\n\n\n\n According to Tech Informed<\/a>, the ICMR has been a frequent attack target, having sustained 6,000 breaches in 2022 and many more in 2023. Tech Informed also notes that this breach is thought to be one of the biggest in India\u2019s history. <\/p>\n\n\n\n JumpCloud helps organizations implement a Zero Trust security approach with an open directory platform that can protect users anywhere, and from any trusted device. <\/p>\n\n\n\n With JumpCloud, you can consolidate your resources and vendors, enforce security policies like MFA everywhere<\/a> and phishing-resistant passwordless authentication<\/a>, and maintain visibility and control over your infrastructure. Start your free trial today<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":" Hackers are finding new and innovative ways to gain access to data… here’s a look at the top 5 breaches of 2023.<\/p>\n","protected":false},"author":144,"featured_media":72959,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_oasis_is_in_workflow":0,"_oasis_original":0,"_oasis_task_priority":"","inline_featured_image":false,"footnotes":""},"categories":[42],"tags":[],"collection":[2775],"platform":[],"funnel_stage":[3016],"coauthors":[2532],"acf":[],"yoast_head":"\nTop Cybersecurity Attack Vectors of 2023<\/h2>\n\n\n\n
Artificial Intelligence<\/h3>\n\n\n\n
Social Engineering <\/h3>\n\n\n\n
Ransomware<\/h3>\n\n\n\n
Third-Party Vulnerabilities and Supply Chain Attacks<\/h3>\n\n\n\n
Next-Level PII<\/h3>\n\n\n\n
Top 5 Data Breaches of 2023<\/h2>\n\n\n\n
1. May – MOVEit File Transfer Breach Compromises Millions<\/h3>\n\n\n\n
2. January, February-March, April, and September \u2013 T. Mobile Customer\/Employee Data Is Breached<\/h3>\n\n\n\n
3. September \u2014 MGM Resorts <\/h3>\n\n\n\n
4. October \u2014 23andMe Genetic Information Compromised<\/h3>\n\n\n\n
5. October \u2014 Indian Council of Medical Research Breach of 815 Million Records<\/h3>\n\n\n\n
Protect Your Environment with JumpCloud <\/h2>\n\n\n\n