ICYMI: At Midyear, 2023 Data Breaches and Ransomware attacks already prove worrisome

Although the year is but half over, data breach statistics and ransomware activity are already proving disturbing. A wealth of high-profile intrusions and infections are impacting organizations regardless of size and industry. 

Malicious actors are not discriminating. Observations and analysis published within the 2023 Verizon Data Breach Investigations Report indicates “cybercriminals are coming for data, and they’re using more types of attacks against organizations like yours.” 

The report confirms 83 percent of data breaches are caused by outsiders and 74 percent involve human interaction, such as social engineering efforts, user errors or deliberate systems misuse. Worse, the report warns threat rates are accelerating. 

Here’s a look, first, at significant data breaches year-to-date, followed by a quick review of prominent spyware activity. To offset the news, these two cyberthreat sections are followed by a quick reminder of best practices firms can adopt to assist defending against these threats. 

Significant 2023 Data Breaches, To Date

Data breaches, or cyber-attacks that result in unauthorized access and disclosure of information, are typically driven by the desire for financial gain. “We have your data. Pay us.” is the summarized refrain quoted within Verizon’s data breach report. 

Among those falling victim to well-publicized data breaches in 2023 are: 

• American Bar Association (ABA) – The legal profession’s largest association proved the victim of a breach when login information (credential that could subsequently be used to gain access to other data) for some 1.4 million members was stolen by hackers in March. 
• ChatGPT – A 2023 news headlines darling, the artificial intelligence (AI) chatbot earned some negative publicity in late March when the company confirmed customer data—including payment information—was leaked due to a bug in its open-source software library. 

• Chick-fil-A – March included some bad news for Chick-fil-A, too, which confirmed tens of thousands of customers’ accounts were accessed by hackers over an extended period. 
• Norton LifeLock – While the company promotes its own data breach protection services, Norton LifeLock itself proved a victim when thousands of its customers’ accounts were breached in January, subsequently providing malicious users with potential access to the customers’ password managers, among other problems. 
• Reddit – The online collection of communities and forums, while battling its own insurgency, found itself also having to combat hackers threatening to share 80GB of confidential data unless the company paid $4.5 million in ransom and agreed not to proceed with plans to charge third parties for API access. 
• T-Mobile – The telecommunications company experienced not one but two data breaches in the first half of 2023. In January T-Mobile announced an unauthorized party managed, via an application programming interface (API), to penetrate the network and access data, then just a few months later the company revealed its systems were hacked again resulting in hundreds of customers’ personal information being exposed. 
• Yum Brands – The owner of popular fast-food chains KFC, Taco Bell and Pizza Hut began the year as the victim of a ransomware attack that resulted in the temporary closure of its UK stores and the loss of personally identifiable information, such as names, driver IDs and similar data. 

This list is but a sampling of the year’s data breaches. Ransomware, too, is proving equally problematic. 

Prominent Ransomware Activity, To Date

One component often used to assist gaining access and penetrating networks—leading to damaging data breaches—is ransomware. Criminals typically use such malware to corrupt a company’s data and threaten to publicly publish the information unless a ransom payment is made. Here’s a look at some of the year’s more prominent ransomware activity, to date. 

• Bank Scams – Following the collapse of Silicon Valley Bank, CISA issued a March alert warning consumers to beware whenever receiving banking-related messages, as hackers were working to take advantage of the confusion surrounding the prominent bank’s failure. 
• BianLian Ransomware – CISA issued a May alert to guard against organization’s becoming victims of BianLian—so named for the malware’s developer—ransomware exploiting widely used Remote Desktop Protocol (RDP), command-line scripting and Windows PowerShell technologies. 

• ESXi Ransomware Attacks – As noted by Louisville Geek in February, CISA warned organizations running VMware ESXi to update to the latest releases, along with taking other steps, to protect against concerted efforts to exploit a known vulnerability resulting in the deployment of ESXiArgs ransomware. 
• Facebook Attacks – Phishing attempts are often the first step in a coordinated ransomware attack. By tricking a user into providing login credentials, malicious actors can use that personal information to impersonate victims and broaden their attacks, as often happens with fake Facebook messages, as noted by Louisville Geek earlier in the year. 
• LockBit Ransomware – In June, CISA and a wide collection of international partners warned and educated companies of the specific cyberthreats resulting from the proliferation of LockBit ransomware-as-a-service dangers. 
• MoveIt Vulnerability – The US Cybersecurity & Infrastructure Security Agency (CISA) issued multiple advisories in June related to a MOVEit Transfer application vulnerability that permitted malicious actors to further ransomware efforts by exploiting a security flaw in the software used by large organizations, such as airlines, banks, federal agencies, insurance companies and universities, among others. 
• Norton Healthcare – As noted by Louisville Geek in June, Norton Healthcare services were interrupted when the healthcare company became the victim of a ransomware attack in which ransom demands were made using a fax machine. 

• IconicStealer – In April CISA warned companies of a 3CX telephony application vulnerability hackers exploit to obtain sensitive information from users’ web browsers. 
• RMM Link Attacks – Recognizing clients necessarily entrust important maintenance and support services to IT partners, cybercriminals seeking to exploit that trust are using some of the industry’s same tools to steal money from victims, a threat Louisville Geek noted early in the year when reminding companies CISA recommends exercising caution when using remote management and monitoring system links. 
• Royal Ransomware – In April CISA warned organizations of a Royal ransomware variant—known particularly to target such important infrastructure segments as communications, health care and manufacturing, among others—and provided recommendations for preventing, identifying and resolving Royal ransomware infections. 

What you can do

A wealth of information and resources are available to assist battling ransomware and data breaches, including from the following organizations: 

• ArcticWolf via its Incident Response JumpStart program 
• CISA and partners via a comprehensive #StopRansomware Guide 
• The Federal Communications Commission (FCC) 
• The Federal Trade Commission 
• Microsoft
• TechTarget
• US Small Business Administration 

Most every source recommends, as part of regular best practices necessary to protect systems and data from unauthorized access, corruption and subsequent outages and downtime, performing the following steps: 

1. Installing and configuring capable antimalware programs to automatically conduct regular scans and generate automated alerts.
2. Implementing strong anti-spam filters to help prevent phishing messages from reaching users.
3. Filtering network traffic using business-grade firewalls to help prevent malicious traffic from entering networks.
4. Continually updating operating systems, software applications and hardware firmware to block known vulnerabilities.
5. Requiring multifactor authentication on all systems offering MFA or two-factor authentication. 

Conducting formal security awareness training, performing deliberate testing (including for phishing, network penetration and social engineering vulnerabilities) and implementing and enforcing formal IT policies and procedures are additional elements that can go a long way in helping organizations protect themselves from ever-evolving cyber threats. 

Need Help Improving your Cybersecurity?

Should your business need help safeguarding its users, data and systems, drop us a line. You can reach Louisville Geek at 502-897-7577 or by emailing [email protected].