case study on recent cyber attacks

The biggest cybersecurity and cyberattack stories of 2023

Lawrence abrams.

January 1, 2024

2023 was a big year for cybersecurity, with significant cyberattacks, data breaches, new threat groups emerging, and, of course, zero-day vulnerabilities.

Some stories, though, were more impactful or popular with our 22 million readers than others.

Below are fourteen of what BleepingComputer believes are the most impactful cybersecurity stories of 2023, with a summary of each.

14. The 23andMe data breach

Genetic testing provider 23andMe suffered credential stuffing attacks that led to a major data breach, exposing the data of 6.9 million users.

The company states that the attackers only breached a small number of accounts during the credential-stuffing attacks. However, the threat actors were able to abuse other features to scrape millions of individuals' data.

The threat actors attempted to sell the stolen data, but after not receiving buyers, leaked the data for 1 million Ashkenazi Jews and 4,011,607 people living in Great Britain on a hacking forum.

In a recent update, 23andMe told BleepingComputer that the breach impacted 6.9 million people — 5.5 million through the DNA Relatives feature and 1.4 million through the Family Tree feature.

This breach has led to multiple class action lawsuits against the company for not adequately protecting data.

13. Hosting firm says it lost all customer data after ransomware attack

Two Danish hosting providers were forced to shut down after a ransomware attack encrypted the majority of customer data, and data restoration was not successful.

"Since we neither can nor wish to meet the financial demands of the criminal hackers for a ransom, CloudNordic's IT team and external experts have been working intensively to assess the damage and determine what could be recovered," reads CloudNordic's statement (machine translated)

"Sadly, it has been impossible to recover more data, and the majority of our customers have consequently lost all their data with us."

12. Anonymous Sudan hacktivists show that DDoS attacks can impact the largest tech firms

A hacktivist group known as Anonymous Sudan took everyone by surprise when their DDoS attacks took down the websites and services of some of the largest tech firms in the world.

The group's attacks gained wide media attention when they successfully took down login pages for Microsoft's services, including Outlook , OneDrive , and the Azure portal .

Over a week later, Microsoft finally confirmed that DDoS attacks caused these outages.

"Beginning in early June 2023, Microsoft identified surges in traffic against some services that temporarily impacted availability," confirmed Microsoft .

"Microsoft promptly opened an investigation and subsequently began tracking ongoing DDoS activity by the threat actor that Microsoft tracks as Storm-1359."

Anonymous Sudan later targeted numerous other websites, including those for ChatGPT , Cloudflare , and U.S. government services.

Anonymous Sudan claiming to attack US government websites

The increasing DDoS attacks and their impact led the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to release an advisory about these incidents.

11. New acoustic attack steals data from keystrokes with 95% accuracy

A team of researchers from British universities trained a deep learning model to steal data from keyboard keystrokes recorded using a microphone with an accuracy of 95%.

When Zoom was used for training the sound classification algorithm, the prediction accuracy dropped to 93%, which is still extremely high.

To mitigate these attacks, the researchers suggest users may try altering typing styles or using randomized passwords. Other defense measures include using software to reproduce keystroke sounds, play white noise, or software-based keystroke audio filters.

10. PayPal accounts breached in large-scale credential stuffing attack

PayPal suffered a credential stuffing attack between December 6 and December 8, 2022, allowing attackers to access 34,942 accounts.

Credential stuffing is an attack where hackers attempt to access an account by trying out username and password pairs sourced from data leaks on various websites.

Hackers had access to account holders' full names, dates of birth, postal addresses, social security numbers, and individual tax identification numbers.

9. Dish Network goes offline after likely cyberattack, employees cut off

American T.V. giant and satellite broadcast provider DISH Network mysteriously went offline earlier this year, with its websites and mobile apps not working for days.

Dish.com website offline amid 'internal system issue'

DISH later confirmed that the outage was caused by a ransomware attack , with BleepingComputer first to report that the Black Basta ransomware gang was behind the attack.

Employees told BleepingComputer that the ransomware gang compromised the company's Windows domain controllers and encrypted VMware ESXi servers and backups.

DISH data breach notifications confirmed that data was stolen in the attack and hinted that a ransom was paid not to release the stolen data.

"We are not aware of any misuse of your information, and we have received confirmation that the extracted data has been deleted," read the data breach notification .

8. GoDaddy: Hackers stole source code, installed malware in multi-year breach

Web hosting giant GoDaddy says it suffered a multi-year breach allowing unknown attackers to steal source code and install malware on its servers.

This breach began in 2021 and allowed the threat actors access to the personal information of 1.2 million Managed WordPress customers, including credentials, and also used the access to redirect websites to other domains.

No threat actors ever claimed responsibility for this attack.

7. MGM Resorts cyberattack shuts down IT systems after cyberattack

MGM Resorts International suffered a massive attack that impacted numerous systems, including its main website, online reservations, and in-casino services, like ATMs, slot machines, and credit card machines.

The BlackCat ransomware operation claimed the attack, whose affiliates said they encrypted over 100 ESXi hypervisors during the incident.

Bloomberg reported that the same group also breached Caesars Entertainment's network , providing a strong hint in a Form 8-K SEC filing that they paid the attackers to prevent a leak of customers' stolen data.

While the attack was significant, it also brought wide attention to a loose-knit group of hackers known as Scattered Spider.

Scattered Spider, also known as 0ktapus , Starfraud, UNC3944 , and Muddled Libra , is adept at social engineering and relies on phishing, multi-factor authentication (MFA) bombing (targeted MFA fatigue), and SIM swapping to gain initial network access on large organizations.

Members of this collective are affiliates of the BlackCat ransomware gang and include young English-speaking members with diverse skill sets who frequent the same hacking forums and Telegram channels.

While many believe this is a cohesive gang, the group is a network of individuals, with different threat actors participating in each attack. This fluid structure is what makes it challenging to track them.

In November, the FBI released an advisory highlighting the group's tactics, techniques, and procedures (TTPs).

Scattered Spider is behind previous attacks on Reddit , MailChimp , Twilio , DoorDash , and Riot Games .

6. Hackers compromise 3CX desktop app in a supply chain attack

3CX was breached by the North Korean Lazarus hacking group to push malware through a supply chain attack using the company's Voice Over Internet Protocol (VOIP) desktop client.

3CX is a VoIP IPBX software development company whose 3CX Phone System is used by more than 350,000 companies worldwide and has over 12 million daily users.

3CX was breached after an employee installed a trojanized version of Trading Technologies' X_TRADER software, which allowed the threat actors to steal corporate credentials and breach the network .

The attackers pushed out a malicious software update that installed a previously unknown information-stealing malware to steal data and credentials stored in Chrome, Edge, Brave, and Firefox user profiles.

5. Barracuda says hacked ESG appliances must be replaced immediately

In May, Barracuda disclosed that some of their Email Security Gateway (ESG) appliances were hacked using a zero-day vulnerability to install malware and steal data.

We later learned that the attacks were linked to Chinese threat actors , who used the vulnerability since 2022 to infect ESG devices with new malware named 'Saltwater,' 'Seaspy,' and 'Seaside.'

CISA later disclosed that Submarine and Whirlpool malware were also used in the attacks to backdoor ESG devices.

What stood out from these attacks is that instead of using a software fix for impacted ESG devices, Barracuda warned customers they must replace their Email Security Gateway (ESG) appliances , which was done free of charge.

"Impacted ESG appliances must be immediately replaced regardless of patch version level," the company warned at the time.

"Barracuda's remediation recommendation at this time is full replacement of the impacted ESG."

This unusual request led many to believe that the threat actors compromised the devices at a low level, making it impossible to ensure they were completely clean.

Mandiant, who was part of the incident response in these attacks, told BleepingComputer that this was recommended out of caution, as Barracuda could not ensure the complete removal of malware.

4. Massive ESXiArgs ransomware attack targets VMware ESXi servers worldwide

In February 2023, a massive ransomware campaign targeted exposed VMware ESXi servers worldwide, quickly encrypting the virtual machines for thousands of companies.

Just hours after the attack, victims began reporting in the BleepingComputer's forum that files with vmxf, .vmx, .vmdk, .vmsd, and .nvram, all files associated with VMware ESXi virtual machines, were encrypted.

The ransomware campaign was dubbed ESXiArgs due to an .args file being created for every encrypted file.

The VMware ESXi console home page was modified to show a ransom note demanding 2.0781 bitcoins, worth approximately $49,000 at the time.

3. Brazil seizing Flipper Zero shipments to prevent use in crime

One of BleepingComputer's most-read stories of the year was the news that the Brazilian National Telecommunications Agency seized incoming Flipper Zero purchases for their potential to be used in criminal activity.

Brazilians who purchased the Flipper Zero reported that their shipments were redirected to Brazil's telecommunications agency, Anatel, due to a lack of certification with the country's Radio Frequencies department.

From emails seen by BleepingComputer, Anatel flagged the device as a tool used for criminal purposes.

2. The Operation Triangulation iPhone attacks

In June, researchers from Kaspersky first disclosed a new zero-click iOS attack called " Operation Triangulation " used to install the TriangleDB spyware on iPhones.

Kaspersky discovered the attack on devices within its own network, and Russia's FSB intelligence service accused Apple of providing the NSA with a backdoor. However, the true origins of the attack remain unknown, and there is no proof that the U.S. government is behind the attacks.

The attacks start with the hackers sending a malicious iMessage attachment that, when processed by iOS, automatically triggers a zero-click exploit chain. A zero-click exploit means it does not require interaction from the user to be triggered.

The attacks chained together four zero-day iOS vulnerabilities listed below to install the spyware:

CVE-2023-41990 : A vulnerability in the ADJUST TrueType font instruction allowing remote code execution through a malicious iMessage attachment.
CVE-2023-32434 : An integer overflow issue in XNU's memory mapping syscalls, granting attackers extensive read/write access to the device's physical memory.
CVE-2023-32435 : Used in the Safari exploit to execute shellcode as part of the multi-stage attack.
CVE-2023-38606 : A vulnerability using hardware MMIO registers to bypass the Page Protection Layer (PPL), overriding hardware-based security protections.

Last week, Kaspersky disclosed that the final zero-day vulnerability, CVE-2023-38606, abused an undocumented feature in Apple chips to bypass hardware-based security protections.

While the Operation Triangulation attacks did not impact many devices, it could be one of the most sophisticated iOS attacks seen to date.

While it's still unknown who is behind the attacks, their sophistication has led cybersecurity researchers to believe that a government-sponsored hacking group is behind them.

1. The MOVEit Transfer data theft attacks

BleepingComputer was the first to report the widespread data-theft attacks exploiting a zero-day vulnerability in the MOVEit Transfer secure file transfer platform.

MOVEit Transfer is a managed file transfer (MFT) solution developed by Ipswitch, a subsidiary of US-based Progress Software Corporation, that allows the enterprise to securely transfer files between business partners and customers using SFTP, SCP, and HTTP-based uploads.

While the vulnerability was patched in May 2023, the threat actors had already utilized it as a zero-day to breach MOVEit Transfer servers and download the stored data.

The attacks were soon claimed by the Clop ransomware gang , who previously launched similar attacks through zero-day vulnerabilities in Accellion FTA and GoAnywhere .

According to Emsisoft , 2,706 organizations were breached using this vulnerability, exposing the personal data of over 93 million people.

DICK'S shuts down email, locks employee accounts after cyberattack

CSC ServiceWorks discloses data breach after 2023 cyberattack

Hacker wipes 13,000 devices after breaching classroom management platform

Greece’s Land Registry agency breached in wave of 400 cyberattacks

Windows vulnerability abused braille “spaces” in zero-day attacks

Cyberattack
Data Breach
Law Enforcement
Previous Article
Next Article

Help us understand the problem. What is going on with this comment?

Abusive or Harmful
Inappropriate content
Strong language

Read our posting guidelinese to learn what content is prohibited.

Hackers and cybercrime prevention

zephyr_p - stock.adobe.com

1. Colonial Pipeline ransomware attack has grave consequences

Though it did not trouble the fuel supply at petrol stations in the UK, the DarkSide ransomware attack against Colonial Pipeline – the operator of the largest fuel pipeline in the US – in May 2021 was one of the most impactful cyber incidents of recent years. Indeed, it may have prompted concerted action against ransomware gangs at long last – time will tell.

As we reported in the immediate aftermath of the attack, the US government was forced to declare an emergency and the Department of Transportation temporarily relaxed regulations across most of the Mid-Atlantic and southern US, and Texas, that governed how long truckers were permitted to remain behind the wheel, to improve flexibility in the fuel supply chain.

2. REvil crew wants $70m in Kaseya ransomware heist

It was a 4 July summer blockbuster as the REvil ransomware crew demanded a cumulative $70m ransom payment from over 1,000 businesses whose IT systems were locked after the gang compromised services provider Kaseya in a classic example of a supply chain hack. Such was the scale of the incident that the REvil group was forced to go into hiding for a time, subsequently emerging only to find that their infrastructure had been hacked back by law enforcement. One gang member is now facing extradition to the US to answer for his crimes; others are on the run.

3. BlackMatter gang ramps up attacks on multiple victims

Ransomware gangs come and go for many reasons, but one thing is certain, whether a rebrand of an existing group or a new player in the game, there will always be someone else ready to take their place. One of 2021’s more impactful emergent ransom crews is known as BlackMatter , and in September, we reported on a spate of attacks against multiple targets that prompted warnings from around the security community.

4. Irish health service hit by major ransomware attack

On the morning of 14 May, the Conti ransomware gang hit the headlines after they encrypted the systems of the Irish Health Service Executive in a callous and truly heartless cyber attack. The incident caused significant disruption to patient services across Ireland and prompted a large-scale response that even saw the army drafted in. Mercifully, there were no recorded fatalities as a direct result of the incident, but over six months on, the service has not fully recovered.

5. Stolen Pfizer/BioNTech Covid-19 vaccine data leaked

Cyber criminals also tried their best to disrupt the roll-out of the Covid-19 vaccine programme in Europe, when data relating to the Pfizer/BioNTech Covid-19 vaccine, which was stolen in December 2020 following a cyber attack against the European Medicines Agency, was leaked on the internet in January 2021 . The data dump included screenshots of emails, peer review information, and other documents including PDFs and PowerPoint presentations.

6. Police raids around world after investigators crack An0m cryptophone app in major hacking operation

In June, police in 16 countries launched multiple raids after intercepting the communications of organised criminal groups. The gangs had been sending messages on an encrypted communications network, unaware that it was being run by the FBI . This was only one of several similar raids in 2021, which, while successful at disrupting organised and cyber crime, have at the same time surfaced legitimate concerns over the ability of law enforcement to conduct surveillance, and the admissibility of the evidence they collected.

7. Retailer FatFace pays $2m ransom to Conti cyber criminals

In March, Computer Weekly broke the news that fashion retailer FatFace had paid a $2m ransom to the Conti ransomware gang following a successful cyber attack on its systems that took place in January. The ransomware operators had initially demanded a ransom of $8m, approximately 213 bitcoin at the prevailing rate, but were successfully talked down during a protracted negotiation process.

8. Scammers accidentally reveal fake Amazon review data

Over the years, Computer Weekly has often covered data loss incidents at organisations that failed to secure their databases correctly, so it was gratifying in May to find that cyber criminals and fraudsters are bad at operational security too. This unfortunate scammer accidentally exposed more than 13 million records in an open ElasticSearch database and in doing so blew the lid on a massive fake review scam implicating hundreds of third-party Amazon sellers in unethical and illegal behaviour.

9. $50m ransomware demand on Acer is highest ever

Roy Castle and Cheryl Baker taught a generation of British schoolchildren that records are made to be broken, so perhaps members of the REvil ransomware gang also watched BBC1 after school when they were younger. Either way, the $50m ransom demand made against PC company Acer was – for a time – the highest ever made. Details of the record-breaking double-extortion attack emerged in March when the gang published Acer’s data to its leak site, but investigations by Computer Weekly’s sister titles LeMagIT and SearchSecurity were instrumental in uncovering and highlighting the ransomware demand.

10. Ransomware gangs seek people skills for negotiations.

Finally, in July 2021, we reported on how the increasing sophistication of the cyber criminal underground was being reflected in how ransomware operations put together their operations , seeking out specialist talent and skillsets. Indeed, researchers from Kela found that some gangs are coming to resemble corporations, with diversified roles and even outsourced negotiations with victims. Naturally, people skills are in high demand as gangs try to sweet-talk their victims into coughing up.

Analysts confirm return of REvil ransomware gang

What’s up with Conti and REvil, and should we be worrying?

Cyber pros: Don’t revel in REvil’s downfall just yet

Us seeks to extradite revil affiliate who attacked kaseya.

While agentic AI might excite CIOs as the next iteration of AI within business workflows, it will pose challenges for businesses,...

A strong AI strategy will help CIOs pick AI use cases and shed projects that aren't feasible at the moment.

As AI evolves, Forrester Research analysts believe agentic AI and automating complex business processes will be the next step ...

Copilot for Security can assist security pros -- from managers and CISOs to incident responders and SOC members -- in maintaining...

Microsoft reveals that CVE-2024-43461, which was disclosed in September's Patch Tuesday, was previously exploited as a zero-day ...

Fortinet confirmed that a threat actor stole data from a third-party cloud-based shared file drive, which affected a small number...

CI/CD processes help deploy code changes to networks. Integrating a CI/CD pipeline into automation makes networks more reliable, ...

Predictive analytics can project network traffic flows, predict future trends and reduce latency. However, tools continue to ...

Test scripts are the heart of any job in pyATS. Best practices for test scripts include proper structure, API integration and the...

Lenovo adds to its AI portfolio with a new GPU-as-a-service offering, a move that challenges Dell and HPE. It also adds ...

AT&T claims its negotiated contract with VMware pre-Broadcom acquisition is not being honored, casting light on recent product ...

Rocky Linux and AlmaLinux are new distributions created after Red Hat announced the discontinuation of CentOS. These ...

Data governance isn't plug and play: Organizations must select which data governance framework best fits their business goals and...

Updates to HeatWave and Database 23ai, along with the introduction of Intelligent Data Lake, are all aimed at better enabling ...

With more employees of organizations now using artificial intelligence tools to inform business decisions, guidelines that ensure...

Recent Cyber Attacks

Read about the latest cyber attacks and discover trends organizations should be aware of.

Recent Cyber Attacks from 2023

Under normal business circumstances, cyber attacks are an ever-increasing problem causing trillions of dollars in losses. To make matters worse, the war between Russia and Ukraine exacerbated these problems with a flurry of major politically-motivated cyber attacks in 2022. Here are some of the recent cyber attacks.

Hot Topic attacks

In August 2023, American retailer Hot Topic notified its customers they had detected automated attempts by unauthorized third parties to log into customer accounts on both their website and their mobile app. The attack involved "valid account credentials (e.g., email addresses and passwords) obtained from an unknown third-party source."

Prospect Medical Holdings ransomware attack

In August 2023, more than one of Prospect Medical's offices, facilities, and hospitals were forced offline by a ransomware attack. The company closed a few of its outpatient facilities and informed patients and families of the attack via its Facebook pages and websites. News organizations following the story reported that medical staff switched to manual information procedures while the network was offline.

Global Threat Landscape Report 2H 2023

FortiGuard Labs Global Threat Landscape Report 2H 2023 shows Cybercriminals Exploiting New Industry Vulnerabilities 43% Faster than 1H 2023.

Cyber Attacks in 2022

Finnish parliament attack.

In August 2022, the Finnish parliament 's website experienced a DDoS attack while the parliament was in session. This denial-of-service attack may be part of a coordinated campaign by Russian state-sponsored hackers to disrupt the Finnish government’s websites in retaliation for the application to join NATO. A DDoS attack temporarily blocks access to a website but does not cause permanent destruction.

Ukrainian state nuclear power company attack

The Russian “hacktivist” group called the People’s Cyber Army engaged 7.25 million bots in August 2022 in a bot attack to take the Energoatom website down. It used a flood of garbage web traffic and webpage requests. A disruption of online services lasted for a few hours, but no permanent negative impact remained. The attack was part of a Russian psyops campaign to create fear of a nuclear disaster and terrorize Europeans.

Greek natural gas distributor attack

Greek national gas distributor DESFA reported an incidence of a cyber attack in August 2022. The attack impacted part of the company’s IT infrastructure and caused a data leak . The ransomware operation of cybercriminals called Ragnar Locker is holding the stolen data hostage. They demand ransom not to expose sensitive data. The company refused to make a payment.

South Staffordshire Water Company attack

In August 2022, the South Staffordshire Water Company reported an attack that caused a network disruption in its internal corporate network and a data loss. A cybercriminal ransomware group threatened to tamper with the water supplied by the company. The company disputed this claim. The criminals demanded payment to not release sensitive files and explain how the network breach happened.

Montenegro government attack

The government of Montenegro's digital IT infrastructure reported an unprecedented cyberattack in August 2022. No data breach occurred . However, certain governmental services and telecommunications experienced disruption, including border crossings and airport operations. The state-owned utility company, EPCG, switched to manual operations as a precautionary measure.

Estonian government attack

A DDoS attack disrupted many Estonian government websites for several hours in April 2022. The attack targeted websites for the president, the Ministry of Foreign Affairs, the Police and Border Guard, the identification card webpage, and the state services digital portal. Estonia’s condemnation of the Russian war on Ukraine makes the country a target for Russian hackers.

Islamic Culture and Communication Organization attack

The Iranian Islamic Culture and Communication Organization (ICCO) experienced a severe attack in July 2022. Six ICCO websites went down, and 15 others changed to photos of Massoud Rajaivi, the Iranian Resistance leader. Additionally, there was data destruction on 44 servers and hundreds of computers. The ICCO also lost 35 databases with highly-confidential information about money laundering, spies, and terrorists living abroad.

Belgian government and military attack

In July 2022, the Belgian government announced that three Chinese hacker groups, part of the known Chinese Advanced Persistent Threat actors , attacked Belgian public services and military defense forces. The Chinese government-sponsored attackers steal trade secrets and intelligence information. The Soft Cell Chinese group recently launched a new remote access trojan (RAT) malware in June 2022.

UK military social media breach

Hackers took over the Twitter account of the British Army in July 2022. The social media account underwent multiple name and photo changes. The content started promoting contests to win Angry Apes non-fungible tokens (NFTs), digital art stored on a blockchain. The army’s YouTube page experienced an attack as well. Its name changed to Ark Invest, and the account promoted interviews of Elon Musk talking about cryptocurrency.

Lithuanian energy company attack

A DDoS attack in July 2022 blocked access to the website of the Lithuanian energy company, Ignitis Group . The company managed the attack and limited the damage using DDoS Protection . No data breach occurred, but the attacks were persistent and ongoing. Pro-Russia group Killnet claimed responsibility. The attack retaliated against Lithuanian support of Ukraine in the war with Russia.

Additional Global Cyber Attacks

Proxylogon cyberattack.

One of the most damaging recent cyberattacks was a Microsoft Exchange server compromise that resulted in several zero-day vulnerabilities. The vulnerabilities, known as ProxyLogon and initially launched by the Hafnium hacking group, were first spotted by Microsoft in January and patched in March. However, more groups joined Hafnium in attacking unpatched systems, resulting in thousands of organizations being compromised.

MeetMindful cybersecurity breach

Dating app MeetMindful suffered a cybersecurity attack in January 2021, resulting in data of more than 2 million users being stolen and leaked. The hacking group behind the event managed to steal information like users’ full names and Facebook account tokens.

Tether attack

In March 2021, cyber criminals threatened to leak documents from the Tether cryptocurrency. The attackers claimed the data would “harm the Bitcoin ecosystem” and demanded a settlement fee of around 500 Bitcoin ($24 million), but Tether refused to pay.

CNA financial breach

A ransomware attack on insurance firm CNA Financial left employees locked out of their systems and blocked from accessing corporate resources. The attack in March 2021 also involved company data being stolen, which led CNA Financial to reportedly pay the $40 million settlement fee.

Facebook cyberattack

Data of more than 530 million Facebook users, including their names, Facebook IDs, dates of birth, and relationship status, was published online in April 2021. Facebook, now Meta, said the information was obtained through scraping in 2019.

Colonial Pipeline attack

The growing threat that advanced cybersecurity attacks pose to the world was highlighted by the Colonial Pipeline attack in May 2021. The fuel pipeline operator suffered a ransomware attack launched by the DarkSide hacking group, which led to fuel disruption and mass panic buying across the U.S.

Omiai cyberattack

An unauthorized entry cyberattack in May 2021 resulted in the exposure of 1.7 million users of the Japanese dating app Omiai.

Audi and Volkswagen cybersecurity breach

In June 2021, Audi and Volkswagen revealed a data breach had affected more than 3.3 million customers and prospective buyers, who were primarily U.S.-based. The breach was blamed on an associated vendor, which was purportedly responsible for exposing the data between August 2019 and May 2021.

Guntrader.uk cyberattack

The United Kingdom’s trading website for guns and shooting equipment revealed that records of 100,000 gun owners had been stolen and published online in July 2021. Gun ownership is strictly controlled in the U.K., so the data breach of customers’ names and addresses caused significant privacy and safety concerns.

T-Mobile attack

In August 2021, telecoms firm T-Mobile suffered a cybersecurity breach that led to the data of around 50 million existing customers and prospects being stolen. The data, which included customer addresses, drivers' licenses, and social security numbers, was stolen by a 21-year-old, who claimed to have obtained around 106GB of information.

Poly Network breach

An attack on Poly Network in August 2021 proved that cybersecurity breaches on cryptocurrency firms are on the rise. The blockchain firm revealed an Ethereum smart contract hack resulted in cyber criminals stealing cryptocurrency worth more than $600 million.

AP-HP attack

Cybersecurity attacks on medical organizations and healthcare firms are also increasing. As a result of the hack on AP-HP, a Paris public hospital system, in September 2021, cyber criminals stole personal data belonging to around 1.4 million people who were tested for COVID-19 in 2020.

Cream Finance breach

Cream Finance, a decentralized finance firm, suffered a vulnerability in its project’s market system. The hack, which was revealed in September 2021, caused losses worth $34 million.

Debt-IN Consultants cyberattack

A South African debt recovery company suffered a significant attack that led to client and employee data being illegally accessed from its servers in September 2021. The incident is suspected to have affected the personally identifiable information (PII) , including owed debts, of over 1.4 million people.

Neiman Marcus data breach

Department store Neiman Marcus suffered a data breach that resulted in the exposure and theft of up to 3.1 million customers’ payment card details. The attack was detected in September 2021 but began in May 2020, and most of the data stolen was believed to have been from expired or invalid cards.

Argentinian government attack

A hacker, who claimed to have leaked the entire database of Argentina’s National Registry of Persons, has allegedly stolen the data of more than 45 million Argentinian residents. However, the government denied the hack.

Squid Game cyberattack

The value of a cryptocurrency linked to but not officially associated with the Netflix program Squid Game plummeted after a suspected exit scam in November 2021. The cryptocurrency’s value dropped from $2,850 to $0.003028 overnight, which resulted in investors losing millions of dollars.

Robinhood trading app breach

Also in November 2021, a data breach of the trading app Robinhood affected the data of around 5 million users. Data like usernames, email addresses, and phone numbers were compromised through a customer support system.

BitMart cyberattack

Yet another cybersecurity attack against digital currencies, BitMart suffered a breach that enabled cyber criminals to steal approximately $150 million worth of cryptocurrency in December 2021. The attack resulted in total losses of around $200 million, including damages.

Log4j breach

In December 2021, a zero-day vulnerability was discovered in the Log4j Java library. The remote code execution flaw is now active, and the resulting bug, Log4Shell, is being activated by botnets like Mirai.

Kronos cyberattack

HR platform Kronos suffered a ransomware attack that took the Kronos Private Cloud offline. The outage occurred shortly before Christmas and took the vital service down for several weeks.

Experian security breach

In August 2020, credit reporting agency Experian suffered a breach that affected 24 million consumers in South Africa and more than 793,000 businesses. The incident occurred when an individual who claimed to be a client requested services that prompted the data’s release. The stolen data was eventually secured and deleted, while Experian revealed it had not been used fraudulently and that its customer database, infrastructure, and systems had not been compromised.

MGM hotel attack

The data of more than 10.6 million customers of MGM Resorts hotels was leaked to a hacking forum in February 2020. The data included addresses, dates of birth, email addresses, names, and phone numbers belonging to celebrities, business executives, government employees, and tourists.

However, the hack did not breach users’ credit card details. The incident began in mid-2019 when MGM discovered unauthorized access to its server. Another data breach followed in February 2020, which saw user data published on an open, accessible forum.

California University cyberattack

The University of California, based in San Francisco, suffered a ransomware attack that led to hackers demanding a settlement payment of $3 million on June 1, 2020. The university’s system was targeted by malware that could encrypt various servers and steal and encrypt critical data. The university negotiated and paid a settlement fee of $1.14 million but later revealed no data had been compromised.

Cognizant Technology Solutions Corp. cybersecurity breach

Technology and consulting firm Cognizant was affected by the Maze ransomware attack on April 18, 2020. The attackers stole data and threatened to publish it online unless Cognizant paid a settlement fee. Cognizant later revealed it paid a ransom fee of between $50 million and $70 million to restore its services.

Tillamook County cyberattack

Tillamook County’s IT systems were infected by encryption malware on January 22, 2020. The attack shut down its computer and phone systems and took down the website that hosts its various departments. Tillamook County’s computer systems were down for at least two weeks, and attackers demanded $300,000 as settlement , which would double after two weeks, to restore the data. The county tried to avoid paying the settlement fee but could not restore the data and eventually settled.

As the COVID-19 pandemic broke, an attack targeting the World Health Organization (WHO) resulted in the breach of 25,000 email addresses and passwords. The data was leaked online on April 19, 2020, along with information belonging to other groups fighting the pandemic, including the Gates Foundation, the National Institutes of Health (NIH), and the U.S. Centers for Disease Control and Prevention (CDC).

Zoom conferencing service breach

Videoconferencing service Zoom saw a massive increase in activity throughout 2020 with people working from home and speaking to friends and family through the application. However, in April 2020, a cyberattack known as Zoombombing enabled cyber criminals to join private meetings, access conversations, and share offensive images, videos, and screens. Zoom updated its application to enhance security levels.

Mitsubishi Electric cyberattack

A Mitsubishi Electric systems data breach resulted in around 200 MB of files being stolen. The breach, which was first detected in June 2019 but was reported in January 2020, contained employee and applicant information, data about retired employees from affiliate companies, and sales and technical material. The attack was caused by a vulnerability in the organization’s antivirus solution, which Chinese hackers exploited.

Hacker theft of 18 companies' data

One of the most significant cyber attacks that occurred in 2020 was through a hacker known as ShinyHunters. The hacker stole around 386 million user records from 18 different companies between the start of the year and July. The attacker posted links to these companies’ databases, made them freely available to download, and sold data online.

Biggest Data Breaches

Cyber-attacks pose a significant threat to businesses of all sizes, government agencies, and individual internet users. Recent cyber-attacks have come from hacktivist groups, lone wolf hackers, and nation-states.

The first cyber-attack on record was The Morris Worm in 1988. Robert Tappan Morris, a graduate student at Cornell University, developed a worm program that would crawl the web to count how many computers were connected to the internet. However, the worm installed itself on one in seven computers and forced them to crash, which saw it inadvertently become the first distributed denial-of-service (DDoS) attack . The Morris Worm damaged around 6,000 computers, which then comprised 10% of the entire internet.

In 2002, the first internet attack as we now know it saw a DDoS attack target the 13 Domain Name System (DNS) root servers. The attack could have brought the internet down if allowed to continue and was then the most sophisticated and widescale cyber-attack ever launched.

Recent cyber-attacks have advanced and can affect vast numbers of people. Single attacks now regularly steal the data of hundreds of millions of people.

Below is an overview of some of the most significant cyber-attacks recorded in history.

Cyber attacks in the Russia-Ukraine conflict

The Russia-Ukraine crisis , which began in February 2022, involved not just physical battles that displaced thousands and killed many—but cyberattacks as well. FortiGuard Labs has determined that new viper malware was used to attack Ukrainian targets and discovered it installed on at least several hundred machines in Ukraine. Several Ukrainian organizations have also been targeted by sophisticated attacks that used the KillDisk and HermeticWiper malware strands, which appear to destroy data on devices.

In addition, a tool that remotely controls devices, Remote Manipulator System (RMS), was found to have been distributed in Ukraine via fake “Evacuation Plan” emails. Ukraine also suffered a wave of distributed denial-of-service (DDoS) attacks. This included an attack targeting the State Savings Bank , which impacted banking services and cash withdrawals from ATMs, as well as disrupted the Ministry of Defence and Armed Forces networks.

Adobe cyber attack

In October 2013, software company Adobe suffered a cyber-attack in which hackers stole credit card data from nearly 3 million customers. The attack also saw login credential data, including usernames and hashed passwords, of up to 150 million users stolen. Further research into the attack discovered that the hackers had also stolen customer names, identification data, passwords, and more debit and credit card data.

It also paid around $1 million to customers as a financial settlement because of unfair business practices and violating the Customer Records Act. Furthermore, the settlement included a provision that Adobe should implement security measures and submit the results of an independent security audit one year after the final settlement date.

Canva security breach

In May 2019, the graphic design website Canva suffered an attack that exposed email addresses, names, cities of residence, passwords, and usernames of 137 million users. Hackers were also able to view but not steal files that included partial payment and credit card data.

The attackers, known as GnosticPlayers, contacted the technology news website ZDNet to boast about the attack. They claimed to have obtained users’ open authorization ( OAuth ) login tokens, which are used for logging in via Google.

Canva confirmed the attack, notified its users, and prompted them to update their passwords and reset their OAuth tokens. But a list of 4 million Canva accounts and stolen passwords was later shared online, which resulted in Canva having to invalidate any passwords that remained unchanged.

Dubsmash attack

More than 162 million users’ data—email addresses, hashed passwords, dates of birth, and usernames—was stolen from the video messaging service Dubsmash in December 2018. A year later, the data was made available for sale on dark web site Dream Market as part of a dump of data that also included information from attacks on Armor Games, Coffee Meets Bagel, MyHeritage, MyFitnessPal, and ShareThis.

Dubsmash acknowledged that its systems had been breached and the stolen data put up for sale, and advised users to change their passwords. However, it has not reported how attackers gained access to the data or confirmed the attack scale.

eBay data breach

A cyber attack in May 2014 exposed the account list of eBay’s 145 million users. The attack, which exposed user addresses, dates of birth, names, and encrypted passwords, occurred as hackers obtained three eBay employees’ credentials. Attackers gained complete access to the entire eBay network for 229 days.

eBay asked customers to update their passwords, for which it received criticism over its poor communication and password-renewal process implementation. The auction site also advised that financial details, such as credit card information, were stored in a separate location and had not been compromised.

LinkedIn cyber attack

The business social network LinkedIn is a common target for cyber criminals launching social engineering attacks . It has also suffered major cyber attacks that leaked its users’ data.

The first came in 2012, when 6.5 million hashed passwords were stolen then posted on a Russian hacker forum. The attack’s true size was revealed four years later when a hacker was discovered selling 165 million LinkedIn users’ email addresses and passwords for 5 bitcoins, which were then worth around $2,000. LinkedIn acknowledged the breach and reset passwords on all accounts that had been affected.

Slack attack

Collaboration platform Slack was affected in 2015 when hackers gained unauthorized access to the service’s infrastructure. This included a database storing user profile data, such as usernames and hashed passwords. The attackers also injected code that enabled them to steal plaintext passwords when users entered them.

Slack revealed the attack affected around 1% of its users, estimated to be around 65,000 users. It immediately reset their passwords and advised all users to reset their passwords and implement security measures like two-factor authentication (2FA) .

Four years later, a Slack bug bounty program revealed a potential compromise of Slack credentials, which it suspected was due to malware or users recycling passwords across online services. It subsequently realized that most of the credentials affected were from accounts that accessed the service during the 2015 incident.

Yahoo! cybersecurity breach

Cyber attacks targeting the internet provider Yahoo are widely acknowledged as the most significant data breaches in history. The state-sponsored attacks, which began in 2013, affected all of Yahoo’s 3 billion users.

In September 2016, Yahoo revealed a 2014 attack that compromised 500 million users’ names, email addresses, telephone numbers, and birth dates. Three months later, the company revealed a breach from 2013, which was carried out by another attacker and compromised its users' names, email addresses, passwords, dates of birth, and security questions and answers. Yahoo initially estimated that the 2013 attack affected 1 billion users but later changed that to its entire user base of 3 billion people.

Zynga attack

Games developer Zynga, which created various popular games that users accessed via Facebook, suffered a massive cyber attack in September 2019. The attack by Pakistani hacker group GnosticPlayers, who also claimed the Canva attack, accessed the database of Zynga games Draw Something and Words With Friends. It compromised the email addresses, hashed passwords, phone numbers, and Facebook and Zynga user IDs of 218 million people.

Cybersecurity Trends

The volume of cybersecurity incidents is expected to increase through 2022—not to mention the damage victims will incur as a consequence. Trends that organizations need to be aware of include:

Increased hardware usage: Software programs enable businesses to achieve great results and form new strategies. However, they are also highly attractive to cyber criminals. As a result, moves toward hardware are expected to gather speed, although businesses should not reduce their investments in upgraded software.
Remote work attacks: Cyberattacks targeting remote workers are expected to increase further through 2022. Hackers are constantly evolving their tactics in line with employees’ ways of working and will continue to take advantage of potential downtime and network vulnerabilities.
Growing government interest: Attacks on critical infrastructure have attracted the attention of global government agencies. 2022 will likely see increased investment and new regulations that aim to prevent massive cyberattacks against high-priority targets.
Ransomware targeting SMBs: Cyber criminals rarely discriminate based on the size of businesses. As governments increase investment to defend critical infrastructure, ransomware groups will shift their focus to target small and medium-sized businesses (SMBs) who have less funding, staffing, and security expertise.
The rise of AI defenses: The increasing sophistication of various cybersecurity incidents in 2021 means organizations need to improve their defenses. Artificial intelligence (AI)-powered solutions will enable smarter, faster, more proactive security that plugs the existing gaps in the cybersecurity industry.

Cybersecurity Resources

Cybersecurity
Types of Cyber Attacks
IT vs OT Cybersecurity
AI Cybersecurity
Cyber Threat Intelligence
Cybersecurity Management
Network Security
Data Security
Email Security
Endpoint Security
Web Security
Enterprise Security
Cybersecurity Mesh

Quick Links

Fortinet Products
Fortinet Demos
Analyst Reports

Speak with an Expert

Please fill out the form and a knowledgeable representative will get in touch with you soon.

By clicking submit you agree to the Fortinet Terms and Conditions & Privacy Policy .

IMAGES

(PDF) Cyber-Attacks in Cloud Computing: A Case Study
An Analysis of a Passive and Active Reconnaissance Case Study on Recent
Cyber Attack Case Study: A Real-Life Example
Cyber Security report
Case Study: Real World Effects of Cyber-Attacks 1st Edition
Cyber Attack Case Study Ppt Powerpoint Presentation Visuals