Cyberattacks Reported in 2023
It is fair to say that cyberattacks are a common occurrence in the modern world with hundreds of major incidents happening every month. Modern technology has obvious benefits to us all. However, it also presents criminals with the tools to attempt cyberattacks.
Staying informed about cybercrime, and the types of cybercrime is the best way to ensure you keep ahead of these attackers. Education on the topic is the best defence when it comes to protecting yourself from cyberattacks.
In this article, we’ll briefly cover the top five worst cyberattacks of 2023, with information about the attack, the target and the repercussions.
UK Electoral Commission
The UK Electoral Commission oversees elections within the United Kingdom. The job of the commission is to ensure that the whole electoral process is honest, fair, and transparent. This means that they need to hold a lot of data.
In August 2023, the Electoral Commission published an article about a cyber incident from October 2022, a cyber incident. Suspicious activity was found within their systems – which dated back to August 2021.
The attackers were able to access reference copies of the electoral registers. This affected anyone who registered to vote within the UK between 2014 and 2022. The attackers gained access to the following data:
- Email Addresses
- Home Addresses
- Telephone Numbers
- Personal Images Sent to the Commission
Fortunately, the attack didn’t present a high risk to the individuals affected or the electoral process. However, the Electoral Commission admitted that the information could be used to profile individuals in combination with other forms of publicly available data.
The Commission is still working with the National Cyber Security Centre to identify the source of the attack.
23andMe is a DNA testing company, whose data was allegedly stolen in October 2023 and offered for sale on a cybercrime forum.
It was described as sale of “20 million pieces of data” in the post and the forum claimed to have the “most valuable data you’ll ever see”. 23andMe has denied that there was a breach within the organisation, stating that the data could have been from “compiled login credentials leaked from other platforms and then recycled those credentials”.
The details of the attack remain unclear as the listing was pulled down and the seller didn’t respond to any requests for more information. However, this is still a possible breach somewhere that could let anyone with the information know about not only a person’s details but also their DNA data.
Social media giant Twitter (now known as ‘X’) allegedly had a huge data breach in 2021 of over 235 million accounts. The accounts were published on an underground marketplace and set the stage for anonymous handles to be linked to real-world identities.
This breach apparently used an exploit that let any Twitter user with an email address find out the email address or phone number of any other Twitter user. This vulnerability was found and patched in January 2022.
This could lead to major repercussions. According to Ireland’s Data Protection Commission, it is the case that GDPR might have been violated and the US Federal Trade Commission has also been leading an inquiry into this.
Save The Children
In 2023, international charity Save The Children was hit by a ransomware attack which led to their financial and medical data being stolen.
The attack was claimed by the notorious ransomware gang BianLian, which famously targets healthcare and critical infrastructure organisations. It is understood that 6.8TB of data was stolen from the charity and this included large volumes of personal and business information (including internal messages and HR files).
Fortunately, there was no operational disruption to Save the Children and the organisation. Following this attack, which shows that some attackers have no regard for the type of organisation targeted, Save the Children has worked to greatly improve its cybersecurity systems.
Somewhat ironically, the cybersecurity firm DarkBeam had more than 3.8 billion records leaked after leaving an interface exposed with data records freely available. This was obviously a massive hit on their reputation!
The breach allegedly consisted of ‘login pairs’ — when a username and password are linked together in a record but are otherwise unidentifiable. The data that was stolen was a database of other breached credentials that were being collated to inform users of a data breach.
Allegedly, the breach may have resulted from a researcher using external tools to complete their project in order to save time. Ultimately, this cyberattack could have been simply a consequence of human error.
How We Can Help
If you’re looking for a trusted partner to protect your organisation from cyberattackers, get in touch now to see how we can help.