The biggest cybersecurity and cyberattack stories of 2023

2023 was a big year for cybersecurity, with significant cyberattacks, data breaches, new threat groups emerging, and, of course, zero-day vulnerabilities.

Some stories, though, were more impactful or popular with our 22 million readers than others.

Below are fourteen of what BleepingComputer believes are the most impactful cybersecurity stories of 2023, with a summary of each.

Genetic testing provider 23andMe suffered credential stuffing attacks that led to a major data breach, exposing the data of 6.9 million users.

The company states that the attackers only breached a small number of accounts during the credential-stuffing attacks. However, the threat actors were able to abuse other features to scrape millions of individuals' data.

The threat actors attempted to sell the stolen data, but after not receiving buyers, leaked the data for 1 million Ashkenazi Jews and 4,011,607 people living in Great Britain on a hacking forum.

In a recent update, 23andMe told BleepingComputer that the breach impacted 6.9 million people — 5.5 million through the DNA Relatives feature and 1.4 million through the Family Tree feature.

This breach has led to multiple class action lawsuits against the company for not adequately protecting data.

Two Danish hosting providers were forced to shut down after a ransomware attack encrypted the majority of customer data, and data restoration was not successful.

"Since we neither can nor wish to meet the financial demands of the criminal hackers for a ransom, CloudNordic's IT team and external experts have been working intensively to assess the damage and determine what could be recovered," reads CloudNordic's statement (machine translated)

"Sadly, it has been impossible to recover more data, and the majority of our customers have consequently lost all their data with us."

A hacktivist group known as Anonymous Sudan took everyone by surprise when their DDoS attacks took down the websites and services of some of the largest tech firms in the world.

The group's attacks gained wide media attention when they successfully took down login pages for Microsoft's services, including Outlook, OneDrive, and the Azure portal.

Over a week later, Microsoft finally confirmed that DDoS attacks caused these outages.

"Beginning in early June 2023, Microsoft identified surges in traffic against some services that temporarily impacted availability," confirmed Microsoft.

"Microsoft promptly opened an investigation and subsequently began tracking ongoing DDoS activity by the threat actor that Microsoft tracks as Storm-1359."

Anonymous Sudan later targeted numerous other websites, including those for ChatGPT, Cloudflare, and U.S. government services.

The increasing DDoS attacks and their impact led the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to release an advisory about these incidents.

A team of researchers from British universities trained a deep learning model to steal data from keyboard keystrokes recorded using a microphone with an accuracy of 95%.

When Zoom was used for training the sound classification algorithm, the prediction accuracy dropped to 93%, which is still extremely high.

To mitigate these attacks, the researchers suggest users may try altering typing styles or using randomized passwords. Other defense measures include using software to reproduce keystroke sounds, play white noise, or software-based keystroke audio filters.

PayPal suffered a credential stuffing attack between December 6 and December 8, 2022, allowing attackers to access 34,942 accounts.

Credential stuffing is an attack where hackers attempt to access an account by trying out username and password pairs sourced from data leaks on various websites.

Hackers had access to account holders' full names, dates of birth, postal addresses, social security numbers, and individual tax identification numbers.

American T.V. giant and satellite broadcast provider DISH Network mysteriously went offline earlier this year, with its websites and mobile apps not working for days.

DISH later confirmed that the outage was caused by a ransomware attack, with BleepingComputer first to report that the Black Basta ransomware gang was behind the attack.

Employees told BleepingComputer that the ransomware gang compromised the company's Windows domain controllers and encrypted VMware ESXi servers and backups.

DISH data breach notifications confirmed that data was stolen in the attack and hinted that a ransom was paid not to release the stolen data.

"We are not aware of any misuse of your information, and we have received confirmation that the extracted data has been deleted," read the data breach notification.

Web hosting giant GoDaddy says it suffered a multi-year breach allowing unknown attackers to steal source code and install malware on its servers.

This breach began in 2021 and allowed the threat actors access to the personal information of 1.2 million Managed WordPress customers, including credentials, and also used the access to redirect websites to other domains.

No threat actors ever claimed responsibility for this attack.

MGM Resorts International suffered a massive attack that impacted numerous systems, including its main website, online reservations, and in-casino services, like ATMs, slot machines, and credit card machines.

The BlackCat ransomware operation claimed the attack, whose affiliates said they encrypted over 100 ESXi hypervisors during the incident.

Bloomberg reported that the same group also breached Caesars Entertainment's network, providing a strong hint in a Form 8-K SEC filing that they paid the attackers to prevent a leak of customers' stolen data.

While the attack was significant, it also brought wide attention to a loose-knit group of hackers known as Scattered Spider.

Scattered Spider, also known as 0ktapus, Starfraud, UNC3944, and Muddled Libra, is adept at social engineering and relies on phishing, multi-factor authentication (MFA) bombing (targeted MFA fatigue), and SIM swapping to gain initial network access on large organizations.

Members of this collective are affiliates of the BlackCat ransomware gang and include young English-speaking members with diverse skill sets who frequent the same hacking forums and Telegram channels.

While many believe this is a cohesive gang, the group is a network of individuals, with different threat actors participating in each attack. This fluid structure is what makes it challenging to track them.

In November, the FBI released an advisory highlighting the group's tactics, techniques, and procedures (TTPs).

Scattered Spider is behind previous attacks on Reddit, MailChimp, Twilio, DoorDash, and Riot Games.

3CX was breached by the North Korean Lazarus hacking group to push malware through a supply chain attack using the company's Voice Over Internet Protocol (VOIP) desktop client.

3CX is a VoIP IPBX software development company whose 3CX Phone System is used by more than 350,000 companies worldwide and has over 12 million daily users.

3CX was breached after an employee installed a trojanized version of Trading Technologies' X_TRADER software, which allowed the threat actors to steal corporate credentials and breach the network.

The attackers pushed out a malicious software update that installed a previously unknown information-stealing malware to steal data and credentials stored in Chrome, Edge, Brave, and Firefox user profiles.

In May, Barracuda disclosed that some of their Email Security Gateway (ESG) appliances were hacked using a zero-day vulnerability to install malware and steal data.

We later learned that the attacks were linked to Chinese threat actors, who used the vulnerability since 2022 to infect ESG devices with new malware named 'Saltwater,' 'Seaspy,' and 'Seaside.'

CISA later disclosed that Submarine and Whirlpool malware were also used in the attacks to backdoor ESG devices.

What stood out from these attacks is that instead of using a software fix for impacted ESG devices, Barracuda warned customers they must replace their Email Security Gateway (ESG) appliances, which was done free of charge.

"Impacted ESG appliances must be immediately replaced regardless of patch version level," the company warned at the time.

"Barracuda's remediation recommendation at this time is full replacement of the impacted ESG."

This unusual request led many to believe that the threat actors compromised the devices at a low level, making it impossible to ensure they were completely clean.

Mandiant, who was part of the incident response in these attacks, told BleepingComputer that this was recommended out of caution, as Barracuda could not ensure the complete removal of malware.

In February 2023, a massive ransomware campaign targeted exposed VMware ESXi servers worldwide, quickly encrypting the virtual machines for thousands of companies.

Just hours after the attack, victims began reporting in the BleepingComputer's forum that files with vmxf, .vmx, .vmdk, .vmsd, and .nvram, all files associated with VMware ESXi virtual machines, were encrypted.

The ransomware campaign was dubbed ESXiArgs due to an .args file being created for every encrypted file.

The VMware ESXi console home page was modified to show a ransom note demanding 2.0781 bitcoins, worth approximately $49,000 at the time.

One of BleepingComputer's most-read stories of the year was the news that the Brazilian National Telecommunications Agency seized incoming Flipper Zero purchases for their potential to be used in criminal activity.

Brazilians who purchased the Flipper Zero reported that their shipments were redirected to Brazil's telecommunications agency, Anatel, due to a lack of certification with the country's Radio Frequencies department.

From emails seen by BleepingComputer, Anatel flagged the device as a tool used for criminal purposes.

In June, researchers from Kaspersky first disclosed a new zero-click iOS attack called "Operation Triangulation" used to install the TriangleDB spyware on iPhones.

Kaspersky discovered the attack on devices within its own network, and Russia's FSB intelligence service accused Apple of providing the NSA with a backdoor. However, the true origins of the attack remain unknown, and there is no proof that the U.S. government is behind the attacks.

The attacks start with the hackers sending a malicious iMessage attachment that, when processed by iOS, automatically triggers a zero-click exploit chain. A zero-click exploit means it does not require interaction from the user to be triggered.

The attacks chained together four zero-day iOS vulnerabilities listed below to install the spyware:

Last week, Kaspersky disclosed that the final zero-day vulnerability, CVE-2023-38606, abused an undocumented feature in Apple chips to bypass hardware-based security protections.

While the Operation Triangulation attacks did not impact many devices, it could be one of the most sophisticated iOS attacks seen to date.

While it's still unknown who is behind the attacks, their sophistication has led cybersecurity researchers to believe that a government-sponsored hacking group is behind them.

BleepingComputer was the first to report the widespread data-theft attacks exploiting a zero-day vulnerability in the MOVEit Transfer secure file transfer platform.

MOVEit Transfer is a managed file transfer (MFT) solution developed by Ipswitch, a subsidiary of US-based Progress Software Corporation, that allows the enterprise to securely transfer files between business partners and customers using SFTP, SCP, and HTTP-based uploads.

This vulnerability allowed the threat actors to breach MOVEit Transfer servers and download the stored data.

The attacks were soon claimed by the Clop ransomware gang, who previously launched similar attacks through zero-day vulnerabilities in Accellion FTA and GoAnywhere.

According to Emsisoft, 2,706 organizations were breached using this vulnerability, exposing the personal data of over 93 million people.

BPSC Prelims Question Paper: PDF Download

BPSC Prelims Question Paper is one of the best tools for effective preparation for the exam. Candidates going to attempt the BPSC integrated CCE prelims exam must download the BPSC prelims previous year question paper. It provides valuable details about the exam structure, maximum marks, and topics usually asked in the exam.

There are various benefits to solving BPSC previous year question papers, as it will maximise their chances of qualifying for the preliminary exam. It allows them to align their techniques with the latest trends and requirements.

In this article, we have shared the download link to previous years BPSC prelims question papers PDFs along with the latest exam pattern.

The BPSC question paper for prelims and main exams is released after the exam is conducted successfully. Candidates planning to appear for the BPSC 70th 2024 exam can download the BPSC prelims question paper PDF for previous years to know where the preparation stands. Reviewing the BPSC previous year question paper will provide insights into the exam requirements and allow them to devise their strategy accordingly. Get the direct link to download the BPSC preliminary question paper PDF. 

Candidates should solve questions from the BPSC prelims previous year question paper pdf to know the topics from which questions have repeatedly been asked in the exam in the last few years. Also, they should practice the BPSC prelims question paper to discover their strengths and weaknesses and strategize their preparation accordingly.

Going by the past 5 years of exam analysis, it is reported that the difficulty level of questions is easy to moderate in the BPSC prelims previous year paper PDF download. Thus, the questions are expected to be moderately difficult in the upcoming preliminary exam. Hence, solving the BPSC preliminary question papers would be advantageous for preparation.  

Paper

Download Link

68th BPSC Prelims Question Paper

Click Here

67th BPSC Prelims Question Paper

Click Here

64th BPSC Prelims Question Paper

Click Here

There are various benefits to solving BPSC prelims and previous year question papers, as listed below:

To solve the BPSC prelims question paper correctly, follow the steps shared below:

As per the previous year BPSC prelims exam analysis, the overall difficulty level of the BPSC question paper was easy to moderate. A total of 150 questions were asked in the BPSC preliminary question paper. Questions were asked about topics like history, geography, polity, economy, general science, current affairs, bihar specific, aptitude and reasoning sections, etc.

Candidates should check the BPSC question paper pattern to understand the structure, question type, distribution of marks, and the marking scheme defined by the officials.  The BPSC prelims exam comprises objective-type questions for 150 marks. The medium of the question paper will be Hindi and English. The BPSC preliminary exam pattern for 2024 is shared below.

Subject

Type

Maximum Marks

Duration

General Studies

Objective type Multiple Choice

150 marks

2 hours

Also Check,

Haryana Board Class 12 Accountancy Model Paper 2024: Download PDF and Solve Now!