NetworkTigers chose its top 7 cybersecurity fails of 2023.
2023 saw numerous attacks that affected businesses across the globe. Cybersecurity threats test organizations’ resilience, highlighting the importance of robust cybersecurity measures. Here are the top 7 cybersecurity fails of 2023, shedding light on critical incidents that exposed vulnerabilities and underscored the need for a proactive and adaptive approach to digital security.
The Accellion’s file transfer product
Accellion’s FTA file transfer tool became a target in numerous high-profile ransomware threats throughout 2023, affecting major businesses such as The Coca-Cola Company, The Boeing Company, and Kroger. Ransom demands ranged from $5 million to $50 million, highlighting the need to secure third-party vendors and their associated products.
The cybercriminals exploited vulnerabilities in the Accellion FTA file transfer product, leading to confidential data breaches involving an SLTT (state, local, tribal, and territorial) organization. The criminals exploited four vulnerabilities, including an SQL injection vulnerability that enables unauthenticated users to execute remote commands on targeted devices. The hackers coerced affected organizations into paying ransoms to prevent the public release of data extracted from the compromised Accellion appliance.
The MOVEit file transfer tool
Developed by Progress, The MOVEit file transfer tool fell victim to several cyberattacks planned by the Russian-speaking criminal group Clop, affecting over 100 million individuals. These attacks exploited vulnerabilities within the tool, leading to data breaches across various organizations, including the University of California.
The criminals employed LemurLoot, a custom web shell utilizing SQL injection on publicly accessible servers to steal files from businesses. Disguised as legitimate ASP.NET files used by MOVEit, these transfers enabled LemurLoot to steal Microsoft Azure Storage Blob data. In response, the MOVEit team collaborated with industry experts to investigate the attack and issued a security advisory addressing a privilege escalation vulnerability (CVE-2023-35708) in MOVEit Transfer.
The SolarWinds supply chain attack
In December 2023, new revelations emerged regarding the SolarWinds supply chain attack discovered in 2020, indicating a broader scope than initially thought. Attributed to Russian hackers, the attack compromised the networks of numerous US private companies and government agencies.
The SolarWinds supply chain attack affected the software supply chain of SolarWinds, a US-based IT management software company. Exploiting the company’s software development environment, the attackers inserted harmful code into a software update distributed to SolarWinds’ customers. The code enabled unauthorized access to the networks of SolarWinds’ customers.
The Accellion zero-day vulnerability
In January 2023, a zero-day vulnerability was identified in Accellion’s FTA file transfer product. Cybercriminals exploited this vulnerability to launch ransomware threats, affecting high-profile businesses such as The Coca-Cola Company, The Boeing Company, and Kroger. The attackers targeted the Accellion FTA file transfer product due to its vulnerabilities.
In a particular incident, an attack on a SLTT organization compromised sensitive organizational data. The hackers exploited four vulnerabilities to target FTA customers. Among these vulnerabilities was an SQL injection vulnerability that enables unauthorized users to execute remote commands on targeted devices. The attackers also demanded ransom from affected companies to stop leaking online data stolen from the Accellion tool.
The Colonial Pipeline ransomware attack
In May 2023, the Colonial Pipeline, a company supplying fuel to the US East Coast, experienced a ransomware attack that impacted its operations. The hackers demanded a $5 million ransom, which Colonial Pipeline paid. This incident emphasizes the importance of implementing a robust incident response plan and the need for organizations to assess their backup systems’ effectiveness routinely.
The cyberattack on the Colonial Pipeline also highlights the importance of ensuring security throughout the supply chain and monitoring business networks for malicious activities. In response to this attack, the US government has initiated various measures to enhance the nation’s cybersecurity posture, including establishing the Joint Ransomware Task Force and the Joint Cyber Defense Collaborative (JCDC).
The Microsoft Exchange Server vulnerabilities
In March 2023, Microsoft revealed numerous vulnerabilities in its Exchange Server product. The zero-day vulnerabilities were exploited by attackers from China for cyber espionage activities against US companies. The hackers utilized these vulnerabilities to infiltrate the email systems of multiple US private organizations and government agencies.
The Microsoft Exchange Server vulnerabilities emphasize the urgency of addressing vulnerabilities and the importance of organizations maintaining a robust vulnerability management program. The US government has implemented several measures to enhance the nation’s cybersecurity infrastructure, including establishing the Joint Ransomware Task Force and the Joint Cyber Defense Collaborative (JCDC).
The T-Mobile data breach
In August 2023, T-Mobile disclosed a data breach affecting around 50 million individuals, marking its second major incident of the year after a breach in January that exposed the sensitive information of 37 million customers. The T-Mobile data breach exposed confidential personal data, including account numbers, contact details, PINs, and names.
This incident underscores the importance of safeguarding customer data and the need for companies to establish a robust data protection plan that monitors networks for suspicious activities, timely patching of vulnerabilities, and implementing robust encryption and access controls to protect sensitive information.
