18 Dec The 5 Worst Cyberattacks of 2023
With 470 cyber incidents and over 500 million breached records in November 2023, it’s easy to say that cyberattacks are a common occurrence in the modern world. After all, with modern technology paving the way for a new arsenal of cyberattacks, the world of cybercrime is lucrative for any criminal & cyberattacks are more likely to occur.
Being informed about the world of cybercrime is the best way to ensure you stay ahead of these attackers and cyberattacks. After all, making sure that you’re informed about all the latest attacks will allow you to protect yourself from the attacks — letting you take advantage of the most powerful weapon available to you, which is education.
In this article, we’re going to go over the top 5 worst cyberattacks of 2023, letting you know all of the details about the target, attack, and those behind the incidents.
UK Electoral Commission 2023
The UK Electoral Commission is the body that oversees elections within the United Kingdom. Their job is to ensure that the whole electoral process is honest, fair, and transparent, and hold a lot of data to do so.
In October 2022, a cyber incident was identified after suspicious activity was found within their systems — which dates back to August 2021.
The attackers were able to access reference copies of the electoral registers, which meant anyone who registered to vote within the United Kingdom between 2014 and 2022. They weren’t able to access the details of anyone who registered anonymously but essentially gained access to the largest record of people within the United Kingdom. The attack gave them access to the following:
- Names
- Email Addresses
- Home Addresses
- Telephone Numbers
- Personal Images Sent to the Commission
Fortunately, the attack didn’t affect the electoral process nor did it present a high risk to individuals. However, the Electoral Commission did admit that the information could be used to profile individuals in combination with other data from the public domain.
According to the Commission, they have no clue as to who is responsible for the attack and are working with the National Cyber Security Centre to try and investigate.
23andMe 2023
23andMe is a DNA testing company, whose data was allegedly stolen in October 2023 and offered for sale on a cybercrime forum.
Described as “20 million pieces of data”, the post on the forum claimed to have the “most valuable data you’ll ever see” — but 23andMe denied that there was a breach within the organisation, stating that the attacker may have ‘compiled login credentials leaked from other platforms and then recycled those credentials’.
While the details of the attack remain murky, as the listing was pulled down and the seller didn’t respond to any requests for more information, this is still a massive breach that could let anyone with the information know about not only a person’s details but also their DNA data.
Twitter 2023
Social media giant Twitter (now known as ‘X’) had an alleged massive data breach in 2021 of over 235 million accounts. The accounts were published on an underground marketplace and set the stage for anonymous handles to be linked to real-world identities.
This breach was using an exploit that let any Twitter user with an email address find out the email address or phone number of any other Twitter user, a vulnerability that was found and patched in January 2022.
Furthermore, according to Ireland’s Data Protection Commission, it is the case that GDPR might have been violated — the lack of care towards user data is something which the US Federal Trade Commission has also been leading an inquiry into.
Save The Children 2023
International charity Save The Children was hit by a ransomware attack in 2023, which led to their financial, medical, and health data being stolen.
In an attack claimed by the notorious ransomware gang BianLian, which famously targets healthcare and critical infrastructure organisations, 6.8TB of data was stolen from the charity, which includes large amounts of business and personal data. This includes 800GB of financial records, as well as internal messages, HR files and even medical and health data.
With this, there was no operational disruption to Save the Children and the organisation worked to improve its cybersecurity systems after the attack and reduce the risk of future cyberattacks.
DarkBeam 2023
Cybersecurity firm DarkBeam had more than 3.8 billion records leaked after leaving an interface exposed with the records freely available and unprotected. This was a massive hit on their reputation, as the optics of a cybersecurity firm failing to consider essential cybersecurity information aren’t great at all.
The breach allegedly consisted of ‘login pairs’ — when a username and password are linked together in a record but are otherwise unidentifiable. The data that was stolen was a database of other breached credentials that were being collated to inform users of a data breach.
Allegedly, the breach may be a result of a researcher using external tools to complete their project and save time, without regard to the protection of data or information.
This attack was simply a consequence of human error. After all, leaving such a sensitive set of data completely accessible to the public is a major oversight and — while DarkBeam failed to admit to the data breach — is a massive show of irresponsibility from the company.
Final Thoughts on cyberattacks in 2023
Cyberattacks are incredibly common in the modern world. With so many cybercriminals out to take advantage of vulnerabilities or even launch their own attacks, it’s more important than ever to be aware of the threats that your organisation could come up against in the future.
These are just the largest of the cyberattacks of 2023 and have led to a massive amount of personal data falling into the hands of criminals and those on the underground. That’s why it’s the responsibility of any organisation to ensure that their cybersecurity posture is at a high standard — to look after not only their organisation but their personnel and even customers.
If you’re looking to get started with protecting your organisation from cyberattacks, contact us now and see how we can help.